Solve : Posting logs after scan.."can't connect to internet..."?

1.	Solve : Posting logs after scan.."can't connect to internet..."?
Answer» here are the logs from Hijack this Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:28:59 PM, on 10/9/2008 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\System32\svchost.exe C:\DOCUME~1\Owner\LOCALS~1\Temp\SSUPDATE.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O2 - BHO: (no name) - {11904ce8-632a-4856-a7cc-00b33fe71bd8} - (no file) O2 - BHO: (no name) - {1c4da27d-4d52-4465-a089-98e01bb725ca} - (no file) O2 - BHO: (no name) - {7070a8f9-08a4-ca47-0ab0-1eb9e4ee1f3b} - (no file) O2 - BHO: (no name) - {87185e78-a61b-4db3-965a-3235bbd7a622} - (no file) O2 - BHO: (no name) - {8dc8f96d-34f7-1501-a2a4-631341aa3ac1} - (no file) O2 - BHO: (no name) - {a6f42cad-2559-48df-af30-89e480af5dfa} - (no file) O2 - BHO: (no name) - {e2b2b5a1-b48c-4886-a318-723916a01024} - (no file) O2 - BHO: (no name) - {e6d5237d-a6c7-4c83-a67f-f9f15586fa62} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O10 - Unknown file in Winsock LSP: rsvp32_2.dll O10 - Unknown file in Winsock LSP: rsvp32_2.dll O10 - Unknown file in Winsock LSP: rsvp32_2.dll O10 - Unknown file in Winsock LSP: rsvp32_2.dll O10 - Unknown file in Winsock LSP: rsvp32_2.dll O10 - Unknown file in Winsock LSP: rsvp32_2.dll O10 - Unknown file in Winsock LSP: rsvp32_2.dll O10 - Unknown file in Winsock LSP: rsvp32_2.dll O10 - Unknown file in Winsock LSP: rsvp32_2.dll O10 - Unknown file in Winsock LSP: rsvp32_2.dll O10 - Unknown file in Winsock LSP: rsvp32_2.dll O10 - Unknown file in Winsock LSP: rsvp32_2.dll O10 - Unknown file in Winsock LSP: rsvp32_2.dll O10 - Unknown file in Winsock LSP: rsvp32_2.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{9BEE9ECD-E2B6-411B-ADC3-480BCB64598E}: NAMESERVER = 86.64.145.144 O17 - HKLM\System\CCS\Services\Tcpip\..\{A7BE54E0-1517-4ED2-A79C-90ED790DB98F}: NameServer = 86.64.145.144 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe -- End of file - 3310 bytes The SASW scan log SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 10/04/2008 at 08:13 PM Application Version : 4.21.1004 Core Rules Database Version : 3588 Trace Rules Database Version: 1575 Scan type : Quick Scan Total Scan Time : 00:05:23 Memory items scanned : 258 Memory threats detected : 1 Registry items scanned : 301 Registry threats detected : 26 File items scanned : 2855 File threats detected : 82 Trojan.LSP/RSVP32 C:\WINDOWS\SYSTEM32\RSVP32_2.DLL C:\WINDOWS\SYSTEM32\RSVP32_2.DLL C:\WINDOWS\SYSTEM32\RSVP32_2.DLL435 C:\WINDOWS\SYSTEM32\RSVP32_2.DLLEWFWE34F C:\WINDOWS\SYSTEM32\RSVP32_2.DLLEWFWEF Trojan.TaskDir [taskdir] C:\WINDOWS\SYSTEM32\TASKDIR.EXE C:\WINDOWS\SYSTEM32\TASKDIR.EXE [taskdir] C:\WINDOWS\SYSTEM32\TASKDIR.EXE [taskdir] C:\WINDOWS\SYSTEM32\TASKDIR.EXE HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run#taskdir [ C:\WINDOWS\System32\taskdir.exe ] HKU\S-1-5-21-1214440339-1078145449-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run#taskdir [ C:\WINDOWS\System32\taskdir.exe ] HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run#taskdir [ C:\WINDOWS\System32\taskdir.exe ] C:\WINDOWS\SYSTEM32\ZLBW.DLL Dloader-NL Trojan BHO HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15ACE85C-0BB1-42d1-9E32-07EB0506675A} Unclassified.Unknown Origin HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1b68470c-2def-493b-8a4a-8e2d81be4ea5} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5753791b-f607-48ca-814e-91c14d081f9e} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{746455fe-d059-47e7-af0e-140e03f5a447} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7a7e6d97-b492-4884-9abb-c31281dcc4f2} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} Trojan.Media-Codec HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{202a961f-23ae-42b1-9505-ffe3c818d717} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{479fd0cf-5be9-4c63-8cda-b6d371c67bd5} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{860c2f6b-ca82-4282-9187-beccbb66f0af} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a2595f37-48d0-46a1-9b51-478591a97764} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d1ac752e-883f-4ed8-8828-b618c3a72152} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fe2d25c1-c1db-4b5e-9390-af1cb5302f32} Unclassified.Deskware HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2e246fae-8420-11d9-870d-000c2917de7f} Trojan.SmitFraud Variant HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77701e16-9bfe-4b63-a5b4-7bd156758a37} Trojan.Performent HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9c5875b8-93f3-429d-ff34-660b206d897a} Trojan.DELF-NJ HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b212d577-05b7-4963-911e-4a8588160dfa} Adware.SurfSideKick HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} Adware.Tracking Cookie C:\Documents and Settings\Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt C:\Documents and Settings\Owner\Cookies\[email protected][2].txt C:\Documents and Settings\Owner\Cookies\[email protected][1].txt Malware.SpywareSheriff HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareSheriff_is1 Malware.TitanShield HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TitanShield Antispyware_is1 Malware.Antispyware Soldier HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Antispyware Soldier_is1 Trojan.Downloader-UDL2 C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\CJW.EXE C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\RKRYYKG.EXE Trojan.Fake-Drop/Gen C:\WINDOWS\DIALUP.EXE C:\WINDOWS\INETDCTR.DLL C:\WINDOWS\SPP3.DLL C:\WINDOWS\SYSTEM32\ANTI_TROJ.EXE C:\WINDOWS\SYSTEM32\DLOAD.EXE C:\WINDOWS\SYSTEM32\IEWD.EXE C:\WINDOWS\SYSTEM32\MSMSN.EXE C:\WINDOWS\SYSTEM32\NETSTAT2.EXE C:\WINDOWS\SYSTEM32\PERFONT.EXE C:\WINDOWS\SYSTEM32\PERFORMENT202.DLL C:\WINDOWS\SYSTEM32\POPCORN72.EXE C:\WINDOWS\SYSTEM32\PROQLAIM.EXE C:\WINDOWS\SYSTEM32\WIN32HP.DLL C:\WINDOWS\SYSTEM32\WINMUSE.EXE Trojan.Downloader-Gen/ClownP C:\WINDOWS\PP.EXE C:\WINDOWS\Prefetch\PP.EXE-2E0C9B8F.pf Trojan.Downloader-Gen/Win C:\WINDOWS\RUNWIN32.EXE C:\WINDOWS\SYSTEM32\AF.EXE.EXE C:\WINDOWS\SYSTEM32\GAME5P.EXE.EXE C:\WINDOWS\WININET32.EXE C:\WINDOWS\Prefetch\AF.EXE.EXE-1711E3D3.pf Trojan.Mailer/ZU C:\WINDOWS\SHOW.EXE C:\WINDOWS\Prefetch\SHOW.EXE-34F4586A.pf Trojan.Dropper/Storm C:\WINDOWS\SYSTEM32\AA.EXE.EXE C:\WINDOWS\Prefetch\AA.EXE.EXE-14C1C9D6.pf Trojan.Downloader-Gen/ABC C:\WINDOWS\SYSTEM32\ABC.EXE C:\WINDOWS\Prefetch\ABC.EXE-07B9AC72.pf Trojan.Downloader-ADir/TaskDir C:\WINDOWS\SYSTEM32\ADIR.DLL C:\WINDOWS\TEMP\_AVAST4_\UNP166091142.TMP Trojan.VXGame-Gen C:\WINDOWS\SYSTEM32\GAME1.EXE C:\WINDOWS\SYSTEM32\GAME2.EXE C:\WINDOWS\SYSTEM32\GAME4.EXE C:\WINDOWS\SYSTEM32\VXGAMET1.EXE C:\WINDOWS\Prefetch\GAME1.EXE-019BA37F.pf C:\WINDOWS\Prefetch\GAME2.EXE-382FEAC1.pf C:\WINDOWS\Prefetch\GAME4.EXE-22FC9B4F.pf Trojan.Downloader-Gen/Game C:\WINDOWS\SYSTEM32\GAME3.EXE C:\WINDOWS\Prefetch\GAME3.EXE-16CEF2F1.pf Trojan.Downloader-Loader242 C:\WINDOWS\SYSTEM32\JRGDJIHQ.EXE C:\WINDOWS\SYSTEM32\XTREELAV.EXE C:\WINDOWS\Prefetch\JRGDJIHQ.EXE-16FE56C8.pf Trojan.Downloader-Gen/Snuke C:\WINDOWS\SYSTEM32\MA.EXE.EXE C:\WINDOWS\SYSTEM32\PP.EXE.EXE C:\WINDOWS\Prefetch\MA.EXE.EXE-0062ADD7.pf C:\WINDOWS\Prefetch\PP.EXE.EXE-36C305AC.pf Trojan.VXGame/32 C:\WINDOWS\SYSTEM32\MPSEGMENT.EXE C:\WINDOWS\SYSTEM32\VXH8JKDQ2.EXE C:\WINDOWS\SYSTEM32\VXH8JKDQ6.EXE Trojan.Downlaoder-Home C:\WINDOWS\SYSTEM32\MSMAPI32.EXE Trojan.Zlob-BY C:\WINDOWS\SYSTEM32\MSVOL.TLB Trojan.Downloader-WinCom32/Rootkit-Trace C:\WINDOWS\SYSTEM32\WINCOM32.INI Trojan.Downloader-Gen/WO C:\WINDOWS\SYSTEM32\WO.EXE Trojan.Downloader-Gen/ZU C:\WINDOWS\SYSTEM32\ZU.EXE C:\WINDOWS\ZU.EXE C:\WINDOWS\Prefetch\ZU.EXE-046518A3.pf C:\WINDOWS\Prefetch\ZU.EXE-3011EB7D.pf And the Malewarebytes log Malwarebytes' Anti-Malware 1.28 Database version: 1227 Windows 5.1.2600 10/4/2008 7:57:04 PM mbam-log-2008-10-04 (19-57-04).txt Scan type: Quick Scan Objects scanned: 35733 Time elapsed: 3 minute(s), 6 second(s) Memory Processes Infected: 0 Memory Modules Infected: 2 Registry Keys Infected: 23 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 42 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\WINDOWS\system32\ipv6mons.dll (Spyware.Bzub) -> Delete on reboot. C:\WINDOWS\system32\asgp32.dll (Trojan.Downloader) -> Delete on reboot. Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73364d99-1240-4dff-b12a-67e448373148} (Trojan.BHO.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{73364d99-1240-4dff-b12a-67e448373148} (Trojan.BHO.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{73364d99-1240-4dff-b12a-67e448373148} (Spyware.Bzub) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{y479c6d0-otrw-u5gh-s1ee-e0ac10b4e666} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fcaddc14-bd46-408a-9842-cdbe1c6d37eb} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{c9ad5667-9e22-483a-851d-03561bd6e5e3} (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2ffa1bd3-1cfb-4934-b503-dc8f6d489cbd} (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{fa5b9933-1ae8-4a8d-9822-b20a6ca2b5ec} (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fa5b9933-1ae8-4a8d-9822-b20a6ca2b5ec} (Trojan.Downloader) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\ipv6mons.dll (Trojan.BHO.H) -> Delete on reboot. C:\WINDOWS\x.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\y.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\xxxvideo.hta (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\accesss.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\astctl32.ocx (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\avpcc.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\clrssn.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\cpan.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\mtwirl32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\notepad32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\olehelp.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\systeem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\systemcritical.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\time.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\users32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\waol.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\win32e.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\win64.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\winajbm.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\window.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\winmgnt.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\xplugin.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\system32\asgp32.dll (Trojan.Downloader) -> Delete on reboot. C:\WINDOWS\system32\game0.exe.exe (Worm.Zhelatin) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sfxzmtforum.dll (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sfxzmtsmt.dll (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sfxzmtsmtspm.dll (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sfxzmtwbmail.dll (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pfxzmtaim.dll (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pfxzmtforum.dll (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pfxzmtgtal.dll (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pfxzmticq.dll (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pfxzmtsmt.dll (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pfxzmtsmtspm.dll (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pfxzmtwbmail.dll (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pfxzmtymsg.dll (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\stfv.bin (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ace16win.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\system32\winsub.xml (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\svcp.csv (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\kernels64.exe (Worm.Zhelatin) -> Quarantined and deleted successfully. To recap... the computer uses XP and could connect to the internet before the scans were done ..but on every search it would lead you to the same page. The browser is Internet explorer, the internet will work when connected to a different machine. on this computer it says it's connected but it's not receiving.Open HijackThis and select Do a system scan only then place a check mark next to: - O2 - BHO: (no name) - {11904ce8-632a-4856-a7cc-00b33fe71bd8} - (no file) - O2 - BHO: (no name) - {1c4da27d-4d52-4465-a089-98e01bb725ca} - (no file) - O2 - BHO: (no name) - {7070a8f9-08a4-ca47-0ab0-1eb9e4ee1f3b} - (no file) - O2 - BHO: (no name) - {87185e78-a61b-4db3-965a-3235bbd7a622} - (no file) - O2 - BHO: (no name) - {8dc8f96d-34f7-1501-a2a4-631341aa3ac1} - (no file) - O2 - BHO: (no name) - {a6f42cad-2559-48df-af30-89e480af5dfa} - (no file) - O2 - BHO: (no name) - {e2b2b5a1-b48c-4886-a318-723916a01024} - (no file) - O2 - BHO: (no name) - {e6d5237d-a6c7-4c83-a67f-f9f15586fa62} - (no file) Now close all windows except for HijackThis and then click Fix checked Exit HijackThis. ---------- A malicious .DLL file is disrupting the LSP chain on your computer. We need to get rid of it. Please download LSPFix Run the LSPFix.exe that you have just finished downloading. Check the I know what I'm doing box. In the Keep box you should see one or more instances of rsvp32_2.dll Select every instance of rsvp32_2.dll and move each one to the Remove box by clicking the >> button. If the rsvp32_2.dll file only appears on the right sid then just click fix checked and close the program. When you are done click Finish>> . ---------- Download Dial-a-Fix by djlizard, save it to the desktop then extract it to it's own folder. Open the folder and run Dial-a-fix.exe 2 windows will open. Close the one in the background labeled Restrictive Policies Check the box in section 1, Empty temp folders. Check the box in section 2, Fix Windows Installer. Check the box in section 4, labeled SSL/HTTPS/Cryptography. The 4 boxes under it should be pre-checked Check all boxes in Section 5, labeled Registration Center. Click Go OK any error messages if received, but write them down and post them here. Restart the computer when done and then post a new HijackThis log. . Also let me know how everything is now?Thanks Evilfantasy... I just followed all the steps you gave. All went well until the scan onDial-a-fix...the last 2 bowex didn't clear in No. 5 Registration center --Explorer / IE / OE / shell / /WMP and --object linking libaries (OLE) In the scan itself it stops at --Registering imgtil.dll Any ideas? Try this. Download to your desktop FixPolicies.exe, a self-extracting ZIP archive from HERE. Double-click FixPolicies.exe. Click the Install button on the bottom toolbar of the box that will open. The program will create a new Folder called FixPolicies. Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd A black box will briefly appear and then close. Restart the computer so the changes can take effect. How is everything now? I meant to get back to you sooner but had to go to work. This is what I did.. I canceled the Dial-a-fix scan and it said it had crashed so I scanned again. It went all the way through that time. I restarted the computer and it connected to the internet no problem. They only wierd thing is the home page "Google" has boxes where it should have text but I can move from there with out any difficulty. Are there any more steps to follow?Yes theres more, we needed to get the connection fixed so it will be easier. Download ComboFix by sUBs from one of the below links. Be sure top save it to the Desktop. Link #1 Link #2 Note: It is important that it is saved directly to your Desktop Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix. Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double click combofix.exe & follow the prompts. When finished ComboFix will produce a log for you. Post the ComboFix log and a new HijackThis log in your next reply. Important:** Do not mouseclick ComboFix's window while it is running. That may cause it to stall. Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.here is the Combofix log ComboFix 08-10-09.06 - Owner 2008-10-10 17:31:45.1 - NTFSx86 Microsoft Windows XP Home EDITION 5.1.2600.0.1252.1.1033.18.27 [GMT -7:00] Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\adir.dll C:\WINDOWS\system32\aimsmx.dll C:\WINDOWS\system32\aosmx.dll C:\WINDOWS\system32\dd.exe C:\WINDOWS\system32\gtalsmx.dll C:\WINDOWS\system32\rsvp32_2.dll C:\WINDOWS\system32\rsvp32_2.dll3f2tj C:\WINDOWS\system32\setup.exe.tmp C:\WINDOWS\system32\sm.exe C:\WINDOWS\system32\ymsgsmx.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_WINCOM32 -------\Service_wincom32 ((((((((((((((((((((((((( Files Created from 2008-09-11 to 2008-10-11 ))))))))))))))))))))))))))))))) . 2008-10-10 06:57 . 2008-10-10 17:31 d-------- C:\WINDOWS\system32\CatRoot2 2008-10-09 23:30 . 2008-10-09 23:30 d-------- C:\Program Files\CCleaner 2008-10-09 23:28 . 2008-10-09 23:28 d-------- C:\Program Files\Trend Micro 2008-10-09 22:46 . 2001-08-17 14:03 21,760 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys 2008-10-09 22:41 . 2008-10-09 22:41 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-10-09 22:36 . 2008-10-09 22:36 d-------- C:\Program Files\Common Files\Skype 2008-10-09 22:35 . 2008-10-09 23:14 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-10-09 22:35 . 2008-10-09 22:35 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-10-04 20:02 . 2008-10-09 22:41 d-------- C:\Program Files\SUPERAntiSpyware 2008-10-04 20:02 . 2008-10-04 20:02 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com 2008-10-04 19:52 . 2008-10-04 19:52 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes 2008-10-04 19:52 . 2008-10-04 19:52 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-10-04 19:52 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-10-04 19:52 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-10-04 19:39 . 2008-10-04 19:39 285 --a------ C:\WINDOWS\system32\MRT.INI 2008-10-04 19:35 . 2008-10-04 19:35 2,400 --a------ C:\WINDOWS\system32\wpa.bak 2008-10-04 18:58 . 2008-07-18 22:10 33,992 --a------ C:\WINDOWS\system32\wucltui.dll.mui 2008-10-04 18:58 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui 2008-10-04 18:58 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\system32\wuapi.dll.mui 2008-10-04 18:58 . 2008-07-18 22:08 20,680 --a------ C:\WINDOWS\system32\wuaueng.dll.mui . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-11 00:36 --------- d-----w C:\Documents and Settings\Owner\Application Data\Skype 2008-10-05 23:43 --------- d-----w C:\Documents and Settings\Owner\Application Data\MSN6 2008-10-05 23:20 --------- d-----w C:\Program Files\Skype 2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-19 05:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2001-08-02 1077277] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-01-29 25370152] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll R2 EZYJOPOP;EZYJOPOP;C:\WINDOWS\System32\ezyjopop.ciq [2001-08-23 14976] S3 PAC207;UCAM-E1C10&UCAM-G1C10 series;C:\WINDOWS\System32\DRIVERS\pfc027.sys [ ] . . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.google.com O9 -: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm O9 -: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm - O17 -: HKLM\CCS\Interface\{9BEE9ECD-E2B6-411B-ADC3-480BCB64598E}: NameServer = 86.64.145.144 O17 -: HKLM\CCS\Interface\{A7BE54E0-1517-4ED2-A79C-90ED790DB98F}: NameServer = 86.64.145.144 . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by GMER, http://www.gmer.net Rootkit scan 2008-10-10 17:35:05 Windows 5.1.2600 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EZYJOPOP] "ImagePath"="\??\C:\WINDOWS\System32\ezyjopop.ciq" . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\PAStiSvc.exe . ********************************************************************** . Completion time: 2008-10-10 17:38:39 - machine was rebooted ComboFix-quarantined-files.txt 2008-10-11 00:38:33 Pre-Run: 37,495,373,824 bytes free Post-Run: 37,487,112,192 bytes free 108 --- E O F --- 2008-10-11 00:28:30 here is the Hijackthis log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:39:40 PM, on 10/10/2008 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O17 - HKLM\System\CCS\Services\Tcpip\..\{9BEE9ECD-E2B6-411B-ADC3-480BCB64598E}: NameServer = 86.64.145.144 O17 - HKLM\System\CCS\Services\Tcpip\..\{A7BE54E0-1517-4ED2-A79C-90ED790DB98F}: NameServer = 86.64.145.144 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe -- End of file - 2183 bytes Click START then RUN Now type Combofix /u in the runbox Make sure there's a space between Combofix and /u Then hit Enter. . The above procedure will: Delete the following: ComboFix and its associated files and folders. Reset the clock settings. Hide file extensions, if required. Hide System/Hidden files, if required. Set a new, clean Restore Point. . ---------- Download OTCleanIt.exe and save it to your Desktop. Double-click OTCleanIt.exe. Click the CleanUp! button. Select Yes when the "Begin cleanup Process?" prompt appears. If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes, if not delete it yourself. . ---------- Go to Microsoft Windows Update and get all critical updates. ---------- Now run a new HijackThis scan and post the log. Also let me know how everything is now.This is the Hijackthis log after doing everything else first. Everything is running just fine now. I wont be able to post again until sunday..Iam away for the weekend...so I will say to now...Evilfantasy you are the MAN...thanks so much for seeing me through this. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:50:53 PM, on 10/10/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\spupdsvc.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\msiexec.exe \?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe \?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE C:\DOCUME~1\Owner\LOCALS~1\Temp\SSUPDATE.EXE C:\WINDOWS\System32\msdtc.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{9BEE9ECD-E2B6-411B-ADC3-480BCB64598E}: NameServer = 86.64.145.144 O17 - HKLM\System\CCS\Services\Tcpip\..\{A7BE54E0-1517-4ED2-A79C-90ED790DB98F}: NameServer = 86.64.145.144 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe -- End of file - 2399 bytes You need to install a free antivirus now before you are back in this situation again. Avira AntiVir Personal is probably the best. Remember to only install one antivirus! 1) Avast! Home Free Edition 2) AVG Free Edition 3) Avira AntiVir Personal ---------- Disable the System Restore Utility to prevent re-infection from an old one 1) Right click the My Computer icon on the Desktop and click on Properties. 2) Click on the System Restore tab. 3) Put a check mark next to Turn off System Restore on All Drives 4) Click the OK button. 5) You will be prompted to restart the computer. Click the Yes button. Now re-enable System Restore To re-enable the System Restore Utility, follow steps one to five and on step three remove the check mark next to 'Turn off System Restore on All Drives'. 1) Right click the My Computer icon on the Desktop and click on Properties. 2) Click on the System Restore tab. 3) Remove the check mark next to Turn off System Restore on All Drives 4) Click the OK button. ---------- Use the Secunia Software Inspector to check for out of date software. Click Start Now Check the box next to Enable thorough system inspection. Click Start Allow the scan to finish and scroll down to see if any updates are needed. Update anything listed. . ---------- Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't SLOW down your PC.** Concerned about Browser Security? Consider using Mozilla Firefox 3.0 with Adblock Plus and NoScript To prevent unknown applications from being installed on your computer install WinPatrol 2008 * Using Winpatrol to protect your computer from malicious software I suggest using SiteAdvisor. SiteAdvisor rates sites on business practices and spam. Safety ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop CERTAIN cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

