help with hjt log - hsa remove!!

Unknown

hey you!

i am new at this forum and need help with my log.
this hsa is on my bosses computer so i really dont wanna do this the wrong way

here is my log, so if anyone can look at it i would appriciate!!!

thank you so much!

and yes i ran spy boot and ad-aware and everytime computer restart hsa reappears and i noticed name of the file changing



Logfile of HijackThis v1.99.1
Scan saved at 15:19:29, on 07.10.2005
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WIN98NEW\SYSTEM\KERNEL32.DLL
C:\WIN98NEW\SYSTEM\MSGSRV32.EXE
C:\WIN98NEW\SYSTEM\MPREXE.EXE
C:\WIN98NEW\SYSTEM\3CMLNKW.EXE
C:\WIN98NEW\SYSTEM\SCARDSVR.EXE
C:\WIN98NEW\SYSTEM\MSTASK.EXE
C:\WIN98NEW\SYSTEM\HPBPRO.EXE
C:\WIN98NEW\SYSTEM\HPBOID.EXE
C:\WIN98NEW\SYSTEM\SMARTSCAPS.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
C:\WIN98NEW\SYSTEM\RPCSS.EXE
C:\WIN98NEW\SYSTEM\D3IL.EXE
C:\WIN98NEW\APIUT32.EXE
C:\WIN98NEW\SYSTEM\NETNV32.EXE
C:\WIN98NEW\SYSTEM\IPSU32.EXE
C:\WIN98NEW\NETYP32.EXE
C:\WIN98NEW\SYSTEM\SPOOL32.EXE
C:\WIN98NEW\JAVAFG32.EXE
C:\WIN98NEW\SYSTEM\APPSA32.EXE
C:\WIN98NEW\SYSTEM\ADDEG32.EXE
C:\WIN98NEW\SYSTEM\ADDNP32.EXE
C:\WIN98NEW\SYSTEM\MSMP32.EXE
C:\WIN98NEW\SYSTEM\ATLWY32.EXE
C:\WIN98NEW\SYSTEM\MFCNY.EXE
C:\WIN98NEW\ADDAG.EXE
C:\WIN98NEW\SYSTEM\MFCDT32.EXE
C:\WIN98NEW\SYSTEM\JAVAQX.EXE
C:\WIN98NEW\SYSTEM\IPKN.EXE
C:\WIN98NEW\ADDJM.EXE
C:\WIN98NEW\EXPLORER.EXE
C:\WIN98NEW\TASKMON.EXE
C:\WIN98NEW\SYSTEM\INTERNAT.EXE
C:\WIN98NEW\SYSTEM\SYSTRAY.EXE
C:\WIN98NEW\SYSTEM\ATITASK.EXE
C:\WIN98NEW\SYSTEM\ATICWD32.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\TOOLBOX2.0\APACHE TOMCAT 4.0\WEBAPPS\TOOLBOX\STATUSCLIENT\STATUSCLIENT.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WIN98NEW\NETBU32.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\TOOLBOX2.0\JAVASOFT\JRE\1.3.1\BIN\JAVAW.EXE
C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\BDNAGENT.EXE
C:\PROGRAM FILES\SMARTTRUST\SMARTTRUST PERSONAL\CSP\SMARTCERTMOVER.EXE
C:\WIN98NEW\SYSTEM\WMIEXE.EXE
C:\WIN98NEW\SYSTEM\NETNV32.EXE
C:\WIN98NEW\SYSTEM\MSMP32.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WIN98NEW\zejme.dll/sp.html#83556
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WIN98NEW\zejme.dll/sp.html#83556
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WIN98NEW\zejme.dll/sp.html#83556
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WIN98NEW\zejme.dll/sp.html#83556
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WIN98NEW\zejme.dll/sp.html#83556
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WIN98NEW\zejme.dll/sp.html#83556
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WIN98NEW\zejme.dll/sp.html#83556
R3 - Default URLSearchHook is missing
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {B6BC89AC-55D7-123F-064A-CAEE71479D55} - C:\WIN98NEW\MFCNO32.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Class - {371794DA-E20A-4A6A-AA1B-58D1992AFAA3} - C:\WIN98NEW\ADDKH32.DLL
O2 - BHO: Class - {E68EBA81-9D5F-B793-3375-F0FA238F424F} - C:\WIN98NEW\JAVALK.DLL
O2 - BHO: Class - {D7DE0AEA-9256-12C9-9928-82EB556226D1} - C:\WIN98NEW\NTDJ32.DLL
