Internet / Windows explorer won't run

[sklj]

Hi, I'd really appreciate some help, not being terribly computer literate.
I believe my home computer has picked up a virus. I am not able to run Internet or Windows explorer or the Control Panel option. I am running Microsoft Windows 2000. There is no email setup on this computer, and only an old floppy disk drive. I have been able to save programs to the hard drive by my Samsung phone explorer application. I have not been able to perform any diagnostics (or don't know how to)!
Can anyone offer any suggestions please?

[sklj]

Minor breakthrough! Got a log with the help of my phone as follows.
Can you please decipher for me?


Ok.Deckard's System Scanner v20070905.67
Run by Administrator on 2007-10-12 20:02:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 84% (more than 75%).
Total Physical Memory: 128 MiB (256 MiB recommended).


-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:04:48 PM, on 12/10/2007
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP3 (5.00.2920.0000)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\HPZipm12.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\system32\hwfzq.exe
C:\WINNT\System32\internat.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINNT\System32\wuauclt.exe
C:\Karen\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Administrator.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {835F4DCB-B8E4-46F1-A972-6C363E956F3C} - c:\winnt\system32\dinputs.dll
O2 - BHO: (no name) - {D30FDC2B-5A07-4BA1-8765-E639675DC7B3} - C:\WINNT\System32\dswaveo.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [hwfzq] C:\WINNT\system32\hwfzq.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [hwfzq] C:\WINNT\system32\hwfzq.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: Internet Explorer.lnk = C:\Program Files\Internet Explorer\IEXPLORE.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...1.0.0.15-3.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe
O20 - Winlogon Notify: tkcderci - C:\WINNT\SYSTEM32\dinputs.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe

--
End of file - 3915 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S1 ikhfile (File Security Kernel Anti-Spyware Driver) - c:\winnt\system32\drivers\ikhfile.sys (file missing)
S1 ikhlayer (Kernel Anti-Spyware Driver) - c:\winnt\system32\drivers\ikhlayer.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2007-09-12 and 2007-10-12 -----------------------------

2007-10-12 20:04:28 0 d-------- C:\Program Files\Trend Micro
2007-10-07 18:33:17 38912 --a------ C:\WINNT\System32\faxshellj.dll
2007-10-07 18:32:53 0 d-------- C:\WINNT\System32\AppCert
2007-10-07 18:32:29 15872 --a------ C:\WINNT\System32\hwfzq.exe
2007-10-07 18:32:00 93184 --a------ C:\WINNT\System32\dinputs.dll
2007-10-07 18:31:33 91648 --a------ C:\WINNT\System32\dswaveo.dll
2007-09-12 13:45:53 0 d-------- C:\etax2007
2007-09-12 09:33:54 3716557 --a------ C:\Program Files\etax2007_1.exe


-- Find3M Report ---------------------------------------------------------------

2007-10-12 14:50:57 0 d-------- C:\Documents and Settings\Administrator\Application Data\TransRender
2007-10-12 14:49:34 0 d-------- C:\Documents and Settings\Administrator\Application Data\Temporary
2007-10-11 07:00:21 1636 --a------ C:\WINNT\System32\d3d9caps.dat
2007-10-09 17:55:03 0 d-------- C:\Program Files\Numbers Up! VP V1.2.3
2007-10-09 17:49:52 0 d-------- C:\Program Files\BRAINtastic
2007-10-07 18:25:12 367 --a------ C:\Documents and Settings\Administrator\Application Data\HelpFilesUpdatePatch_PRINTHELPWRAPPER.log
2007-10-07 18:25:04 0 --a------ C:\Documents and Settings\Administrator\Application Data\HelpFilesUpdatePatch_HELPFILEREPLACE.log
2007-09-16 14:32:56 0 d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM
2007-09-01 20:04:01 0 d-------- C:\Program Files\PDACookbook
2007-08-09 22:18:25 4415492 --a------ C:\Program Files\ezcdrip.exe
2007-08-09 22:11:06 153970 --a------ C:\Program Files\frcASPI17.zip
2007-08-09 22:04:28 522682 --a------ C:\Program Files\aspi_471a2.exe
2007-08-08 22:11:35 16384 --a-----t C:\WINNT\System32\Perflib_Perfdata_2bc.dat
2007-08-07 22:05:37 1524 --a------ C:\WINNT\System32\d3d8caps.dat
2007-08-06 17:19:20 16384 --a-----t C:\WINNT\System32\Perflib_Perfdata_2b0.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{835F4DCB-B8E4-46F1-A972-6C363E956F3C}]
30/10/01 07:10a 93184 --a------ c:\winnt\system32\dinputs.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D30FDC2B-5A07-4BA1-8765-E639675DC7B3}]
11/12/02 11:14p 91648 --a------ C:\WINNT\System32\dswaveo.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [07/12/99 06:30a C:\WINNT\system32\mobsync.exe]
"HPHUPD08"="C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [11/08/05 08:21p]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [09/08/05 11:16a]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [13/04/07 07:21a]
"hwfzq"="C:\WINNT\system32\hwfzq.exe" [12/12/06 10:35p]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [07/12/99 06:30a C:\WINNT\system32\internat.exe]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [11/12/06 02:35p]
"hwfzq"="C:\WINNT\system32\hwfzq.exe" [12/12/06 10:35p]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"internat.exe"=internat.exe
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" /Q

