I started seeing problems with Google search results. When I clicked on a search result it would open some random page, not what I was trying to open, and usually through something called abcsearch.com.

I've searched around and it sounds like I have a hijacker of some sort. I've run SpyBot S&D, AVG Anti-Spyware, CCleaner, AboutBuster, and fixwareout. No luck so far.

I followed the instructions in the sticky post and have run Kasperksy online virus scan and Hijack this. The lags are pasted below. Any help would be greatly appreciated.

Thanks.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:48:24 PM, on 9/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\basfipm.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\dlbxcoms.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {53B5F2B1-94DD-43E5-8187-EB4E31F00701} - C:\WINDOWS\system32\l3acdb2.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: File Print FedEx Kinko's - {9566395F-43D2-4c64-B525-B501FFA276E2} - mscoree.dll (file missing)
O3 - Toolbar: File Print FedEx Kinko's - {9566395f-43d2-4c64-b525-b501ffa276e2} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [bascstray] BascsTray.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DLBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlbxmon.exe] "C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKLM\..\RunServices: [IESet] IExplorer.dll .dbt
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKUS\S-1-5-18\..\Run: [IESet] IExplorer.dll .dbt (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [IESet] IExplorer.dll .dbt (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: .lnk = C:\WINDOWS\SYSTEM32\msmapibx32.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office XP\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI01DA~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/installdrivecleanerstart.cab
O16 - DPF: {AE6C4705-0F11-4ACB-BDD4-37F138BEF289} (Image Uploader Control) - http://www.ritzpix.com/net/Uploader/LPUploader41.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: dlbx_device - Dell - C:\WINDOWS\System32\dlbxcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O24 - Desktop Component 1: Desktop Uninstall - C:\WINDOWS\warnhp.html

--
End of file - 6732 bytes




-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, September 11, 2007 9:24:13 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 11/09/2007
Kaspersky Anti-Virus database records: 412972
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 277054
Number of viruses found: 6
Number of infected objects: 22
Number of suspicious objects: 0
Duration of the scan process: 03:31:00

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e1517f33b4f8c1785bf98bfaae787cb7_7b71fbce-dff3-42c2-9259-d2367eb8daa9 Object is locked skipped
C:\Documents and Settings\Julie\Local Settings\Temp\Temporary Internet Files\Content.IE5\O92VU1Q5\nsp[1]/packed Infected: Trojan-Downloader.JS.Agent.nk skipped
C:\Documents and Settings\Julie\Local Settings\Temp\Temporary Internet Files\Content.IE5\O92VU1Q5\nsp[1] GZIP: infected - 1 skipped
C:\Documents and Settings\Julie\Local Settings\Temp\Temporary Internet Files\Content.IE5\O92VU1Q5\nsp[1].htm Infected: Trojan-Downloader.JS.Agent.nk skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Warren\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Warren\Local Settings\Application Data\ApplicationHistory\Explorer.EXE.3c2f65a1.ini.inuse Object is locked skipped
C:\Documents and Settings\Warren\Local Settings\Application Data\ApplicationHistory\iexplore.exe.26e3ad32.ini.inuse Object is locked skipped
C:\Documents and Settings\Warren\Local Settings\Application Data\Identities\{2C7A8CD0-78FA-427F-BF86-AE333A20DC52}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Gidon" <gidon@mobilemarvels.com>][Date Wed, 20 Oct 2004 11:33:16 -0600]/UNNAMED/Details.zip Infected: Email-Worm.Win32.Bagle.gen skipped
C:\Documents and Settings\Warren\Local Settings\Application Data\Identities\{2C7A8CD0-78FA-427F-BF86-AE333A20DC52}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Gidon" <gidon@mobilemarvels.com>][Date Wed, 20 Oct 2004 11:33:16 -0600]/UNNAMED Infected: Email-Worm.Win32.Bagle.gen skipped
C:\Documents and Settings\Warren\Local Settings\Application Data\Identities\{2C7A8CD0-78FA-427F-BF86-AE333A20DC52}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Gidon" <gidon@mobilemarvels.com>][Date Tue, 19 Oct 2004 15:42:37 -0600]/UNNAMED/Message.zip Infected: Email-Worm.Win32.Bagle.gen skipped
C:\Documents and Settings\Warren\Local Settings\Application Data\Identities\{2C7A8CD0-78FA-427F-BF86-AE333A20DC52}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Gidon" <gidon@mobilemarvels.com>][Date Tue, 19 Oct 2004 15:42:37 -0600]/UNNAMED Infected: Email-Worm.Win32.Bagle.gen skipped
C:\Documents and Settings\Warren\Local Settings\Application Data\Identities\{2C7A8CD0-78FA-427F-BF86-AE333A20DC52}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Gidon" <gidon@mobilemarvels.com>][Date Mon, 18 Oct 2004 10:54:33 -0600]/UNNAMED/Info.zip Infected: Email-Worm.Win32.Bagle.gen skipped
C:\Documents and Settings\Warren\Local Settings\Application Data\Identities\{2C7A8CD0-78FA-427F-BF86-AE333A20DC52}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Gidon" <gidon@mobilemarvels.com>][Date Mon, 18 Oct 2004 10:54:33 -0600]/UNNAMED Infected: Email-Worm.Win32.Bagle.gen skipped
C:\Documents and Settings\Warren\Local Settings\Application Data\Identities\{2C7A8CD0-78FA-427F-BF86-AE333A20DC52}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Gidon" <gidon@mobilemarvels.com>][Date Tue, 31 Aug 2004 15:54:46 -0600]/UNNAMED/fotos.zip/foto/foto.html Infected: Exploit.HTML.CodeBaseExec skipped
C:\Documents and Settings\Warren\Local Settings\Application Data\Identities\{2C7A8CD0-78FA-427F-BF86-AE333A20DC52}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Gidon" <gidon@mobilemarvels.com>][Date Tue, 31 Aug 2004 15:54:46 -0600]/UNNAMED/fotos.zip/foto/foto/foto1.exe Infected: Trojan.Win32.Glieder.gen skipped
C:\Documents and Settings\Warren\Local Settings\Application Data\Identities\{2C7A8CD0-78FA-427F-BF86-AE333A20DC52}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Gidon" <gidon@mobilemarvels.com>][Date Tue, 31 Aug 2004 15:54:46 -0600]/UNNAMED/fotos.zip Infected: Trojan.Win32.Glieder.gen skipped
C:\Documents and Settings\Warren\Local Settings\Application Data\Identities\{2C7A8CD0-78FA-427F-BF86-AE333A20DC52}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Gidon" <gidon@mobilemarvels.com>][Date Tue, 31 Aug 2004 15:54:46 -0600]/UNNAMED Infected: Trojan.Win32.Glieder.gen skipped
C:\Documents and Settings\Warren\Local Settings\Application Data\Identities\{2C7A8CD0-78FA-427F-BF86-AE333A20DC52}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Gidon" <gidon@mobilemarvels.com>][Date Wed, 01 Sep 2004 10:43:57 -0600]/UNNAMED/foto.zip/foto.htm Infected: Exploit.HTML.CodeBaseExec skipped
C:\Documents and Settings\Warren\Local Settings\Application Data\Identities\{2C7A8CD0-78FA-427F-BF86-AE333A20DC52}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Gidon" <gidon@mobilemarvels.com>][Date Wed, 01 Sep 2004 10:43:57 -0600]/UNNAMED/foto.zip/1/calc.exe Infected: Trojan.Win32.Glieder.gen skipped
C:\Documents and Settings\Warren\Local Settings\Application Data\Identities\{2C7A8CD0-78FA-427F-BF86-AE333A20DC52}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Gidon" <gidon@mobilemarvels.com>][Date Wed, 01 Sep 2004 10:43:57 -0600]/UNNAMED/foto.zip Infected: Trojan.Win32.Glieder.gen skipped
C:\Documents and Settings\Warren\Local Settings\Application Data\Identities\{2C7A8CD0-78FA-427F-BF86-AE333A20DC52}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Gidon" <gidon@mobilemarvels.com>][Date Wed, 01 Sep 2004 10:43:57 -0600]/UNNAMED Infected: Trojan.Win32.Glieder.gen skipped
C:\Documents and Settings\Warren\Local Settings\Application Data\Identities\{2C7A8CD0-78FA-427F-BF86-AE333A20DC52}\Microsoft\Outlook Express\Deleted Items.dbx Mail MS Outlook 5: infected - 14 skipped
C:\Documents and Settings\Warren\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Warren\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Warren\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Warren\Local Settings\History\History.IE5\MSHist012007091020070911\index.dat Object is locked skipped
C:\Documents and Settings\Warren\Local Settings\Temp\fla3.tmp Object is locked skipped
C:\Documents and Settings\Warren\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Warren\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Warren\ntuser.dat.LOG Object is locked skipped
C:\Symbian\s60_2.1_cust\tr-Series60_21_2004_wk48_s60_source.zip/j2me_Series60_21_2004_wk48_s60_source.zip/S60/j2me/tools/ms/bin/pskill.exe Infected: not-a-virus:NetTool.Win32.PsKill.a skipped
C:\Symbian\s60_2.1_cust\tr-Series60_21_2004_wk48_s60_source.zip/j2me_Series60_21_2004_wk48_s60_source.zip Infected: not-a-virus:NetTool.Win32.PsKill.a skipped
C:\Symbian\s60_2.1_cust\tr-Series60_21_2004_wk48_s60_source.zip ZIP: infected - 2 skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP662\change.log Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{D9D482B4-648B-46E0-8935-283304397248}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\l3acdb2.dll Infected: not-a-virus:AdWare.Win32.BHO.cw skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Hello wapawapa and welcome to the Forums :)

