Hello, my computer is having some problems. I read some other posts and ran a panda and HJT scan. The logfiles are below.

-----HJT START-----
Logfile of HijackThis v1.99.1
Scan saved at 8:02:25 PM, on 6/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\df654d4f.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\7d2f3d04.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\dcomcfg.exe
C:\WINDOWS\system32\atmclk.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis.exe

O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\system32\hp100.tmp
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [7d2f3d04.exe] C:\WINDOWS\system32\7d2f3d04.exe
O4 - HKLM\..\Run: [df654d4f.exe] C:\WINDOWS\system32\df654d4f.exe
O4 - HKCU\..\Run: [7d2f3d04.exe] C:\Documents and Settings\Administrator\Local Settings\Application Data\7d2f3d04.exe
O4 - HKCU\..\Run: [df654d4f.exe] C:\Documents and Settings\Administrator\Local Settings\Application Data\df654d4f.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6417575C-39B0-41EE-B41C-1EAC37AE61BF}: NameServer = 10.9.55.1
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: winuah32 - C:\WINDOWS\SYSTEM32\winuah32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe



-----HJT END-----


-----PANDA START-----


Incident Status Location

Adware:Adware/SystemDoctor Not disinfected c:\windows\system32\df654d4f.exe
Adware:adware/emediacodec Not disinfected c:\windows\system32\atmclk.exe
Adware:adware/securityerror Not disinfected c:\windows\system32\ot.ico
Dialer:dialer.avv Not disinfected c:\windows\downloaded program files\gdnUS2338.exe
Adware:adware/spywarequake Not disinfected c:\windows\system32\1024\ld7A49.tmp
Adware:adware/yazzle Not disinfected Windows Registry
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ma56jwud.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ma56jwud.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ma56jwud.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ma56jwud.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ma56jwud.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ma56jwud.default\cookies.txt[.com.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ma56jwud.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ma56jwud.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ma56jwud.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ma56jwud.default\cookies.txt[.clickbank.net/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ma56jwud.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ma56jwud.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ma56jwud.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ma56jwud.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ma56jwud.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ma56jwud.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ma56jwud.default\cookies.txt[.overture.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ma56jwud.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ma56jwud.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ma56jwud.default\cookies.txt[.belnk.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ma56jwud.default\cookies.txt[.zedo.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ma56jwud.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ma56jwud.default\cookies.txt[.112.2o7.net/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ma56jwud.default\cookies.txt[.valueclick.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ma56jwud.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ma56jwud.default\cookies.txt[hc2.humanclick.com/hc/36242939]
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ma56jwud.default\cookies.txt[hc2.humanclick.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ma56jwud.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ma56jwud.default\cookies.txt[.bfast.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ma56jwud.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ma56jwud.default\cookies.txt[.hotlog.ru/]
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ma56jwud.default\cookies.txt[.spylog.com/]
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ma56jwud.default\cookies.txt[data.coremetrics.com/]
Spyware:Cookie/Clicktracks Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ma56jwud.default\cookies.txt[stats1.clicktracks.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ma56jwud.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ma56jwud.default\cookies.txt[server.iad.liveperson.net/hc/72597726]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ma56jwud.default\cookies.txt[server.iad.liveperson.net/hc/43770959]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ma56jwud.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ma56jwud.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ma56jwud.default\cookies.txt[server.iad.liveperson.net/hc/91338698]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ma56jwud.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ma56jwud.default\cookies.txt[stat.onestat.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ma56jwud.default\cookies.txt[.qksrv.net/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ma56jwud.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ma56jwud.default\cookies.txt[.target.com/]
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ma56jwud.default\cookies.txt[counter.hitslink.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ma56jwud.default\cookies.txt[statse.webtrendslive.com/S118485]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ma56jwud.default\cookies.txt[statse.webtrendslive.com/S109868]
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ma56jwud.default\cookies.txt[.www.myaffiliateprogram.com/]
Spyware:Cookie/Versiontracker Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ma56jwud.default\cookies.txt[.versiontracker.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ma56jwud.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ma56jwud.default\cookies.txt[.ehg.hitbox.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ma56jwud.default\cookies.txt[.microsoftwga.112.2o7.net/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ma56jwud.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ma56jwud.default\cookies.txt[statse.webtrendslive.com/S109859]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ma56jwud.default\cookies.txt[landing.domainsponsor.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ma56jwud.default\cookies.txt[searchportal.information.com/]
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ma56jwud.default\cookies.txt[.c2.gostats.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@atwola[1].txt
Adware:Adware/SystemDoctor Not disinfected C:\Documents and Settings\Administrator\Local Settings\Application Data\df654d4f.exe
Virus:Trj/Downloader.JDP Disinfected C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\ma56jwud.default\Cache\217EDC92d01
Virus:Trj/Downloader.JDP Disinfected C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\ma56jwud.default\Cache\7D703258d01
Adware:Adware/Searchcontrol Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\win2EA.tmp.exe
Adware:Adware/PicsPlace Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8S52LWXD\srvcnh[1].exe


-----PANDA END -----


Thanks in advance for all of your help... You're a life saver!
See attached file

Hi and welcome to GeeksToGo

I'm Jet Ian , and I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.

