Computer spyware removal

For a possible "quick & easy" fix, you might wanna try the free-for-home-use version of Nick Skrepetos' SuperAntiSpyware. I've found it to be safe, fairly effective and reliable. The app has been around almost a couple years now, and its been getting favorable reviews in general. The scan will take a good long while, so be patient. Be sure to read, understand, and follow the app's documentation, available from the download page.

If that doesn't do the trick, the following nit-picky, tedious, but very thourough and effective proceedure will get you started on the path to recovery from your current problem and prevention of future infestations:

This is an up-to-date, integrated series of steps designed to preliminarily deep-clean your system (though it is quite likely some cleanup will remain to be done after the first runthrough, which is why the follow-up logs and reports are requested) and to harden it against future infestations. It should be implemented in the order and manner listed. Its tedious, nit-picky, and time-consuming, but it is proven safe, effective, and reliable. Getting rid of yuckware is much more hassle than getting it in the first place, and taking the time and effort to prevent it once you've managed to get rid of it is time and effort well invested.

If you choose to give this method a shot, you should print out these instructions, as the proceedure will require that your machine be offline for several of the steps. Be certain you understand what to do, and how and in what order to do it. If you're unsure of, or have trouble with, anything here, please ask before going on. Also, if any of the supplied links don't work, please let me know.

If you already have installed any of the applications or tools listed below, please uninstall your version, download a fresh version, install, update, and configure as described below.


Again - Print out and fully understand these intructions, and gather all listed downloads before begining

1. First, gather the downloads and perform the installations and updates as recommended. Just download, install, update and configure these applications, DO NOT RUN ANY OF THEM YET, unless specifically directed otherwise.
   
   
2. Configure Windows Explorer to Show All Files
   
   
   
3. Be certain you have the latest version of HiJackThis, and that it is installed to a folder of its own either in your Programs file or directly on your root drive (the drive on which Windows is installed, usually "Drive C:\"). If you have already installed HiJackThis, be certain its in its own correctly placed folder, not a user-specific, temporary or desktop folder (to place HJT in its own folder, open Windows Explorer - Windows key + E - locate and select your root drive, the drive on which Windows is installed, and open that folder, right-clicking anywhere in that folder's blank space, select "New">"Folder", name the new folder "HJT", then download and extract, or if you already have the latest version somewhere else move, HJT into that folder). Launch the application, then, from its splash screen, choose "Miscellaneous Tools", or from the main start page, select "Config", then select "Search for updates online", confirm, and be sure your's is the latest version. Don't run a scan or fix anything yet. When running HiJackThis to scan or fix things, run it from its own folder, WITH NO OTHER BROWSERS, WINDOWS, FILESHARING, EMAIL, OR MESSAGING APPLICATIONS OPEN OR RUNNING
   
   
4. Go to Windows Update and check to make certain there are no outstanding Service Packs or High-Priority Updates for your operating system and/or Internet Explorer.
   
   
5. Run the online version of the Microsoft Windows Malicious Software Removal Tool.
   
   
6. Download, install, and update Windows Defender (Beta 2) (this is the successor to Microsoft Antispyware). Be sure to read, understand, and follow the download, installation, and update instructions available on the download page. Do not run the application's scan yet, just download, install, and update it.
   
   
7. Download, install, and update Ewido Anti-malware (the successor to Ewido Security Suite). Again, read, understand, and follow the download, installation, and update instructions available on the download page, and don't run the application's scan yet, just download, install, and update it. Note: when installing/configuring the trial version, do not select the automatic update or real-time protection options.
   
   
   
8. Download, install, and update Ad-Aware SE Personal. Just install and update it (when the program has installed, click the blue-green "Planet" icon, second from the right at the top of the screen, to run the auto-update function, and follow the prompts to update the application); don't run a scan yet.
   
   
   • When it has updated, click on the orange-ish "Gear Icon" (second-from the left at the top right-hand side of the window) to open the Ad-Aware configuration utility.
     
     
   • Under the "General" tab, all radio buttons should be green; if not, click to activate them.
     
     
   • Click the "Scanning" bar at the left of the page. Under "Drivers, Folders & Files", only the "Scan within archives" button should be green. Under "Memory & Registry", all buttons should be green.
     
     
   • Click the "Advanced" bar. Under "Shell Integration", "Move deleted files to Recycle Bin" should be green, and its your call whether you want to add "Scan with Ad-Aware to Explorer".
     
     
   • Under "Logfile Detail Level", all 3 buttons should be green.
     
     
   • Under "Alternate Data Streams", both buttons should be red.
     
     
   • Skip the "Startup", "Default", and "Interface" bars for now.
     
     
   • Click the "Tweak" bar. Click the plus-sign to open "Scanning Engine". "Unload recognized processes ... ", "Obtain command line ... ", and ""Scan registry for all users ... " should be green, "Run scan as background ...", "Ignore spanned files ...", and "Use permanent ... " may be left red.
     
     
   • Click to open "Cleaning Engine". The first 5 buttons should be green ("Automatically check ...", "Always try ...", "During removal ... ", "Let Windows remove ... ", and "Delete quarantined ..."} should be green, the remaining 3 ("Suppress warning ...", "Suppress progress ..." and "Disable manual ...") should be red.
     
     
   • Skip the remaining bars, click "Proceed", then close Ad-Aware WITHOUT RUNNING A SCAN.
     
     
   • With Ad-Aware closed, download LavaSoft's VX2 Cleaner Plugin, and install it per instructions found on the download page. read the instructions carefully so you'll know how to run the plugin when required. Do not run it, or Ad-Aware SE Personal, yet; just exit back to your desktop.
   
   
   
   
9. Download LSP-Fix. Just download it to a convenient-to-find place on your machine (A suitably named new folder your desktop is fine for now); it may or may not be needed, but if it is needed, you'll want to find it easily. Sometimes removal of yuckware will result in your not being able to connect to the internet. If this happens, LSP-Fix should take care of the problem. Be sure to read and understand (good idea to print out) the application's DOCUMENTATION so you know what to do if it becomes necessary.
   
   
10. Download, install, and update Spybot S&D. Just install and update it (when it installs, the program will give you the option to "Download all updates" - let it do so), don't run it yet.
    
    When it installs, the program will give you the option to "Download all updates" - let it do so. It will also step you through a Restore Point/Registry Backup process - follow through with each step Spybot wants you to do when it first installs.
    
    • When the program has been installed and updated, select "Immunize", click the green "+" plus-sign symbol at the top of the page to install Spybot's immunization, and follow any prompts.
      
      
    • On that same page, click to place a checkmark in the "Browser Helper to block bad downloads ..." button, then, from the dropdown below that, select "Block all bad pages silently".
      
      
    • At the top left of the main page, click "Mode", then select "Advanced"
      
      
    • Click "Tools", and make sure everything in the right-hand panel EXCEPT "View Report" and "Bug Report" is checkmarked.
      
      
    • Select "Resident" and on that page's right-hand panel, make sure only "Resident SD Helper" is checked, do not activate "Tea Timer"
      
      NOTE: DO NOT SELECT Spybot S&D's "TeaTimer" option at this time; its still sorta buggy, especially with WinXP.
      
      
    • Click "Hosts File", and at the top of that page's right-hand panel, click the green "+" plus-sign to install Spybot S&D's HOSTS list.
      
      
    • Next, click "Settings", then in that page's right-hand panel, select "File Sets"; everything in he right-hand panel under "Spybot - Search and Dstroy" should be checkmarked. "Usage Tracking" is optional and non-critical, but I recommend you select it too; doing so will help keep your machine free of Temporary File clutter.
      
      
    • Click "Ignore Products", and in that page's right-hand panel, under the "All Products" tab, make sure NOTHING is checked
      
      
    • When the configuration has been completed, just close Spybot S&D without running a scan yet.
    
    
11. Download CWShredder, and unzip it to your desktop, but don't run it yet.
    
    
12. Download, install, and update CCleaner[/i][/u] per the instructions on the download page. Just download, install, and update it, don't do anything with it yet; we'll be using it a a few times later in this process.
    
    
13. Download, install, and update Javacool Software's SpyWareBlaster. When the update has completed, select "Enable all protection", and exit back to your desktop. SpywareBlaster does not need to be running for its protection to be active, but you should should launch it at least weekly to check for updates. Read the FAQ HERE
    
    
14. Download the latest version of McAfee/AVERT Stinger - read and understand the instructions for running it, but don't run it yet, just download it to a convenient-to-find location such as an appropriately named folder on your desktop.
    
    
15. Update your own resident anti-virus application, but do not run a scan with it yet; just update it and close the application.
    
    
16. Now, per the instructions for your own resident antivirus and other security/privacy software, and with no other browsers or chat, messaging, or email clients open or running, DISABLE your resident anti-virus and other security/privacy software, then immediately go to TrendMicro HouseCall Free Online Scan and, per the instructions, run the free scan-and-clean process. If when it has finished, it reports it detected but did not remove something, please make careful, exact verbatim note of the item(s) reported - save it to report back here when the time comes.
    
    
17. When you have completed the TrendMicro scan-and-clean, locate and launch CCleaner, and have it run a full cleanup only (do not do anything with "Issues" or "Tools" at this time).
    
    
18. When that has completed, reboot your machine, and, with your resident antivirus and other security/privacy software disabled and no other browsers or chat, messaging, or email clients open or running, go to Panda Free Online Scan, and run the free online scan-and-clean available there. Please save the report it will generate when it has completed; we'll want to see that when the time comes.
    
    IMPORTANT: DISABLE ANY OTHER ANTIVIRUS YOU MAY HAVE ON YOUR MACHINE BEFORE RUNNING ANY OF THE ONLINE SCANS. Also, if you have any popup blocking, adblocking, or actively running antispyware application, disable those as well; they can interfere with online virus scans. Should an online scan report it has detected something it cannot repair or remove, please copy the exact message received, being sure to note the entire name and path of any file mentioned, and save it to post here at the appropriate time.
    
    
19. When that has been done, locate and launch CCleaner once more, again running a full scan-and-clean only.
    
    
20. When that has completed, Boot Into Safe Mode. The following steps are to be carried out in safe mode until the series is completed, and you are advised to reboot normally. If at any time during the process you do reboot, boot back into safemode before proceding with the next step.
    
    
21. Locate and launch Stinger; have it scan-and-clean your system per its instructions. When it has completed, reboot into Safe Mode and run it again. Do not reboot.
    
    
22. While in Safe Mode, locate and launch your own resident antivirus and run a full system scan-and-clean with it. When that has completed, do not reboot.
    
    
23. Next, while still in Safe Mode, locate, launch, and run CWShredder. Select "Fix" and let it run to completion. When it has completed, regardless what it reports, run it in its "Fix Mode" again. Do not reboot.
    
    
24. When that has completed, and while in Safe Mode, locate and launch Ewido Anti-malware, and run a full system scan-and-clean. Have it "Fix" whatever it finds. Please save the report it will generate when it has completed; we will want to see that when the time comes.
    
    
25. When that has completed, and while in Safe Mode, locate and launch Windows Defender, and run a full system scan-and clean with it, having it "Fix" whatever it finds. Again, when it has completed, and while in safe mode, run it a second time.
    
    
26. When that has completed, locate and launch Ad-Aware SE, select and run the VX2 Cleaner Plugin per instructions. When the plugin has completed, run it again. Now, again without rebooting, or if you have rebooted, while running in Safe Mode, run a full-system scan-and-clean with Ad-Aware SE, directing it to remove everything it finds. Once again, without rebooting, run a second full-system scan-and-clean with Ad-Aware SE.
    
    
27. Following the second run of Ad-Aware SE, locate and launch CCleaner once more, and again run a full scan-and-cleanup only.
    
    
28. Now, reboot normally, but DO NOT ALLOW YOUR MACHINE TO CONNECT TO THE INTERNET. If necessary, physically disconnect the cable between your machine and your internet access device or shut off your Wireless Gateway.
    
    
29. When your machine has rebooted, and not connected to the internet, be certain your own resident anti-virus and any other security/privacy software is disabled, then run full system scan and clean proceedures with, in this order:
    
    
    • CWShredder
      
    • Ewido Anti-malware (Note: Again please save the report generated when the application has completed)
      
    • Windows Defender
      
    • Ad-Aware SE (Note: Please also run Ad-Aware SE's VX2 Cleaner pluigin once more as well)
      
    • Spybot S&D (Note: Have Spybot S&D "Fix" everything it reports found which it lists in RED, items listed in GREEN are non-critical and your call)
      
    • CCleaner
    
    
    
30. Now, reboot normally once more, and without allowing your machine to connect to the internet, locate and launch HiJackThis. Before running a scan, please have it generate a Startup List by going to the "Miscellaneous Tools" page, placing a checkmark in each of the 2 boxes next to the "Generate StartupList Log" button, then click the button and save the generated report. When that has completed, WITH NO OTHER BROWSERS, WINDOWS, FILESHARING, EMAIL, OR MESSAGING APPLICATIONS OPEN OR RUNNING, click the "Back" button, and have HiJackThis run a scan-and-save-log only - DO NOT "FIX" anything yet.
    
    
31. When that has completed, make sure your resident anti-virus and other security/privacy software are enabled, connect to the internet, navigate back to this thread, and post
    
    • The Panda ActiveScan Report
      
    • Both the 1st and 2nd Ewido Anti-Malware reports
      
    • Any error messages or "Could not remove" reports you may have encountered, if any - please report these verbatim, exactly as they appeared.
      
    • The HiJackThis StartupList Log
      
    • The HiJackThis Scan Log

You may find it convenient to click "Turn on email updates" down at the bottom right of this page; doing so will cause a notification to be sent to the address you registered with A2K whenever this topic receives a reply.

Timber is unquestionably thorough, and it's a good idea to follow his advice, but maybe it's a tad beyond most of our capabilities. I've had good luck with ZoneAlarm, which has a free 15 day trial version, atwww.zonelabs.com, I think--they used to have a totally free version, but I guess success has gotten to them and they seem to have dropped that. And WebRoot SpySweeper, which does cost, but catches more and more stuff. I had a particularly tenacious version of CoolWebSearch which they got rid of, thankfully.

The message you're getting may be a contaminated popup. Blocking Messenger in ZoneAlarm stops a lot of those popups.

Do not click on any of the stuff it tells you to try. According to the computer magazines, the popup ads that allege they help you fight spyware in fact often install stuff that borders on malware itself, and does nothing to stop the malicious stuff.

What 2Linda has there, at an absolute minimum, is the result of a variant of the extremely nasty - and tricky-to-remove - VUNDO trojan, most likely VUNDO B - which exceedingly rarely is the only problem with a system having that infection; it sorta "invites its freinds to join the party" , one of which, a relatively recent variant of Winfixer, 2Linda's reported symptoms confirm. Neither Spybot S&D in any configuration nor Ad-Aware SE, by itself without the necessary plugin, will rid a system of VUNDO and freinds. If any single app can clean things up for 2Linda, its most likely gonna be SUPERAntiSpyware, but odds are more work will remain to be done even if SUPERAntiSpyware reports it got the job done.

The multi-step proceedure I laid out really isn't complicated and requires little "computer savvy" to get through; print out the instructions, read and understand them, ask questions if necessary, gather, install, configure and update the listed downloads per instructions, run the online scans, then follow the remaining steps in order and as directed, and finally, post the logs as directed so we can see what, if anything, remains to be done.

Small point which has nothing to do with the solution.

I noticed that 2Linda has indicated that she has Windows firewall and Norton firewall activated.

It is not necessary to have Windows firewall activated if Norton is activated. Actually better not to have both.

Computer spyware removal
Whew! I just spent the last 14 hours working my way thru all the steps of the fix recommended in the answer to my problem. I really appreciate all the respnses I received. Running the first suggested scan eliminated the porn pop-ups, but the computer still ran terribly slow and my embroidery digitizing program wouldn't work properly. I agree with username that all the steps were really daunting, but I decided I had better ago through them if possible. I think I completed them thoroughly. I will compile the date and post it tomorrow. I am too sleepy to function any more tonight (or this morning as the case may be). I do need some clarification on the last suggestion by Intrepid. Should I have only one firewall active, and if so how do I choose which one and deactivate the other? Thanks again, and I will post the reports later.

To turn Windows Firewall on or off
You must be logged on to your computer as an administrator to complete this procedure.

Open Windows Firewall. (see notes below)To open Windows Firewall, click Start, click Control Panel, click Network and Internet Connections, and then click Windows Firewall.
On the General tab, click one of the following:

ON (recommended). This is the setting that you should normally use.

You can also select the Don't allow exceptions check box. When this check box is selected, the firewall blocks all unsolicited requests to connect to your computer, including requests to programs or services selected on the Exceptions tab. Use this setting when you need maximum protection for your computer, such as when you connect to a public network in a hotel or airport, or when a dangerous virus or worm is spreading over the Internet.

OFF (not recommended). Turning off Windows Firewall might make your computer (and your network, if you have one) more vulnerable to damage from viruses or unknown intruders.
Warning

If you use the Advanced tab to turn off Windows Firewall for one or more individual connections, the Windows Security Center will report that the firewall is off, even though the firewall is still turned on for other connections. Also, on the General tab, Windows Firewall will still be set to On.

Notes

To open Windows Firewall, click Start, click Control Panel, click Network and Internet Connections, and then click Windows Firewall.
Windows Firewall is turned on by default for all Internet and network connections. However, some computer manufacturers and network administrators might turn it off.
Windows Firewall is turned on by default, so you cannot use some features of some types of programs, unless the program is listed on the Exceptions tab in Windows Firewall. For example, you might not be able to send photos using an instant messaging program until you add the program to the exceptions list.

Why you should only use one firewall

If you have more than one firewall installed on your computer, you should not have both firewalls turned on at the same time. Two firewalls turned on at the same time can cause compatibility problems that result in some programs not working correctly.

To help protect your computer against viruses and other security threats, you should always have one firewall installed and turned on. Windows includes a firewall that is turned on by default. (However, some computer manufacturers and network administrators might turn it off.) If you want to install and run a second firewall, turn off Windows Firewall.

sorce for the above is windows help center

I had the same problem, actually it is a trojan. I worked on the sob for a week without any success. A web page pointed me (HERE)
It worked for me ..... cost $29.95

Is there a blinking ? in the lower right part of your screen?

No need to spend any money (but if ya wanna, go ahead; Gel recommends a reputable app)- hundreds of VUNDO/WinFixer infections have been fixed via free instructions here, this one shouldn't be any different, and when the process is completed, the machine will be much less susceptible to future attacks and exploits.


We'll have an idea where we stand and what to do next once we've seen 2Linda's reports and logs. I expect one thing we'll find is a pretty cluttered startup folder - lotsa unnecessary stuff starting with Windows, and I expect some trimming of running services can be done too. I would not be at all surprised to discover there are still a couple of nasties to be dealt with ... some take a little 'special attention".

Once the infections and clutter have been cleaned up, a thorough scrubbing of the machine's caches and temporary files followed by a defrag oughtta speed up the machine quite noticeably, but the time to do that is after the nasties are gone and the starups and running services are brought under control.

Anyhow, the logs and reports will tell us what we need to do next.

Computer spyware removal
OK. Here is what I have.
Panda report

Incident Status Location

Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Linda\Cookies\linda@atwola[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Linda\Cookies\linda@burstnet[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Linda\Cookies\linda@realmedia[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Linda\Cookies\[email protected][2].txt

Ewido reports: I have the reports saved in the program but can't find how to save them to a place where I can copy them here. Am I going to have to type the whole thing out or do you have a suggestion?

Error messages:
Windows Defender Error found: Code 0x8024402c

Ad-Aware Critical Trading IE Cache, Category Data Miner, Object Cookie:linda@ realmedia.com/ Could not delete. Quaranteed to file I named IE Cache c.

Hijack Startuplist Log:
Logfile of HijackThis v1.99.1
Scan saved at 3:31:51 PM, on 10/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Dell\QuickSet\quickset.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SiteAdvisor\4144\SiteAdv.exe
C:\Documents and Settings\Linda\Desktop\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\4144\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: XBTB01536 - {BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\4144\SiteAdv.dll
O3 - Toolbar: Able2Know.com ToolBar - {EC52BEDA-CCF3-45E1-AFFD-03618DB9F10A} - C:\Program Files\Able2Know.com ToolBar\able2know.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\PROGRA~1\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: officejet 6100.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\4144\SiteAdv.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe


Hijackthis Scan Log:
Logfile of HijackThis v1.99.1
Scan saved at 2:33:06 AM, on 10/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Dell\QuickSet\quickset.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\DOCUME~1\Linda\LOCALS~1\Temp\Temporary Directory 1 for hijackthis_199.zip\HijackThis.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O1 - Hosts file is located at: C:\WINDOWS\System32\drivers\etc\hosts
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\4144\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\4144\SiteAdv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\PROGRA~1\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: officejet 6100.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\4144\SiteAdv.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - igfxdev.dll (file missing)
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe


Let me know how to transmit the Ewido info. And thank you for all you time and help.

Would it be better for me to disable the Norton firewall rather than the Windows firewall? And what do I check so that the warning message doesn't appear continually telling me to enable whichever is disabled?

Computer spyware removal
I figured it out. Here is the results of the Ewido scans. Somehow I lost the initial scan. Here is the post clean-up scan and another I did today.
If there is a way to retrieve the initial scan tell me what to do and I will try.
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:13:00 PM 10/27/2006

+ Scan result:



C:\Program Files\Able2Know.com ToolBar -> Adware.Able2know : Cleaned.
C:\Program Files\Able2Know.com ToolBar\Cache -> Adware.Able2know : Cleaned.
C:\Program Files\Able2Know.com ToolBar\a2k-16px.bmp -> Adware.Able2know : Cleaned.
C:\Program Files\Able2Know.com ToolBar\a2k.CUR -> Adware.Able2know : Cleaned.
C:\Program Files\Able2Know.com ToolBar\a2k.wav -> Adware.Able2know : Cleaned.
C:\Program Files\Able2Know.com ToolBar\able2know.dll -> Adware.Able2know : Cleaned.
C:\Program Files\Able2Know.com ToolBar\basis.xml -> Adware.Able2know : Cleaned.
C:\Program Files\Able2Know.com ToolBar\error.html -> Adware.Able2know : Cleaned.
C:\Program Files\Able2Know.com ToolBar\nav.bmp -> Adware.Able2know : Cleaned.
C:\Program Files\Able2Know.com ToolBar\newversion.txt -> Adware.Able2know : Cleaned.
C:\Program Files\Able2Know.com ToolBar\options.html -> Adware.Able2know : Cleaned.
C:\Program Files\Able2Know.com ToolBar\toolbar.crc -> Adware.Able2know : Cleaned.
C:\Program Files\Able2Know.com ToolBar\version.txt -> Adware.Able2know : Cleaned.
C:\Documents and Settings\Linda\Cookies\[email protected][1].txt -> TrackingCookie.Burstnet : Cleaned.


::Report end

Today's scan:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:02:38 PM 10/28/2006

+ Scan result:



C:\Documents and Settings\Linda\Cookies\[email protected][1].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Linda\Cookies\linda@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Linda\Cookies\[email protected][1].txt -> TrackingCookie.Burstnet : Cleaned.


::Report end

As you can see, Burstnet sneaked back in again.

The good news is your machine appears to be free of yuckware now. There really isn't any bad news ... all that remains really is to sort out your startups and mebbe deal with a few unnecessary extras you've got going there.

If it comes to a choice between Norton and Windows firewall, go with Norton. To stop Windows from nagging you, turn off Windows' Security Center (Start>Settings>Control Panel>Security Center, click "Change the way Security Center alerts me", de-select "Firewall" and "Virus Protection"), and let Norton's Security Center do that job for you. See Norton's documentation for specifics of setting up Norton's Security Center.

Other than that, leave things the way they are right now for a little while and use your machine as you normally do - lets make sure it really is clean before we go much further. I'll look for your feedback over the next couple days.

Computer spyware removal
My computer seems to be operating OK except for my embroidery program, which now closes itself at inopportune times. Should I uninstall and reinstall it, or check first with the tech support for the program. Either way I think I am ready to clean up my system and finish off. Thank you again for all the help you have given so far, and for helping me do this clean up.

Glad to learn things have improved. Some trimming of your starups will boost performance some - prolly not a whole bunch, but some. We can get into detail on that if you wanna, it isn't critical.

Re that embroidery program that's acting up, I think the first thing I'd try would be an uninstall/reinstall routine - then if that didn't work, I'd look to what might be available via the vendor's support facillities.

Computer spyware removal
I am going to be away for a few weeks so will postpone anythuing further until my return. At that time I would like to do whatever I can to speed things up. I am enjoying learning more about how the computer works. Even just following directions has given me a few insights into its processes. If you want to post instructions I will deal with them when I am back. Or I can write again then. In the meantime I will try the uninstall/reinstall. Thank you.