One or more of the identified infections is a backdoor trojan :sick:

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? (http://www.dslreports.com/faq/10451)
When Should I Format, How Should I Reinstall (http://www.dslreports.com/faq/10063)

I can help you in the cleaning if you don't want to reformat but there is a possibility that we can't get you 100% clean.

Please let us know what you have decided to do in your next post:bigthumb

Ouch. Much worse that I thought. Thanks for the quick reply though. It's been disconnected from the net. I'll backup anything I want to keep on a CD and reformat/reinstall the OS.

I'm assuming that if I run the Kaspersky scan on any files I backup that it'll find any problems?


Thanks,
Wapa

Hi :)

I'll respect your decision to do a clean install.

pictures, text, music should be safe to backup. Watch out for any program files as those may be infected.

Please make sure that you know what to do before beginning the operation.

Here are a few links that propably help.

Reformatting Windows XP by wng_z3r0 (http://spyware-free.us/tutorials/reformat/mainnopics.html)
When should I re-format? How should I reinstall? (http://www.dslreports.com/faq/10063)
Windows XP Clean install (http://windowsxp.mvps.org/XPClean.htm)

Then there are a couple of things you should do immediately after installing Windows and before surfing the net... Install an antivirus and firewall (you should download and have those on a CD or USB drive, all ready to be installed).

These are good (free) firewalls:
- Kerio (http://www.sunbelt-software.com/Kerio.cfm)
- Sygate (http://http://www.majorgeeks.com/download.php?det=3356)
- Outpost (http://www.majorgeeks.com/download.php?det=1056)

These are good (free) antiviruses:
- Antivir (http://www.free-av.com)
- Avast (http://www.avast.com)
- AVG (http://free.grisoft.com)

Get all Windows updates installed!
Please ask me if you have any questions :)

Then here are a few things that you can do in order to make your fresh computer more secure:
Use ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1)
Download and install ATF Cleaner. Clean your temporary files & folders with it regularly.

Use Ad-Aware (http://www.bleepingcomputer.com/forums/?showtutorial=48)
Download and install Ad-Aware. Update it and scan your computer regularly with it.

Use Ewido (http://www.ewido.net/en/)
Update it and scan your computer regularly with it.

Use Spybot S&D (http://www.bleepingcomputer.com/forums/?showtutorial=43)
Download and install Spybot S&D. Update it and scan your computer regularly with it.

Install SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html)
SpywareBlaster will prevent spyware from being installed.

Install MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm)
This prevents your computer from connecting to harmful sites.

Use Firefox browser (http://www.mozilla.org)
Firefox is faster, safer and better browser than Internet Explorer.

Keep your systen up-to-date (http://windowsupdate.microsoft.com)
Visit Windows Update regularly.

Keep your antivirus and firewall up-to-date
Scan your computer regularly with your antivirus.

Read this article by TonyKlein (http://castlecops.com/postlite7736-.html)
So how did I get infected in the first place?