Answer»

here are the logs from Hijack this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:28:59 PM, on 10/9/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\SSUPDATE.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {11904ce8-632a-4856-a7cc-00b33fe71bd8} - (no file)
O2 - BHO: (no name) - {1c4da27d-4d52-4465-a089-98e01bb725ca} - (no file)
O2 - BHO: (no name) - {7070a8f9-08a4-ca47-0ab0-1eb9e4ee1f3b} - (no file)
O2 - BHO: (no name) - {87185e78-a61b-4db3-965a-3235bbd7a622} - (no file)
O2 - BHO: (no name) - {8dc8f96d-34f7-1501-a2a4-631341aa3ac1} - (no file)
O2 - BHO: (no name) - {a6f42cad-2559-48df-af30-89e480af5dfa} - (no file)
O2 - BHO: (no name) - {e2b2b5a1-b48c-4886-a318-723916a01024} - (no file)
O2 - BHO: (no name) - {e6d5237d-a6c7-4c83-a67f-f9f15586fa62} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O10 - Unknown file in Winsock LSP: rsvp32_2.dll
O10 - Unknown file in Winsock LSP: rsvp32_2.dll
O10 - Unknown file in Winsock LSP: rsvp32_2.dll
O10 - Unknown file in Winsock LSP: rsvp32_2.dll
O10 - Unknown file in Winsock LSP: rsvp32_2.dll
O10 - Unknown file in Winsock LSP: rsvp32_2.dll
O10 - Unknown file in Winsock LSP: rsvp32_2.dll
O10 - Unknown file in Winsock LSP: rsvp32_2.dll
O10 - Unknown file in Winsock LSP: rsvp32_2.dll
O10 - Unknown file in Winsock LSP: rsvp32_2.dll
O10 - Unknown file in Winsock LSP: rsvp32_2.dll
O10 - Unknown file in Winsock LSP: rsvp32_2.dll
O10 - Unknown file in Winsock LSP: rsvp32_2.dll
O10 - Unknown file in Winsock LSP: rsvp32_2.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{9BEE9ECD-E2B6-411B-ADC3-480BCB64598E}: NAMESERVER = 86.64.145.144
O17 - HKLM\System\CCS\Services\Tcpip\..\{A7BE54E0-1517-4ED2-A79C-90ED790DB98F}: NameServer = 86.64.145.144
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 3310 bytes
The SASW scan log