We also recommend that you Subscribe to this thread so that when I or the other experts replied, you will get an email notification. To do this: Click on then and make sure you set it to Immediate Email Notification.

You may want to print out these instructions or save it as a text document, and use them as a reference. If you have any questions regarding the fix, please ask us before proceeding. It is also important for you to don't miss a step and perform everything in the right order.

=====================================

Download smitRem.exe

• Save it to your Desktop.
• Double-click the file to extract it to it's own folder on the desktop.

Download ATF Cleaner

• Save it to your Desktop.
• Do not run it yet. We will use this later.

Download Ewido Anti-Malware

• Install Ewido.
• When installing, under Additional Options, uncheck:
  • Install background guard
  • Install scan via context menu
• Launch Ewido.
• The program will now open the main screen.
• You will need to update ewido to the latest definition files
  • On the left hand side of the main screen click update.
  • Then click on the Start Update button.
• The update will start and a progress bar will show the updates being installed.
• After it has finished, close Ewido, we will use it later.
• If you are having problems with the updater, you can use this link to manually update ewido » Ewido manual updates.

=====================================

Show Hidden Files and Folders

Click Start » My Computer » Tools » Folder Options. Select the View tab.

• Check - Show hidden files and folders
• Uncheck - Hide file extensions for known types
• Uncheck - Hide protected operating system files

Click Yes to confirm, then OK to exit.

=====================================

Reboot into Safe Mode

• Restart your computer.
• Before the Windows logo appear, tap F8 repeatedly.
• A menu should appear, select Safe Mode from the menu using your arrow keys and then hit Enter on your keyboard.
• This will take a while than usual, so just wait.

=====================================

Uninstall Programs

• Click Start » Control Panel » Add/Remove Programs
• Find and remove the following program(s) (if present):
  
  Viewpoint
  
  
• Close Add/Remove Programs window after uninstalling.

=====================================

Please open HijackThis, click Do a system scan only, and then place a checkmark beside each of these entries:

O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\system32\hp100.tmp
O4 - HKLM\..\Run: [7d2f3d04.exe] C:\WINDOWS\system32\7d2f3d04.exe
O4 - HKLM\..\Run: [df654d4f.exe] C:\WINDOWS\system32\df654d4f.exe
O4 - HKCU\..\Run: [7d2f3d04.exe] C:\Documents and Settings\Administrator\Local Settings\Application Data\7d2f3d04.exe
O4 - HKCU\..\Run: [df654d4f.exe] C:\Documents and Settings\Administrator\Local Settings\Application Data\df654d4f.exe
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O20 - Winlogon Notify: winuah32 - C:\WINDOWS\SYSTEM32\winuah32.dll

After placing all the checkmarks, close all windows (except HJT), and then hit Fix Checked. When it finishes, exit HJT.

=====================================

Click Start » Run
Paste this on the box then press Enter :

regsvr32 /u occache.dll

=====================================

Locate and delete the following file(s), if present :

c:\windows\system32\ot.ico
c:\windows\downloaded program files\gdnUS2338.exe
C:\WINDOWS\system32\df654d4f.exe
C:\WINDOWS\system32\7d2f3d04.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\7d2f3d04.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\df654d4f.exe

Locate and delete the following folder(s), if present :

C:\Program Files\Viewpoint\

=====================================

Click Start » Run
Paste this on the box then press Enter :

regsvr32 occache.dll

=====================================

Run smitRem

• Open the smitRem folder, then double click the RunThis.bat file to start the tool.
• Follow the prompts on screen.
• Wait for the tool to complete and disk cleanup to finish.
• The tool will create a log found in C:\smitfiles.txt. I will need you to post that later.

=====================================

Run ATF Cleaner

• Double-click ATF-Cleaner.exe to run the program.
• Click Select All found at the bottom of the list.
• Click the Empty Selected button.

