Posts by dlh6213

Welcome to the site Fiyona933! :D

Hi Danny, welcome to DaniWeb, we need more Danny's here :D

As Catweazle suggested, you may have an infection of some sort. In order for us to see exactly what you have running on your system, I suggest you get the self-extracting version of HijackThis from here (in line 2):
http://www.malwareremoval.com/downloads.html

Then close any open browser windows, 'Scan and Save Log' with hijackthis, copy the log, and paste it in a new thread in the Virus forum (along with a description of your problem).

Hi Claire88, welcome to DaniWeb :D

So that we can see exactly what you have running on your system, I suggest you get the self-extracting version of HijackThis from here (in line 2):
http://www.malwareremoval.com/downloads.html

Then, close any open browser windows, 'Scan and Save Log' with hijackthis, copy the log, and paste it here in this thread.

Hi blastique, welcome to DaniWeb :D

Sorry for the delay in replying to this; it appears to have gotten overlooked somehow.

Scan with HijackThis and have it fix the following entries:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=localhost:1080
R3 - Default URLSearchHook is missing
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by11fd.bay11.hotmail.msn.com...es/MsnPUpld.cab
O16 - DPF: {77AAD261-A84E-4564-BEC2-C51FF6A7187F} (MRActivXUI Class) - http://comp.mediaring.com/consumer/...wbaxuiph612.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/c...tail/DASAct.cab
O16 - DPF: {D19781C5-2051-44F8-8445-DDC82933C191} (VacPro.internazionale_ver11) - http://advnt01.com/dialer/internazionale_ver11.CAB
And these O17's if the IP address does not belong to your ISP:
O17 - HKLM\System\CCS\Services\Tcpip\..\{07553BEC-006A-4BA0-AC7D-FFBD52136191}: NameServer = 10.15.80.20,10.15.80.21
O17 - HKLM\System\CS1\Services\Tcpip\..\{07553BEC-006A-4BA0-AC7D-FFBD52136191}: NameServer = 10.15.80.20,10.15.80.21
O17 - HKLM\System\CS2\Services\Tcpip\..\{07553BEC-006A-4BA0-AC7D-FFBD52136191}: NameServer = 10.15.80.20,10.15.80.21

Be sure to close all windows, other then hijackthis, before hitting Fix checked

You were correct about that O16 looking bad; you can always delete any O16's that look suspicious -- it won't hurt anything (I often suggest having HJT fix them all just because it's faster and easier then researching them). For more info about these entries, check here:
http://www.bleepingcomputer.com/forums/index.php?showtutorial=42#O16Diag

After you fix those entries with HJT, reboot, close any open browser windows, scan with HJT, and post a new log please.

Since you were going to reinstall anyway, I didn't think it mattered. Not much bad there, though; the only possible thing is DAP (http://forum.iamnotageek.com/t-211983.html)

I again reinstall windows from ghost. The situation gets better for one day and after that same problem starts again.

Perhaps your system isn't protected well enough; I don't see an antivirus program running.

You can download AVG Antivirus for free

Kerio Personal Firewall is also free

And if you have a broadband connection (DSL, cable, etc), I would recommend getting a hardware-type firewall as well, such as those available from SMC, Linksys, or Netgear.

A few more things to help keep your system clean (all free):

Ad-Aware SE

Spybot Search and Destroy

SpywareBlaster

Naturally, you need to keep everything updated in order for it to be effective.

You may find this thread somewhat informative:
http://www.daniweb.com/techtalkforums/thread16365.html

You missed a couple of steps :)

Before fixing anything with hijackthis, you still should put it into it's own folder. To do this, right-click on an empty area of your desktop, select New, Folder; give the new folder a name (like HJT or HijackThis), and then drag the hijackthis.exe icon that is on your desktop into this new folder.

Then close any open browser windows, scan with hijackthis, and post a new log please.

He actually waited two days! Sorry it got overlooked NoS.

As crunchie said, there's nothing obvious in your log that would indicate a problem. Perhaps a Disk Cleanup and Defrag would help?

Hi adion, welcome to DaniWeb :D

Your system most likely has been severely compromised; can you use System Restore to return it to a date before you were infected? (http://securityresponse.symantec.com/avcenter/venc/data/hacktool.rootkit.html) You may need to consider reinstalling XP; if you do, get SP2 as soon as possible thereafter.

You can try the following to see if it helps any:

Go to Windows Update and get SP1a for both XP and IE.

Check for, and delete, the files listed here:
http://vil.mcafeesecurity.com/vil/content/v_102335.htm

Go to Start, Run, and type in services.msc; when the Services window opens, disable (for the time being at least) any entries that say Remote Access... (To disable them, first right-click on the entry, go to Properties, and next to Startup type, use the drop-down arrow and select Disable.

Scan with hijackthis and have it fix the following entries:

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm

For every User listed under C:\Documents and Settings, delete the entire contents of these folders (not the folders themselves):

Local Settings\Temp
Cookies
History
Local Settings\Temporary Internet Files\Content.IE5

Delete the entire contents of your C:\Windows\Temp folder.

Delete the entire contents of your C:\Temp folder (if you have one).

Do a search for *.tmp and delete all entries found.

(Note: if any of these temporary files cannot be deleted while in ‘normal …

Nod32 is probably the best AV you can get, but AVG is pretty good for the price :) (at least it won't cost you anything to try it).

For more discussions on the subject, see this thread:
http://www.daniweb.com/techtalkforums/thread22271-nod32.html

Hi jav_89, welcome to DaniWeb :D

So that we can see exactly what you have running on your system, I suggest you get the self-extracting version of HijackThis from here (in line 2):
http://www.malwareremoval.com/downloads.html

Then close any open browser windows, 'Scan and Save Log' with hijackthis, copy the log, and paste it here in this thread.

Get the PocketKillbox from here:
http://bleepingcomputer.com/files/spyware/KillBox.zip

Unzip the file to your desktop.

Go offline until this is completed (you may wish to print these instructions).

Run the PocketKillbox and paste C:\WINDOWS\System32\logm.dll in the box and click on Delete on Reboot. Click on the button with the red circle and an X in the middle; you will get a message saying File will be deleted on next reboot, Process and Reboot now?, Click Yes to reboot.

After you've rebooted, check to make sure the file is gone and let us know the results.

Go to Add/Remove Programs in your Control Panel and remove Viewpoint (or Viewpoint Manager).

Before fixing anything with hijackthis, you need to move it out of the Temp folder it is currently in, to a permanent folder of it's own, like c:\HJT\hiajckthis.exe.

After you've moved it, close any open browser windows, scan with hijackthis, and post a new log please.

HijackThis is the primary tool we use to analyze what is running on a computer when trying to resolve malware infections and other problems; it was created by Merijn (http://www.spywareinfo.com/~merijn/)

There are several tutorials around (such as this one -- http://www.bleepingcomputer.com/forums/index.php?showtutorial=42), but you shouldn't use it on your own until you've learned about it from someone familiar with it.

If you wish to get it, and post a log here for assistance with it, you can get the self-extracting version from here (in line 2):
http://www.malwareremoval.com/downloads.html

Then close any open browser windows, 'Scan and Save Log' with hijackthis, copy the log, and paste it in this thread (along with a description of any problems you're having).

Looks good to me :) Happy computing :D

Part of your problem may stem from the use of file-sharing programs (aka P2P), such as Warez.

For every User listed under C:\Documents and Settings, delete the entire contents of these folders (not the folders themselves):

Local Settings\Temp
Cookies
History
Local Settings\Temporary Internet Files\Content.IE5

Delete the entire contents of your C:\Windows\Temp folder.

Delete the entire contents of your C:\Temp folder (if you have one).

Do a search for *.tmp and delete all entries found.

(Note: if any of these temporary files cannot be deleted while in ‘normal mode,’ try Safe Mode.

Empty your Recycle Bin.

Before fixing anything with hijackthis, you still should put it into it's own folder. to do this, right-click on an empty area of your desktop, select New, Folder; give the new folder a name (like HJT or HijackThis), and then drag the hijackthis.exe icon that is on your desktop into this new folder.

