Need help with searchweb2 spyware

Hi aberwyn and welcome to A2K.
Need you to do a few things please,
First,
Run this please lop uninstaller
Reboot

Nexr,
Please restart HJT put a check next to the following, close all open windows and click "Fix Checked"
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://hovyptiafvzfibbco.biz/lW_Y19tTYecUjpjj88jC318DgpYh1IgE_MlUmilNmyP2KtnHQXM7XvjEBZ/4BfWw.html
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {9CC03EF3-8A6E-B291-C31D-1C2ACD3FF46B} - C:\Program\BINDPU~1\meet heart.exe (file missing)
O2 - BHO: (no name) - {C703CB55-17B0-B6C9-9524-07CC09EA6CA7} - C:\DOCUME~1\FAMILJ~1\APPLIC~1\BINDPU~1\meet heart.exe
O4 - HKLM\..\Run: [Dentburnbirdeq] C:\Documents and Settings\All Users\Application Data\Thunk drv dent burn\about draw.exe
O4 - HKLM\..\Run: [meal rect two program] C:\Documents and Settings\All Users\Application Data\Sign Mess Meal Rect\Proc heck.exe
O4 - HKCU\..\Run: [glueplatform] C:\DOCUME~1\A\APPLIC~1\planbird\Rdr bend chic.exe


Next reboot to safe mode ( By tapping the F8 key on start up) Make sure you can view all Hidden Files/Folders search for and delete the above files highlighted in BOLD

C:\DOCUME~1\FAMILJ~1\APPLIC~1\BINDPU~1\meet heart.exe
C:\Documents and Settings\All Users\Application Data\Thunk drv dent burn\about draw.exe
C:\Documents and Settings\All Users\Application Data\Sign Mess Meal Rect\Proc heck.exe
C:\DOCUME~1\A\APPLIC~1\planbird\Rdr bend chic.exe
Please delete any associated folders found with the above files
Restart your computer,
Please Download
Silent Runners
Please create a folder for it please, Then double click on the program, It will save a notebook file in the same folder, Open that, copy, paste the log back to this thread please
Along with a fresh HJT log please

Wow fast reply. Thank you!

Well I was just going to turn in for the night (2 AM where I live) but I'll get to it as soon as possible tomorrow.

Take your time, I may not be able to get back to you till later in the day tomorrow or early Sat. morning

Okay have followed your instructions to the letter.

There were somethings that didn't show up though when I ran HJT again and it was these:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://hovyptiafvzfibbco.biz/lW_Y19tTYecUjpjj88jC318DgpYh1IgE_MlUmilNmyP2KtnHQXM7XvjEBZ/4BfWw.html

O4 - HKLM\..\Run: [meal rect two program] C:\Documents and Settings\All Users\Application Data\Sign Mess Meal Rect\Proc heck.exe

So I couldn't fix those naturally since HJT didn't find them.

Also during the reboot I couldn't find these files:


C:\DOCUME~1\FAMILJ~1\APPLIC~1\BINDPU~1\meet heart.exe
C:\Documents and Settings\All Users\Application Data\Thunk drv dent burn\about draw.exe
C:\Documents and Settings\All Users\Application Data\Sign Mess Meal Rect\Proc heck.exe

Although I found the meet heart.exe file in some other place. And the the file C:\DOCUME~1\A\APPLIC~1\planbird\Rdr bend chic.exe
the folder planbird was in more than one user so I deleted those as well.

Just unsure if this was any unnecessary information but so thought you should know. Here's the silent runner log as well as a new HJT log.

Thanks again.



