I made the mistake of installing Smiley Central awhile back, only to find that without my knowledge it installed the spyware AdBureau on my computer as well. On a weekly basis thereafter, I had to use my Spybot software to find and remove the
AdBureau because it kept locking up my computer. I finally traced it back to the Smiley Central and uninstalled that, but
the AdBureau kept sneaking in. After buying or downloading various other anti-spyware software in a vain attempt to find
something that would not only locate the FunWebProducts and the MyWebSearch on my computer (one of which was probably
reloading the Adbureau onto my system), I realized there was a new version of Spybot (mine was 1.2 and the latest is 1.5).
Downloading 1.5, I was finally (or so I thought) able to remove the FunWebProducts and the MyWebSearch.

Here's the problem. One of the free scans I had done was by XoftSpySE and the other by SpyHunter. The XoftSpySE anti-
spyware found MORE FunWebProducts and MyWebSearch AND found a trojan called AGENT.FL and a highjacker called CWS.Oslogo. The SpyHunter found a trojan called Trojan.Vundo. Neither my Microsoft Windows Live OneCare, nor my Spybot S&D, nor my AVG Anti-Spyware, nor my Ad-Aware 2007, nor my SpywareBlaster has been able to detect any of the above found by XoftSpySE or SpyHunter.

As for the AGENT.FL, I've gone into my Processes list and looked for the CGKJKII.INI that I'm told that I'm supposed to kill and delete, but it's not there. I've gone into my Registry to look for specific registries and values related to AGENT.FL, but they're not there either. This leaves me wondering if XoftSpySE and SpyHunter aren't using scare tactics to get me to buy software I don't need. I notice that when I do a word-search on Computing.net of AGENT.FL or CWS.Oslogo nothing comes up. So I'm not sure if this is a topic that has been covered before.

If I post my HighjackThis scan, would someone please let me know if there is anything there I still need to get rid of? I've looked it over, but I haven't found any of the offending software from above listed. However, I'm not really sure what I'm looking for. However, if you need something else instead of the scan, let me know. Thank you.
Eugene Stevens

Please post you Hiajck This log.

Please download SmitFraudFix from this link http://siri.urz.free.fr/Fix/Smitfra... Then extract the contents to your desktop.

!!!! Only run option #1 as runing the other options on an uninfected computer will damage the desktop.!!!!

Open the "SmitfraudFix" folder and double-click "smitfraudfix.cmd"
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

I'm having troubles with the SmitfraudFix folder. When I double click on the smitfraudfix.cmd, I get a C Prompt screen with the message "Process.exe file missing. Unzip all the archive in a folder. Press any key to continue . . . " When I press any key the C Prompt disappears. I've unzipped everything as far as I can see, so I don't know what else to unzip.