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/04/2008 at 08:13 PM

Application Version : 4.21.1004

Core Rules Database Version : 3588
Trace Rules Database Version: 1575

Scan type : Quick Scan
Total Scan Time : 00:05:23

Memory items scanned : 258
Memory threats detected : 1
Registry items scanned : 301
Registry threats detected : 26
File items scanned : 2855
File threats detected : 82

Trojan.LSP/RSVP32
   C:\WINDOWS\SYSTEM32\RSVP32_2.DLL
   C:\WINDOWS\SYSTEM32\RSVP32_2.DLL
   C:\WINDOWS\SYSTEM32\RSVP32_2.DLL435
   C:\WINDOWS\SYSTEM32\RSVP32_2.DLLEWFWE34F
   C:\WINDOWS\SYSTEM32\RSVP32_2.DLLEWFWEF

Trojan.TaskDir
   [taskdir] C:\WINDOWS\SYSTEM32\TASKDIR.EXE
   C:\WINDOWS\SYSTEM32\TASKDIR.EXE
   [taskdir] C:\WINDOWS\SYSTEM32\TASKDIR.EXE
   [taskdir] C:\WINDOWS\SYSTEM32\TASKDIR.EXE
   HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run#taskdir [ C:\WINDOWS\System32\taskdir.exe ]
   HKU\S-1-5-21-1214440339-1078145449-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run#taskdir [ C:\WINDOWS\System32\taskdir.exe ]
   HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run#taskdir [ C:\WINDOWS\System32\taskdir.exe ]
   C:\WINDOWS\SYSTEM32\ZLBW.DLL

Dloader-NL Trojan BHO
   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15ACE85C-0BB1-42d1-9E32-07EB0506675A}

Unclassified.Unknown Origin
   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1b68470c-2def-493b-8a4a-8e2d81be4ea5}
   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5753791b-f607-48ca-814e-91c14d081f9e}
   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{746455fe-d059-47e7-af0e-140e03f5a447}
   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7a7e6d97-b492-4884-9abb-c31281dcc4f2}
   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF}

Trojan.Media-Codec
   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{202a961f-23ae-42b1-9505-ffe3c818d717}
   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{479fd0cf-5be9-4c63-8cda-b6d371c67bd5}
   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{860c2f6b-ca82-4282-9187-beccbb66f0af}
   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a2595f37-48d0-46a1-9b51-478591a97764}
   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d1ac752e-883f-4ed8-8828-b618c3a72152}
   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fe2d25c1-c1db-4b5e-9390-af1cb5302f32}

Unclassified.Deskware
   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2e246fae-8420-11d9-870d-000c2917de7f}

Trojan.SmitFraud Variant
   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77701e16-9bfe-4b63-a5b4-7bd156758a37}

Trojan.Performent
   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9c5875b8-93f3-429d-ff34-660b206d897a}

Trojan.DELF-NJ
   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b212d577-05b7-4963-911e-4a8588160dfa}

Adware.SurfSideKick
   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076}

Adware.Tracking Cookie
   C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
   C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

Malware.SpywareSheriff
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareSheriff_is1

Malware.TitanShield
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TitanShield Antispyware_is1

Malware.Antispyware Soldier
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Antispyware Soldier_is1

Trojan.Downloader-UDL2
   C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\CJW.EXE
   C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\RKRYYKG.EXE

Trojan.Fake-Drop/Gen
   C:\WINDOWS\DIALUP.EXE
   C:\WINDOWS\INETDCTR.DLL
   C:\WINDOWS\SPP3.DLL
   C:\WINDOWS\SYSTEM32\ANTI_TROJ.EXE
   C:\WINDOWS\SYSTEM32\DLOAD.EXE
   C:\WINDOWS\SYSTEM32\IEWD.EXE
   C:\WINDOWS\SYSTEM32\MSMSN.EXE
   C:\WINDOWS\SYSTEM32\NETSTAT2.EXE
   C:\WINDOWS\SYSTEM32\PERFONT.EXE
   C:\WINDOWS\SYSTEM32\PERFORMENT202.DLL
   C:\WINDOWS\SYSTEM32\POPCORN72.EXE
   C:\WINDOWS\SYSTEM32\PROQLAIM.EXE
   C:\WINDOWS\SYSTEM32\WIN32HP.DLL
   C:\WINDOWS\SYSTEM32\WINMUSE.EXE

