How to update external .dll control reference?

spyware is killing me.

Spyware infected. Help! So my pc is infected with some spyware. I keep getting pop-up from my system tray and internet explorer window. And my desktop background changed, saying "warning spyware threat has been detected on your pc". I downloaded hijackthis to do the logfile and i'm trying to download ComboFix, but the links they have up to download combofix don't come up. Can anyone help me? Below is my hijackthis logfile... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:41:17 PM, on 5/17/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\xwusuhzh.exe C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\scvhost.exe C:\WINDOWS\system32\fxssvc.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\WINDOWS\system32\ctfmona.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\PROGRA~1\Nero\NERO7~1\NEROPH~2\data\Xtras\mssysmgr.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\AVG\AVG8\avgui.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\DOCUME~1\Penelope\LOCALS~1\Temp\AutoDetect.exe C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe C:\Program Files\AVG\AVG8\avgscanx.exe C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://my.netzero.net/s/sp?r=al&cf=sp&mem=salrecio123&key=b3b4bd844209d892e645b93683ae30ec&ts=41dc097d&A=368498140004309&B=1104825600000&C=1104825600000&D=1099814400000&I=7.NH4&N=PLHS&O=I F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\xwusuhzh.exe, O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file) O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file) O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file) O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file) O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file) O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file) O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file) O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file) O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll (file missing) O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll (file missing) O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file) O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file) O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file) O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file) O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file) O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file) O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file) O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file) O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file) O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file) O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file) O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file) O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\Toolbar.dll (file missing) O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe" O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [ctfmona] C:\WINDOWS\system32\ctfmona.exe O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe" O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NERO7~1\NEROPH~2\data\Xtras\mssysmgr.exe O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\RunOnce: [Ceedo Repair] C:\DOCUME~1\Penelope\LOCALS~1\Temp\AutoDetect.exe /repair /drive=G /name=Ceedo O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Sonic INSTALLit! Setup.lnk = C:\Documents and Settings\Penelope\Local Settings\Temp\VIES2786\Setup.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228 O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: Windows Action Script - Unknown owner - C:\WINDOWS\system32\scvhost.exe -- End of file - 15937 bytes
Answer:

likeapen has Smitfraud this week. What's she going to have next week? Install linux is not an answer to this question You're entitled to that opinion. I am, after all, an admitted Linux fanboi. However, I posted that answer after working on a Packard Bell Windows box that (a) needed to be in working condition by Monday (b) was similarly infested by spyware and system-assembler bloatware (c) had had the dubious benefit of assorted helpful friends and relatives installing assorted removal tools of assorted quality, none of which made things better and several of which made things worse. In fact, the last of them (Trend Internet Security Pro 2008) not only failed to fix any problems, but installing it had broken Windows networking altogether; then its uninstaller failed (hung forever at "removing services"), leaving Windows networking fatally, totally broken. System Restore also failed (surprise, surprise), and manual removal of all Trend-related files (including those in C:\WINDOWS\system32) followed by a repair install of Windows didn't improve things any. The symptom was that both network adapters (LAN connection and RAS async adapter) got yellow alert marks in the Device Manager, and reinstalling the device drivers would always fail; according to setupapi.log, the actual device driver installation always worked but the associated class installer always failed with "the system cannot find the file specified". Turning on verbose logging didn't offer any real clues, either; it was really quite impossible to work out which missing file or registry key was the one actually making the installer barf, even after cross-correlating the setupapi timestamps with object-access timestamps from SysInternals' ProcMon. I continued to apply every bit of my considerable cunning and experience to the task of making networking come alive again, finally giving up after going at it for fifteen hours. So I ended up doing the backup, nuke and pave dance, which I hate doing and will generally go to great lengths to avoid. And that customer now has an Ubuntu/Windows dual boot setup, and likes the look of Ubuntu, and is already finding it more straightforward to get things done with than Windows ever was. If linux gets the market share windows gets then we'll still be in the same boat. First off, Linux is never going to get the market share Windows has got. It's never even going to get close. The Windows juggernaut is just too big and heavy and unstoppable, and Microsoft has literally billions of marketing and legal dollars available to make sure it stays that way. Most people will continue to run Windows, just because it's what most people run. For seconds, there's a fundamental difference between open-source software and commercial software. Open-source software is redistributable. That means that Linux distributors can and do set up centralized repositories for their own distros, containing verifiably malware-free software pre-packaged for use with that distro, and provide users with some kind of package manager that centralizes the software-installation task. This is in stark contrast with commercial software, where the normal way to install what you want is to buy it from wherever and run the software's own installer, or steal it and run some installer that may well have been tampered with by a black hat. Linux users tend not to reach out and grab the shiny shiny things that are on offer and stuff them willy-nilly into their systems, because they're accustomed to just putting checkmarks next to something in their package manager and clicking Apply. So if some random website offers to install something in some other way, the initial reaction will be suspicion (why do I need this if it's not available in my package manager?) rather than the kind of Ooo! Shiny! Free! response that seems so prevalent in Windows culture. Linux users tend not to be running Internet Explorer, best described as an enormous security hole wrapped in a little browser. But the really big thing is that Linux users don't run with administrative privileges by default, and have no incentive to do so, because they don't have a decades-old legacy of broken apps pushing them in that direction. It's much, much harder for malware to bury itself deeply into a box that doesn't give it instant superuser access by default. And malware running in your own user profile has a single, consistent fix: log out, or reboot single-user; rename /home/mine to /home/mine.infested; log in; move documents from /home/mine.infested back to /home/mine as needed. This is more like urban renewal than nuke and pave. And for what it's worth, I've never heard of anybody actually needing to do it on a home Linux box. As m&mm points out, running non-admin on Windows is certainly doable, and certainly should be done. But the fact remains that running non-admin on Linux is easier because it's the cultural norm. The bottom line: anybody who is about to do a nuke and pave is ideally placed to give Linux a whirl, may well find that it's a definitive and permanent solution to their malware problem, and may well find that this makes living within Linux's gated software community worthwhile for them.

likeapen at Ask.Metafilter.Com Visit the source

Was this solution helpful to you?

Other answers

Follow the directions in the following link and you will most likely rid your computer of malware: http://forums.majorgeeks.com/showthread.php?t=35407 I've had to use this before and it worked. It's a little on the time consuming side, but then you can be rest assured you've cleaned out all the baddies. If you follow all the directions in the link and you are still having problems, then you can post on the forum and they can give you further directions.

MaryDellamorte

The only way to be really sure that you're free of viruses/spyware/etc. - and probably a considerable time-saver over checking in with the CastleCops and spyware forums and working through a log file piece-by-piece - is to nuke it from orbit and reinstall your OS. Given the massive amount of bloatware you seem to be running, that probably wouldn't be a bad idea anyway. You should also update to IE7 or switch to Firefox if you're not wedded to IE6 for some other reason.

Inspector.Gadget

Have you tried the http://www.hijackthis.de/ (there are http://www.google.com/search?q=hijackthis+forums&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a, but the first link appears to be the official one)? Googling for 'HijackThis logs' also returns http://www.google.com/search?hl=en&client=firefox-a&rls=org.mozilla%3Aen-US%3Aofficial&hs=oZ7&q=hijackthis+logs&btnG=Search, including what appear to be online analysis tools.

box

Upon further reflection, what Inspector.Gadget said. But your Dell probably came with, rather than an install CD, a 'restore' CD. When you reinstall, be sure to use an installation CD, and not a restore CD, or else I have a feeling you'll quickly be in the same bloatware hell that you're currently occupying.

box

I am a software developer, and basically when there's any chance my system has been compromised beyond a trivial infection, I can the entire OS and reinstall from scratch. I'd rather pay for a little security with an hour of my time... plus it's like driving a new car as far as system resources and speed. That C:\WINDOWS\system32\xwusuhzh.exe program looks like something one of my computers got back in March. It absolutely could not be removed short of an OS reinstall.

crapmatic

Lucky for you, this is a change to test your backup procedures, as you're going to either restore using Dell's rescue CD (I believe it's on a hidden partition on your hard drive; call Dell to see how to make the CD), or you're going to waste days and still not be able to root out all the evil from your system. Luckily for you, again, Windows XP SP3 came out recently, so at least it's one shot to catch up on your Windows updates, instead of a few hundred updates and several reboots. Here's what I would do: 1) Buy an external hard drive, and back up your personal files to that. Don't bother backing up applications. While you're at the store, buy a router/firewall if you don't already have one. Maybe pick up a few blank CDs while you're there, if you don't have any handy. 2) Install your router, if you don't already have one. 3) Call Dell and figure out how to create rescue/restore CDs for your system. Use those to reformat the hard drive and restore Windows. 4) Install XP SP3 from windowsupdate.microsoft.com. Install AVG 8, or, if you feel like paying, something like NOD32. Update your antivirus, and then run a scan on your external hard drive, in case bits of malware came with your personal files. 5) Re-install your programs, documents, etc. Search online for safer alternatives to whatever you had been using (Firefox instead of IE, etc.). 6) In the future, remember that antivirus programs are at best a second line of defense agaisnt malware. The first line of defense is your own behavior, in terms of keeping your computer up to date, not going to bad sites, not randomly clicking on links, etc. Also, in the future, have a sound backup strategy. That backup strategy should also be considered as part of your overall computer security.

chengjih

Agree with the bloatware/reinstall suggestion, there's a lot of crap running. Some other things; -You have a process called ctfmona.exe running. Ctfmon.exe is a windows process, this is named similarly for concealment, but it seems to be spyware. You could kill the process from task manager, and delete the file (or reboot in safe mode and do so). -C:\WINDOWS\system32\xwusuhzh.exe seems a bit dubious -Also, two virus scanners? (Symantec, AVG)? -And you have some applications running from your documents and settings folder, I think no legitimate apps should be doing that. Even if you remove the ones I point out, there are possibly others. Again though, given all the crap toolbars, etc on it, I'd suggest just starting from scratch.

Boobus Tuber

Once you do your reinstall, please, for the love of all that's holy, don't login as an http://nonadmin.editme.com/to use your computer.

me & my monkey

It used to be that Windows was the It Just Works operating system choice, and Linux was what you ran if your time was not worth accounting for. These days, it's the other way around. Seriously consider changing platforms. If that's out of the question for whatever reason: what everybody else said.

flabdablet

Related Q & A:

What is the best spyware remover?Best solution by Yahoo! Answers
How do I get nasty spyware off computer?Best solution by Yahoo! Answers
Could the mold be killing me?Best solution by Yahoo! Answers
Are pesticides killing lions, bees and birds in Kenya? Could it be Carbofuran?Best solution by baraza.wildlifedirect.org
How can i use Anti Spyware to my yahoo?Best solution by Yahoo! Answers

Just Added Q & A:

How many active mobile subscribers are there in China?Best solution by Quora
How to find the right vacation?Best solution by bookit.com
How To Make Your Own Primer?Best solution by thekrazycouponlady.com
How do you get the domain & range?Best solution by ChaCha
How do you open pop up blockers?Best solution by Yahoo! Answers

For every problem there is a solution! Proved by Solucija.

Got an issue and looking for advice?
Ask Solucija to search every corner of the Web for help.
Get workable solutions and helpful tips in a moment.

Just ask Solucija about an issue you face and immediately get a list of ready solutions, answers and tips from other Internet users. We always provide the most suitable and complete answer to your question at the top, along with a few good alternatives below.