In the meantime, below is my Highjack This scan.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:45:25 AM, on 12/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Iomega\AutoDisk\AD2KClient.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Pando Networks\Pando\Pando.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\America Online 8.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\SYSTEM32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uca.edu/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uca.edu/index.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 219.136.239.51:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,;<local>
N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\EUGENE STEVENS\Application Data\Mozilla\Profiles\default\lrxgllwu.slt\prefs.js)
O2 - BHO: (no name) - {02DCA195-602B-4B1F-83FF-381B7E804BDB} - C:\WINDOWS\SYSTEM32\HDBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CCHelper Class - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Pro\CCHelper.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ANONYMIZER_SPYWAREKILLER] C:\Program Files\SpyWare Killer\spywarekiller.exe /BOOT /SCAN
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Iomega Active Disk] C:\Program Files\Iomega\AutoDisk\AD2KClient.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKCU\..\Run: [SPYKILLER] C:\Program Files\Anonymizer\sk\SpyWareKiller.exe /BOOT /SCAN
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: DriveSelect.lnk = C:\Program Files\321Studios\Xpress\DriveSelect.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Save page with WinMHT... - C:\Program Files\WinMHT\iewmht0.htm
O8 - Extra context menu item: Save selection with WinMHT... - C:\Program Files\WinMHT\iewmht2.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: SurfSaver &QuickSave - C:\Program Files\askSam\SurfSaver\QuickSave.htm
O8 - Extra context menu item: SurfSaver Sav&e... - C:\Program Files\askSam\SurfSaver\Add.htm
O8 - Extra context menu item: SurfSaver Searc&h... - C:\Program Files\askSam\SurfSaver\Search.htm
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: SurfSaver - {A6418A39-8884-11D3-A846-00104B8825B9} - C:\Program Files\askSam\SurfSaver\SurfBar.dll (HKCU)
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups.yahoo.com/ocx/...
O16 - DPF: {00E5C12B-D2DC-4589-8462-49CB4B83C42E} (mediaCam Player Control) - http://www.conwaycorp.net/helpMedia...
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52...
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/englis...
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/1.1.1067.8/WinSSWebAgent.CAB
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.co...
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySp...
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/s...
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/Chec...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microso...
O16 - DPF: {72770C4F-967D-4517-982B-92D6B9015649} (DigWebHelper Class) - http://photos.msn.com/resources/neu...
O16 - DPF: {75565ED2-1560-4F15-B841-20358DE6A0D1} (ImageControl Class) - http://content.ancestry.com/asfiles...
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/produ...
O16 - DPF: {861DB4B6-3838-11D2-8E50-002018200E57} (MrSIDI Control) - http://images.myfamily.net/isfiles/...
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - http://cs7b.instantservice.com/jars...
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/active...
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} - http://static.zangocash.com/cab/Zan...
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/c...
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnc...
O18 - Protocol: asksam - {F9FF9EDA-4916-11D1-B6C1-002018305A61} - C:\Program Files\askSam\SurfSaver\AS_AIPP.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega Activity Disk2 - Iomega Corporation - C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
O23 - Service: IomegaAccess - Iomega Corporation - C:\WINDOWS\System32\IomegaAccess.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: ZipToA - Iomega Corporation - C:\WINDOWS\System32\ZipToA.exe

--
End of file - 15422 bytes

Ok,

Temporarily disable any of the following anti-spyware realtime protection programs that you may have Disable Realtime Protection or the fixes will not work. Be sure to turn yout anti-spyware programs back on once the computer is clean.

Run Hijack This, close all windows and browsers except Hijack This, place a check to the left of the following items and press "fix checked":

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} - http://static.zangocash.com/cab/Zan...

Exit Hijack This.

Please download ComboFix to the desktop from this link:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)

Please post the log it produces.

Please download ATF-Cleaner to your desktop from this link
http://www.atribune.org/content/view/19/2/ We will need it later in safe mode

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Next, please reboot your computer in Safe Mode by doing the following :

Restart your computer

After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;

Instead of Windows loading as normal, a menu with options should appear;

Select the first option, to run Windows in Safe Mode, then press "Enter".

Choose your usual account.

Run ATF-Cleaner from safe mode.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Jabuck,

I'm sorry for not getting back to you sooner. Something came up that required my attention over the last two days.

I removed the lines from Highjack This like you said. Did any of those have anything to do with the Trojan and the Highjack spyware in my Topic's title or were they lines you just knew didn't belong? The reason I ask is because I want to know if XoftSpySE and SpyHunter had actually found something on my computer or whether they were just trying to get me to buy their software.

As for the ComboFix log, it's posted below.

ComboFix 07-12-09.1 - Eugene Stevens 2007-12-11 1:40:29.1 - NTFSx86
Running from: C:\temp\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\regsvr32.dll

.
((((((((((((((((((((((((( Files Created from 2007-11-11 to 2007-12-11 )))))))))))))))))))))))))))))))
.