"Silent Runners.vbs", revision 30
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"Mirabilis ICQ" = "C:\Program\ICQ\icq.exe -minimize" [null data]
"MessengerPlus2" = ""C:\Program\Messenger Plus! 2\MsgPlus.exe" /WinStart" ["Patchou"]
"LDM" = "C:\Program\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" ["Logitech"]
"msnmsgr" = ""C:\Program\MSN Messenger\msnmsgr.exe" /background" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"QuickTime Task" = ""C:\Program\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"Advanced Tools Check" = "C:\Program\NORTON~1\AdvTools\ADVCHK.EXE" ["Symantec Corporation"]
"Logitech Utility" = "Logi_MwX.Exe" ["Logitech Inc."]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"LVCOMS" = "C:\Program\Delade filer\Logitech\QCDriver3\LVCOMS.EXE" ["Logitech Inc."]
"LogitechGalleryRepair" = "C:\Program\Logitech\ImageStudio\ISStart.exe" ["Logitech Inc."]
"LogitechImageStudioTray" = "C:\Program\Logitech\ImageStudio\LogiTray.exe" ["Logitech Inc."]
"TkBellExe" = "C:\Program\Delade filer\Real\Update_OB\evntsvc.exe -osboot" ["RealNetworks, Inc."]
"MessengerPlus2" = ""C:\Program\Messenger Plus! 2\MsgPlus.exe"" ["Patchou"]
"NeroCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"ccApp" = ""C:\Program\Delade filer\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"ccRegVfy" = ""C:\Program\Delade filer\Symantec Shared\ccRegVfy.exe"" ["Symantec Corporation"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\Program\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "NAV Helper"
-> {CLSID}\InProcServer32\(Default) = "C:\Program\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Kontrollpanelstillägg för bildskärmspanorering"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal-ikontillägg"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\Program\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\Program\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\Program\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{C56C4E21-706D-11d0-AFC5-444553540002}" = "My Digital Camera"
-> {CLSID}\InProcServer32\(Default) = "C:\Program\Delade filer\FotoNation\camview.dll" ["FotoNation Inc."]
"{F802F260-519B-11D1-BB5D-0060974C6013}" = "ICQ Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program\ICQ\ICQShExt.dll" [null data]
"{EB47FF00-225E-11D2-9E1D-00A0C9AB0EEE}" = "eLicense Control"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\lcmmfu.cpl" [null data]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program\WinRAR\rarext.dll" [null data]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {CLSID}\InProcServer32\(Default) = "C:\Program\Real\RealPlayer\rpplugins\ierpplug.dll" ["RealNetworks"]
"{8F7261D0-D2B9-11D2-9909-00605205B24C}" = "CuteFTP Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program\GlobalSCAPE\CuteFTP\Cuteshell.dll" ["GlobalSCAPE, Inc."]
"{4B4604E0-8961-11D4-A0EC-009099164712}" = "My MultiPASS"
-> {CLSID}\InProcServer32\(Default) = "C:\Program\Canon\MultiPASS4\DTM4.DLL" ["Canon Inc."]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Skrivbordsutforskaren"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program\MICROS~2\Office\OLKFSTUB.DLL" [MS]
"{B446400D-0030-457b-8F64-422A19605186}" = "Logitech Gallery"
-> {CLSID}\InProcServer32\(Default) = "C:\Program\Logitech\ImageStudio\NameSpc.dll" ["Logitech Inc."]
"{2F25CF20-C569-11D1-B94C-00608CB45480}" = "TextPad"
-> {CLSID}\InProcServer32\(Default) = "C:\Program\TextPad 4\System\shellext.dll" ["Helios Software Solutions"]
"{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Universal Plug and Play-enheter"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\upnpui.dll" [MS]


Startup items in "A" & "All Users" startup folders:
---------------------------------------------------

C:\Documents and Settings\All Users\Start-meny\Program\Autostart
"Logitech Desktop Messenger" -> shortcut to: "C:\Program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe /start" ["Logitech"]
"Microsoft Office" -> shortcut to: "C:\Program\Microsoft Office\Office\OSA9.EXE -b -l" [MS]


Enabled Scheduled Tasks:
------------------------

"8100A7B1939F4831" -> launches: "c:\docume~1\familj~1\applic~1\planbird\cakesafeford.exe" [file not found]
"A2F870C29040121E" -> launches: "c:\docume~1\a\applic~1\planbird\cakesafeford.exe" [file not found]
"A330C0A991877CD1" -> launches: "c:\program\planbird\cakesafeford.exe" [file not found]
"ACDBC98D91807BB9" -> launches: "c:\program\planbird\cakesafeford.exe" [file not found]
"Norton AntiVirus - Scan my computer" -> launches: "C:\Program\NORTON~1\NAVW32.exe /task:C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\NORTON~1\Tasks\mycomp.sca" ["Symantec Corporation"]
"Symantec NetDetect" -> launches: "C:\Program\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

IPv6 Helper Service, 6to4, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\6to4svc.dll" [MS]}
LicCtrl Service, LicCtrlService, "C:\WINDOWS\runservice.exe" [null data]
MpService, MpService, "C:\Program\Canon\MultiPASS4\MPSERVIC.EXE" ["Canon Inc."]
Norton AntiVirus Auto Protect Service, navapsvc, ""C:\Program\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]
Norton Unerase Protection, NProtectService, ""C:\Program\Norton AntiVirus\AdvTools\NPROTECT.EXE"" ["Symantec Corporation"]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
RIP Listener, Iprip, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\iprip.dll" [MS]}
Simple TCP/IP Services, SimpTcp, "C:\WINDOWS\System32\tcpsvcs.exe" [MS]
Symantec Event Manager, ccEvtMgr, ""C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
SymWMI Service, SymWSC, ""C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe"" ["Symantec Corporation"]
WMDM PMSP Service, WMDM PMSP Service, "C:\WINDOWS\System32\MsPMSPSv.exe" [MS]


----------
This report excludes default entries except where indicated.
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
----------









Logfile of HijackThis v1.99.0
Scan saved at 15:58:54, on 2005-01-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\runservice.exe
C:\Program\Canon\MultiPASS4\MPSERVIC.EXE
C:\Program\Norton AntiVirus\navapsvc.exe
C:\Program\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Delade filer\Logitech\QCDriver3\LVCOMS.EXE
C:\Program\Delade filer\Real\Update_OB\evntsvc.exe
C:\Program\Messenger Plus! 2\MsgPlus.exe
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Logitech\MouseWare\system\em_exec.exe
C:\Program\ICQ\icq.exe
C:\Program\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program\Logitech\ImageStudio\LowLight.exe
C:\Program\MSN Messenger\msnmsgr.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Program\Messenger\msmsgs.exe
C:\Documents and Settings\A\Skrivbord\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login1.telia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://login1.telia.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = IE_Window_Title
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://proxy1.telia.com:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://login1.telia.com;http://10.0.0.6;;localhost;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Advanced Tools Check] C:\Program\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LVCOMS] C:\Program\Delade filer\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program\Delade filer\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program\Delade filer\Symantec Shared\ccRegVfy.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Mirabilis ICQ] C:\Program\ICQ\icq.exe -minimize
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [LDM] C:\Program\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download with GetRight - C:\Program\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program\GetRight\GRbrowse.htm
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://login1.telia.com
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {A5B4176A-5347-4CEC-AB75-26947BB34183} (InstaladorBetyByte Control) - http://www.redzone.nu/uploads/cab/instaladorbetybyteuk.cab
O16 - DPF: {EE5CA45C-BFAC-48E6-BE6C-3C607620FF43} (IMViewerControl Class) - http://companion.logitech.com/companion/bin/imvid.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FA743418-7E58-4817-B1D5-92B401402251}: NameServer = 81.216.65.11,81.216.65.12
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: LicCtrl Service - Unknown - C:\WINDOWS\runservice.exe
O23 - Service: MpService - Canon Inc. - C:\Program\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

Great job aberwyn
How is the computer running now?

Download the following programs, For keeping crap off your system to begin with
Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests. Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox. Restrict the actions of potentially dangerous sites in Internet Explorer.
Download Spyware Blaster and SpywareGaurd
Check for updates after you install them, And check weekly as well
Keep Ad-aware and Spybot handy, Check them for updates and run them weekly
Same with your Anti Virus,

Be sure and give the Temp folders a cleaning out now and then as well, Make sure after you clean your Temp files to empty out your Recycle bin as well.

Remeber to Check Windows for updates

Probably a good time to create a new restore point See Here Name it clean or something like that,

Let us know if you have any further problems,

Thanks very much, couldn't have done it without your help though.

Have scanned this forum somewhat and you seem to be quite helpful with removing this hijacker

The computer is running fine, no toolbar or anything although I think I'm going to continue using firefox now.

Your very welcome aberwyn
Glad we could help,,,