Hi, from my recent scans using

PandaActivescan
Kasper
Ewido
Ad-aware
Bit defender

i found rootkit but unable to remove it.
Can you please help me to secure my PC?

Here is my

HJT Log

Logfile of HijackThis v1.99.1
Scan saved at 10:33:14 AM, on 9/12/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\ZONELABS\vsmon.exe
D:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\Documents and Settings\Praveen\Desktop\Ewido\ewido anti-spyware 4.0\guard.exe
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\Program Files\Spyware Doctor\sdhelp.exe
D:\WINDOWS\System32\wdfmgr.exe
D:\WINDOWS\System32\igfxtray.exe
D:\WINDOWS\System32\hkcmd.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\Documents and Settings\Praveen\Desktop\Ewido\ewido anti-spyware 4.0\ewido.exe
D:\WINDOWS\Intel\rundll32.exe
D:\WINDOWS\command\rundll32.exe
D:\Program Files\Spyware Doctor\swdoctor.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Documents and Settings\Praveen\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://in.rd.companion.yahoo.com/slv/ycheck/as/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://in.rd.companion.yahoo.com/slv/ycheck/as/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://in.rd.companion.yahoo.com/slv/ycheck/as/*http://search.yahoo.com/search?p=%s
R3 - Default URLSearchHook is missing
F3 - REG:win.ini: load=D:\WINDOWS\rundl132.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {4EAE2070-5B93-6236-A33C-739C546C3F7C} - D:\WINDOWS\ikhhe1.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Messenger\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [gwiz] D:\WINDOWS\System32\ntsystem.exe
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [!ewido] "D:\Documents and Settings\Praveen\Desktop\Ewido\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [zt] D:\WINDOWS\Intel\rundll32.exe
O4 - HKLM\..\Run: [Tray] D:\WINDOWS\command\rundll32.exe
O4 - HKCU\..\Run: [Spyware Doctor] "D:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Clean Traces - D:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\PROGRA~1\YAHOO!\COMMON\yhexbmesin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\PROGRA~1\YAHOO!\COMMON\yhexbmesin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3C985004-C84C-4698-990C-10F4C6CC69A5}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{3C985004-C84C-4698-990C-10F4C6CC69A5}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{3C985004-C84C-4698-990C-10F4C6CC69A5}: NameServer = 192.168.1.1
O20 - Winlogon Notify: igfxcui - D:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\Documents and Settings\Praveen\Desktop\Ewido\ewido anti-spyware 4.0\guard.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - D:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZONELABS\vsmon.exe

Thanks in advance.
Expecting quick reply.

During my last recent ewido anti-spyware Scan Report, it found 13 infected files and it lists

Logger.Delf.ps High Error during quarantine
Trojan.Gamania High Quarantined
Hijacker.Agent.a High Quarantined
Downloader.IstBaar.ai High Quarantined
TrackingCookie.Tacoda Medium Quarantined
TrackingCookie.Burstnet Medium Quarantined
Adware.Yahoo Medium Quarantined

This is the consolidate scan report

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:46:32 PM 9/12/2006

+ Scan result:



D:\System Volume Information\_restore{CB60C6C3-7A11-4002-AFBE-B9AFED45DF17}\RP12\A0010559.dll -> Adware.Yahoo : Cleaned with backup (quarantined).
D:\Documents and Settings\Praveen\Local Settings\Temporary Internet Files\Content.IE5\CT6B412F\137[1].htm -> Downloader.IstBar.ai : Cleaned with backup (quarantined).
D:\Documents and Settings\Praveen\Local Settings\Temporary Internet Files\Content.IE5\CT6B412F\popupjs[1].htm -> Downloader.IstBar.ai : Cleaned with backup (quarantined).
D:\Documents and Settings\Praveen\Local Settings\Temporary Internet Files\Content.IE5\KDIFWL6N\newtan[1].js -> Hijacker.Agent.a : Cleaned with backup (quarantined).
D:\Documents and Settings\Praveen\Local Settings\Temporary Internet Files\Content.IE5\UXOJUTE5\Ntan[1].js -> Hijacker.Agent.a : Cleaned with backup (quarantined).
D:\Documents and Settings\Praveen\Local Settings\Temporary Internet Files\Content.IE5\WHGF4ZGR\ad_18[1].js -> Hijacker.Agent.a : Cleaned with backup (quarantined).
D:\Program Files\Internet Explorer\IEXPLORE.Dat -> Logger.Delf.ps : Cleaned with backup (quarantined).
[1104] D:\Program Files\Internet Explorer\IEXPLORE.Dat -> Logger.Delf.ps : Error during cleaning.
D:\Documents and Settings\Praveen\Cookies\praveen@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
D:\Documents and Settings\Praveen\Cookies\praveen@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
D:\Documents and Settings\Praveen\Cookies\praveen@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
D:\Program Files\Internet Explorer\1Sy.exe -> Trojan.Gamania.gc : Cleaned with backup (quarantined).
D:\WINDOWS\command\rundll32.exe -> Trojan.Gamania.gc : Cleaned with backup (quarantined).