2007-12-11 01:34 . 2007-12-11 01:34 1,596,353 --a------ C:\temp\ComboFix.exe
2007-12-10 10:18 . 2007-12-10 10:19 979,850 --a------ C:\temp\SmitfraudFix.zip
2007-12-10 01:19 . 2007-12-10 01:19 <DIR> d-------- C:\Documents and Settings\Administrator.GENE\Application Data\spweng
2007-12-09 22:37 . 2007-12-09 23:11 <DIR> d-------- C:\Program Files\SpywareGuard
2007-12-09 22:36 . 2007-12-09 22:37 2,062,665 --a------ C:\temp\spywareguardsetup.exe
2007-12-09 12:23 . 2007-12-09 12:23 7,467,056 --a------ C:\temp\spybotsd15.exe
2007-12-09 05:52 . 2007-12-09 05:52 <DIR> d-------- C:\Documents and Settings\Eugene Stevens\Application Data\Grisoft
2007-12-09 05:50 . 2007-12-09 05:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-09 05:50 . 2007-05-30 06:10 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2007-12-09 05:47 . 2007-12-09 05:48 12,413,440 --a------ C:\temp\avgas-setup-7.5.1.43.exe
2007-12-09 04:32 . 2006-10-04 08:06 1,197,294 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\sysmain.sdb
2007-12-09 04:32 . 2006-10-04 08:06 764,868 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\apph_sp.sdb
2007-12-09 04:32 . 2006-10-04 08:06 217,118 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\apphelp.sdb
2007-12-04 18:14 . 2007-09-21 10:35 91,328 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\msfwdrv.sys
2007-12-04 18:11 . 2007-09-21 10:35 116,416 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\msfwhlpr.sys
2007-12-04 18:02 . 2007-07-06 16:09 70,928 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\MpFilter.sys
2007-12-04 17:54 . 2007-03-29 06:56 409,600 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\qmgr.dll
2007-12-04 17:54 . 2007-03-29 06:56 18,944 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\qmgrprxy.dll
2007-12-04 17:54 . 2007-03-29 06:56 8,192 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\bitsprx2.dll
2007-12-04 17:54 . 2007-03-29 06:56 7,168 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\bitsprx4.dll
2007-12-04 17:54 . 2007-03-29 06:56 7,168 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\bitsprx3.dll
2007-12-04 17:54 . 2007-03-29 06:56 7,168 --------- C:\WINDOWS\SYSTEM32\bitsprx4.dll
2007-11-28 21:48 . 2007-11-29 00:10 <DIR> d-------- C:\BondageByRequest.com
2007-11-28 03:01 . 2007-11-28 03:01 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-28 03:01 . 2007-11-28 03:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-28 02:57 . 2007-11-29 23:54 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-28 02:57 . 2007-11-28 02:57 21,216,112 --a------ C:\temp\aaw2007.exe
2007-11-28 01:42 . 2007-11-28 01:43 21,306,051 --a------ C:\temp\PC_DAZStudio_1_8_1_5.exe
2007-11-27 23:48 . 2007-11-28 01:36 <DIR> d-------- C:\Program Files\DAZ
2007-11-27 23:30 . 2007-11-27 23:30 <DIR> d-------- C:\Program Files\Common Files\DAZ
2007-11-27 22:44 . 2007-11-27 23:23 128,164,451 --a------ C:\temp\Bryce5_5_Free_Setup.exe
2007-11-25 22:06 . 2007-11-25 22:09 <DIR> d-------- C:\Program Files\XoftSpySE
2007-11-25 22:05 . 2007-11-25 22:05 3,178,952 --a------ C:\temp\XoftSpySE433_263.exe
2007-11-25 20:47 . 2007-12-09 20:30 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-11-12 04:50 . 2007-11-12 04:50 1,156,096 --a------ C:\temp\iview410_setup.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-11 08:24 --------- d-----w C:\Program Files\Microsoft Windows OneCare Live
2007-12-11 06:39 --------- d-----w C:\Documents and Settings\Eugene Stevens\Application Data\spweng
2007-12-11 06:25 --------- d-----w C:\Documents and Settings\Eugene Stevens\Application Data\uTorrent
2007-12-10 07:21 --------- d-----w C:\Program Files\SpywareBlaster
2007-12-10 07:19 --------- d-----w C:\Program Files\SpyWare Killer
2007-12-09 18:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-04 18:33 927 ----a-w C:\Program Files\PG-Ripper.exe.config
2007-12-01 06:53 --------- d-----w C:\Program Files\uTorrent
2007-11-30 06:00 --------- d-----w C:\Program Files\Anonymizer
2007-11-28 07:27 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-19 12:00 --------- d-----w C:\Program Files\eMule
2007-11-12 10:52 --------- d-----w C:\Program Files\IrfanView
2007-11-07 22:24 32,256 ----a-w C:\WINDOWS\SYSTEM32\dzbryce6.dll
2007-11-07 22:24 180,224 ----a-w C:\WINDOWS\SYSTEM32\dzwrapper.dll
2007-11-07 22:20 8,704,000 ----a-w C:\WINDOWS\SYSTEM32\dzcore.dll
2007-11-07 22:20 65,536 ----a-w C:\WINDOWS\SYSTEM32\dzcarrara.dll
2007-11-07 22:06 6,131,712 ----a-w C:\WINDOWS\SYSTEM32\daz-qt-mt.dll
2007-11-07 22:06 1,785,856 ----a-w C:\WINDOWS\SYSTEM32\daz-qsa.dll
2007-11-07 21:56 2,076,672 ----a-w C:\WINDOWS\SYSTEM32\dz3delight.dll
2007-11-02 11:29 --------- d-----w C:\Program Files\Pando Networks
2007-11-02 10:34 3,888 -c--a-w C:\WINDOWS\system32\drivers\NTHANDLE.SYS
2007-10-29 08:58 26,624 -csha-w C:\Program Files\Thumbs.db
2007-10-29 06:33 361,721 ----a-w C:\OneCareSupportData.zip
2007-10-28 21:33 --------- d-----w C:\Program Files\HP
2007-10-28 21:33 --------- d-----w C:\Program Files\Hewlett-Packard
2007-10-27 08:02 --------- d-----w C:\Documents and Settings\Default User\Application Data\DivX
2007-10-26 18:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-26 02:15 --------- d-----w C:\Program Files\Java
2007-10-24 23:36 --------- d-----w C:\Program Files\Trend Micro
2007-10-22 22:31 --------- d-----w C:\Program Files\HiDownload
2007-10-22 20:52 --------- d-----w C:\Program Files\ShellExView
2007-10-22 20:05 39,424 ----a-w C:\WINDOWS\zipinst.exe
2007-10-12 17:29 827,392 ----a-w C:\Program Files\PG-Ripper.exe
2007-10-12 17:29 8,192 ----a-w C:\Program Files\PG-Ripper.resources.dll
2007-10-07 12:53 25,755,448 ----a-w C:\WINDOWS\wmp11-windowsxp-x86-enu.exe
2004-09-24 06:10 439,510 -c--a-w C:\Program Files\VirusScan.reg
2004-03-11 21:11 995,042 -c--a-w C:\Program Files\VS6sp6B3.cab
2004-03-11 21:11 25,080 -c--a-w C:\Program Files\sp698vbo.inf
2004-03-11 21:11 10,010,624 -c--a-w C:\Program Files\VS6sp6B2.cab
2004-03-11 21:10 9,036,800 -c--a-w C:\Program Files\VS6sp6B1.cab
2004-03-11 21:08 55,791 -c----w C:\Program Files\sp698vbo.stf
2004-03-11 21:08 1,636 -c----w C:\Program Files\setupsp6.lst
2004-03-11 19:01 989,512 -c--a-w C:\Program Files\vbrun60.cab
2004-03-11 02:40 90,507 -c--a-w C:\Program Files\Mci32.cab
2004-03-11 02:40 70,077 -c--a-w C:\Program Files\ComDlg32.CAB
2004-03-11 02:40 697,692 -c--a-w C:\Program Files\Msvbvm60.cab
2004-03-11 02:40 66,476 -c--a-w C:\Program Files\msinet.cab
2004-03-11 02:40 64,259 -c--a-w C:\Program Files\MSAdoDc.CAB
2004-03-11 02:40 63,773 -c--a-w C:\Program Files\mswinsck.cab
2004-03-11 02:40 513,864 -c--a-w C:\Program Files\MSComCtl.CAB
2004-03-11 02:40 346,485 -c--a-w C:\Program Files\MSComCt2.CAB
2004-03-11 02:40 246,297 -c--a-w C:\Program Files\msrdo20.cab
2004-03-11 02:40 143,598 -c--a-w C:\Program Files\comct332.cab
2004-03-11 02:40 142,755 -c--a-w C:\Program Files\msdbrptr.cab
2004-03-11 02:40 133,247 -c--a-w C:\Program Files\MSDatGrd.CAB
2004-03-11 02:40 118,085 -c--a-w C:\Program Files\MSFlxGrd.CAB
2004-03-11 02:40 115,971 -c--a-w C:\Program Files\TabCtl32.CAB
2004-03-11 02:40 108,611 -c--a-w C:\Program Files\MSWcRun.CAB
2004-03-11 02:40 105,135 -c--a-w C:\Program Files\RichTx32.CAB
2004-03-11 02:39 60,699 -c--a-w C:\Program Files\msstdfmt.cab
2004-03-11 02:39 37,721 -c--a-w C:\Program Files\MSBind.CAB
2004-03-09 21:45 397,072 -c--a-w C:\Program Files\mswless.ocx
2004-03-09 21:45 107,008 -c--a-w C:\Program Files\msscript.ocx
2004-02-24 01:35 3,027,068 -c--a-w C:\Program Files\msvbvm60.dbg
2004-02-18 01:56 110,080 -c----w C:\Program Files\sp698vbo.dll
2004-02-11 22:36 6,308 -c----w C:\Program Files\readme.htm
2004-02-11 18:32 2,302 -c----w C:\Program Files\eula.txt
2003-10-30 05:24 784 -c--a-w C:\Documents and Settings\Eugene Stevens\Application Data\mpauth.dat
2003-09-30 02:44 3,148,826 -c--a-w C:\Program Files\MSK4556UUS.EXE
2003-07-01 14:27 3,684,032 -c--a-w C:\Program Files\spybotsd12.exe
2003-06-29 22:58 1,786,691 -c--a-w C:\Program Files\HiNetRecorderSetup.exe
2003-06-11 18:34 207,759 -c--a-w C:\Program Files\INSTALL.LOG
2003-01-14 19:58 487,481 -c--a-w C:\Program Files\jscript.dll
2003-01-14 19:58 438,330 -c--a-w C:\Program Files\vbscript.dll
2001-03-30 16:54 149 -c----w C:\Program Files\setup.ini
2000-11-29 20:34 4,291 -c----w C:\Program Files\toc.htm
2000-07-15 19:44 244 -c--a-w C:\Program Files\style.gif
2000-07-15 19:44 227 -c--a-w C:\Program Files\comments.gif
2000-07-15 19:44 216 -c--a-w C:\Program Files\clientsc.gif
2000-07-15 19:44 207 -c--a-w C:\Program Files\anchorwi.gif
2000-07-15 19:44 196 -c--a-w C:\Program Files\unknownt.gif
2000-07-15 19:44 190 -c--a-w C:\Program Files\pend.gif
2000-07-15 19:44 189 -c--a-w C:\Program Files\pbgn.gif
2000-07-15 19:44 183 -c--a-w C:\Program Files\br.gif
2000-07-15 19:44 175 -c--a-w C:\Program Files\spanend.gif
2000-07-15 19:44 171 -c--a-w C:\Program Files\formend.gif
2000-07-15 19:44 170 -c--a-w C:\Program Files\spanbgn.gif
2000-07-15 19:44 168 -c--a-w C:\Program Files\formbgn.gif
2000-07-15 19:44 164 -c--a-w C:\Program Files\divend.gif
2000-07-15 19:44 160 -c--a-w C:\Program Files\divbgn.gif
2000-07-15 19:43 84 -c----w C:\Program Files\setup.tdf
2000-07-15 19:10 26,896 -c--a-w C:\Program Files\dispex.dll
2000-06-13 17:47 2,718 -c----w C:\Program Files\redist.txt
2000-06-13 15:33 2,482 -c--a-w C:\Program Files\mswless.dep
2000-06-13 15:29 74,352 -c----w C:\Program Files\setupsp6.exe
2000-06-13 15:29 371,200 -c----w C:\Program Files\acmsetup.exe
2000-06-13 15:29 32,256 -c----w C:\Program Files\selfreg.dll
2000-06-13 15:29 283,136 -c----w C:\Program Files\mssetup.dll
2000-06-13 15:29 14,490 -c----w C:\Program Files\acmsetup.hlp
2000-05-31 20:39 62,411 -c--a-w C:\Program Files\MSDERUN.CAB
2005-01-28 22:35 56 --sh--r C:\WINDOWS\SYSTEM32\A3E3032145.sys
2005-01-28 22:35 1,682 --sha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24]
"ANONYMIZER_SPYWAREKILLER"="C:\Program Files\SpyWare Killer\spywarekiller.exe" [2004-06-04 08:12]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"PRIVANAL"="" []
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2006-07-16 19:35]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]
"Iomega Active Disk"="C:\Program Files\Iomega\AutoDisk\AD2KClient.exe" [2001-06-21 07:47]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05]
"Pando"="C:\Program Files\Pando Networks\Pando\Pando.exe" [2007-10-31 13:57]
"SPYKILLER"="C:\Program Files\Anonymizer\sk\SpyWareKiller.exe" [2004-02-12 12:31]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2002-08-14 16:29]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 14:55]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-08-20 14:51]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-09-03 18:21]
"MXO Auto Loader"="C:\WINDOWS\MXOALDR.EXE" [2003-04-07 18:09]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2006-02-25 10:04]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2005-10-28 12:08]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-15 19:41]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-07-28 01:15]
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [2007-11-19 09:38]
"POINTER"="point32.exe" []
"MaxtorOneTouch"="C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe" [2003-05-21 15:30]
"Iomega Startup Options"="C:\Program Files\Iomega\Common\ImgStart.exe" [2001-01-17 16:33]
"Iomega Drive Icons"="C:\Program Files\Iomega\DriveIcons\ImgIcon.exe" [2001-06-20 12:25]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2002-08-14 17:22]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 23:31]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2002-08-29 04:00]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 03:25]