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
Internet Explorer.lnk - C:\Program Files\Internet Explorer\IEXPLORE.EXE [3/05/2005 8:47:59 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [9/08/2005 11:37:34 AM]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [9/08/2005 2:38:22 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tkcderci]
dinputs.dll 30/10/01 07:10a 93184 C:\WINNT\system32\dinputs.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
oiwqmhqq




-- End of Deckard's System Scanner: finished at 2007-10-12 20:05:51 ------------

[Ried]

Hello sklj,

Why is there no Anti Virus program on this system?

We a quite a bit to do to clean this up. The following tool will fit on a floppy. Download it from a working PC and transfer the tool to the desktop of the afflicted machine:

Download Combofix and save it to your desktop.

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.

• When finished, it will produce a report for you.
• Please post the C:\ComboFix.txt along with a new HijackThis log so we can continue cleaning the system.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

---------------------------------------------------------------------

Post those logs first, and if you have regained internet access, here are 2 very good free Antivirus products which are available:

• Avast!
• AVG

Select one of these, or another of your choice. Download, install, update definitions, and run a full system scan.

[sklj]

I've attached the log from combofix and HJT.
Still can't run the applications.

ComboFix 07-10-12.4 - Administrator 13/10/2007 7:23:29.1 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.3.1252.1.1033.18.23 [GMT 9.5:30]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\FunWebProducts
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm.bak
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\Program Files\MyWebSearch\bar\Settings\settings.dat.bak
C:\WINNT\System32\dinputs.dll
C:\WINNT\system32\dinputs.dll
C:\WINNT\system32\ipv6mons.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_OIWQMHQQ
-------\oiwqmhqq


((((((((((((((((((((((((( Files Created from 2007-09-12 to 2007-10-12 )))))))))))))))))))))))))))))))
.

