Something Hijacking my computer

dotloop

Hello, I have something Hijacking my computer and cant figure out what it is, I have had Gopher Search hijacking the homepage and think I have finally got rid of it, however something is still shutting down my yahoo messenger and something is making websites run very weirdly.

Here is my Hijack this Log.

Thank you for all help in advance.

Logfile of HijackThis v1.99.1
Scan saved at 11:30:11 AM, on 6/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ohb - {22DFEAE8-9AD2-4FC6-9CBA-A6566CA3B6EB} - C:\WINDOWS\system32\gpstool.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Owner\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Owner\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

musicman

You sems to have NOD32 antivirus on this machine as well as AVG antivirus. This is dangerous. Your system could have conflicts. NEVER have more than one AV in operation at any one time.

Please disable/uninstall one of them.

Also please advise which firewall you are using.

Before we go further let's do some general cleaning up.

***********************

Make sure you have exposed all Hidden Files & Folders.

To enable the viewing of Hidden files follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the My Computer icon.
3. Select the Tools menu and click Folder Options.
4. After the new window appears select the View tab.
5. Put a checkmark in the checkbox labeled Display the contents of system folders.
6. Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
7. Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
8. Remove the checkmark from the checkbox labeled Hide protected operating system files.
9. Press the Apply button and then the OK button and close My Computer.

***********************

Please download and install SUPERAntiSpyware

• Load SUPERAntiSpyware and click the Check for Updates button.
• Once the update has finished, exit SUPERAntiSpyware. Please do NOT run a scan yet!

IMPORTANT: Do NOT open any other windows or programs while SUPERAntiSpyware is scanning, it may interfere with the scanning process.

• Open SUPERAntiSpyware and click the Scan your Computer button.
• Check Perform Complete Scan and then click Next.
• SUPERAntiSpyware will now scan your computer and when it’s finished it will list all the infections it has found.
• Make sure that they all have a check next to them, and then click Next.
• Click Finish and you will be taken back to the main interface.
• It could be possible that it will ask you to reboot your computer in order to delete some files after reboot.
• I'll need a log afterwards of what has been found.
• To get the log, click Preferences and then click the Statistics/Logs tab. Click the dated log and press View Log and a text file will appear.
• Please post the results of the SUPERAntiSpyware log in your next reply.

*******************

Rehide your Hidden Files & Folders by carrying out the reverse operation to that described at the start of this post.

*******************

Post a fresh HJT log, the Superantispyware log and an update on how your computer is operating now.


MM

dotloop

Thanks so much for the help on this.......I just ran the Spyware program and rebooted.....here is the new logs.......as well it looks like I somehow havent gotten rid of the gopher search stuff.
I got rid of the Nod32 av as well....thanks for the info on not running 2, didnt know that.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 06/20/2007 at 02:19 PM
Application Version : 3.8.1002
Core Rules Database Version : 3258
Trace Rules Database Version: 1269
Scan type : Complete Scan
Total Scan Time : 00:30:08
Memory items scanned : 366
Memory threats detected : 1
Registry items scanned : 5940
Registry threats detected : 78
File items scanned : 31216
File threats detected : 66
Adware.GPSTool
C:\WINDOWS\SYSTEM32\GPSTOOL.DLL
C:\WINDOWS\SYSTEM32\GPSTOOL.DLL
HKLM\Software\Classes\CLSID\{0D2C959E-BA6A-4BBA-97AD-5BCA3F416F4D}
HKCR\CLSID\{0D2C959E-BA6A-4BBA-97AD-5BCA3F416F4D}
HKCR\CLSID\{0D2C959E-BA6A-4BBA-97AD-5BCA3F416F4D}
HKCR\CLSID\{0D2C959E-BA6A-4BBA-97AD-5BCA3F416F4D}\InprocServer32
HKCR\CLSID\{0D2C959E-BA6A-4BBA-97AD-5BCA3F416F4D}\InprocServer32#ThreadingModel
HKCR\CLSID\{0D2C959E-BA6A-4BBA-97AD-5BCA3F416F4D}\ProgID
HKCR\CLSID\{0D2C959E-BA6A-4BBA-97AD-5BCA3F416F4D}\Programmable
HKCR\CLSID\{0D2C959E-BA6A-4BBA-97AD-5BCA3F416F4D}\TypeLib
HKCR\CLSID\{0D2C959E-BA6A-4BBA-97AD-5BCA3F416F4D}\VersionIndependentProgID
HKLM\Software\Classes\CLSID\{12CB5A72-9CBD-4C3C-999D-140C5D196068}
HKCR\CLSID\{12CB5A72-9CBD-4C3C-999D-140C5D196068}
HKCR\CLSID\{12CB5A72-9CBD-4C3C-999D-140C5D196068}
HKCR\CLSID\{12CB5A72-9CBD-4C3C-999D-140C5D196068}\InprocServer32
HKCR\CLSID\{12CB5A72-9CBD-4C3C-999D-140C5D196068}\InprocServer32#ThreadingModel
HKCR\CLSID\{12CB5A72-9CBD-4C3C-999D-140C5D196068}\ProgID
HKCR\CLSID\{12CB5A72-9CBD-4C3C-999D-140C5D196068}\Programmable
HKCR\CLSID\{12CB5A72-9CBD-4C3C-999D-140C5D196068}\TypeLib
HKCR\CLSID\{12CB5A72-9CBD-4C3C-999D-140C5D196068}\VersionIndependentProgID
HKLM\Software\Classes\CLSID\{22DFEAE8-9AD2-4FC6-9CBA-A6566CA3B6EB}
HKCR\CLSID\{22DFEAE8-9AD2-4FC6-9CBA-A6566CA3B6EB}
HKCR\CLSID\{22DFEAE8-9AD2-4FC6-9CBA-A6566CA3B6EB}
HKCR\CLSID\{22DFEAE8-9AD2-4FC6-9CBA-A6566CA3B6EB}\InprocServer32
HKCR\CLSID\{22DFEAE8-9AD2-4FC6-9CBA-A6566CA3B6EB}\InprocServer32#ThreadingModel
HKCR\CLSID\{22DFEAE8-9AD2-4FC6-9CBA-A6566CA3B6EB}\ProgID
HKCR\CLSID\{22DFEAE8-9AD2-4FC6-9CBA-A6566CA3B6EB}\Programmable
HKCR\CLSID\{22DFEAE8-9AD2-4FC6-9CBA-A6566CA3B6EB}\TypeLib
HKCR\CLSID\{22DFEAE8-9AD2-4FC6-9CBA-A6566CA3B6EB}\VersionIndependentProgID
HKLM\Software\Classes\CLSID\{D7A7442D-85A9-475F-82F9-65ED4110B4C5}
HKCR\CLSID\{D7A7442D-85A9-475F-82F9-65ED4110B4C5}
HKCR\CLSID\{D7A7442D-85A9-475F-82F9-65ED4110B4C5}
HKCR\CLSID\{D7A7442D-85A9-475F-82F9-65ED4110B4C5}\Control
HKCR\CLSID\{D7A7442D-85A9-475F-82F9-65ED4110B4C5}\Implemented Categories
HKCR\CLSID\{D7A7442D-85A9-475F-82F9-65ED4110B4C5}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
HKCR\CLSID\{D7A7442D-85A9-475F-82F9-65ED4110B4C5}\InprocServer32
HKCR\CLSID\{D7A7442D-85A9-475F-82F9-65ED4110B4C5}\InprocServer32#ThreadingModel
HKCR\CLSID\{D7A7442D-85A9-475F-82F9-65ED4110B4C5}\MiscStatus
HKCR\CLSID\{D7A7442D-85A9-475F-82F9-65ED4110B4C5}\MiscStatus\1
HKCR\CLSID\{D7A7442D-85A9-475F-82F9-65ED4110B4C5}\ProgID
HKCR\CLSID\{D7A7442D-85A9-475F-82F9-65ED4110B4C5}\Programmable
HKCR\CLSID\{D7A7442D-85A9-475F-82F9-65ED4110B4C5}\ToolboxBitmap32
HKCR\CLSID\{D7A7442D-85A9-475F-82F9-65ED4110B4C5}\TypeLib
HKCR\CLSID\{D7A7442D-85A9-475F-82F9-65ED4110B4C5}\Version
HKCR\CLSID\{D7A7442D-85A9-475F-82F9-65ED4110B4C5}\VersionIndependentProgID
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22DFEAE8-9AD2-4FC6-9CBA-A6566CA3B6EB}
Trojan.Media-Codec/V3
HKLM\Software\Classes\CLSID\{B8C5186E-EC37-4889-9C2E-F73649FFB7BB}
HKCR\CLSID\{B8C5186E-EC37-4889-9C2E-F73649FFB7BB}
HKCR\CLSID\{B8C5186E-EC37-4889-9C2E-F73649FFB7BB}#xxx
HKCR\CLSID\{B8C5186E-EC37-4889-9C2E-F73649FFB7BB}\InprocServer32
HKCR\CLSID\{B8C5186E-EC37-4889-9C2E-F73649FFB7BB}\InprocServer32#ThreadingModel
C:\PROGRAM FILES\VIDEO ACTIVEX ACCESS\IESPLG.DLL
HKCR\CLSID\{B8C5186E-EC37-4889-9C2E-F73649FFB7BB}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Security Plug-in
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Security Plug-in#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Security Plug-in#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Secure Bar
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Secure Bar#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Secure Bar#UninstallString
Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\owner@atdmt[1].txt
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@shortmedia.us.intellitxt[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@247realmedia[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@2o7[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@ad.isohunt[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@ad.yieldmanager[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@ad1.clickhype[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@adbrite[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@adinterax[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@adknowledge[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@adopt.hbmediapro[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@adrevolver[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@adrevolver[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@ads.addynamix[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@ads.pointroll[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@ads.realcastmedia[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@adserver.adreactor[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@adserver[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@advertising[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@as-us.falkag[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@atdmt[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@atwola[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@bluestreak[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@burstnet[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@casalemedia[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@cbs.112.2o7[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@clicksor[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@clicktorrent[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@data4.perf.overture[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@doubleclick[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@e-2dj6wjlyuid5aho.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@ehg-ctv.hitbox[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@ehg-dig.hitbox[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@fastclick[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@hitbox[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@i.screensavers[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@image.masterstats[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@interclick[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@maxserving[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@mediaplex[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@nextag[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@overture[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@partygaming.122.2o7[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@partypoker[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@perf.overture[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@questionmarket[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@serving-sys[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@serving.rpowermedia[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@starware[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@statcounter[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@tacoda[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@trafficmp[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@tribalfusion[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@tripod[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@tsn.112.2o7[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@www.burstnet[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@www.clickxchange[2].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@www.screensavers[1].txt
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@zedo[1].txt
Adware.180solutions/ZangoSearch
HKCR\SAIX.InstallerCaller
HKCR\SAIX.InstallerCaller\CLSID
HKCR\SAIX.InstallerCaller\CurVer
HKCR\SAIX.InstallerCaller.1
HKCR\SAIX.InstallerCaller.1\CLSID
HKCR\AppId\{D28CD14C-50BE-4CFA-951E-B37F25DA3472}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SAIX.dll
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SAIX.dll#.Owner
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SAIX.dll#{DECEAAA2-370A-49BB-9362-68C3A58DDC62}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#C:\WINDOWS\Downloaded Program Files\SAIX.dll [ ]
Adware.ZToolbar
C:\WINDOWS\system32\azebar.xml
Dialer.VacPro
HKCR\Progetto1.int_ver34
HKCR\Progetto1.int_ver34\Clsid
HKCR\TypeLib\{4CAB2947-C1D1-4233-AA2E-FE05362A5945}
HKCR\TypeLib\{4CAB2947-C1D1-4233-AA2E-FE05362A5945}\2.0
HKCR\TypeLib\{4CAB2947-C1D1-4233-AA2E-FE05362A5945}\2.0\0
HKCR\TypeLib\{4CAB2947-C1D1-4233-AA2E-FE05362A5945}\2.0\0\win32
HKCR\TypeLib\{4CAB2947-C1D1-4233-AA2E-FE05362A5945}\2.0\FLAGS
HKCR\TypeLib\{4CAB2947-C1D1-4233-AA2E-FE05362A5945}\2.0\HELPDIR
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/int_ver34.ocx
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/int_ver34.ocx#.Owner
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/int_ver34.ocx#{A1426AC5-8CE5-4A00-B71E-011D35709AC6}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#C:\WINDOWS\Downloaded Program Files\int_ver34.ocx [ ]
C:\PROGRAM FILES\HIJACKTHIS\BACKUPS\BACKUP-20070620-111622-970.INF
Adware.MWSearch Variant
C:\WINDOWS\SYSTEM32\IASADA.DLL
Trace.Known Threat Sources
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\6ECXYQBB\WhiteStyle_728x90[1].swf




New Hijack this file after running the Anti Spyware.

Logfile of HijackThis v1.99.1
Scan saved at 2:40:09 PM, on 6/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.gophersearch.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gophersearch.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.gophersearch.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gophersearch.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gophersearch.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Owner\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Owner\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

musicman

Open HJT ... click on 'Do a System Scan Only'... put tick/check marks next to these entries IF still present (make sure you don't miss any)...

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.gophersearch.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gophersearch.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.gophersearch.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gophersearch.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gophersearch.com/


Remember to close ALL open browser windows – including this one – before clicking on “Fix Checked” at the foot of the HijackThis window.

*******************

Download Adaware from here ....

http://www.lavasoftusa.com/products/ad_aware_free.php

Install it and scan your computer with it. Let it fix what it finds.

*******************

Lastly, update Superantispyware to the latest definitions and scan your computer again, saving the log as yo did before.



Please post a fresh HJT log, the Superantispyware log AND another update on how things are going now.


MM

dotloop

Things seem to be running 100% better than this morning thanks again for all the help...........here are the antispyware and hijack this scans.


SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 06/20/2007 at 09:55 PM
Application Version : 3.8.1002
Core Rules Database Version : 3259
Trace Rules Database Version: 1270
Scan type : Complete Scan
Total Scan Time : 00:31:02
Memory items scanned : 373
Memory threats detected : 0
Registry items scanned : 5935
Registry threats detected : 0
File items scanned : 31444
File threats detected : 13
Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ehg-ctv.hitbox[2].txt
C:\Documents and Settings\Owner\Cookies\owner@247realmedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[2].txt
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt
C:\Documents and Settings\Owner\Cookies\owner@revsci[2].txt
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adinterax[2].txt
C:\Documents and Settings\Owner\Cookies\owner@burstnet[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.burstnet[2].txt
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@shortmedia.us.intellitxt[1].txt


Hijack Log

Logfile of HijackThis v1.99.1
Scan saved at 9:59:44 PM, on 6/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Owner\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Owner\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

musicman

The log is clean but tell me ... .which firewalll are you using? If you are relying on the Windoze built-in firewall then don't. Get a good free alternative from this list ...

Zone Alarm > http://www.zonelabs.com/store/content/catalog/products/sku_list_za.jsp?dc=12bms&ctry=US&lang=en&lid=nav_za

Sygate > http://www.simtel.net/product.download.mirrors.php?id=53687

Sunbelt Firewall (formerly Kerio) > http://www.sunbelt-software.com/Home-Home-Office/Sunbelt-Personal-Firewall/

Comodo > http://www.comodo.com/products/free_products.html

Jetico > http://www.jetico.com/index.htm#/jpfirewall.htm

m0n0wall > http://m0n0.ch/wall/
(I’ve heard good things about monowall but it takes some setting up, I believe)

Smoothwall > http://www.smoothwall.org/

Tiny Personal > http://www.webmasterfree.com/tpfw.html

Outpost > http://www.agnitum.com/products/outpostfree/download.php

****************

Also remember that HJT doesn't see all malware. Far from it. You must keep a close eye on how your computer behaves and report anything out of the ordinary.

****************

If you are certain you have no more trouble you should clear out all old System Restore points then immediately create a new one so you have something to fall back on should anything go awry again. Also remember to make SR points on a regular basis.

More on System Restore ...

http://www.microsoft.com/windowsxp/using/helpandsupport/getstarted/ballew_03may19.mspx


What may have lead up to your infection and help keep your computer free of malware …

http://www.castlecops.com/t7736-So_how_did_I_get_infected_in_the_first_place.html

http://www.help2go.com/Tutorials/Protect_Your_PC/Avoid_Web_Browser_Hijackers.html

http://www.techsupportforum.com/security-center/general-computer-security/115548-pc-safety-security-what-do-i-need.html

There is a little duplication/crossover but all these tutorials are well worth reading.

Don’t forget to keep SuperAntiSpyware updated and use it to scan your computer from time to time.


If you do suffer an infection again you should run first Ccleaner to clean out your system. Get Ccleaner here but ensure you install it WITHOUT the optional Yahoo Toolbar download (you must untick/uncheck the relevant box on download) …

http://www.ccleaner.com/


Also run through this before posting another HijackThis log …

http://www.help2go.com/Tutorials/Protect_Your_PC/Get_Rid_of_Spyware%2C_Adware%2C_and_Web_Browser_Hijackers.html


Best wishes.


MM

dotloop

I was just using a Windows based Firewall protection..........I downloaded and installed zone alarm........thanks for the advice on the programs to help with the problems.

Seems to be running well still......I think ill give it a day before I do a system restore just to make sure though.

Thanks for all the help MM

musicman

You're welcome.


MM