C:\Documents and Settings\Eugene Stevens\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
America Online 8.0 Tray Icon.lnk - C:\Program Files\America Online 8.0\aoltray.exe [2003-06-11 12:38:43]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2003-06-11 12:28:42]
DriveSelect.lnk - C:\Program Files\321Studios\Xpress\DriveSelect.exe [2003-05-05 13:19:37]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 18:28:24]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 18:50:52]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2006-09-25 21:46:24]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

R1 MSFWHLPR;MSFWHLPR;C:\WINDOWS\system32\DRIVERS\msfwhlpr.sys
R2 FastPara;FastPara;C:\WINDOWS\system32\drivers\FastPara.sys
R2 MSFWDrv;MSFWDrv;C:\WINDOWS\system32\DRIVERS\msfwdrv.sys
R3 MpFilter;Microsoft Malware Protection Driver;C:\WINDOWS\system32\DRIVERS\MpFilter.sys
R3 XIRLINK;Veo PC Camera;C:\WINDOWS\system32\DRIVERS\ucdnt.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a61079ba-456f-11dc-88ab-00038a000015}]
\Shell\AutoRun\command - K:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2007-06-05 20:35:31 C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job"
- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe
"2007-12-10 09:11:29 C:\WINDOWS\Tasks\WebReg psc 1600 series.job"
- C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe
"2007-12-11 08:06:45 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2007-12-09 02:26:54 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\DOCUME~1\EUGENE~1\LOCALS~1\Temp\vohejlxj.dll
.
**************************************************************************

catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-11 02:26:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-11 2:34:28 - machine was rebooted
.
--- E O F ---

They were from mywebsearch.I would uninstall XoftSpy at one time it was a noted spyware but has since reformed (?).

Please run the BitDefender online scan this link BitDefender.com

You will need to allow an active x install for the scan to run.
Leave the scanning options at default and press "click here to scan"
When finished scanning, click on "click here to export the scan report"
Save it to your desktop, at "file name" type in "bdscan" then click save.
Post a log in your reply.