2007-10-13 07:28 93,184 --a------ C:\WINNT\system32\dinputs.dll
2007-10-13 07:22 51,200 --a------ C:\WINNT\NirCmd.exe
2007-10-12 20:04 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-12 20:02 <DIR> d-------- C:\Deckard
2007-10-07 18:33 38,912 --a------ C:\WINNT\system32\faxshellj.dll
2007-10-07 18:32 <DIR> d-------- C:\WINNT\system32\AppCert
2007-10-07 18:32 15,872 --a------ C:\WINNT\system32\hwfzq.exe
2007-10-07 18:31 91,648 --a------ C:\WINNT\system32\dswaveo.dll
2007-09-12 13:45 <DIR> d-------- C:\etax2007
2007-09-12 09:33 3,716,557 --a------ C:\Program Files\etax2007_1.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-12 22:01 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-12 21:52 --------- d-----w C:\Documents and Settings\Administrator\Application Data\TransRender
2007-10-12 05:19 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Temporary
2007-10-09 08:25 --------- d-----w C:\Program Files\Numbers Up! VP V1.2.3
2007-10-09 08:19 --------- d-----w C:\Program Files\BRAINtastic
2007-09-16 05:02 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AdobeUM
2007-09-01 10:34 --------- d-----w C:\Program Files\PDACookbook
2007-08-09 12:48 4,415,492 ----a-w C:\Program Files\ezcdrip.exe
2007-08-09 12:41 153,970 ----a-w C:\Program Files\frcASPI17.zip
2007-08-09 12:34 522,682 ----a-w C:\Program Files\aspi_471a2.exe
2005-05-02 23:19 271 ---h--w C:\Program Files\desktop.ini
2005-05-02 23:19 21,952 ---h--w C:\Program Files\folder.htt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D30FDC2B-5A07-4BA1-8765-E639675DC7B3}]
02-12-11 23:14 91648 --a------ C:\WINNT\System32\dswaveo.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [99-12-07 06:30 C:\WINNT\system32\mobsync.exe]
"HPHUPD08"="C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [05-08-11 20:21 ]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05-08-09 11:16 ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [07-04-13 07:21 ]
"hwfzq"="C:\WINNT\system32\hwfzq.exe" [06-12-12 22:35 ]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [99-12-07 06:30 C:\WINNT\system32\internat.exe]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [06-12-11 14:35 ]
"hwfzq"="C:\WINNT\system32\hwfzq.exe" [06-12-12 22:35 ]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"internat.exe"=internat.exe
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" /Q

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
Internet Explorer.lnk - C:\Program Files\Internet Explorer\IEXPLORE.EXE [2005-05-03 08:47:59]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-08-09 11:37:34]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-08-09 14:38:22]

R3 cwbmidi_device;Crystal WDM MPU-401 UART Driver;C:\WINNT\System32\drivers\cwbmidi.sys
R3 cwbwdm_device;Crystal WDM Audio Codec Driver;C:\WINNT\System32\drivers\cwbwdm.sys
R3 EL90BC;3Com EtherLink XL B/C Adapter Driver;C:\WINNT\System32\DRIVERS\el90xbc5.sys
R3 NtApm;NT Apm/Legacy Interface Driver;C:\WINNT\System32\DRIVERS\NtApm.sys
R3 sscdbus;SAMSUNG USB Composite Device driver (WDM);C:\WINNT\System32\DRIVERS\sscdbus.sys
R3 sscdmdfl;SAMSUNG CDMA Modem Filter;C:\WINNT\System32\DRIVERS\sscdmdfl.sys
R3 sscdmdm;SAMSUNG CDMA Modem Drivers;C:\WINNT\System32\DRIVERS\sscdmdm.sys

*Newly Created Service* - IPNAT
*Newly Created Service* - RASAUTO
*Newly Created Service* - SHAREDACCESS
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-13 07:30:46
Windows 5.0.2195 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-10-13 7:33:35 - machine was rebooted
.
--- E O F ---



Deckard's System Scanner v20070905.67
Run by Administrator on 2007-10-13 07:37:15
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 86% (more than 75%).
Total Physical Memory: 128 MiB (256 MiB recommended).


-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:37:38 AM, on 13/10/2007
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP3 (5.00.2920.0000)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\CMD.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\system32\hwfzq.exe
C:\WINNT\System32\internat.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINNT\System32\wuauclt.exe
C:\WINNT\system32\notepad.exe
C:\WINNT\explorer.exe
C:\Karen\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\ADMINI~1.EXE

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {D30FDC2B-5A07-4BA1-8765-E639675DC7B3} - C:\WINNT\System32\dswaveo.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [hwfzq] C:\WINNT\system32\hwfzq.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [hwfzq] C:\WINNT\system32\hwfzq.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: Internet Explorer.lnk = C:\Program Files\Internet Explorer\IEXPLORE.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...1.0.0.15-3.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe

--
End of file - 3777 bytes

-- Files created between 2007-09-13 and 2007-10-13 -----------------------------

2007-10-13 07:28:33 93184 --a------ C:\WINNT\System32\dinputs.dll
2007-10-12 20:04:28 0 d-------- C:\Program Files\Trend Micro
2007-10-07 18:33:17 38912 --a------ C:\WINNT\System32\faxshellj.dll
2007-10-07 18:32:53 0 d-------- C:\WINNT\System32\AppCert
2007-10-07 18:32:29 15872 --a------ C:\WINNT\System32\hwfzq.exe
2007-10-07 18:31:33 91648 --a------ C:\WINNT\System32\dswaveo.dll


-- Find3M Report ---------------------------------------------------------------

2007-10-13 07:22:11 0 d-------- C:\Documents and Settings\Administrator\Application Data\TransRender
2007-10-12 14:49:34 0 d-------- C:\Documents and Settings\Administrator\Application Data\Temporary
2007-10-09 17:55:03 0 d-------- C:\Program Files\Numbers Up! VP V1.2.3
2007-10-09 17:49:52 0 d-------- C:\Program Files\BRAINtastic
2007-10-07 18:25:12 367 --a------ C:\Documents and Settings\Administrator\Application Data\HelpFilesUpdatePatch_PRINTHELPWRAPPER.log
2007-10-07 18:25:04 0 --a------ C:\Documents and Settings\Administrator\Application Data\HelpFilesUpdatePatch_HELPFILEREPLACE.log
2007-09-16 14:32:56 0 d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM
2007-09-12 09:33:54 3716557 --a------ C:\Program Files\etax2007_1.exe
2007-09-01 20:04:01 0 d-------- C:\Program Files\PDACookbook
2007-08-09 22:18:25 4415492 --a------ C:\Program Files\ezcdrip.exe
2007-08-09 22:11:06 153970 --a------ C:\Program Files\frcASPI17.zip
2007-08-09 22:04:28 522682 --a------ C:\Program Files\aspi_471a2.exe


-- Registry Dump ---------------------------------------------------------------



-- End of Deckard's System Scanner: finished at 2007-10-13 07:38:15 ------------

[Ried]

Hello sklj,

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.

***************************************************

Open HijackThis and click on 'Do a System Scan Only'. 'Check' the following entries:

O4 - Startup: Internet Explorer.lnk = C:\Program Files\Internet Explorer\IEXPLORE.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...1.0.0.15-3.cab


Click 'Fix Checked' and close HijackThis.

---------------------------------------------------------------------

Open notepad and copy/paste the text in the code box below into it:

Code:

http://www.techsupportforum.com/security-center/hijackthis-log-help/187508-internet-windows-explorer-wont-run.html#post1120595

Collect::
C:\WINNT\system32\dinputs.dll
C:\WINNT\system32\faxshellj.dll
C:\WINNT\system32\hwfzq.exe
C:\WINNT\system32\dswaveo.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D30FDC2B-5A07-4BA1-8765-E639675DC7B3}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hwfzq"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hwfzq"=-

Save this as CFScript.txt




Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture a file to submit for analysis.

Ensure you are connected to the internet and click OK on the message box. A browser will open. Simply follow the instructions to copy/paste/send the requested file.

-----------------------------------------------------------------

Please return with the C:\ComboFix.txt, and an update on system behavior.

[sklj]

Hi Ried,
What can I say, except thankyou, thankyou, thankyou.
I am so grateful.
Everything appears to be operational now.
You will be pleased to know, I've also downloaded and installed Avast!
Thankyou again,
from sklj in Australia.

[sklj]

Oops. Here's the log. (I got a bit carried away!)

ComboFix 07-10-12.4 - Administrator 13/10/2007 19:24:27.2 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.3.1252.1.1033.18.29 [GMT 9.5:30]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINNT\system32\dinputs.dll
C:\WINNT\system32\dswaveo.dll
C:\WINNT\system32\faxshellj.dll
C:\WINNT\system32\hwfzq.exe

.
((((((((((((((((((((((((( Files Created from 2007-09-13 to 2007-10-13 )))))))))))))))))))))))))))))))
.