O2 - BHO: Class - {ADFCBC3E-E85F-A0E6-BF76-FC715FC68F9C} - C:\WIN98NEW\SYSTEM\CRWA.DLL
O2 - BHO: Class - {F32261DC-D26D-2D9F-9CD0-AE7EAF09A5DA} - C:\WIN98NEW\SYSTEM\D3KI32.DLL
O2 - BHO: Class - {253A47C4-BC7D-D52E-9D6E-90411EE70902} - C:\WIN98NEW\SYSTEM\SDKQE32.DLL
O2 - BHO: Class - {5213F1BD-7572-4318-81BF-EDC00B6F701B} - C:\WIN98NEW\JAVAEP.DLL
O2 - BHO: Class - {49FF8168-BA6B-5B58-FBFA-D851512709F6} - C:\WIN98NEW\SYSTEM\SDKZN32.DLL
O2 - BHO: Class - {F567AD1F-3259-6D3E-3DFB-D1BAB07F0E65} - C:\WIN98NEW\SYSTEM\D3BH32.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WIN98NEW\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WIN98NEW\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WIN98NEW\taskmon.exe
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Atikey] Atitask.exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\Run: [NETBU32.EXE] C:\WIN98NEW\NETBU32.EXE
O4 - HKLM\..\RunServices: [3Cmlink] C:\WIN98NEW\SYSTEM\3cmlnkW.exe
O4 - HKLM\..\RunServices: [SCardSvr] C:\WIN98NEW\SYSTEM\SCardSvr.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [HP Port Resolver] C:\WIN98NEW\SYSTEM\hpbpro.exe
O4 - HKLM\..\RunServices: [HP Status Server] C:\WIN98NEW\SYSTEM\hpboid.exe
O4 - HKLM\..\RunServices: [SmartScaps] C:\WIN98NEW\SYSTEM\Smartscaps.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [NPFMonitor] C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [D3IL.EXE] C:\WIN98NEW\SYSTEM\D3IL.EXE /s
O4 - HKLM\..\RunServices: [APIUT32.EXE] C:\WIN98NEW\APIUT32.EXE /s
O4 - HKLM\..\RunServices: [NETNV32.EXE] C:\WIN98NEW\SYSTEM\NETNV32.EXE /s
O4 - HKLM\..\RunServices: [IPSU32.EXE] C:\WIN98NEW\SYSTEM\IPSU32.EXE /s
O4 - HKLM\..\RunServices: [NETYP32.EXE] C:\WIN98NEW\NETYP32.EXE /s
O4 - HKLM\..\RunServices: [JAVAFG32.EXE] C:\WIN98NEW\JAVAFG32.EXE /s
O4 - HKLM\..\RunServices: [APPSA32.EXE] C:\WIN98NEW\SYSTEM\APPSA32.EXE /s
O4 - HKLM\..\RunServices: [ADDEG32.EXE] C:\WIN98NEW\SYSTEM\ADDEG32.EXE /s
O4 - HKLM\..\RunServices: [ADDNP32.EXE] C:\WIN98NEW\SYSTEM\ADDNP32.EXE /s
O4 - HKLM\..\RunServices: [MSMP32.EXE] C:\WIN98NEW\SYSTEM\MSMP32.EXE /s
O4 - HKLM\..\RunServices: [ATLWY32.EXE] C:\WIN98NEW\SYSTEM\ATLWY32.EXE /s
O4 - HKLM\..\RunServices: [MFCNY.EXE] C:\WIN98NEW\SYSTEM\MFCNY.EXE /s
O4 - HKLM\..\RunServices: [ADDAG.EXE] C:\WIN98NEW\ADDAG.EXE /s
O4 - HKLM\..\RunServices: [MFCDT32.EXE] C:\WIN98NEW\SYSTEM\MFCDT32.EXE /s
O4 - HKLM\..\RunServices: [JAVAQX.EXE] C:\WIN98NEW\SYSTEM\JAVAQX.EXE /s
O4 - HKLM\..\RunServices: [IPKN.EXE] C:\WIN98NEW\SYSTEM\IPKN.EXE /s
O4 - HKLM\..\RunServices: [ADDJM.EXE] C:\WIN98NEW\ADDJM.EXE /s
O4 - Startup: Certificate Mover.lnk = C:\Program Files\SmartTrust\SmartTrust Personal\Csp\SmartCertmover.exe
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - https://edavki.durs.si/OpenPortal/Gui/Applets/msxml4.cab
O16 - DPF: {3707DB0E-E788-491A-8FA7-8C8B9774AAEB} (DigSigX Control) - https://edavki.durs.si/OpenPortal/Gui/Applets/hslDigSigX.cab

lemonlime

Hello, Dexter wrote a great HSA removal guide that should help. I'd recommend following it. It can be found here:

http://www.short-media.com/forum/showthread.php?t=18846

Below are the HJT items that need to be identified in 'step 1' of Dexter's guide. Be sure to follow his guide carefully, as simply removing these entries from HJT alone is not sufficient to properly remove HSA. If you have since shutdown or restarted your computer, these below entries are no longer valid. Please post another HJT log if you have since rebooted.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WIN98NEW\zejme.dll/sp.html#83556
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WIN98NEW\zejme.dll/sp.html#83556
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WIN98NEW\zejme.dll/sp.html#83556
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WIN98NEW\zejme.dll/sp.html#83556
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WIN98NEW\zejme.dll/sp.html#83556
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WIN98NEW\zejme.dll/sp.html#83556
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WIN98NEW\zejme.dll/sp.html#83556
R3 - Default URLSearchHook is missing

O2 - BHO: Class - {B6BC89AC-55D7-123F-064A-CAEE71479D55} - C:\WIN98NEW\MFCNO32.DLL
O2 - BHO: Class - {371794DA-E20A-4A6A-AA1B-58D1992AFAA3} - C:\WIN98NEW\ADDKH32.DLL
O2 - BHO: Class - {E68EBA81-9D5F-B793-3375-F0FA238F424F} - C:\WIN98NEW\JAVALK.DLL
O2 - BHO: Class - {D7DE0AEA-9256-12C9-9928-82EB556226D1} - C:\WIN98NEW\NTDJ32.DLL
O2 - BHO: Class - {ADFCBC3E-E85F-A0E6-BF76-FC715FC68F9C} - C:\WIN98NEW\SYSTEM\CRWA.DLL
O2 - BHO: Class - {F32261DC-D26D-2D9F-9CD0-AE7EAF09A5DA} - C:\WIN98NEW\SYSTEM\D3KI32.DLL
O2 - BHO: Class - {253A47C4-BC7D-D52E-9D6E-90411EE70902} - C:\WIN98NEW\SYSTEM\SDKQE32.DLL
O2 - BHO: Class - {5213F1BD-7572-4318-81BF-EDC00B6F701B} - C:\WIN98NEW\JAVAEP.DLL
O2 - BHO: Class - {49FF8168-BA6B-5B58-FBFA-D851512709F6} - C:\WIN98NEW\SYSTEM\SDKZN32.DLL
O2 - BHO: Class - {F567AD1F-3259-6D3E-3DFB-D1BAB07F0E65} - C:\WIN98NEW\SYSTEM\D3BH32.DLL



O4 - HKLM\..\Run: [NETBU32.EXE] C:\WIN98NEW\NETBU32.EXE
O4 - HKLM\..\RunServices: [D3IL.EXE] C:\WIN98NEW\SYSTEM\D3IL.EXE /s
O4 - HKLM\..\RunServices: [APIUT32.EXE] C:\WIN98NEW\APIUT32.EXE /s
O4 - HKLM\..\RunServices: [NETNV32.EXE] C:\WIN98NEW\SYSTEM\NETNV32.EXE /s
O4 - HKLM\..\RunServices: [IPSU32.EXE] C:\WIN98NEW\SYSTEM\IPSU32.EXE /s
O4 - HKLM\..\RunServices: [NETYP32.EXE] C:\WIN98NEW\NETYP32.EXE /s
O4 - HKLM\..\RunServices: [JAVAFG32.EXE] C:\WIN98NEW\JAVAFG32.EXE /s
O4 - HKLM\..\RunServices: [APPSA32.EXE] C:\WIN98NEW\SYSTEM\APPSA32.EXE /s
O4 - HKLM\..\RunServices: [ADDEG32.EXE] C:\WIN98NEW\SYSTEM\ADDEG32.EXE /s
O4 - HKLM\..\RunServices: [ADDNP32.EXE] C:\WIN98NEW\SYSTEM\ADDNP32.EXE /s
O4 - HKLM\..\RunServices: [MSMP32.EXE] C:\WIN98NEW\SYSTEM\MSMP32.EXE /s
O4 - HKLM\..\RunServices: [ATLWY32.EXE] C:\WIN98NEW\SYSTEM\ATLWY32.EXE /s
O4 - HKLM\..\RunServices: [MFCNY.EXE] C:\WIN98NEW\SYSTEM\MFCNY.EXE /s
O4 - HKLM\..\RunServices: [ADDAG.EXE] C:\WIN98NEW\ADDAG.EXE /s
O4 - HKLM\..\RunServices: [MFCDT32.EXE] C:\WIN98NEW\SYSTEM\MFCDT32.EXE /s
O4 - HKLM\..\RunServices: [JAVAQX.EXE] C:\WIN98NEW\SYSTEM\JAVAQX.EXE /s
O4 - HKLM\..\RunServices: [IPKN.EXE] C:\WIN98NEW\SYSTEM\IPKN.EXE /s
O4 - HKLM\..\RunServices: [ADDJM.EXE] C:\WIN98NEW\ADDJM.EXE /s


Best Regards,
Mike.

maja91

thank you for help

yes i rebooted

here is my new log

Logfile of HijackThis v1.99.1
Scan saved at 16:22:43, on 07.10.2005
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WIN98NEW\SYSTEM\KERNEL32.DLL
C:\WIN98NEW\SYSTEM\MSGSRV32.EXE
C:\WIN98NEW\SYSTEM\SPOOL32.EXE
C:\WIN98NEW\SYSTEM\MPREXE.EXE
C:\WIN98NEW\SYSTEM\3CMLNKW.EXE
C:\WIN98NEW\SYSTEM\SCARDSVR.EXE
C:\WIN98NEW\SYSTEM\MSTASK.EXE
C:\WIN98NEW\SYSTEM\HPBPRO.EXE
C:\WIN98NEW\SYSTEM\HPBOID.EXE
C:\WIN98NEW\SYSTEM\SMARTSCAPS.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\WIN98NEW\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
C:\WIN98NEW\SYSTEM\D3IL.EXE
C:\WIN98NEW\APIUT32.EXE
C:\WIN98NEW\SYSTEM\NETNV32.EXE
C:\WIN98NEW\SYSTEM\IPSU32.EXE
C:\WIN98NEW\NETYP32.EXE
C:\WIN98NEW\JAVAFG32.EXE
C:\WIN98NEW\SYSTEM\APPSA32.EXE
C:\WIN98NEW\SYSTEM\ADDEG32.EXE
C:\WIN98NEW\SYSTEM\ADDNP32.EXE
C:\WIN98NEW\SYSTEM\MSMP32.EXE
C:\WIN98NEW\SYSTEM\ATLWY32.EXE
C:\WIN98NEW\SYSTEM\MFCNY.EXE
C:\WIN98NEW\ADDAG.EXE
C:\WIN98NEW\SYSTEM\MFCDT32.EXE
C:\WIN98NEW\SYSTEM\JAVAQX.EXE
C:\WIN98NEW\SYSTEM\IPKN.EXE
C:\WIN98NEW\ADDJM.EXE
C:\WIN98NEW\EXPLORER.EXE
C:\WIN98NEW\TASKMON.EXE
C:\WIN98NEW\SYSTEM\INTERNAT.EXE
C:\WIN98NEW\SYSTEM\SYSTRAY.EXE
C:\WIN98NEW\SYSTEM\ATITASK.EXE
C:\WIN98NEW\SYSTEM\ATICWD32.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\TOOLBOX2.0\APACHE TOMCAT 4.0\WEBAPPS\TOOLBOX\STATUSCLIENT\STATUSCLIENT.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WIN98NEW\NETBU32.EXE
C:\PROGRAM FILES\SMARTTRUST\SMARTTRUST PERSONAL\CSP\SMARTCERTMOVER.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\TOOLBOX2.0\JAVASOFT\JRE\1.3.1\BIN\JAVAW.EXE
C:\WIN98NEW\SYSTEM\IPSU32.EXE
C:\WIN98NEW\SYSTEM\D3IL.EXE
C:\WIN98NEW\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WIN98NEW\zejme.dll/sp.html#83556
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WIN98NEW\zejme.dll/sp.html#83556
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WIN98NEW\zejme.dll/sp.html#83556
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WIN98NEW\zejme.dll/sp.html#83556
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WIN98NEW\zejme.dll/sp.html#83556
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WIN98NEW\zejme.dll/sp.html#83556
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WIN98NEW\zejme.dll/sp.html#83556
R3 - Default URLSearchHook is missing
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {B6BC89AC-55D7-123F-064A-CAEE71479D55} - C:\WIN98NEW\MFCNO32.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Class - {371794DA-E20A-4A6A-AA1B-58D1992AFAA3} - C:\WIN98NEW\ADDKH32.DLL
O2 - BHO: Class - {E68EBA81-9D5F-B793-3375-F0FA238F424F} - C:\WIN98NEW\JAVALK.DLL
O2 - BHO: Class - {D7DE0AEA-9256-12C9-9928-82EB556226D1} - C:\WIN98NEW\NTDJ32.DLL
O2 - BHO: Class - {ADFCBC3E-E85F-A0E6-BF76-FC715FC68F9C} - C:\WIN98NEW\SYSTEM\CRWA.DLL
O2 - BHO: Class - {F32261DC-D26D-2D9F-9CD0-AE7EAF09A5DA} - C:\WIN98NEW\SYSTEM\D3KI32.DLL
O2 - BHO: Class - {253A47C4-BC7D-D52E-9D6E-90411EE70902} - C:\WIN98NEW\SYSTEM\SDKQE32.DLL
O2 - BHO: Class - {5213F1BD-7572-4318-81BF-EDC00B6F701B} - C:\WIN98NEW\JAVAEP.DLL
O2 - BHO: Class - {49FF8168-BA6B-5B58-FBFA-D851512709F6} - C:\WIN98NEW\SYSTEM\SDKZN32.DLL
O2 - BHO: Class - {F567AD1F-3259-6D3E-3DFB-D1BAB07F0E65} - C:\WIN98NEW\SYSTEM\D3BH32.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WIN98NEW\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WIN98NEW\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WIN98NEW\taskmon.exe
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Atikey] Atitask.exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\Run: [NETBU32.EXE] C:\WIN98NEW\NETBU32.EXE
O4 - HKLM\..\RunServices: [3Cmlink] C:\WIN98NEW\SYSTEM\3cmlnkW.exe
O4 - HKLM\..\RunServices: [SCardSvr] C:\WIN98NEW\SYSTEM\SCardSvr.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [HP Port Resolver] C:\WIN98NEW\SYSTEM\hpbpro.exe
O4 - HKLM\..\RunServices: [HP Status Server] C:\WIN98NEW\SYSTEM\hpboid.exe
O4 - HKLM\..\RunServices: [SmartScaps] C:\WIN98NEW\SYSTEM\Smartscaps.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [NPFMonitor] C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [D3IL.EXE] C:\WIN98NEW\SYSTEM\D3IL.EXE /s
O4 - HKLM\..\RunServices: [APIUT32.EXE] C:\WIN98NEW\APIUT32.EXE /s
O4 - HKLM\..\RunServices: [NETNV32.EXE] C:\WIN98NEW\SYSTEM\NETNV32.EXE /s
O4 - HKLM\..\RunServices: [IPSU32.EXE] C:\WIN98NEW\SYSTEM\IPSU32.EXE /s
O4 - HKLM\..\RunServices: [NETYP32.EXE] C:\WIN98NEW\NETYP32.EXE /s
O4 - HKLM\..\RunServices: [JAVAFG32.EXE] C:\WIN98NEW\JAVAFG32.EXE /s
O4 - HKLM\..\RunServices: [APPSA32.EXE] C:\WIN98NEW\SYSTEM\APPSA32.EXE /s
O4 - HKLM\..\RunServices: [ADDEG32.EXE] C:\WIN98NEW\SYSTEM\ADDEG32.EXE /s
O4 - HKLM\..\RunServices: [ADDNP32.EXE] C:\WIN98NEW\SYSTEM\ADDNP32.EXE /s
O4 - HKLM\..\RunServices: [MSMP32.EXE] C:\WIN98NEW\SYSTEM\MSMP32.EXE /s
O4 - HKLM\..\RunServices: [ATLWY32.EXE] C:\WIN98NEW\SYSTEM\ATLWY32.EXE /s
O4 - HKLM\..\RunServices: [MFCNY.EXE] C:\WIN98NEW\SYSTEM\MFCNY.EXE /s
O4 - HKLM\..\RunServices: [ADDAG.EXE] C:\WIN98NEW\ADDAG.EXE /s
O4 - HKLM\..\RunServices: [MFCDT32.EXE] C:\WIN98NEW\SYSTEM\MFCDT32.EXE /s
O4 - HKLM\..\RunServices: [JAVAQX.EXE] C:\WIN98NEW\SYSTEM\JAVAQX.EXE /s
O4 - HKLM\..\RunServices: [IPKN.EXE] C:\WIN98NEW\SYSTEM\IPKN.EXE /s
O4 - HKLM\..\RunServices: [ADDJM.EXE] C:\WIN98NEW\ADDJM.EXE /s
O4 - Startup: Certificate Mover.lnk = C:\Program Files\SmartTrust\SmartTrust Personal\Csp\SmartCertmover.exe
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - https://edavki.durs.si/OpenPortal/Gui/Applets/msxml4.cab
O16 - DPF: {3707DB0E-E788-491A-8FA7-8C8B9774AAEB} (DigSigX Control) - https://edavki.durs.si/OpenPortal/Gui/Applets/hslDigSigX.cab

maja91

i believe log is identical!??

maja91

i didn t run hjt on safe mode is that a problem?

and i tried to test about:buster, it wont run

lemonlime

maja91 wrote:

i believe log is identical!??