If you use Firefox browser, do this also:

• Click Firefox at the top and choose Select All from the list.
• Click the Empty Selected button.
• NOTE : If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser, do this also:

• Click Opera at the top and choose Select All from the list.
• Click the Empty Selected button.
• NOTE : If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

=====================================

Run Ewido

• Please close all Windows, Programs or Browsers.
• Open Ewido.
• Click on scanner at the left side, then click on Complete System Scan.
  • Please don't use the computer while scanning
  • If Ewido finds anything, it will pop up a notification. When it asks if you want to clean the first file, put a checkmark in the lower left corner of the box that says Perform action on all infections and put a checkmark in the box next to Create encrypted backup, then choose Clean and click Ok.
• Once the scan has completed, click the button located on the bottom of the screen named Save report.
• Save the report to your Desktop.
• Close Ewido.

=====================================

Go to Start | Control Panel | Display | Desktop tab | Customize Desktop button | Web tab.

• Under Web Pages you should see a checked entry called Security info or something similar.
• If it is there, select that entry and click the Delete button.
• Click OK, then Apply, and lastly OK.

=====================================

Restart your computer

=====================================

Run an online scan at Panda's ActiveScan

• Please go here using Internet Explorer.
• Once you are on the Panda site click the Scan your PC button.
• A new window will open, click the big Check Now button.
  • Enter your Country.
  • Enter your State/Province.
  • Enter your e-mail address and click send.
  • Select either Home User or Company.
  • Click the big Scan Now button.
• If it wants to install an ActiveX component allow it.
• It will start downloading the files it requires for the scan.
• When the download is complete, click on My Computer to start the scan.
• When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

NOTE: Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.

=====================================

In your next reply, please include these log(s):

• HijackThis log (new)
• C:\smitfiles.txt
• Ewido
• Panda

Thanks for your quick response! I'll get back to you with those logfiles as soon as I can.

Ok, take your time

Here are 3 of the four logs you requested. I am going to run activescan while i'm at work.

-HJT-

Logfile of HijackThis v1.99.1
Scan saved at 7:44:24 PM, on 6/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Administrator\Desktop\spyware\HijackThis.exe

O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\system32\hp101.tmp
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [7d2f3d04.exe] C:\WINDOWS\system32\7d2f3d04.exe
O4 - HKLM\..\Run: [df654d4f.exe] C:\WINDOWS\system32\df654d4f.exe
O4 - HKCU\..\Run: [7d2f3d04.exe] C:\Documents and Settings\Administrator\Local Settings\Application Data\7d2f3d04.exe
O4 - HKCU\..\Run: [df654d4f.exe] C:\Documents and Settings\Administrator\Local Settings\Application Data\df654d4f.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6417575C-39B0-41EE-B41C-1EAC37AE61BF}: NameServer = 10.9.55.1
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: winuah32 - C:\WINDOWS\SYSTEM32\winuah32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe



-END HJT-



-ewido-
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 9:14:43 PM, 6/12/2006
+ Report-Checksum: 3BC1EB5E

+ Scan result:

[224] C:\WINDOWS\system32\winuah32.dll -> Trojan.Agent.vg : Cleaned with backup
C:\WINDOWS\system32\winuah32.dll -> Trojan.Agent.vg : Cleaned with backup


::Report End
-end ewido-

-smitrem-


smitRem © log file
version 3.0

by noahdfear


Microsoft Windows XP [Version 5.1.2600]
"IE"="6.0000"
The current date is: Mon 06/12/2006
The current time is: 19:47:30.71

Running from
C:\Documents and Settings\Administrator\Desktop\spyware\smitRem

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run SharedTask Export

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{5aaf6542-f4ba-4df4-873d-4902ecbe794c}"="antitragus"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


[HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{5aaf6542-f4ba-4df4-873d-4902ecbe794c}\InProcServer32]
@="C:\WINDOWS\system32\asxbbx.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


checking for WinHound.com key


WinHound.com key not present!


checking for drsmartload2 key


drsmartload2 key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present
AlfaCleaner uninstaller NOT present
SpyFalcon uninstaller NOT present
SpywareQuake uninstaller NOT present
SpywareSheriff uninstaller NOT present

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~

Online Security Guide.url
Security Troubleshooting.url


~~~ Favorites ~~~

Antivirus Test Online.url


~~~ system32 folder ~~~

regperf.exe
simpole.tlb
stdole3.tlb
atmclk.exe
dcomcfg.exe
amcompat.tlb
nscompat.tlb
1024 dir
ld****.tmp
hp***.tmp
logfiles


~~~ Icons in System32 ~~~

ts.ico


~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 784 'explorer.exe'

Starting registry repairs

Registry repairs complete

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SharedTask Export after registry fix

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deleting files

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~


~~~ Wininet.dll ~~~

CLEAN!


-end smitrem-



Thank you for all your help and I will be posting the panda log later.

The computer already seems to be faster, and popups are not popping up!

Great! Looks like you scanned with Hijackthis before doing the fixes, can I get a new Hijackthis log from Normal mode now?