::Report end

Here is HJT log file

Logfile of HijackThis v1.99.1
Scan saved at 1:13:56 PM, on 9/12/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\ZONELABS\vsmon.exe
D:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\Documents and Settings\Praveen\Desktop\Ewido\ewido anti-spyware 4.0\guard.exe
D:\WINDOWS\System32\igfxtray.exe
D:\WINDOWS\System32\hkcmd.exe
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\Program Files\Spyware Doctor\sdhelp.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\WINDOWS\System32\wdfmgr.exe
D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\Documents and Settings\Praveen\Desktop\Ewido\ewido anti-spyware 4.0\ewido.exe
D:\WINDOWS\Intel\rundll32.exe
D:\Program Files\Spyware Doctor\swdoctor.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\WINDOWS\System32\ctfmon.exe
D:\Documents and Settings\Praveen\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://in.rd.companion.yahoo.com/slv/ycheck/as/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://in.rd.companion.yahoo.com/slv/ycheck/as/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://in.rd.companion.yahoo.com/slv/ycheck/as/*http://search.yahoo.com/search?p=%s
R3 - Default URLSearchHook is missing
F3 - REG:win.ini: load=D:\WINDOWS\rundl132.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {4EAE2070-5B93-6236-A33C-739C546C3F7C} - D:\WINDOWS\ikhhe1.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Messenger\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [gwiz] D:\WINDOWS\System32\ntsystem.exe
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [!ewido] "D:\Documents and Settings\Praveen\Desktop\Ewido\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [zt] D:\WINDOWS\Intel\rundll32.exe
O4 - HKCU\..\Run: [Spyware Doctor] "D:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Clean Traces - D:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\PROGRA~1\YAHOO!\COMMON\yhexbmesin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\PROGRA~1\YAHOO!\COMMON\yhexbmesin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3C985004-C84C-4698-990C-10F4C6CC69A5}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{3C985004-C84C-4698-990C-10F4C6CC69A5}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{3C985004-C84C-4698-990C-10F4C6CC69A5}: NameServer = 192.168.1.1
O20 - Winlogon Notify: igfxcui - D:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\Documents and Settings\Praveen\Desktop\Ewido\ewido anti-spyware 4.0\guard.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - D:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZONELABS\vsmon.exe

PLease respond quickly.
Thanks in advance

The fact that you were infected with so much malware should tell you that AVG sucks.:eek:

First I would fix the following, then I would uninstall AVG & Zone Alarm and then use jv16 powertools (http://www.jv16.org) to clean out your registry. Then follow the rest of what I suggest.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://in.rd.companion.yahoo.com/slv...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://in.rd.companion.yahoo.com/slv.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://in.rd.companion.yahoo.com/slv...om/search?p=%s
R3 - Default URLSearchHook is missing
F3 - REG:win.ini: load=D:\WINDOWS\rundl132.exe
O2 - BHO: Class - {4EAE2070-5B93-6236-A33C-739C546C3F7C} - D:\WINDOWS\ikhhe1.dll (file missing)
O4 - HKLM\..\Run: [gwiz] D:\WINDOWS\System32\ntsystem.exe

Prior to doing anything XP users MUST disable System Restore!!! You can re enable it after you are clean.

1. Download, install and run CrapCleaner (http://www.ccleaner.com) to remove any temporary and junk files.

2. Download Ad-Aware SE 1.06 (http://www.majorgeeks.com/download506.html) and set it up as shown HERE (http://www.drtweak.com/index.php?topic=40.0).

3. Download SpyBot Search & Destroy 1.4 (http://www.safer-networking.org/index.php?page=download) and set it up as shown HERE (http://www.drtweak.com/index.php?topic=41.0).

4. Download SUPERAntiSpyware (http://www.superantispyware.com), update and do a full system scan.

5. Download Ewido Anti-Malware 4.0 (http://www.ewido.net/en/download), update and do a full system scan.

6. Download and run CWShredder (http://www.trendmicro.com/cwshredder).

7. Do a FREE online virus scan from BitDefender Online Scan (http://www.bitdefender.com/) and remove all that it finds.

8. If you aren't currently using a firewall or anti-virus profram then I suggest you install Comodo Firewall (http://www.personalfirewall.comodo.com/) and Active Virus Shield (http://www.activevirusshield.com/antivirus/freeav/index.adp?) - (setup instructions HERE (http://www.drtweak.com/index.php?topic=157.0)), both are FREE and offer excellent protection.

9. It it also a good idea to run the Winsock Fix (http://www.snapfiles.com/get/winsockxpfix.html) to repair your TCP/IP stack. (you will have to redo any tweaks for your connection if this is used)

10. If after doing ALL of the above and you are still having problems please scan with HijackThis 1.99.1 (http://www.majorgeeks.com/download3155.html) as shown HERE (http://www.drtweak.com/index.php?topic=58.0) and post a log here in this forum for us to look at.

11. Download SpywareBlaster 3.5.1 (http://www.javacoolsoftware.com/spywareblaster.html) and set it up as shown HERE (http://www.drtweak.com/index.php?topic=42.0) to help stay spyware free.

12. Make sure you have ALL of the latest Windows Updates.

:D