I can't get rid of the maleware that has highjacked my homepage and causes countless pop ups. I can't change my home page back from this "Safteyuptodate" page. :blush:

My highjackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 2:20:39 PM, on 5/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\WINDOWS\System32\ZoneLabs\isafe.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\atmclk.exe
C:\WINDOWS\system32\dcomcfg.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ezSP_Px.exe
D:\WINDOWS\system32\fonts\system\explorer\mru\tray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\WINDOWS\cpanel.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://web.intuit.com/support/quicken/dataconverter/
O2 - BHO: Nothing - {f79fd28e-36ee-4989-aa61-9dd8e30a82fa} - C:\WINDOWS\system32\hp8B6E.tmp
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Zone Labs Client] D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [Windows System Tray] D:\WINDOWS\system32\fonts\system\explorer\mru\tray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [VAIO Recovery] C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143589372921
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

This is my panda report:

Incident Location

Adware:Adware/SecurityError disinfected C:\WINDOWS\system32\ld9F5C.tmp
Adware:adware/emediacodec disinfected c:\windows\system32\atmclk.exe
Adware:adware/securityerror disinfected c:\windows\system32\dxole32.exe
Adware:adware/spywarequake disinfected c:\windows\system32\1024\ld3497.tmp
Adware:adware/securitytoolbar disinfected c:\program files\Security Toolbar
Spyware:Cookie/Atlas DMT disinfected C:\Documents and Settings\Bear\Application Data\Mozilla\Firefox\Profiles\migz5qh0.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Traffic Marketplace disinfected C:\Documents and Settings\Bear\Application Data\Mozilla\Firefox\Profiles\migz5qh0.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/QuestionMarket disinfected C:\Documents and Settings\Bear\Application Data\Mozilla\Firefox\Profiles\migz5qh0.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/PointRoll disinfected C:\Documents and Settings\Bear\Application Data\Mozilla\Firefox\Profiles\migz5qh0.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Zedo disinfected C:\Documents and Settings\Bear\Application Data\Mozilla\Firefox\Profiles\migz5qh0.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Belnk disinfected C:\Documents and Settings\Bear\Application Data\Mozilla\Firefox\Profiles\migz5qh0.default\cookies.txt[.belnk.com/]
Spyware:Cookie/Casalemedia disinfected C:\Documents and Settings\Bear\Application Data\Mozilla\Firefox\Profiles\migz5qh0.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Tribalfusion disinfected C:\Documents and Settings\Bear\Application Data\Mozilla\Firefox\Profiles\migz5qh0.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/RealMedia disinfected C:\Documents and Settings\Bear\Application Data\Mozilla\Firefox\Profiles\migz5qh0.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/did-it disinfected C:\Documents and Settings\Bear\Application Data\Mozilla\Firefox\Profiles\migz5qh0.default\cookies.txt[.did-it.com/]
Spyware:Cookie/Peel disinfected C:\Documents and Settings\Bear\Application Data\Mozilla\Firefox\Profiles\migz5qh0.default\cookies.txt[.peel.com/]
Spyware:Cookie/DomainSponsor disinfected C:\Documents and Settings\Bear\Application Data\Mozilla\Firefox\Profiles\migz5qh0.default\cookies.txt[landing.domainsponsor.com/]
Spyware:Cookie/Atwola disinfected C:\Documents and Settings\Bear\Application Data\Mozilla\Firefox\Profiles\migz5qh0.default\cookies.txt[.atwola.com/]
Spyware:Cookie/bravenetA disinfected C:\Documents and Settings\Bear\Application Data\Mozilla\Firefox\Profiles\migz5qh0.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/360i disinfected C:\Documents and Settings\Bear\Application Data\Mozilla\Firefox\Profiles\migz5qh0.default\cookies.txt[.ct.360i.com/]
Spyware:Cookie/Go disinfected C:\Documents and Settings\Bear\Application Data\Mozilla\Firefox\Profiles\migz5qh0.default\cookies.txt[.go.com/]
Spyware:Cookie/Go disinfected C:\Documents and Settings\Bear\Cookies\bear@go[2].txt
Potentially unwanted tool:Application/Processor disinfected C:\Documents and Settings\Bear\Desktop\smitRem.exe[smitRem/Process.exe]
Potentially unwanted tool:Application/Processor disinfected C:\Documents and Settings\Bear\Local Settings\Application Data\Mozilla\Firefox\Profiles\migz5qh0.default\Cache\633285D9d01[SmitfraudFix/Process.exe]
Potentially unwanted tool:Application/Processor disinfected C:\Documents and Settings\Bear\smitRem\Process.exe
Spyware:Cookie/Mediaplex disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\0lwcwrw8.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Atlas DMT disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\0lwcwrw8.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/360i disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\0lwcwrw8.default\cookies.txt[.ct.360i.com/]
Spyware:Cookie/Traffic Marketplace disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\0lwcwrw8.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Casalemedia disinfected C:\Documents and Settings\Kat\Application Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\0lwcwrw8.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Tribalfusion disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\0lwcwrw8.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Adrevolver disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\0lwcwrw8.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/PointRoll disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\0lwcwrw8.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/bravenetA disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\0lwcwrw8.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/Peel disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\0lwcwrw8.default\cookies.txt[.peel.com/]
Spyware:Cookie/Atwola disinfected C:\Documents and Settings\Kat\Cookies\kat@atwola[1].txt
Spyware:Cookie/360i disinfected C:\Documents and Settings\Kat\Cookies\kat@ct.360i[2].txt
Adware:Adware/EMediaCodec disinfected C:\Program Files\Media-Codec\uninst.exe
Adware:Adware/SecurityError disinfected C:\WINDOWS\system32\1024\ld5A74.tmp
Adware:Adware/SecurityError disinfected C:\WINDOWS\system32\1024\ld6273.tmp
Adware:Adware/SecurityError disinfected C:\WINDOWS\system32\1024\ld67B3.tmp
Adware:Adware/SpyFalcon disinfected C:\WINDOWS\system32\1024\ld6D6F.tmp
Adware:Adware/SecurityError disinfected C:\WINDOWS\system32\hp245F.tmp
Adware:Adware/SecurityError disinfected C:\WINDOWS\system32\hp67CA.tmp
Adware:Adware/SecurityError disinfected C:\WINDOWS\system32\hp93C9.tmp
Adware:Adware/SecurityError disinfected C:\WINDOWS\system32\hp9F02.tmp
Adware:Adware/SecurityError disinfected C:\WINDOWS\system32\hpAC67.tmp
Adware:Adware/SecurityError disinfected C:\WINDOWS\system32\hpB8A6.tmp
Adware:Adware/SecurityError disinfected C:\WINDOWS\system32\hpBF4.tmp
Adware:Adware/SecurityError disinfected C:\WINDOWS\system32\hpE2C4.tmp
Adware:Adware/SecurityError disinfected C:\WINDOWS\system32\hpE9AC.tmp
Adware:Adware/SecurityError disinfected C:\WINDOWS\system32\hpF72C.tmp
Adware:Adware/SecurityError disinfected C:\WINDOWS\system32\hpF911.tmp
D:\Documents\Unzipped\SmitfraudFix\SmitfraudFix\Process.exe

Hi Papabear765

If your not recieving help at another forum fallow the advice in this thread and post the logs mentioned.
http://forums.spybot.info/showthread.php?t=4015

This topic has been closed to prevent others with similar issues posting in it.
If you need it re-opened please send me or your helper a pm and provide a link to the thread.

Applies only to the original topic starter.