This post has been edited by Jag11: Jun 13 2006, 05:20 AM

Ok, here is the new HJT log, and the panda log.

-HJT-

Logfile of HijackThis v1.99.1
Scan saved at 3:09:07 PM, on 6/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Administrator\Desktop\spyware\HijackThis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6417575C-39B0-41EE-B41C-1EAC37AE61BF}: NameServer = 10.9.55.1
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: winuah32 - winuah32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe



-HJT END-


-PANDA START-

Incident Status Location

Dialer:dialer.avv Not disinfected c:\windows\downloaded program files\gdnUS2338.exe
Potentially unwanted tool:application/winantivirus2006 Not disinfected hkey_local_machine\software\WinAntiVirus Pro 2006
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Administrator\Desktop\spyware\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Administrator\Desktop\spyware\smitRem.exe[smitRem/Process.exe]
Adware:Adware/SystemDoctor Not disinfected C:\Documents and Settings\Administrator\Local Settings\Application Data\7d2f3d04.exe
Adware:Adware/SystemDoctor Not disinfected C:\Documents and Settings\Administrator\Local Settings\Application Data\df654d4f.exe
Potentially unwanted tool:Application/PWDump.C Not disinfected C:\ripper\john1701\run\pwdump.exe

-PANDA END-

Ok, let's continue...

=====================================

Please open HijackThis, click Do a system scan only, and then place a checkmark beside each of these entries:

O20 - Winlogon Notify: winuah32 - winuah32.dll (file missing)

After placing all the checkmarks, close all windows (except HJT), and then hit Fix Checked. When it finishes, exit HJT.

=====================================

Click Start » Run
Paste this on the box then press Enter :

regsvr32 /u occache.dll

=====================================

Locate and delete the following file(s), if present :

C:\WINDOWS\system32\keyhook.exe
c:\windows\downloaded program files\gdnUS2338.exe
C:\Documents and Settings\Administrator\Desktop\spyware\smitRem\
C:\Documents and Settings\Administrator\Desktop\spyware\smitRem.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\7d2f3d04.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\df654d4f.exe
C:\ripper\john1701\run\pwdump.exe

=====================================

Click Start » Run
Paste this on the box then press Enter :

regsvr32 occache.dll

=====================================

Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad. Save it as "All Files" and name it FixME.reg. Please save it on your desktop.


Double click FixME.reg. It will ask you if you want to merge it to the registry, click Yes.

=====================================

Then tell us how are things running now. Also post a new Hijackthis log

Things seem to be running great!

Here's a hjt log for you.

Logfile of HijackThis v1.99.1
Scan saved at 7:06:48 AM, on 6/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Administrator\Desktop\spyware\HijackThis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6417575C-39B0-41EE-B41C-1EAC37AE61BF}: NameServer = 10.9.55.1
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe

Your log is now clean! If you still have any other problems/questions, just post them here.

Please update your Java :

Update Java

• Go to Start » Control Panel » Add/Remove Programs.
• Search for all previous installed versions of Java. (J2SE Runtime Environment.... )
  It should have this icon next to it:
• Click that entry and then click on the Change/Remove button.
• Then download and install the newest version from here.

Now that you're clean, please follow these simple steps in order to keep your computer clean and secure:

1.) Re-Hide System Files and Folders:

• Click Start
• Open My Computer
• Select the Tools menu and click Folder Options
• Select the View tab
• Deselect the Show hidden files and folders option
• Select the Hide protected operating system files option
• Click Yes to confirm
• Click OK

2.) Reset and Re-enable your System Restore

We need to do this to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)

• Click Start » Run » ( type: SYSDM.CPL ) » OK
• Click the System Restore tab.
• Check - Turn off System Restore.
• Click Apply.
• Uncheck - Turn off System Restore.
• Click OK.

You have now flushed your previous System Restore points, so we will make a new one again since your computer is already clean.

• Go to Start » All Programs » Accessories » System Tools, and select System Restore
• In the System Restore prompt, select: Create a restore point
• Click Next
• Give a description to the new Restore Point. (Something like: Clean PC)
• Click Create
• Then close the window

3.) How to Prevent Re-Infection

Please take your time reading on this list, it is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

• Windows Updates (a must!) - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this, open Internet Explorer, then and select Tools » Windows Update, and follow the online instructions from there.
• Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
• AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
• SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
• SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
• IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
• Firewall (a must!) - It is definitely a must have. Two good free versions are Kerio and ZoneAlarm.
• Anti-Virus (a must!) - It is also a must have. Two good programs are Avast and AVG, they're both free.
  Note: You must only use 1 (one) AV because if you have 2 AVs, it will conflict with each other and will only make your system slow.

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.