2007-10-13 07:22 51,200 --a------ C:\WINNT\NirCmd.exe
2007-10-12 20:04 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-12 20:02 <DIR> d-------- C:\Deckard
2007-10-07 18:32 <DIR> d-------- C:\WINNT\system32\AppCert

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-13 09:59 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-13 09:52 --------- d-----w C:\Documents and Settings\Administrator\Application Data\TransRender
2007-10-13 09:46 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Temporary
2007-10-09 08:25 --------- d-----w C:\Program Files\Numbers Up! VP V1.2.3
2007-10-09 08:19 --------- d-----w C:\Program Files\BRAINtastic
2007-09-16 05:02 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AdobeUM
2007-09-12 00:03 3,716,557 ----a-w C:\Program Files\etax2007_1.exe
2007-09-01 10:34 --------- d-----w C:\Program Files\PDACookbook
2007-08-09 12:48 4,415,492 ----a-w C:\Program Files\ezcdrip.exe
2007-08-09 12:41 153,970 ----a-w C:\Program Files\frcASPI17.zip
2007-08-09 12:34 522,682 ----a-w C:\Program Files\aspi_471a2.exe
2005-05-02 23:19 271 ---h--w C:\Program Files\desktop.ini
2005-05-02 23:19 21,952 ---h--w C:\Program Files\folder.htt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [99-12-07 06:30 C:\WINNT\system32\mobsync.exe]
"HPHUPD08"="C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [05-08-11 20:21 ]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05-08-09 11:16 ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [07-04-13 07:21 ]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [99-12-07 06:30 C:\WINNT\system32\internat.exe]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [06-12-11 14:35 ]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"internat.exe"=internat.exe
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" /Q

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
Internet Explorer.lnk - C:\Program Files\Internet Explorer\IEXPLORE.EXE [2005-05-03 08:47:59]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-08-09 11:37:34]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-08-09 14:38:22]

R3 cwbmidi_device;Crystal WDM MPU-401 UART Driver;C:\WINNT\System32\drivers\cwbmidi.sys
R3 cwbwdm_device;Crystal WDM Audio Codec Driver;C:\WINNT\System32\drivers\cwbwdm.sys
R3 EL90BC;3Com EtherLink XL B/C Adapter Driver;C:\WINNT\System32\DRIVERS\el90xbc5.sys
R3 NtApm;NT Apm/Legacy Interface Driver;C:\WINNT\System32\DRIVERS\NtApm.sys
R3 sscdbus;SAMSUNG USB Composite Device driver (WDM);C:\WINNT\System32\DRIVERS\sscdbus.sys
R3 sscdmdfl;SAMSUNG CDMA Modem Filter;C:\WINNT\System32\DRIVERS\sscdmdfl.sys
R3 sscdmdm;SAMSUNG CDMA Modem Drivers;C:\WINNT\System32\DRIVERS\sscdmdm.sys

.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-13 19:29:32
Windows 5.0.2195 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-10-13 19:32:25 - machine was rebooted
C:\ComboFix2.txt ... 07-10-13 07:33
.
--- E O F ---

[Ried]

Glad to hear it.

Although your system is behaving much better, please run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Using Internet Explorer, visit http://www.kaspersky.com/service?chapter=161739400

Answer Yes, when prompted to install an ActiveX component.

• The program will then begin downloading the latest definition files.
• Once the files have been downloaded click on NEXT
• Locate the Scan Settings button & configure to:
  • Scan using the following Anti-Virus database:
    • Extended
  • Scan Options:
    • Scan Archives
    • Scan Mail Bases
• Click OK & have it scan My Computer
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  
  
  
  
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan

[sklj]

Hi Ried,
Kaspersky Online Scanner will only work with Internet Explorer 6.0 or higher. I have 5.1.
So, scanner will not run.

[Ried]

Why haven't you updated your Internet Explorer? Update it now--it's very important as with the newer versions of IE, they've improved the security of the browser.

[sklj]

Hi Ried,
I didn't update IE because I didn't know I could or should!
But now I have and here is my kaspersky.txt.
Thanks again,
sklj

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, October 14, 2007 8:29:53 PM
Operating System: Microsoft Windows 2000 Professional, Service Pack 3 (Build 2195)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 14/10/2007
Kaspersky Anti-Virus database records: 435729
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 28711
Number of viruses found: 2
Number of infected objects: 2
Number of suspicious objects: 0
Duration of the scan process: 01:39:56

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.3204510e.ini.inuse Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.cdx Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.dbf Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012007101420071015\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\_hphtra07.log Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF64A7.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Default User\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Default User\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\WINNT\CSC\00000001 Object is locked skipped
C:\WINNT\CSC\00000003 Object is locked skipped
C:\WINNT\Debug\ipsecpa.log Object is locked skipped
C:\WINNT\Debug\oakley.log Object is locked skipped
C:\WINNT\Debug\PASSWD.LOG Object is locked skipped
C:\WINNT\SchedLgU.Txt Object is locked skipped
C:\WINNT\security\logs\scepol.log Object is locked skipped
C:\WINNT\SoftwareDistribution\EventCache\{11CE8740-1E5E-464B-87CE-F4CD6DAF7C68}.bin Object is locked skipped
C:\WINNT\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINNT\system32\AppCert\prx66b.dll Infected: SpamTool.Win32.Agent.bk skipped
C:\WINNT\system32\AppCert\wnl32.dll Infected: Trojan-Downloader.Win32.Agent.dng skipped
C:\WINNT\system32\config\Antivirus.Evt Object is locked skipped
C:\WINNT\system32\config\AppEvent.Evt Object is locked skipped
C:\WINNT\system32\config\default Object is locked skipped
C:\WINNT\system32\config\default.LOG Object is locked skipped
C:\WINNT\system32\config\SAM Object is locked skipped
C:\WINNT\system32\config\SAM.LOG Object is locked skipped
C:\WINNT\system32\config\SecEvent.Evt Object is locked skipped
C:\WINNT\system32\config\SECURITY Object is locked skipped
C:\WINNT\system32\config\SECURITY.LOG Object is locked skipped
C:\WINNT\system32\config\software Object is locked skipped
C:\WINNT\system32\config\software.LOG Object is locked skipped
C:\WINNT\system32\config\SysEvent.Evt Object is locked skipped
C:\WINNT\system32\config\system Object is locked skipped
C:\WINNT\system32\config\SYSTEM.ALT Object is locked skipped
C:\WINNT\system32\DTCLog\MSDTC.LOG Object is locked skipped
C:\WINNT\system32\Perflib_Perfdata_274.dat Object is locked skipped
C:\WINNT\TEMP\_avast4_\Webshlock.txt Object is locked skipped
C:\WINNT\WindowsUpdate.log Object is locked skipped

Scan process completed.

[Ried]

Good.

Using 'My Computer', navigate to and delete the following Folder:

C:\WINNT\system32\ AppCert

--------------------------------------------------------------------

That's it, your logs are clean. If there aren't any more problems, please continue with these final instructions.

1. Ensure Windows Auto Update is Enabled
*Go to Start>Run - type wuaucpl.cpl
*Tick on the checkbox - "Automatically download the updates, and install them on the schedule that I specify".
Click on "OK".


2. The following procedure will clear out the tools we've used as well as the backups and quarantines created by the fix. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point.

Click Start > Run and copy/paste, or type the following bolded text into the Run box and click OK:

ComboFix /u

--------------------------------------------------------------------

To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad.

SpywareBlaster 3.5.1 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.

• It will block any bad ActiveX from running in Internet Explorer and Firefox if it's listed in their database (which you should update frequently). To view their database and list of restricted sites, launch the program and click on each of the tabs on the main display page.

IESpyAD Zoned Out to block access to malicious websites so you cannot be redirected to them from an infected site or email. This severely impairs attempts to infect your system as it basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.


Update, and scan with your onboard Anti Malware and Anti Virus programs regularly. Without regular updates you will not be protected when new malicious programs are released.


In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:

PC Safety and Security--What Do I Need?

HOW DID I GET INFECTED IN THE FIRST PLACE? by Tony Klein
THE ANTI-SPYWARE TUTORIAL
MAKING INTERNET EXPLORER SAFER
Understanding and Using Firewalls

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

-----------------------------------------------------

Follow the list above and the potential for infection will reduce dramatically.

[sklj]

Many thanks Ried,
I'll do everything you suggest.
Thanks again for your help.
sklj.

[Ried]

You're welcome. Take care, sklj.