Hi maja91,

I believe you are correct, but I went through your latest log anyway, and came up with the following

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WIN98NEW\zejme.dll/sp.html#83556
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WIN98NEW\zejme.dll/sp.html#83556
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WIN98NEW\zejme.dll/sp.html#83556
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WIN98NEW\zejme.dll/sp.html#83556
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WIN98NEW\zejme.dll/sp.html#83556
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WIN98NEW\zejme.dll/sp.html#83556
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WIN98NEW\zejme.dll/sp.html#83556
R3 - Default URLSearchHook is missing


O2 - BHO: Class - {B6BC89AC-55D7-123F-064A-CAEE71479D55} - C:\WIN98NEW\MFCNO32.DLL
O2 - BHO: Class - {371794DA-E20A-4A6A-AA1B-58D1992AFAA3} - C:\WIN98NEW\ADDKH32.DLL
O2 - BHO: Class - {E68EBA81-9D5F-B793-3375-F0FA238F424F} - C:\WIN98NEW\JAVALK.DLL
O2 - BHO: Class - {D7DE0AEA-9256-12C9-9928-82EB556226D1} - C:\WIN98NEW\NTDJ32.DLL
O2 - BHO: Class - {ADFCBC3E-E85F-A0E6-BF76-FC715FC68F9C} - C:\WIN98NEW\SYSTEM\CRWA.DLL
O2 - BHO: Class - {F32261DC-D26D-2D9F-9CD0-AE7EAF09A5DA} - C:\WIN98NEW\SYSTEM\D3KI32.DLL
O2 - BHO: Class - {253A47C4-BC7D-D52E-9D6E-90411EE70902} - C:\WIN98NEW\SYSTEM\SDKQE32.DLL
O2 - BHO: Class - {5213F1BD-7572-4318-81BF-EDC00B6F701B} - C:\WIN98NEW\JAVAEP.DLL
O2 - BHO: Class - {49FF8168-BA6B-5B58-FBFA-D851512709F6} - C:\WIN98NEW\SYSTEM\SDKZN32.DLL
O2 - BHO: Class - {F567AD1F-3259-6D3E-3DFB-D1BAB07F0E65} - C:\WIN98NEW\SYSTEM\D3BH32.DLL

O4 - HKLM\..\Run: [NETBU32.EXE] C:\WIN98NEW\NETBU32.EXE

O4 - HKLM\..\RunServices: [D3IL.EXE] C:\WIN98NEW\SYSTEM\D3IL.EXE /s
O4 - HKLM\..\RunServices: [APIUT32.EXE] C:\WIN98NEW\APIUT32.EXE /s
O4 - HKLM\..\RunServices: [NETNV32.EXE] C:\WIN98NEW\SYSTEM\NETNV32.EXE /s
O4 - HKLM\..\RunServices: [IPSU32.EXE] C:\WIN98NEW\SYSTEM\IPSU32.EXE /s
O4 - HKLM\..\RunServices: [NETYP32.EXE] C:\WIN98NEW\NETYP32.EXE /s
O4 - HKLM\..\RunServices: [JAVAFG32.EXE] C:\WIN98NEW\JAVAFG32.EXE /s
O4 - HKLM\..\RunServices: [APPSA32.EXE] C:\WIN98NEW\SYSTEM\APPSA32.EXE /s
O4 - HKLM\..\RunServices: [ADDEG32.EXE] C:\WIN98NEW\SYSTEM\ADDEG32.EXE /s
O4 - HKLM\..\RunServices: [ADDNP32.EXE] C:\WIN98NEW\SYSTEM\ADDNP32.EXE /s
O4 - HKLM\..\RunServices: [MSMP32.EXE] C:\WIN98NEW\SYSTEM\MSMP32.EXE /s
O4 - HKLM\..\RunServices: [ATLWY32.EXE] C:\WIN98NEW\SYSTEM\ATLWY32.EXE /s
O4 - HKLM\..\RunServices: [MFCNY.EXE] C:\WIN98NEW\SYSTEM\MFCNY.EXE /s
O4 - HKLM\..\RunServices: [ADDAG.EXE] C:\WIN98NEW\ADDAG.EXE /s
O4 - HKLM\..\RunServices: [MFCDT32.EXE] C:\WIN98NEW\SYSTEM\MFCDT32.EXE /s
O4 - HKLM\..\RunServices: [JAVAQX.EXE] C:\WIN98NEW\SYSTEM\JAVAQX.EXE /s
O4 - HKLM\..\RunServices: [IPKN.EXE] C:\WIN98NEW\SYSTEM\IPKN.EXE /s
O4 - HKLM\..\RunServices: [ADDJM.EXE] C:\WIN98NEW\ADDJM.EXE /s

Please use Dexter's guide here: http://www.short-media.com/forum/showthread.php?t=18846


Let us know how it goes, and if you need further assistance

Best Regards,
Mike

lemonlime

maja91 wrote:

i didn t run hjt on safe mode is that a problem?

and i tried to test about:buster, it wont run

My appologies, I just realized that you are running Windows 98. Dexter's guide is for Windows 2000/XP only.

We'll have to perform this removal in a more manual way.

Lets do the following: (You may want to print this post and my last post for your convenience)

1) 'Fix' all of those items I mentioned earlier in HJT.
2) Reboot the computer into safe mode.
3) Ensure that you can view 'hidden and system' files. (See the following link for more information: http://www.xtra.co.nz/help/0,,4155-1916458,00.html
4) Manually delete the following files on your computer:

C:\WIN98NEW\NETBU32.EXE
C:\WIN98NEW\SYSTEM\D3IL.EXE
C:\WIN98NEW\APIUT32.EXE
C:\WIN98NEW\SYSTEM\NETNV32.EXE
C:\WIN98NEW\SYSTEM\IPSU32.EXE
C:\WIN98NEW\NETYP32.EXE
C:\WIN98NEW\JAVAFG32.EXE
C:\WIN98NEW\SYSTEM\APPSA32.EXE
C:\WIN98NEW\SYSTEM\ADDEG32.EXE
C:\WIN98NEW\SYSTEM\ADDNP32.EXE
C:\WIN98NEW\SYSTEM\MSMP32.EXE
C:\WIN98NEW\SYSTEM\ATLWY32.EXE
C:\WIN98NEW\SYSTEM\MFCNY.EXE
C:\WIN98NEW\ADDAG.EXE
C:\WIN98NEW\SYSTEM\MFCDT32.EXE
C:\WIN98NEW\SYSTEM\JAVAQX.EXE
C:\WIN98NEW\SYSTEM\IPKN.EXE
C:\WIN98NEW\ADDJM.EXE
C:\WIN98NEW\zejme.dll
C:\WIN98NEW\MFCNO32.DLL
C:\WIN98NEW\ADDKH32.DLL
C:\WIN98NEW\JAVALK.DLL
C:\WIN98NEW\NTDJ32.DLL
C:\WIN98NEW\SYSTEM\CRWA.DLL
C:\WIN98NEW\SYSTEM\D3KI32.DLL
C:\WIN98NEW\SYSTEM\SDKQE32.DLL
C:\WIN98NEW\JAVAEP.DLL
C:\WIN98NEW\SYSTEM\SDKZN32.DLL
C:\WIN98NEW\SYSTEM\D3BH32.DLL

Once done, reboot into normal mode, and run a full adaware scan. Remove anything ad-aware finds, and post another updated HJT log in this thread.

Thanks,
Mike

maja91

ok i runed hjt in safe mode, hit fix, manualy removed the files i found (exe were there but none dll)
ad-aware didn t found anything after rebooting into normal mode

i stil have home search assistent (and co.) in my add remove programs

and entries hsa se sw in registry (hkey local machine/ software/ micr. /win./ cur. ver. /unninstal/ hsa)

whAT ABOUT THAT?

here s new log:

Logfile of HijackThis v1.99.1
Scan saved at 18:09:36, on 07.10.2005
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WIN98NEW\SYSTEM\KERNEL32.DLL
C:\WIN98NEW\SYSTEM\MSGSRV32.EXE
C:\WIN98NEW\SYSTEM\MPREXE.EXE
C:\WIN98NEW\SYSTEM\3CMLNKW.EXE
C:\WIN98NEW\SYSTEM\SCARDSVR.EXE
C:\WIN98NEW\SYSTEM\MSTASK.EXE
C:\WIN98NEW\SYSTEM\HPBPRO.EXE
C:\WIN98NEW\SYSTEM\HPBOID.EXE
C:\WIN98NEW\SYSTEM\SMARTSCAPS.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
C:\WIN98NEW\SYSTEM\RPCSS.EXE
C:\WIN98NEW\SYSTEM\SPOOL32.EXE
C:\WIN98NEW\EXPLORER.EXE
C:\WIN98NEW\TASKMON.EXE
C:\WIN98NEW\SYSTEM\INTERNAT.EXE
C:\WIN98NEW\SYSTEM\SYSTRAY.EXE
C:\WIN98NEW\SYSTEM\ATITASK.EXE
C:\WIN98NEW\SYSTEM\ATICWD32.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\TOOLBOX2.0\APACHE TOMCAT 4.0\WEBAPPS\TOOLBOX\STATUSCLIENT\STATUSCLIENT.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\SMARTTRUST\SMARTTRUST PERSONAL\CSP\SMARTCERTMOVER.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\TOOLBOX2.0\JAVASOFT\JRE\1.3.1\BIN\JAVAW.EXE
C:\WIN98NEW\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\HJT\HIJACKTHIS.EXE

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WIN98NEW\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WIN98NEW\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WIN98NEW\taskmon.exe
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Atikey] Atitask.exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\RunServices: [3Cmlink] C:\WIN98NEW\SYSTEM\3cmlnkW.exe
O4 - HKLM\..\RunServices: [SCardSvr] C:\WIN98NEW\SYSTEM\SCardSvr.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [HP Port Resolver] C:\WIN98NEW\SYSTEM\hpbpro.exe
O4 - HKLM\..\RunServices: [HP Status Server] C:\WIN98NEW\SYSTEM\hpboid.exe
O4 - HKLM\..\RunServices: [SmartScaps] C:\WIN98NEW\SYSTEM\Smartscaps.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [NPFMonitor] C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - Startup: Certificate Mover.lnk = C:\Program Files\SmartTrust\SmartTrust Personal\Csp\SmartCertmover.exe
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - https://edavki.durs.si/OpenPortal/Gui/Applets/msxml4.cab
O16 - DPF: {3707DB0E-E788-491A-8FA7-8C8B9774AAEB} (DigSigX Control) - https://edavki.durs.si/OpenPortal/Gui/Applets/hslDigSigX.cab

maja91

I Just Run Spy Bot And It Found Coolwwwsearch.searchklick And Trek Blue Error Nuker And Fix It.

After A Reboot Every Nasty Thing Was Gone!!!

I Think This Is It!!!

Thank You So Much For Assistance, I Just Love You!!!

(but I Hope I Never Need Your Help Again!)

Best Regards, Maja

lemonlime

maja91 wrote:

I Just Run Spy Bot And It Found Coolwwwsearch.searchklick And Trek Blue Error Nuker And Fix It.

After A Reboot Every Nasty Thing Was Gone!!!

I Think This Is It!!!

Thank You So Much For Assistance, I Just Love You!!!

(but I Hope I Never Need Your Help Again!)

Best Regards, Maja

Fantastic! Your HJT log now looks clean.

Glad I could be of help.

Below is some information that one of our SVT moderators, Crunchie has put together. He deserves full credit for the following quote. His suggestions are a great way to help keep your system safe moving forward.

Best Regards,
Mike.

Crunchie wrote:

Now that your PC is clean you need to follow these easy steps to keeping it this way:

Secure your Internet Explorer by going here and following the instructions there.

Better yet, use an alternative browser! Download FireFox and give it a run. It is far more secure than Internet Explorer. Or, you can get Opera which in my opinion, is better still.

Use a firewall to help prevent your PC's control being usurped by undesireables. There is a link to a good, free firewall in my signature.

Install and keep updated, Ad-Aware SE, and Spybot S&D.
Run them both on a regular basis, following the manufacturer's recommendations.

Install an anti-virus. There are some good, free AV's available today. Make sure that it is updated regularly and have it scan your system often.

Check for Windows Updates. Microsoft regularly post updates for your systems safe running. Make sure to take advantage of this. Reboot when installed and return to make sure there are no others.


Clear your Temp folders.
Clear out your Temporary internet files and other temp files.
Go to Start > Settings > Control Panel >Internet Options.
Under the General tab click the Delete temporary internet files,
delete all Offline content as well. Clear out Cookies.

Also, go to Start > Find/search > Files or folders > in the named box, type: *.tmp and choose Edit > select all -> File > delete.

Empty/delete the entire contents of the C:\Windows\temp folder and C:\temp folder, if you have one. (Contents but not the folder itself.)

C:\Documents and Settings\username\Local Settings\Temp\

In order to view these files you may have to select 'show hidden files/folders.' Instructions on how to here.

Empty the Recycle Bin.

For XP users.
After something like this it is a good idea to Flush the Restore Points and start fresh.
To flush the XP system Restore Points.

Go to Start>Run and type msconfig. Press enter.

When msconfig opens, click the Launch System Restore Button.
On the next page, click the System Restore Settings link on the left.

Check the box labelled 'Turn off System restore'.

Reboot. Go back in and Turn System Restore Back on. A new Restore Point will be created.

Note that all previous restore points will be lost.