Then close any open browser windows, scan with hijackthis, and post a new log please.

Glad to hear things are working well :), but can you post a fresh hijackthis log just to make sure?

Good job :) I only see one more thing in your log; scan with hijackthis and have it fix:

O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe

Be sure all windows are closed, other then hijackthis, before hitting Fix checked

Then go to C:\WINDOWS and delete svcproc.exe

Reboot, post a new log and let us know if you're still having problems (if so, please give us the details).

New link for the story:
http://www.totalillusions.net/forum/index.php?showtopic=328&st=0

(The other one seems to have disintegrated... do you suppose bitchchecker had anything to do with that???)

Hi DoctorTracker, welcome to DaniWeb :D

Get the PocketKillbox from here:
http://bleepingcomputer.com/files/spyware/KillBox.zip

Unzip the file to your desktop.

Go offline until this is completed (you may wish to print these instructions).

Boot into Safe Mode and do a search for these files and delete any instances found:

param32.dll
guninst.exe
popup_bl.dll
systr.dll
svrhost.exe

If any could not be deleted, (most likely param32.dll), run the PocketKillbox and paste the full file path of file in the box and click on Delete on Reboot. Click on the button with the red circle and an X in the middle; you will get a message saying File will be deleted on next reboot, Process and Reboot now?, Click Yes to reboot. (Note: the 'file path' will be something like C:\WINDOWS\System32\param32.dll)

Reboot normally and delete any unwanted icons from your desktop.

Empty your Recycle Bin.

Scan with hijackthis, and have it fix the following entry:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.specialgoods.info/ad/ad0271/

Be sure all windows are closed, other then hijackthis, before hitting Fix checked

Reboot, close any open browser windows, scan with hijackthis, post a new log, and let us know if you're still having problems.

You still need to put hijackthis into it's own folder;. To do this, right-click on an empty area of your desktop, select New, Folder; give the new folder a name (like HJT or HijackThis). Then, drag the hijackthis.exe icon that is on your desktop into the new folder.

Go to the following locations and delete the highlighted folders (if found):

C:\Program Files\SideFind
C:\Program Files\ISTsvc

Close any open browser windows, scan with hijackthis, and post a new log please.

Hi colfos, welcome to DaniWeb :D

You need to go to Windows Update and get SP1a for both XP and IE

Get the PocketKillbox from here:
http://bleepingcomputer.com/files/spyware/KillBox.zip

Unzip the file to your desktop.

Go offline until this is completed (you may wish to print these instructions).

Boot into Safe Mode and do a search for these files and delete any instances found:

param32.dll
guninst.exe
popup_bl.dll
systr.dll
svrhost.exe

If any could not be deleted, (most likely param32.dll), run the PocketKillbox and paste the full file path of file in the box and click on Delete on Reboot. Click on the button with the red circle and an X in the middle; you will get a message saying File will be deleted on next reboot, Process and Reboot now?, Click Yes to reboot. (Note: the 'file path' will be something like C:\WINDOWS\System32\param32.dll)

Reboot normally and delete any unwanted icons from your desktop.

Empty your Recycle Bin.

Scan with hijackthis, and have it fix the following entries:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jimbutt.com/stuffs/ (unless you set this yourself)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O1 - Hosts: 60.50.170.0
O1 - Hosts: 60.50.170.0
O1 - Hosts: 60.50.170.0
O1 - Hosts: 60.50.170.0
O1 - Hosts: 60.50.170.0
O4 - HKLM\..\Run: [usbn] C:\WINDOWS\SYSTEM32\usbn.exe -go -c70 -w
O15 - …

Hi ysb21189, welcome to DaniWeb :D

You've got HijackThis in a Temp folder (C:\Documents and Settings\Owner\Local Settings\Temp\_AZTMP0_\HijackThis.exe) and it needs to be in it's own permanent folder, like c:\HJT\hijackthis.exe, so it -- and the backups it will create -- don't get accidently deleted.

