Hi. I ran my virus checker on it recently using Avast4 and it sed there was a Trojan Win32:trojan-gen in this programme. It did not pick it up when I scanned it a few months ago. I have definitely run this program. On my computer.

I've had a total motherboard failure which may be unrelated. I replaced the motherboard with a similar model and everything worked without any reinstalling.

For the first time after the new motherboard I attempted to transfer Thunderbird E-Mail Client (I Did Not Have Thunderbird on my computer before or any e-mail client). And I have not been able to get it to work. I've been through every setting with a tooth comb and I can't explain why it isn't working.

I get regular security updates but this Trojan that has been found in a programme I have definitely run has got me worried. Apologies for the huge e-mail.

Here is the hijack log


Many thanks James


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:52:28, on 04/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Hi, Sorry here is the logfile Many thanks James

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:27:00, on 04/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum Suite\UIWatcher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "e:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [DNS7reminder] "E:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking9\Ereg.ini
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKCU\..\Run: [UIWatcher] C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum Suite\UIWatcher.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{F21E7816-64C7-4A0B-8A51-FE5899EA2010}: NameServer = 212.139.132.10 212.139.132.11
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6383 bytes

You're Ready for cleaning.

At CastleCops we screen all HijackThis logs for errors, out-of-date versions, unupdated operating systems, omissions and P2P applications; getting you [READY] for cleaning by our 1st Responders and Security Experts.

Now you wait for one of them to come help you.

_________________

Microsoft MVP Consumer Security 2006, 2007 & 2008

Hi Prince_serendip, thanks for your reply, this looks like a great site, I'm trying to get my head around, why anyone would take their time and effort to look at my hijack log. What's in it for you guys? I don't want to prejudge it, as maybe no one will. If someone does I will be very grateful, but I don't like being a nuisance. Regards James

Come on, get on with it. Cheers

If you are still interested in getting help to clean up your computer, please do the following.

The address of this topic is:

Please copy and paste the above address into a post reply at our Unhandled Logs topic: /t134063-Unhandled_Logs.html

Do NOT post it as a New Topic, and do NOT post a HijackThis log there. It's a list of topic addresses to threads older than 5 days.

Then please post a fresh log here. Thanks.

_________________

Microsoft MVP Consumer Security 2006, 2007 & 2008

hi Prince_Serendip, I will do, I did not mean to sound rude before, taking you guys for granted. all the best James

Now that you've made an entry at the Unhandled Logs topic, you need to post a fresh log here (below this post).


**NOTE: You have a week to post the updated log. Do not post it as a new topic. If your new updated log is not posted, this topic will be locked and your post removed from the Unhandled Logs topic list.

_________________

Microsoft MVP Consumer Security 2006, 2007 & 2008

Hi, thanks for getting back to me about this, much appreciated. Here is a brand new hijack this log. Thanks again James.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:16:27, on 30/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum Suite\UIWatcher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\devldr32.exe
E:\PROGRA~1\Nuance\NATURA~1\Program\natspeak.exe
C:\Program Files\Avanquest\PowerDesk\PDExplo.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "e:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [DNS7reminder] "E:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking9\Ereg.ini
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKCU\..\Run: [UIWatcher] C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum Suite\UIWatcher.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Dragon NaturallySpeaking.lnk = E:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{F21E7816-64C7-4A0B-8A51-FE5899EA2010}: NameServer = 212.139.132.9 212.139.132.8
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6955 bytes

Welcome to the Castlecops Forums. We are currently studying your log and will have instructions for you shortly. Thank you for your patience.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

hi suebaby I've not posted it up anywhere else. I'm in no hurry to all. I don't understand why anyone would give up their free time to trawl through my hijacked log. It's very kind of you. Don't worry about it, if you get a chance to look at it great, but don't put yourself out. All the best James

I do not see any obvious signs of malware. I have some suggestions for general cleaning of your computer.

You may want to print this page. Make sure to work through the fixes in the order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Step 1

In normal mode, run an online antivirus check from at least two and preferably three of the following sites
BitDefender
Computer Associates Online Virus Scan
Panda's ActiveScan
Trend Micro Housecall
Windows Live Safety Center Free Online Scan
This scanner from Trend does not require an Active X to run.

1. Detects and removes malware ( viruses, worms, trojans, etc. )
   
2. Detects and removes grayware and spyware
3. Restores damage caused by malware to your system.
   
4. Notifies about vulnerabilities in installed programs and connected network services.
5. Multi-platform support for: Windows, Linux, Solaris.
   
6. Easy-to-use with the Microsoft Internet Explorer and Mozilla Firefox.

1. Prevent the installation of Active X-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.
   
2. Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
   
3. Restrict the actions of potentially unwanted sites in Internet Explorer.

1. Please download Malwarebytes Anti-Malware (MBAM). Alternate download link
   
2. Double-click on Download_mbam-setup.exe to install the application.
   
3. When the installation begins, follow the prompts and do not make any changes to default settings.
   
4. When installation has finished, make sure you leave both of these checked:
   • Update Malwarebytes' Anti-Malware
     
   • Launch Malwarebytes' Anti-Malware
5. Click Finish.
   
6. MBAM will automatically start and you will be asked to update the program before performing scan. If an update is found, the program will automatically update itself.
   
7. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from the Malware Bytes Web site. Scroll down the page until you see Latest Database; click Download from GT500.org
   
8. Double-click on mbam-rules.exe to install.
   
9. On the Scanner tab, make sure the Perform Quick Scan option is selected.
   
10. Click on the Scan button.
    
11. If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
    
12. The scan will begin and Scan in progress will show at the top. It may take some time to complete; please be patient.
    
13. When the scan is finished, a message box will say "The scan completed successfully.
    
14. At the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
    
15. Make sure that everything is checked, and click Remove Selected.
    
16. When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
    
17. The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
    
18. Copy and paste the contents of that report in your next reply and exit MBAM.
    
19. Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

1. Please download SUPERAntiSpyware (SAS) - SUPERAntiSpyware Free Version For Home Users
   
2. Install it and double-click the icon on your desktop to run it.
   
3. It will ask if you want to update the program definitions, click Yes.
   
4. Under Configuration and Preferences, click the Preferences button.
   
5. Click the Scanning Control tab.
   
6. Under Scanner Options, make sure the following are checked:
   • Close browsers before scanning.
     
   • Scan for tracking cookies.
     
   • Terminate memory threats before quarantining.
     
   • Please leave the others unchecked.
   
   
7. Click the Close button to leave the control center screen.
   
8. On the main screen, under Scan for Harmful Software, click Scan your computer.
   
9. On the left, check C:\Fixed Drive.
   
10. On the right, under Complete Scan, choose Perform Complete Scan.
    
11. Click Next to start the scan. Please be patient while it scans your computer.
    
12. After the scan is complete, a summary box will appear. Click OK.
    
13. Make sure everything in the white box has a check next to it, then click Next.
    
14. It will quarantine what it found and if it asks if you want to reboot, click Yes.
    
15. To retrieve the removal information, please do the following:
    • After reboot, double-click the SUPERAntispyware icon on your desktop.
      
    • Click Preferences. Click the Statistics/Logs tab.
      
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      
    • It will open in your default text editor (such as Notepad/Wordpad).
      
    • Please highlight everything in the notepad, then right-click and choose Copy.
      
    • Click Close and Close again to exit the program.
16. Please paste that information with a new HijackThis log.

• Cleaning of all user temp folders, administrator only can use this feature.
  
• Cleaning of the Java cache, which seems to be harboring more and more malware.
  
• Cleaning the cache, cookies, history, download history, visited links and saved passwords. You have the option of checking no if you want to save your passwords.

• Double-click ATF-Cleaner.exe to run the program.
  
• Check the boxes to the left of:
  • Windows Temp
    
  • Current User Temp
    
  • All Users Temp
    
  • Temporary Internet Files
    
  • Prefetch (Windows XP) only
    
  • Java Cache
• The rest are optional - if you want to remove them all, check Select All.
  
• Click the Empty Selected button.
  
• When you get the Done Cleaning message, click OK.

• Click Firefox at the top and choose: Select All.
  
• Click the Empty Selected button.
  
• When you get the Done Cleaning message, click OK.
  
• NOTE: If you would like to keep your saved passwords, please click No at the prompt.

• Click Opera at the top and choose: Select All.
  
• Click the Empty Selected button.
  
• When you get the Done Cleaning message, click OK.
  
• NOTE: If you would like to keep your saved passwords, please click No at the prompt.

1. According to your Internet connection, please disconnect from the Internet. Close ALL browser windows (including this one).
   • Physically remove the cable for your broadband Internet service “Always On” Connection from your computer.
     
   • Turn your modem off.
     
   • Disconnect your modem cable from your computer.
   
   
2. Turn the device off for Handheld wireless connections.
   
3. Exit all processes and items in your System tray.

1. the list of file names and locations for any files that cannot be cleaned / deleted that were reported after you completed the online scans.
   
2. the log from MalwareBytes
   
3. the log from SUPERAntiSpyware
   
4. a new HijackThis log

thanks suebaby41, I appreciate you giving it a look. Thanks also for the advice sheet I shall certainly be printing that out. Take care of yourself, regards James

Thanks. If you have any problems with the instructions, please let me know.

Since this issue has been resolved I'm going to mark this as DONE and lock the topic.
If the problem should reappear, contact a Site Mod to unlock the topic. This applies to the original topic starter, everyone else please start a new topic with your problem.