Trojan.Downloader-Gen/ClownP
   C:\WINDOWS\PP.EXE
   C:\WINDOWS\Prefetch\PP.EXE-2E0C9B8F.pf

Trojan.Downloader-Gen/Win
   C:\WINDOWS\RUNWIN32.EXE
   C:\WINDOWS\SYSTEM32\AF.EXE.EXE
   C:\WINDOWS\SYSTEM32\GAME5P.EXE.EXE
   C:\WINDOWS\WININET32.EXE
   C:\WINDOWS\Prefetch\AF.EXE.EXE-1711E3D3.pf

Trojan.Mailer/ZU
   C:\WINDOWS\SHOW.EXE
   C:\WINDOWS\Prefetch\SHOW.EXE-34F4586A.pf

Trojan.Dropper/Storm
   C:\WINDOWS\SYSTEM32\AA.EXE.EXE
   C:\WINDOWS\Prefetch\AA.EXE.EXE-14C1C9D6.pf

Trojan.Downloader-Gen/ABC
   C:\WINDOWS\SYSTEM32\ABC.EXE
   C:\WINDOWS\Prefetch\ABC.EXE-07B9AC72.pf

Trojan.Downloader-ADir/TaskDir
   C:\WINDOWS\SYSTEM32\ADIR.DLL
   C:\WINDOWS\TEMP\_AVAST4_\UNP166091142.TMP

Trojan.VXGame-Gen
   C:\WINDOWS\SYSTEM32\GAME1.EXE
   C:\WINDOWS\SYSTEM32\GAME2.EXE
   C:\WINDOWS\SYSTEM32\GAME4.EXE
   C:\WINDOWS\SYSTEM32\VXGAMET1.EXE
   C:\WINDOWS\Prefetch\GAME1.EXE-019BA37F.pf
   C:\WINDOWS\Prefetch\GAME2.EXE-382FEAC1.pf
   C:\WINDOWS\Prefetch\GAME4.EXE-22FC9B4F.pf

Trojan.Downloader-Gen/Game
   C:\WINDOWS\SYSTEM32\GAME3.EXE
   C:\WINDOWS\Prefetch\GAME3.EXE-16CEF2F1.pf

Trojan.Downloader-Loader242
   C:\WINDOWS\SYSTEM32\JRGDJIHQ.EXE
   C:\WINDOWS\SYSTEM32\XTREELAV.EXE
   C:\WINDOWS\Prefetch\JRGDJIHQ.EXE-16FE56C8.pf

Trojan.Downloader-Gen/Snuke
   C:\WINDOWS\SYSTEM32\MA.EXE.EXE
   C:\WINDOWS\SYSTEM32\PP.EXE.EXE
   C:\WINDOWS\Prefetch\MA.EXE.EXE-0062ADD7.pf
   C:\WINDOWS\Prefetch\PP.EXE.EXE-36C305AC.pf

Trojan.VXGame/32
   C:\WINDOWS\SYSTEM32\MPSEGMENT.EXE
   C:\WINDOWS\SYSTEM32\VXH8JKDQ2.EXE
   C:\WINDOWS\SYSTEM32\VXH8JKDQ6.EXE

Trojan.Downlaoder-Home
   C:\WINDOWS\SYSTEM32\MSMAPI32.EXE

Trojan.Zlob-BY
   C:\WINDOWS\SYSTEM32\MSVOL.TLB

Trojan.Downloader-WinCom32/Rootkit-Trace
   C:\WINDOWS\SYSTEM32\WINCOM32.INI

Trojan.Downloader-Gen/WO
   C:\WINDOWS\SYSTEM32\WO.EXE

Trojan.Downloader-Gen/ZU
   C:\WINDOWS\SYSTEM32\ZU.EXE
   C:\WINDOWS\ZU.EXE
   C:\WINDOWS\Prefetch\ZU.EXE-046518A3.pf
   C:\WINDOWS\Prefetch\ZU.EXE-3011EB7D.pf
And the Malewarebytes log

Malwarebytes' Anti-Malware 1.28
Database version: 1227
Windows 5.1.2600

10/4/2008 7:57:04 PM
mbam-log-2008-10-04 (19-57-04).txt

Scan type: Quick Scan
Objects scanned: 35733
Time elapsed: 3 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 23
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 42

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\ipv6mons.dll (Spyware.Bzub) -> Delete on reboot.
C:\WINDOWS\system32\asgp32.dll (Trojan.Downloader) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73364d99-1240-4dff-b12a-67e448373148} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{73364d99-1240-4dff-b12a-67e448373148} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{73364d99-1240-4dff-b12a-67e448373148} (Spyware.Bzub) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{y479c6d0-otrw-u5gh-s1ee-e0ac10b4e666} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fcaddc14-bd46-408a-9842-cdbe1c6d37eb} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c9ad5667-9e22-483a-851d-03561bd6e5e3} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2ffa1bd3-1cfb-4934-b503-dc8f6d489cbd} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fa5b9933-1ae8-4a8d-9822-b20a6ca2b5ec} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fa5b9933-1ae8-4a8d-9822-b20a6ca2b5ec} (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\ipv6mons.dll (Trojan.BHO.H) -> Delete on reboot.
C:\WINDOWS\x.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\y.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\xxxvideo.hta (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\accesss.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\astctl32.ocx (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\avpcc.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\clrssn.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\cpan.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mtwirl32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\notepad32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\olehelp.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\systeem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\systemcritical.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\time.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\users32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\waol.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\win32e.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\win64.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winajbm.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\window.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winmgnt.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\xplugin.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\asgp32.dll (Trojan.Downloader) -> Delete on reboot.
C:\WINDOWS\system32\game0.exe.exe (Worm.Zhelatin) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sfxzmtforum.dll (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sfxzmtsmt.dll (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sfxzmtsmtspm.dll (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sfxzmtwbmail.dll (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pfxzmtaim.dll (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pfxzmtforum.dll (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pfxzmtgtal.dll (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pfxzmticq.dll (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pfxzmtsmt.dll (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pfxzmtsmtspm.dll (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pfxzmtwbmail.dll (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pfxzmtymsg.dll (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\stfv.bin (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ace16win.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winsub.xml (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\svcp.csv (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kernels64.exe (Worm.Zhelatin) -> Quarantined and deleted successfully.
To recap... the computer uses XP and could connect to the internet before the scans were done ..but on every search it would lead you to the same page.
The browser is Internet explorer, the internet will work when connected to a different machine. on this computer it says it's connected but it's not receiving.Open HijackThis and select Do a system scan only then place a check mark next to:

- O2 - BHO: (no name) - {11904ce8-632a-4856-a7cc-00b33fe71bd8} - (no file)
- O2 - BHO: (no name) - {1c4da27d-4d52-4465-a089-98e01bb725ca} - (no file)
- O2 - BHO: (no name) - {7070a8f9-08a4-ca47-0ab0-1eb9e4ee1f3b} - (no file)
- O2 - BHO: (no name) - {87185e78-a61b-4db3-965a-3235bbd7a622} - (no file)
- O2 - BHO: (no name) - {8dc8f96d-34f7-1501-a2a4-631341aa3ac1} - (no file)
- O2 - BHO: (no name) - {a6f42cad-2559-48df-af30-89e480af5dfa} - (no file)
- O2 - BHO: (no name) - {e2b2b5a1-b48c-4886-a318-723916a01024} - (no file)
- O2 - BHO: (no name) - {e6d5237d-a6c7-4c83-a67f-f9f15586fa62} - (no file)

Now close all windows except for HijackThis and then click Fix checked

Exit HijackThis.

----------

A malicious .DLL file is disrupting the LSP chain on your computer. We need to get rid of it.

Please download LSPFix
Run the LSPFix.exe that you have just finished downloading.
Check the I know what I'm doing box.
In the Keep box you should see one or more instances of rsvp32_2.dll
Select every instance of rsvp32_2.dll and move each one to the Remove box by clicking the >> button.
If the rsvp32_2.dll file only appears on the right sid then just click fix checked and close the program.
When you are done click Finish>>

.
----------
Download Dial-a-Fix by djlizard, save it to the desktop then extract it to it's own folder.

Open the folder and run Dial-a-fix.exe
2 windows will open. Close the one in the background labeled Restrictive Policies
Check the box in section 1, Empty temp folders.
Check the box in section 2, Fix Windows Installer.
Check the box in section 4, labeled SSL/HTTPS/Cryptography. The 4 boxes under it should be pre-checked
Check all boxes in Section 5, labeled Registration Center.
Click Go
OK any error messages if received, but write them down and post them here.
Restart the computer when done and then post a new HijackThis log.

.
Also let me know how everything is now?Thanks Evilfantasy...
I just followed all the steps you gave.
All went well until the scan onDial-a-fix...the last 2 bowex didn't clear in No. 5 Registration center --Explorer / IE / OE / shell / /WMP and --object linking libaries (OLE)
In the scan itself it stops at --Registering imgtil.dll

Any ideas? Try this.

Download to your desktop FixPolicies.exe, a self-extracting ZIP archive from HERE.

Double-click FixPolicies.exe.
Click the Install button on the bottom toolbar of the box that will open.
The program will create a new Folder called FixPolicies.
Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd
A black box will briefly appear and then close.
Restart the computer so the changes can take effect.

How is everything now?

I meant to get back to you sooner but had to go to work.

This is what I did..
I canceled the Dial-a-fix scan and it said it had crashed so I scanned again. It went all the way through that time. I restarted the computer and it connected to the internet no problem. They only wierd thing is the home page "Google" has boxes where it should have text but I can move from there with out any difficulty.

Are there any more steps to follow?Yes theres more, we needed to get the connection fixed so it will be easier.

Download ComboFix by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click combofix.exe & follow the prompts.
When finished ComboFix will produce a log for you.
Post the ComboFix log and a new HijackThis log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.here is the Combofix log

ComboFix 08-10-09.06 - Owner 2008-10-10 17:31:45.1 - NTFSx86
Microsoft Windows XP Home EDITION 5.1.2600.0.1252.1.1033.18.27 [GMT -7:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\adir.dll
C:\WINDOWS\system32\aimsmx.dll
C:\WINDOWS\system32\aosmx.dll
C:\WINDOWS\system32\dd.exe
C:\WINDOWS\system32\gtalsmx.dll
C:\WINDOWS\system32\rsvp32_2.dll
C:\WINDOWS\system32\rsvp32_2.dll3f2tj
C:\WINDOWS\system32\setup.exe.tmp
C:\WINDOWS\system32\sm.exe
C:\WINDOWS\system32\ymsgsmx.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WINCOM32
-------\Service_wincom32

((((((((((((((((((((((((( Files Created from 2008-09-11 to 2008-10-11 )))))))))))))))))))))))))))))))
.

2008-10-10 06:57 . 2008-10-10 17:31      d--------   C:\WINDOWS\system32\CatRoot2
2008-10-09 23:30 . 2008-10-09 23:30      d--------   C:\Program Files\CCleaner
2008-10-09 23:28 . 2008-10-09 23:28      d--------   C:\Program Files\Trend Micro
2008-10-09 22:46 . 2001-08-17 14:03   21,760   --a--c---   C:\WINDOWS\system32\dllcache\usbstor.sys
2008-10-09 22:41 . 2008-10-09 22:41      d--------   C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-10-09 22:36 . 2008-10-09 22:36      d--------   C:\Program Files\Common Files\Skype
2008-10-09 22:35 . 2008-10-09 23:14      d--------   C:\Program Files\Malwarebytes' Anti-Malware
2008-10-09 22:35 . 2008-10-09 22:35      d--------   C:\Program Files\Common Files\Wise Installation Wizard
2008-10-04 20:02 . 2008-10-09 22:41      d--------   C:\Program Files\SUPERAntiSpyware
2008-10-04 20:02 . 2008-10-04 20:02      d--------   C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-10-04 19:52 . 2008-10-04 19:52      d--------   C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-10-04 19:52 . 2008-10-04 19:52      d--------   C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-04 19:52 . 2008-09-10 00:04   38,528   --a------   C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-04 19:52 . 2008-09-10 00:03   17,200   --a------   C:\WINDOWS\system32\drivers\mbam.sys
2008-10-04 19:39 . 2008-10-04 19:39   285   --a------   C:\WINDOWS\system32\MRT.INI
2008-10-04 19:35 . 2008-10-04 19:35   2,400   --a------   C:\WINDOWS\system32\wpa.bak
2008-10-04 18:58 . 2008-07-18 22:10   33,992   --a------   C:\WINDOWS\system32\wucltui.dll.mui
2008-10-04 18:58 . 2008-07-18 22:09   25,800   --a------   C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-10-04 18:58 . 2008-07-18 22:09   25,800   --a------   C:\WINDOWS\system32\wuapi.dll.mui
2008-10-04 18:58 . 2008-07-18 22:08   20,680   --a------   C:\WINDOWS\system32\wuaueng.dll.mui

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-11 00:36   ---------   d-----w   C:\Documents and Settings\Owner\Application Data\Skype
2008-10-05 23:43   ---------   d-----w   C:\Documents and Settings\Owner\Application Data\MSN6
2008-10-05 23:20   ---------   d-----w   C:\Program Files\Skype
2008-07-19 05:10   94,920   ----a-w   C:\WINDOWS\system32\cdm.dll
2008-07-19 05:10   53,448   ----a-w   C:\WINDOWS\system32\wuauclt.exe
2008-07-19 05:10   45,768   ----a-w   C:\WINDOWS\system32\wups2.dll
2008-07-19 05:10   36,552   ----a-w   C:\WINDOWS\system32\wups.dll
2008-07-19 05:09   563,912   ----a-w   C:\WINDOWS\system32\wuapi.dll
2008-07-19 05:09   325,832   ----a-w   C:\WINDOWS\system32\wucltui.dll
2008-07-19 05:09   205,000   ----a-w   C:\WINDOWS\system32\wuweb.dll
2008-07-19 05:09   1,811,656   ----a-w   C:\WINDOWS\system32\wuaueng.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2001-08-02 1077277]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-01-29 25370152]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R2 EZYJOPOP;EZYJOPOP;C:\WINDOWS\System32\ezyjopop.ciq [2001-08-23 14976]
S3 PAC207;UCAM-E1C10&UCAM-G1C10 series;C:\WINDOWS\System32\DRIVERS\pfc027.sys [ ]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com
O9 -: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
O9 -: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm -
O17 -: HKLM\CCS\Interface\{9BEE9ECD-E2B6-411B-ADC3-480BCB64598E}: NameServer = 86.64.145.144
O17 -: HKLM\CCS\Interface\{A7BE54E0-1517-4ED2-A79C-90ED790DB98F}: NameServer = 86.64.145.144
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by GMER, http://www.gmer.net
Rootkit scan 2008-10-10 17:35:05
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EZYJOPOP]
"ImagePath"="\??\C:\WINDOWS\System32\ezyjopop.ciq"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\PAStiSvc.exe
.
**************************************************************************
.
Completion time: 2008-10-10 17:38:39 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-11 00:38:33

Pre-Run: 37,495,373,824 bytes free
Post-Run: 37,487,112,192 bytes free

108   --- E O F ---   2008-10-11 00:28:30
here is the Hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:39:40 PM, on 10/10/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{9BEE9ECD-E2B6-411B-ADC3-480BCB64598E}: NameServer = 86.64.145.144
O17 - HKLM\System\CCS\Services\Tcpip\..\{A7BE54E0-1517-4ED2-A79C-90ED790DB98F}: NameServer = 86.64.145.144
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 2183 bytes

Click START then RUN
Now type Combofix /u in the runbox
Make sure there's a space between Combofix and /u
Then hit Enter.

The above procedure will:
Delete the following:
ComboFix and its associated files and folders.
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Set a new, clean Restore Point.

OTCleanIt.exe and save it to your Desktop.

Double-click OTCleanIt.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it yourself.

.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

Now run a new HijackThis scan and post the log.

Also let me know how everything is now.This is the Hijackthis log after doing everything else first. Everything is running just fine now. I wont be able to post again until sunday..Iam away for the weekend...so I will say to now...Evilfantasy you are the MAN...thanks so much for seeing me through this.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:50:53 PM, on 10/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\spupdsvc.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\msiexec.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\DOCUME~1\Owner\LOCALS~1\Temp\SSUPDATE.EXE
C:\WINDOWS\System32\msdtc.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{9BEE9ECD-E2B6-411B-ADC3-480BCB64598E}: NameServer = 86.64.145.144
O17 - HKLM\System\CCS\Services\Tcpip\..\{A7BE54E0-1517-4ED2-A79C-90ED790DB98F}: NameServer = 86.64.145.144
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 2399 bytes
You need to install a free antivirus now before you are back in this situation again. Avira AntiVir Personal is probably the best.

Remember to only install one antivirus!

1) Avast! Home Free Edition
2) AVG Free Edition
3) Avira AntiVir Personal

----------

Disable the System Restore Utility to prevent re-infection from an old one

1) Right click the My Computer icon on the Desktop and click on Properties.
2) Click on the System Restore tab.
3) Put a check mark next to Turn off System Restore on All Drives
4) Click the OK button.
5) You will be prompted to restart the computer. Click the Yes button.

Now re-enable System Restore

To re-enable the System Restore Utility, follow steps one to five and on step three remove the check mark next to 'Turn off System Restore on All Drives'.

1) Right click the My Computer icon on the Desktop and click on Properties.
2) Click on the System Restore tab.
3) Remove the check mark next to Turn off System Restore on All Drives
4) Click the OK button.

----------

Use the Secunia Software Inspector to check for out of date software.

Click Start Now
Check the box next to Enable thorough system inspection.
Click Start
Allow the scan to finish and scroll down to see if any updates are needed.
Update anything listed.

.
----------

Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't SLOW down your PC.

Concerned about Browser Security? Consider using Mozilla Firefox 3.0 with Adblock Plus and NoScript

To prevent unknown applications from being installed on your computer install WinPatrol 2008
* Using Winpatrol to protect your computer from malicious software

I suggest using SiteAdvisor. SiteAdvisor rates sites on business practices and spam. Safety ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites.

SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop CERTAIN cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

Solve : Posting logs after scan.."can't connect to internet..."?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment