This problem began after downloading a spyware fixing program, so I am leary of any of those except for Lavasoft's adaware se plus, and spybot.
I did have problems with the start page going to a blank page, but was able to fix that. At this time I dont seem to have any bogus entries in my registry file. I do have killbox program, and it helped me, or so I thought, with getting rid of this problem, but its back. These dang *.tmp.exe type files are still happening. I get notified about some of them with zone alarm program, and I always say deny access. I find them by ctrl+alt+del key...that is how I know they are there.

Welcome to the forum dreamer37, I am sure that our expert PC Security Team will look at this as soon as they can.

Hi there Dreamer.

Can you do a Panda online AV scan here:

http://www.pandasoftware.com/products/activescan.htm

and post the log from that and a new hjt log?


Also did you install PCTattletale youreself?

If you use it youreself , its ok. But if someone else installed it then it can be used to spy on you.

Here are the files you requested.
I did install Pctattletale myself, long time ago, it has since been uninstalled...I put it on my pc to monitor my childrens activity.
The problem started for me after getting a virus from a web page that my symantec av program detected. I thought I had it elminated, but these dang win*.tmp.exe files keep showing up.

Lets see if we can clean that up.


Before fixing things with HijackThis Please Do the Following:


Show hidden files and folders:

For XP:

1. On the Tools menu in Windows Explorer, click Folder Options.
2. Click the View tab.
3. Under Hidden files and folders, click Show hidden files and folders.
4. If you see a warning message, click Yes.
5. Click Apply.
6. Click OK.

Disable System Restore to prevent re-infection.
(If you have/use it. You can turn it back on when youre PC is clean).

How to disable system restore:

WinXP.

1. Click the Start button.
2. Right-click My Computer, and then click Properties.
3. On the System Restore tab, check Turn off System Restore or Turn off System Restore on all drives.

Please download CCleaner

Download Process Explorer by Systernals from HERE.

Also download KillBox by Option^Explicit from HERE.

Download Smitrem to your desktop:

http://noahdfear.geekstogo.com/click...click.php?id=1

Run the installer and then press Start to Extract the
files to the desktop, Do not run it yet.

Reboot into safe mode (Reboot and keep tapping F8 then
choose safe mode from the list)

Run SmitRem:

Open the SmitRem folder and double click the "RunThis.bat"
file to start the tool , Follow the prompts on
screen. Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of the drive that you ran the batch file on, eg; Local Disk C: or partition where your operating system is installed. Please attach this log to your next reply



Then boot up in SAFE MODE again and stay in safe mode untill the rest of the fix is done.


Unzip Process Explorer and double click on procexp.exe

In the top section of the Process Exlporer screen double click on winlogon.exe to bring up the winlogon.exe properties screen. Click on the Threads tab at the top.
Once you see this screen click on each instance of winjrs32.dll once and then click the kill button.
After you have killed all of the winjrs32.dll's under winlogon click OK.

Next In the top section of the Process Exlporer screen again , double click on explorer.exe and again click once on each instance of winjrs32.dll then click the kill button.

Once you have done that click OK again.


Next run HijackThis and place a check beside each of the following:



Now click fix checked and close HijackThis , then run Ccleaner.

Manually delete these files if still present:

C:\WINDOWS\SYSTEM32\im64.dll
C:\WINDOWS\smdat32m.sys
C:\Documents and Settings\MOM\Desktop\backups\backup-20060221-092258-651.dll



Please copy the text in the quote below, and paste it into a blank notepad window.
Save it as "fix.reg" and in the "save as" type box choose "all files".
Once you have saved it double click it and allow it to merge with the registry.



Double click on Killbox.exe and then check the delete on reboot button.

Enter the following filepath and filename into the Full path of file to delete box:

C:\WINDOWS\SYSTEM32\winjrs32.dll

Click the red circle with the white x and allow your computer to reboot.
(if killbox doesn't reboot on its own then please reboot manually)

After your computer has rebooted please run Hijackthis again and post a new Hijackthis log plus the smitrem log.



I would also recommend to go to windows update to get better protected from things like this , but wait with that untill youre pc is malware free.

here are the files....the only thing I did, that you didnt mention, and I had neglected, was to install the ewido and run the ewido program, which I did.
I also followed all the other things you said to do.
So far, when I do ctrl+alt+del I am not showing any win*.tmp.exe files running.
If my pc is okay now, then can i safely uninstall the programs you told me to run/install? if my pc isnt fixed what next, and how will I know if it is okay?

Yup , there gone. Looks all clean to me , and you can delete everything that you have downloaded to fix this , there not needed anymore.

Also have a look on this site in the future to check before downloading an anti spyware app:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

If its listed there then it is "roque" , in other words , not to be trusted and maybe even malware itself.

Also i would recommend to update windows now that youre pc is clean , to be better protected against things like this.

Do you still have any problems?