After you've moved it, close any open browser windows, scan with hijackthis and post a new log please.

It might have been easier to reinstall XP, and that's still an options if this is proving to be too much work.

You should be able to delete the Viewpoint file while in Safe Mode.

Sorry I don't have any suggestions to help make this any easier.

A hardware-type firewall, an antivirus program, and SpywareBlaster will go a long way towards protecting your system. Having Azureus installed certainly isn't helping matters either. Check this thread for some more helpful advice:
http://www.daniweb.com/techtalkforums/thread16365.html

Scan with hijackthis and have it fix the following entries:

O4 - HKLM\..\Run: [loezkir] c:\windows\system32\asvpzm.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe

Go to the following locations and delete the highlighted files:

c:\windows\system32\tzjlhsy.exe
c:\windows\system32\asvpzm.exe
C:\WINDOWS\svcproc.exe

Be sure all windows are closed, other then hijackthis, before hitting Fix checked

Reboot, close any open browser windows, scan with hijackthis, and post a new log.

Note: Try to use Firefox as your primary browser.

Param.dll is indeed one of the bad files associated with this (smitfraud, HotOffers, and a couple of others), and you will most likely need to use the PocketKillbox to get rid of it. There are some other files that should be searched for, and deleted, as well. See post #41 in this thread for more info: http://www.daniweb.com/techtalkforums/threadnav19959-3-15-hotoffers.html

Welcome to DaniWeb, Gilly4 :D

Scan with hijackthis and have it fix the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://msaps.dll/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://msaps.dll/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://msaps.dll/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://msaps.dll/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://msaps.dll/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://msaps.dll/index.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = res://msaps.dll/index.html
R3 - URLSearchHook: MailTo Class - {FDE3577A-6254-181C-4E11-339E4F746BD3} - C:\WINDOWS\SYSTEM32\WINS32T.DLL
O4 - HKLM\..\Run: [WinInit] Win86.exe
O4 - HKLM\..\Run: [WinLogin] win32x.exe
O4 - HKLM\..\Run: [tapisys] C:\WINDOWS\System32\tss.exe
O4 - HKCU\..\Run: [tapisys] C:\WINDOWS\System32\tss.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

Be sure all windows are closed, other then hijackthis, before hitting Fix checked.

Go to the following locations and delete the highlighted files:

C:\WINDOWS\SYSTEM32\WINS32T.DLL
C:\WINDOWS\System32\tss.exe
C:\WINDOWS\web\related.htm

Do a search on your system for the following files and delete any instances found:

Win86.exe
win32x.exe

Note: If any of these files cannot be deleted, try booting into Safe Mode and try it again.

Reboot (normal mode), close any open browser windows, scan with HJT, and post a new log.

To help prevent further intrusion:

Keep Windows and IE updated
Keep your antivirus program updated
Use an alternative browser for the majority of your browsing (such as Firefox or Opera)
Use …

Sorry, for professional assistance you'll need to pay a consultant.
We're only doing this as a hobby (at least while contributing to this site).

Technically, I suppose that's true, because the only difference between a 'professional' and a 'hobbyist' is one gets paid and the other doesn't.

But I have to say, I trust the members here over any 'pro' I've ever paid, and nearly every online and telephone 'tech support' I've ever dealt with.

Try doing this in Safe Mode, just reboot to normal mode before you post a new log.

Hopefully everything will be back to normal when we're finished :)

Hi theAZN, welcome to DaniWeb :D

Your thread has been moved to the Virus forum as this is the only forum where HijackThis logs are to be posted :)

Before fixing anything with hijackthis, you need to move it from the Temp folder it is in now to it's own permanent folder (like c:\HJT\hijackthis.exe).

After you've moved it, close any open browser windows, scan with hijackthis, and post a new log please.

Hi KlondikeTW, welcome to DaniWeb :D

Go to Add/Remove Programs in your Control Panel and remove (if found):

ISTsvc
SideFind

Before fixing anything with HijackThis, you should put it in it's own folder. To do this, right-click on an empty area of your desktop, select New, Folder; give the folder a name (like HJT or HijackThis), and then drag the hijackthis.exe icon that is on your desktop into this new folder.

After you've moved it, please post a new log.

First of all, you need to go to Windows Update and get SP1a for both XP and IE.

Go to Add/Remove Programs in your Control Panel and remove (if found):

WildTangent
Viewpoint Manager
Media Access

Scan with hijackthis and have it fix the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us6.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us6.hpwis.com/
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: XMLDP Class - {60371670-81B9-4d06-9C42-4DEC1AABE62B} - C:\WINDOWS\xmllib.dll
O4 - HKLM\..\Run: [DDCM] "C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe" -Background
O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\RunOnce: [VcCleanUp.exe] C:\DOCUME~1\Owner\LOCALS~1\Temp\VcCleanUp.exe /F C:\PROGRA~1\COMMON~1\SYMANT~1\LiveReg\ /RemoveAll
O4 - HKCU\..\Run: [WindowsFY] c:\wp.exe
O4 - HKCU\..\Run: [SMSSU] C:\WINDOWS\System32\SMSSU.EXE
O4 - HKCU\..\Run: [Tmntsrv32] C:\WINDOWS\System32\Tmntsrv32.EXE
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball...tgameloader.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/M.../bridge-c18.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.inf...iTunesSetup.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/171c827...ip/RdxIE601.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50212/QDow_AS2.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v1...ro.cab34246.cab

Be sure all windows are closed, other then hijackthis, before hitting Fix checked.

Go to the following locations and delete the highlighted folders and files (if found):

C:\Program Files\WildTangent
C:\Program Files\Viewpoint
C:\Program Files\Media Access
c:\wp.exe
C:\WINDOWS\xmllib.dll

When you purchased your computer, did you get a Restore disk with it? If so, what you need should be on there.

If you didn't, do you have a manual with instructions on how to access a hidden partition with the XP files on it?

The fact that there is no information on it via Google is a good indication that it's probably not something you want on your computer. To find out more about it, go to the file itself (do a Search to find it), right-click on it, choose Properties, and get whatever info you can on it (Company, Version, date created, etc.)

Hi Rohit Nautiyal, welcome to DaniWeb :D

You will probaly get the best responses to your question if you post it in the Windows XP forum :)

Good luck!

This should help:
http://www.dll-files.com/dllindex/dll-files.shtml?msvbvm60

So that we can see exactly what you have running on your system, I suggest you get the self-extracting version of HijackThis from here (in line 2):
http://www.malwareremoval.com/downloads.html

Then close any open browser windows, 'Scan and Save Log' with hijackthis, copy the log, and paste it here in this thread.

Hi JiggaD369, welcome to DaniWeb :)

First of all, you need to go to Windows Update and get SP1a for both XP and IE.

Next, get CWShredder from:
http://www.downloads.subratam.org/CWShredder.exe

Open CWShredder, click on Check for updates, and after it's finished updating, click on Fix.

After you've done those two things, close any open browser windows, scan with HijackThis, and post a new log please.

First of all, you need to go to Windows Update and get SP1a for both XP and IE.

Next, before fixing anything with hijackthis, you should move it from the Temp folder it is in now, to it's own permanent folder, like c:\HJT\hijackthis.exe.

After you've moved it, enable anything you may have disabled in msconfig, close any open browser windows, scan with HJT, and post a new log please.

Hi djdeeno, welcome to DaniWeb :D

I will reply to your other thread in a moment; please keep all post related to this problem in that thread -- Thanks! This thread is now being closed.

(http://www.daniweb.com/techtalkforums/thread23279.html)

Hi numptyheid, welcome to DaniWeb :D

You may have gotten an incomplete download; try it again either from the the link DMR gave you, or from from here (line 2):
http://www.malwareremoval.com/downloads.html

Then close any open browser windows, 'Scan and Save Log' with hijackthis, copy the log, and paste it here in this thread.

You can also do this either before or after you post you HJT log:

Get the Pocket Killbox from here:
http://bleepingcomputer.com/files/spyware/KillBox.zip

Unzip the file to your desktop.

Go offline until this is completed (you may wish to print these instructions).

Boot into Safe Mode and do a search for these files and delete any instances found:

param32.dll
guninst.exe
popup_bl.dll
systr.dll
svrhost.exe

If any could not be deleted, (most likely param32.dll), run Pocket Killbox and paste the full file path of file in the box and click on Delete on Reboot. Click on the button with the red circle and an X in the middle; you will get a message saying File will be deleted on next reboot, Process and Reboot now?, Click Yes to reboot. (Note: the 'file path' will be something like C:\WINDOWS\System32\param32.dll)

Boot into Safe Mode and do a search for these files and delete any instances found:

guninst.exe
popup_bl.dll
systr.dll
svrhost.exe

Reboot normally, delete any unwanted icons from your desktop, and empty your Recycle Bin.

Before fixing anything with hijackthis, you should move it from the Temp folder it is now in, to it's own permanent folder, like c:\HJT\hijackthis.exe.

After you've moved it, close any open browser windows, scan with HJT, and post a new log please.

Hi maybury55, welcome to DaniWeb :)

I've split your post into it's own thread so you can get individual attention and so that your fixes don't get confused with the other user's.

Before fixing anything with hijackthis, you should move it out of the Temp folder it's in to it's own permanent folder, like c:\HJT\hijackthis.exe.

After you've moved it, close any open browser windows, scan with hijackthis, and post a new log.

Note: using file-sharing software (aka P2P) such as imesh, can lead to problems.

Hi again Elise :)

So that we can see exactly what you have running on your system, I suggest you get the self-extracting version of HijackThis from here (in line 2):
http://www.malwareremoval.com/downloads.html

Then close any open browser windows, 'Scan and Save Log' with hijackthis, copy the log, and paste it here in this thread.

After you post the log, go to http://castlecops.com/postt106277.html and follow the instructions for getting and using KAV Personal 5.0 Trial.

After running KAV, scan with hijackthis again and post a new log.

Hi Elise and welcome to DaniWeb :D

I see you found the Virus forum and posted your problem there :); we'll help you get rid of it.

Hi Linchey050 and welcome to DaniWeb :)

This is a Trojan and can be cleaned up in conjuntion with your other thread (http://www.daniweb.com/techtalkforums/threadedpost119617.html#post119617); please follow the suggestions there to prevent duplicating efforts.

This thread is being closed.

Get the self-extracting version of HijackThis from here (in line 2):
http://www.malwareremoval.com/downloads.html

Then close any open browser windows, 'Scan and Save Log' with hijackthis, copy the log, and paste it in this thread.

It won't hurt anything to try to fix only parts of the problem at a time; sometimes certain things may return if related items are not fixed, but it doesn't hurt anything to try.

Go to Windows Update and get SP1a for both XP and IE.

Try updating Ewido and then scan again. If it still doesn't work, try CounterSpy from here:

http://www.download.com/3000-8022_4-10337358.html

Before scanning the first time, make the following adjustments to the settings:

At the very top, click on File, and then Check for updates
When it’s finished updating, click the Close button

Under Spyware Scan on the left, click on Run a spyware scan
In the left pane, click on Scan Options
Mark Full system scan
Check all boxes under Full system scan, including Save these options
In the right pane, near the bottom, click Manage Schedule
On the left side, select your preferred schedule options
On the right side, under Scheduled Scan Options, check:
Always run a deep scan
Automatically remove spyware cookies
Click the Update Schedule button

At the top, click on System Tools
Double-click on History Cleaner
Check the following options (if they are not grayed-out):
Internet Explorer History
Internet Explorer Cookies
Kazaa
Temporary Internet Files
Review the list for any other History items you wish to clean
At the bottom, click Remember checked
Click on the Clean …

Get the self-extracting version of HijackThis from here (in line 2):
http://www.malwareremoval.com/downloads.html

Then close any open browser windows, 'Scan and Save Log' with hijackthis, copy the log, and paste it in the Virus forum.

HAPPY MOTHER'S DAY to all the Mom's out there!

:D