Hi my wifes comp is on the fritz again, cant open any thing on browser just keeps tryin to reload any page u open up, cant get nething to install to check for virus and other stuff. only have hijack this and adaware SE to work with. ran SE and it came up with some trajans and other stuff quarenteened and rebooted just keeps coming back and stuff still isnt working. so I ran hijack and saved maybe someone seeing something to fix. Thanks any ideas are welcome. Last thing she remebers doing was playing on that neopets site. then it started messing up.


Logfile of HijackThis v1.99.1
Scan saved at 3:24:58 PM, on 7/1/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\inet20026\services.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\63a3478e.exe
C:\WINDOWS\inet20026\socks.exe
C:\DOCUME~1\xxxxxx~1\LOCALS~1\Temp\87.tmp3072.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Documents and Settings\xxxxxxxxxxx\My Documents\New Folder\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.americanbaby.com/
F3 - REG:win.ini: run=C:\WINDOWS\inet20026\services.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [63a3478e.exe] C:\WINDOWS\System32\63a3478e.exe
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20026\services.exe
O4 - HKLM\..\Run: [ÿ_zskgjieonrhd]ye`bi]50inkrwksz_] c:\windows\system32\_zskwrkni05]ib`ey]dhrnoeijg.exe
O4 - HKLM\..\Run: [Microsoft standard protector] C:\WINDOWS\inet20026\socks.exe
O4 - HKLM\..\RunServices: [ÿ_zskgjieonrhd]ye`bi]50inkrwksz_] c:\windows\system32\_zskwrkni05]ib`ey]dhrnoeijg.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [63a3478e.exe] C:\Documents and Settings\Amanda Combs\Local Settings\Application Data\63a3478e.exe
O4 - HKCU\..\Run: [WinMedia] "C:\DOCUME~1\AMANDA~1\LOCALS~1\Temp\87.tmp3072.exe"
O4 - HKCU\..\Run: [ÿ_zskgjieonrhd]ye`bi]50inkrwksz_] c:\windows\system32\_zskwrkni05]ib`ey]dhrnoeijg.exe
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00013.exe"
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20026\services.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: Video Poker - http://download.games.yahoo.com/games/clients/y/vpt0_x.cab
O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/games/clients/y/xt0_x.cab
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt3_x.cab
O16 - DPF: Yahoo! Chinese Checkers - http://download.games.yahoo.com/games/clients/y/cct0_x.cab
O16 - DPF: Yahoo! Dice - http://download.games.yahoo.com/games/clients/y/dct2_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot4_x.cab
O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/games/clients/y/dtt1_x.cab
O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/games/clients/y/zt3_x.cab
O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab
O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/clients/y/ht1_x.cab
O16 - DPF: Yahoo! Klondike Solitaire - http://yog55.games.scd.yahoo.com/yog/y/ks12_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt2_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab
O16 - DPF: Yahoo! Spelldown - http://download.games.yahoo.com/games/clients/y/sdt1_x.cab
O16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/games/clients/y/ywt0_x.cab
O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt0_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0645D7F3-C20E-4E0B-A545-557527497C0B} (NMInstall Control) - http://a14.g.akamai.net/f/14/7141/1d/www.nielsennetpanel.com/netmeter4_6/NetMeter_preinstaller_activex_en_4.70.19.0_MEGAPANEL_USA.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} - http://zone.msn.com/bingame/pacz/default/pandaonline.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - http://webiq001.webiqonline.com/WebIQ/bin/WebIQ.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123081178889
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123186641484
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://sympatico.zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/insaniquarium/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll
O20 - Winlogon Notify: polymorphreg - C:\Documents and Settings\All Users\Documents\Settings\polymorph.dll
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

Looks like it has the Krepper-G trojan (possibly more?). I'm not familiar with it or its removal. Best bet is to wait for a detailed reply from Shifty. Otherwise Google it and proceed with caution.

