So I downloaded something or other that apparently had more than just the file hiding in it, and most anti-spyware programs can't stop these IE popups. I got rid of one major one with HijackThis, but I do not want to remove anything vital to the system by accident before I remove anything else, because even with Norton AntiVirus I've messed up components that should not have been deleted but were detected along with spyware.

This is what HijackThis detected on my system, and I need an experienced HijackThis user to tell me which of these are spyware and safe to delete, and which must not be deleted;


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Learn about Dell's notebooks, desktops, monitors, printers plus computer electronics & accessories.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Learn about Dell's notebooks, desktops, monitors, printers plus computer electronics & accessories.
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Soip] "C:\PROGRA~1\ICROSO~1\rundll.exe" -vt yazb
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1189556895718
O17 - HKLM\System\CCS\Services\Tcpip\..\{0846D5A4-2473-4EDF-ABFF-1F7725044445}: NameServer = 85.255.116.148,85.255.112.177
O17 - HKLM\System\CCS\Services\Tcpip\..\{1904A7C3-5476-40AA-B0C4-80C756225718}: NameServer = 85.255.116.148,85.255.112.177
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.148 85.255.112.177
O17 - HKLM\System\CS1\Services\Tcpip\..\{0846D5A4-2473-4EDF-ABFF-1F7725044445}: NameServer = 85.255.116.148,85.255.112.177
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.148 85.255.112.177
O17 - HKLM\System\CS2\Services\Tcpip\..\{0846D5A4-2473-4EDF-ABFF-1F7725044445}: NameServer = 85.255.116.148,85.255.112.177
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.148 85.255.112.177
O24 - Desktop Component 0: (no name) - C:\Program Files\ComPlus Applications\progy.html


THANK YOU

Welcome to PC Help Forum, a Security Analyst will be with you soon.

Thanks so much.

You have two infections..



Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/file...Fixwareout.exe
Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts.
You will be asked to reboot your computer; please do so.
Your system may take longer than usual to load; this is normal.
Once the desktop loads Save the text that will open (report.txt) to your desktop.

Should you have problems connecting to the internet after the fix, follow these instrutions.
Please go to Start -> Control Panel Network Connections. Rightclick on your default connection (usually Local Area Connection or Dial-up Connection if you are using Dial-up) and leftclick on Properties. Doubleclick on the Internet Protocol (TCP/IP) item and select the button that says "Obtain DNS servers automatically". Click OK twice, and restart your computer.

In your next reply, please include a fresh Hijackthis log and report.txt. Thanks

=============================

Please download Combofix from HERE or HERE

Save ComboFix to the desktop.
1. Double click on combo.exe & follow the prompts.
2. When finished, it will produce a logfile located at C:\ComboFix.txt.
3. Copy and Paste the contents of that log in your next reply with a new hijackthis log. Do not use Code or html unless asked for.
Note: Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.

I greatly appreciate the assistance, thanks very much. I ran both Fixwareout and Combofix, and here is the log from Combofix (I assume you just want a direct copy paste of the log as opposed to an attatchment or an html, if not I apologize):


ComboFix 07-10-23.2 - Tim 2007-10-22 21:21:01.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.232 [GMT -4:00]
Running from: C:\Documents and Settings\Tim\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\check_LSA7.txt
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\Tim\Application Data\WinTouch
C:\Documents and Settings\Tim\Application Data\WinTouch\config.cfg.09df2aa2f45bfc1af7eb4e415 f5e8543
C:\Documents and Settings\Tim\My Documents\MBOLS~1
C:\Documents and Settings\Tim\My Documents\RACLE~1
C:\Documents and Settings\Tim\Start Menu\Programs\Outerinfo
C:\Documents and Settings\Tim\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\Tim\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Program Files\Common Files\ecurit~1
C:\Program Files\Common Files\wnsxs~1
C:\Program Files\ComPlus Applications\lawu.dll
C:\Program Files\ComPlus Applications\progy.html
C:\Program Files\inetget2
C:\Program Files\NetMeeting\holemuvy4444.dll
C:\Program Files\NetMeeting\holemuvy83122.dll
C:\Program Files\network monitor
C:\Program Files\network monitor\netmon.exe
C:\Program Files\outerinfo
C:\Program Files\outerinfo\outerinfo.ico
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\WinAble
C:\Program Files\WinAble\winable.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\fCOe
C:\Temp\fCOe\tOasF.log
C:\temp\tn3
C:\WINDOWS\b103.exe
C:\WINDOWS\b104.exe
C:\WINDOWS\b122.exe
C:\WINDOWS\b128.exe
C:\WINDOWS\b138.exe
C:\WINDOWS\b143.exe
C:\WINDOWS\b147.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\retadpu703.exe
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\SYSTEM32\hjkmp.bak1
C:\WINDOWS\SYSTEM32\hjkmp.bak2
C:\WINDOWS\SYSTEM32\hjkmp.ini
C:\WINDOWS\SYSTEM32\hjkmp.ini2
C:\WINDOWS\SYSTEM32\hjkmp.tmp
C:\WINDOWS\system32\lxehsaey.dll
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\ofxtonfu.dll
C:\WINDOWS\system32\oTt02e
C:\WINDOWS\system32\oTt02e\oTt02e1065.exe
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\racle~1
C:\WINDOWS\system32\server.exe
C:\WINDOWS\system32\vpbieumt.exe
C:\WINDOWS\system32\wtssvcc32.exe
C:\WINDOWS\SYSTEM32\yeashexl.ini
C:\WINDOWS\tk58.exe
C:\WINDOWS\TTC-4444.exe
C:\WINDOWS\uninstall_nmon.vbs
C:\WINDOWS\winlog.exe
C:\WINDOWS\ymante~1

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CORE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\core
-------\DomainService
-------\Network Monitor


((((((((((((((((((((((((( Files Created from 2007-09-23 to 2007-10-23 )))))))))))))))))))))))))))))))
.

2007-10-22 21:17 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-22 04:17 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-22 04:11 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-10-22 04:11 <DIR> d-------- C:\Documents and Settings\Tim\Application Data\SUPERAntiSpyware.com
2007-10-22 03:43 <DIR> d-------- C:\WINDOWS\SYSTEM32\xirdrvr
2007-10-22 03:43 <DIR> d-------- C:\WINDOWS\SYSTEM32\temp2
2007-10-22 03:43 <DIR> d-------- C:\WINDOWS\SYSTEM32\ozde
2007-10-22 03:43 <DIR> d-------- C:\WINDOWS\SYSTEM32\fixtmp
2007-10-22 03:43 <DIR> d-------- C:\WINDOWS\SYSTEM32\bit2
2007-10-22 03:43 <DIR> d-------- C:\Temp
2007-10-22 03:43 34,304 --a------ C:\WINDOWS\SYSTEM32\tuvvvwu.dll
2007-10-19 17:14 <DIR> d-------- C:\WINDOWS\desktop
2007-10-18 14:37 <DIR> d-------- C:\Program Files\MSECache
2007-10-15 16:06 <DIR> d-------- C:\Program Files\Opera
2007-09-29 00:55 <DIR> d-------- C:\WINDOWS\Setup2K
2007-09-29 00:55 <DIR> d-------- C:\Program Files\DSC Driver
2007-09-29 00:55 118,784 --a------ C:\WINDOWS\ShowBmp.exe
2007-09-29 00:55 53,248 --a------ C:\WINDOWS\ap561.exe
2007-09-26 01:20 <DIR> d-------- C:\Program Files\NetShow Services
2007-09-26 01:19 <DIR> d-------- C:\Program Files\Ulead Systems

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-10-22 08:11 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-22 07:59 --------- d-----w C:\Program Files\Viewpoint
2007-10-19 00:57 131,584 ------w C:\WINDOWS\combatfs.exe
2007-10-16 11:15 10 ----a-w C:\Program Files\.autoreg
2007-09-29 04:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-26 05:19 4,608 ----a-w C:\WINDOWS\SYSTEM32\w95inf32.dll
2007-09-23 09:08 --------- d-----w C:\Program Files\LucasArts
2007-09-20 00:40 --------- d-----w C:\Program Files\UWC
2007-09-19 02:44 --------- d-----w C:\Program Files\PHStat2
2007-09-19 02:44 --------- d-----w C:\Documents and Settings\Tim\Application Data\InstallShield
2007-09-18 05:13 --------- d-----w C:\Program Files\Microsoft.NET
2007-09-17 00:04 107,888 ----a-w C:\WINDOWS\SYSTEM32\CmdLineExt.dll
2007-09-17 00:04 --------- d--h--r C:\Documents and Settings\Tim\Application Data\SecuROM
2007-09-16 23:15 --------- d-----w C:\Program Files\AGEIA Technologies
2007-09-12 04:24 --------- d-----w C:\Program Files\Creative
2007-09-12 03:06 --------- d-----w C:\Program Files\Analog Devices
2007-09-12 01:51 --------- d-----w C:\Program Files\McAfee.com
2007-09-12 01:51 --------- d-----w C:\Program Files\BitTorrent
2007-09-12 01:15 60,968 ----a-w C:\Documents and Settings\Tim\GoToAssistDownloadHelper.exe
2007-09-12 00:27 --------- d-----w C:\Documents and Settings\Tim\Application Data\Yahoo!
2007-09-11 23:19 --------- d-----w C:\Program Files\Common Files\Adobe
2007-09-11 23:18 --------- d-----w C:\Program Files\WinZip Self-Extractor
2007-09-11 23:18 --------- d-----w C:\Documents and Settings\Tim\Application Data\shockwave.com
2007-09-11 19:38 --------- d-----w C:\Program Files\Yahoo!
2007-08-29 08:51 56,192 ----a-w C:\Documents and Settings\Tim\Application Data\GDIPFONTCACHEV1.DAT
2007-08-25 10:58 --------- d-----w C:\Program Files\Bethesda Softworks
2007-08-24 06:16 --------- d-----w C:\Program Files\Microsoft Games
2007-08-17 22:01 45,056 ----a-w C:\WINDOWS\NCUNINST.EXE
2007-08-14 09:05 57,344 ----a-w C:\WINDOWS\uneng.exe
2007-07-31 00:19 92,504 ----a-w C:\WINDOWS\SYSTEM32\cdm.dll
2007-07-31 00:19 549,720 ----a-w C:\WINDOWS\SYSTEM32\wuapi.dll
2007-07-31 00:19 53,080 ----a-w C:\WINDOWS\SYSTEM32\wuauclt.exe
2007-07-31 00:19 43,352 ----a-w C:\WINDOWS\SYSTEM32\wups2.dll
2007-07-31 00:19 325,976 ----a-w C:\WINDOWS\SYSTEM32\wucltui.dll
2007-07-31 00:19 271,224 ----a-w C:\WINDOWS\SYSTEM32\mucltui.dll
2007-07-31 00:19 203,096 ----a-w C:\WINDOWS\SYSTEM32\wuweb.dll
2007-07-31 00:19 1,712,984 ----a-w C:\WINDOWS\SYSTEM32\wuaueng.dll
2007-07-31 00:18 33,624 ----a-w C:\WINDOWS\SYSTEM32\wups.dll
2007-07-31 00:18 207,736 ----a-w C:\WINDOWS\SYSTEM32\muweb.dll
2005-08-02 21:46:54 187,904 --sha-r C:\WINDOWS\VGlt\asappsrv.dll
2005-08-02 21:58:38 293,888 --sha-r C:\WINDOWS\VGlt\command.exe
2005-07-29 21:24:26 472 --sha-r C:\WINDOWS\VGlt\p35Q.vbs
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{232D2677-68EE-4FA1-B988-279EBC8969ED}]
2007-10-22 03:43 34304 --a------ C:\WINDOWS\system32\tuvvvwu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"DwlClient"="C:\Program Files\Common Files\Dell\EUSW\Support.exe" [2003-06-24 11:46]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\M SConfig.exe" [2004-08-04 06:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"AIM"="C:\Program Files\AIM\aim.exe" [2005-05-18 09:42]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-07-16 16:17]
"Soip"="C:\PROGRA~1\ICROSO~1\rundll.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
"{232D2677-68EE-4FA1-B988-279EBC8969ED}"= C:\WINDOWS\system32\tuvvvwu.dll [2007-10-22 03:43 34304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvvvwu]
tuvvvwu.dll 2007-10-22 03:43 34304 C:\WINDOWS\SYSTEM32\tuvvvwu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Tim^Start Menu^Programs^Startup^TA_Start.lnk]
path=C:\Documents and Settings\Tim\Start Menu\Programs\Startup\TA_Start.lnk
backup=C:\WINDOWS\pss\TA_Start.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^DOCUME~1^ALLUSE~1^ Start Menu^Programs^Startup^Icatch(VI) SnapDetect.lnk]
path=C:\DOCUME~1\ALLUSE~1\Start Menu\Programs\Startup\Icatch(VI) SnapDetect.lnk
backup=C:\WINDOWS\pss\Icatch(VI) SnapDetect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^DOCUME~1^ALLUSE~1^ Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\DOCUME~1\ALLUSE~1\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
"C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
Ati2mdxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
BCMSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent]
"C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]
C:\WINDOWS\System32\DSentry.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\retadpu703.exe 61A847B5BBF728153298284503996897C881250221C8670836 AC4FA7C8833201749139

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rzki]
C:\PROGRA~1\COMMON~1\rzki\rzkim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tblej]
"C:\Documents and Settings\Tim\My Documents\??mbols\w?wexec.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAble]
C:\Program Files\WinAble\winable.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Logger]
C:\WINDOWS\winlog.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTouch]
C:\Documents and Settings\Tim\Application Data\WinTouch\WinTouch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Words]
C:\Program Files\Words\Words.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{E5-5E-E8-8B-ZN}]
C:\Documents and Settings\Tim\Local Settings\Temp\thinksnet.exe CHD003

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service"=2 (0x2)
"ose"=3 (0x3)
"Network Monitor"=2 (0x2)
"NetSvc"=3 (0x3)
"Creative Service for CDROM Access"=2 (0x2)
"cmdService"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)


.
************************************************** ************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-22 21:30:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2007-10-22 21:31:32 - machine was rebooted
.
--- E O F ---

Thanks again.

Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.
It's IMPORTANT to carry out the instructions in the sequence listed below.

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open *notepad* and copy/paste the text in the quotebox below into it:

Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.


Refering to the picture above, drag CFScript.txt into ComboFix.exe
Restart your computer.
When finished, it shall produce a log for you at C:\ComboFix.txt
Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please.

*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall*

As far as I can tell, that fixed it completely. Not a single pop-up when they used to pop-up, no more unidentified programs in the startup in the configuration utility, and my browsers are functioning normally. Thanks so much for your help, you guys are the best anti-spyware weapon out there.

Thanks again
Tim