I was wondering if you would be willing to share the tools you use to interpret the HijackThis logs? I have the Task List from www.answeresthatwork.com and it great to see what’s running, but how is it that you know the names of all the processes out there and the right ones to delete using the HJT tool? You must have some kind of list that is undated daily.

For Example, I was advised to remove this line using the HJT tool:
O2 - BHO: (no name) - {221E8D90-C439-4297-B84A-EA3291D7CB1A} - C:\WINNT\system32\ebnel.dll (file missing)

What about this line gives you the clues? No name, ebnel.dll, or “file missing�?

just a couple of things I use or do ,google search for a lot of the bad DLL's
I use BHOList.exe to search this and its also searche for bad Toolbars#221E8D90-C439-4297-B84A-EA3291D7CB1A
you can get it here .http://www.sysinfo.org/bhoinfo.html

If you have CWShredder install on you computer ,create a shortcut to it on you sesktop ,right click it and go to properties.in the target line add this , /debug not there is a space between whats there and the /,
now when you click on the short cut you created you use shredder as a tool to search CWS ,like this .R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_....id=138308.From that line you copy and past this into the shredder tool.
couldnotfind.com ,and it will tell you if is or isn't CWS.

you can also search for the bad 016's ,in SpywareBlaster if you have it installed on you computer .that program can be found in my signature in How i Got Infected In the first place .just open Spywareblaster and click on /internet explorer along the top and then right click on one of the idems in the list and click search .

I use this site for Hijackthis tutoral.
http://www.spywareinfo.com/~merijn/htlogtutorial.html

and this one for good and bad LPS's=010's in the log
http://www.angeltowns.com/members/zupe/lsps.html

and this one to search 017's IP addresses.
http://www.arin.net/whois/

I use canned speaches for my posts with all the links to the programs for the person to use on the affected computer.i got these speaches from the experts at the Spywareinfo.com ,i joined up for the bootcamp to learn how to read logs .I should spend more time there actuall to learn more,so I could be a better help with the hard logs [I leave them to Crunchie ].

If you have CWShredder install on you computer ,create a shortcut to it on you sesktop ,right click it and go to properties.in the target line add this , /debug not there is a space between whats there and the /,
now when you click on the short cut you created you use shredder as a tool to search CWS ,like this .R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_..._id=138308.From that line you copy and past this into the shredder tool.
couldnotfind.com ,and it will tell you if is or isn't CWS.

I tried this and it worked as far as to bring up a different aspect of CWShreadder. I can see where to past the line but there is no button to execute the search.

It looks like this:
[IMG][IMG]C:\cwshreader.jpg[/img][/IMG]

:o Ok I made a screen shot of the CWShreader using the " ,/debug not " switch, but I don’t know how to imbed it into this reply.

Help.... anyone?

You can just go here to access the domains directly too.

http://users.skynet.be/bk136527/CWS/CWSdomains.htm

There is no search button it will just say YES or NO.
when you are checking a CWS,you don't put in the HTTP//www.
just this part .[couldnotfind.com] and the NO will change to a Yes

Hey, thankx for the suggestion...

Is there any tutorials that explains this link and how to use it?

I will try this when I get home. Working at my sister's house today trying to fix her kid's computer....

Yuck what a mess! Even the keys in the keyboard stick together.

Just copy paste the suspected CWS into the search ,to check it to see if your suspected is a CWS variant .