c:\WINDOWS\inet20026\services.exe Check with an antivirus scanner

O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20026\services.exe

O4 - HKCU\..\Run: [63a3478e.exe] C:\Documents and Settings\Amanda Combs\Local Settings\Application Data\63a3478e.exe

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)

O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O16 - DPF: {0645D7F3-C20E-4E0B-A545-557527497C0B} (NMInstall Control) - http://a14.g.akamai.net/f/14/7141/1d...APANEL_USA.cab

O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - http://webiq001.webiqonline.com/WebIQ/bin/WebIQ.cab

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yaho...tocomplete.cab

just what i see

http://www.hijackthis.de/#anl is the site i use to check mine

you're VERY badly infected. someone could be walking around using your credit cards with the stuff you have on your system. someone might have your bank login info, your ebay login info, your social security number, or anything else.

a lot of this problem is due to the fact your Windows is out of date and you are NOT running antivirus. are you freaking crazy? not trying to insult you here, but if you are not running antivirus and probably not running a firewall, is it really any surprise you are infected with so many trojans and nasty crap? this might sound harsh, but, in all honesty, if you operated your car as irresponsibly as your computer, someone would be dead right now. yes - it's that bad.

you are also NOT running Windows XP Service PAck 2. this is NOT recommended for security reasons that you're seeing now :). you need to update your copy of Windows more often to prevent infections like this.

if i were you, i would format your computer and reinstall. you will lose all of yoru files. carrying them over to the new computer is not suggested because you risk reinfecting yourself.

if you want to try to clean it up, it might be possible. you need to do several things to get your computer clean, and even afterwards there is a chance something may be buried/hidden so deep you cannot find it to clean it.

Download Ewido: http://www.grisoft.cz/softw/70/filedir/inst/ewido-setup_4.0.0.172a.exe --- Install it. Open it, choose UPDATE to update it (it might be option in the menu), but DO NOT SCAN YET.

Reboot your computer in Safe Mode. To do this, shut down your computer completely. Turn it back on again and begin pressing F8 at a rate of one time every 2 seconds (tap, wait 2 seconds, tap, etc.). you should be confronted with a menu allowing you to boot in Safe Mode. if not, try it again - you will get it eventually :)

Once in safe, mode open Ewido and scan your computer. Once that is complete clean any infections it finds.

After cleaning using that, Open HijackThis and choose "scan only". put a checkmark next to these lines if they exist:


F3 - REG:win.ini: run=C:\WINDOWS\inet20026\services.exe

O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)


O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [63a3478e.exe] C:\WINDOWS\System32\63a3478e.exe
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20026\services.exe
O4 - HKLM\..\Run: [ÿ_zskgjieonrhd]ye`bi]50inkrwksz_] c:\windows\system32\_zskwrkni05]ib`ey]dhrnoeijg.exe
O4 - HKLM\..\Run: [Microsoft standard protector] C:\WINDOWS\inet20026\socks.exe
O4 - HKLM\..\RunServices: [ÿ_zskgjieonrhd]ye`bi]50inkrwksz_] c:\windows\system32\_zskwrkni05]ib`ey]dhrnoeijg.exe

O4 - HKCU\..\Run: [63a3478e.exe] C:\Documents and Settings\Amanda Combs\Local Settings\Application Data\63a3478e.exe
O4 - HKCU\..\Run: [WinMedia] "C:\DOCUME~1\AMANDA~1\LOCALS~1\Temp\87.tmp3072.exe"
O4 - HKCU\..\Run: [ÿ_zskgjieonrhd]ye`bi]50inkrwksz_] c:\windows\system32\_zskwrkni05]ib`ey]dhrnoeijg.exe
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00013.exe"
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20026\services.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)

O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)


O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll
O20 - Winlogon Notify: polymorphreg - C:\Documents and Settings\All Users\Documents\Settings\polymorph.dll


once you have put a checkmark next to each and every last one of the items, click the FIX button. you will then need to reboot in normal mode and post another Hijackthis log for me to review.

some of this stuff is going to come back after you reboot. this is how the new trojans and spyware work. this is why you get antivirus - to prevent getting them in the first place.

antivirus alone is not enough to keep your computer clean these days - but it will at least prevent you from getting crap like the Xorpix trojan (one of the nastier infections above that we will fight with heavily in coming days if you try to clean this computer).

ok, it wont install anything, what do I do from here, dunno how to reformat, all she is worried about is her pics of our baby. Like I say I run firewall and antivirus on mine and hers too, but she goes along and deletes crap so she can have more room, what can i do :)

burn any information she thinks she wants to CD now before you screw up the computer. then please go have her read this thread so she understands that you do NOT delete your antivirus, you must ALWAYS run it, you need to have other forms of protection on your computer and when you don't bother to protect your computer, people can steal your identity and this may have happened to you already (keep your eyes on your credit card and bank card statements - and go do a credit report on both of you some time soon).

get back to me in a few. if you can't install anything, i am honestly not sure what to tell you :(

when you share the info in this thread, then back up the baby photos to CD, come back and post for me and I'll try to help you but i can't make any promises. this is a really bad infection.

After you get going, password protect your firewall and antivirus so she don’t have access to them. You can also create a user id for her with limited permissions.

I use Zone Alarm Pro for a firewall and Norton antvirus, some folks don’t like Norton because it tends to slow things down a bit but I don’t mind.

Some times I also run Lavasofts anti-spyware, because I will lower my firewall and get jacked pretty fast especially with a browser hijacker.

I’m no PC export just a squirrel looking for a nut

Oh - and when you get a second to update us on this one, please do. I never heard back from you, so I didn't post any other information on how to at least try to clean up if you really wanted to try.

yeah i never have reinstalled windows before so I dont even know where to start, dont even think i can find the disk that came with it. i just have it disconnected from the internet right now havent really messed with it. Im gonna try and borrow a external cd burner so we can try and get her pics off there but it wont install anything ive tried before dunno if it will work or not.

If you need more assitance, let me know.

My professional advice before you format and reinstall:

Leave that infected computer offline until it's clean.

First, from another computer, download an antivirus rescue disk builder. I recommend this one from Trend Micro, who makes a great antivirus scanner: http://www.trendmicro.com/download/emg-disk.asp --- Once you download this to a different computer, please run the program to generate the antivirus scanner disks which you can then run on the infected computer to do some cleanup - basically, use those disks you create to scan the infected computer. This should nuke any viruses and trojans you have on it, which is the first step to getting you cleaned up. Your computer is so badly infected that cleaning it may cause the computer to not boot up after restarting. This doesn't mean your data (pictures, etc.) will be lost, I'm just forewarning you that there is a distinct possibility that the crap you have on there is so deeply rooted in Windows by now that it's the only thing holding it together :D

Next, after you have scanned, then rebooted, then scanned again, use your secondary computer to go to Ewido's website and do the following:

Ewido Scanner: http://www.ewido.net/en/download/
Ewido security scanner updates (download "Full Database" only!): http://www.ewido.net/en/download/updates/

Download these two files and put them on a disk or USB key. Install the scanner on the infected computer, but DO NOT RUN IT YET. Next, install the updates database!

Boot the computer into "SAFE MODE" (this is a crucial, crucial step, you must be in SAFE MODE!). For more information on what SAFE MODE is and how to boot into SAFE MODE, please see this webpage - print out the instructions:

What is safe mode?: http://www.pcstats.com/articleview.cfm?articleID=1643

How do I get into SAFE MODE?: http://www.pcstats.com/articleview.cfm?articleid=1643&page=2

Summary: Reboot your computer. When the first messages start to display (like, the manufacturer logo, "Dell", "HP" or any text at all), this is the "POST" area where you should start tapping the F8 key.

Once you get into SAFE MODE, you should open Ewido from the Programs menu and begin scanning. It will not find everything, but have it clean whatever it does find. [b]Afterwards, I would boot up the computer in normal mode (simply restart and don't hit F8 this time to get back to normal mode), wiat for the computer to fully start up and load Windows, then: