HJT log

you originally posted in the virus/spyware forum, complaining of WinFixer... and i suggested your run VundoFix.

Was this HJT log generated after you ran VundoFix?  If so, are you still have WinFixer problems?  Or any other problems?   Or is this just a "follow-up" post, just to be sure you're clean now?

Log is clean.

Ron

A Few Recommendations.

You can delete any programs we had you install but leave Hijackthis for now.  You can also run Hijackthis, View the List of Backups and Delete All.  If we used killbox its backup files can be removed now too.  Run Killbox and select File, Cleanup, Delete All Backups.  If you have an antivirus, check its quarantined files and delete any it had found.

You should also definitely toggle System Restore Off and then back On.

Following site has very clear instructions for turning it off.  To turn it back on you just repeat the instructions but uncheck the box where it says to Turn Off System Restore on all Drives.

http://www.f-secure.com/v-descs/sfc_dis1.shtml

The reason we do this is to remove any archived copies of the infection from System Restore so that if you have to use SYstem Restore to fix a problem you won't accidentally reinfect your system.  The next link explains how to use System Restore to go back in time if you hit a bad site or get infected.

http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/systemrestore.mspx

One way to make an infection more obvious is to check everything in your current HijackThis and Add to Ignore List then set up Hijackthis to run at boot and to show you if it finds anything new.  You do this by None of the Above Just start the program, Config (Main) and then check the box in front of Run Hiajckthis at startup and show it when items are found.  OK.  Then if Hijackthis opens after a boot it will show you any new programs that have been added.  You can then decide if you want to keep them or not.  If in doubt you can google for the .exe or .dll file at the end of the entry and see if what other people think of it.

To avoid going to a bad site you might want to install IE-SpyAd and SpywareBlaster and make the other changes recommended at:.
http://www.mvps.org/winhelp2002/restricted.htm
I used to recommend Spybot's Immunize system but have recently learned it is not as good as the one at:
http://www.mvps.org/winhelp2002/hosts.htm

Always run a firewall.  The one in XP SP2 is pretty good tho I think the free one from Zone Alarm is better.

http://www.zonelabs.com/store/content/company/products/trial_zaFamily/trial_zaFamily.jsp?lid=home_freedownloads

Turn on Autoupdates so you always get the latest patches from Windows.

Never hurts to do one of the free on line scans from Panda or Trend.  They take a while but are pretty good.
www.pandasoftware.com/activescan/activescan.asp?
http://housecall.trendmicro.com/

I like to run Spybot S&D. 
http://www.safer-networking.org/en/download/index.html
Also like to run AdAware once in a while. 
http://www.lavasoftusa.com/software/adaware/

Get the latest version of
Java:
http://www.java.com/en/download/windows_automatic.jsp

 Make sure you have removed any older versions of Java or JRE  with Control Panel, Add/Remove Programs.  Updates do not remove the older versions which have exploitable flaws.

If you have an older PC get rid of Microsoft Java Virtual Machine. 

Following site explains how to tell if you have it:

http://www.java.com/en/download/help/uninstall_msvm.xml

The automated removal tool is no longer availabel on Microsoft's site but can be obtained here:

Download the MSJVM Removal Tool from:
http://www.majorgeeks.com/download4158.html
 
and run it.

If you feel that

If you feel that Internet Explorer is running a bit slower after the latest Java update you can try checking this line and then Fix Checked.

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

It was added by the latest version of Java.  We don't know why.  Earlier versions did not have it.  It has been proven to slow down connections on some systems and removing it doesn't seem to hurt anything.

Other items you may wish to get rid of if you own a Dell are:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll

THese are from the MyWay Adware program installed on most Dells.  The uninstaller was broken on many of them.
 To remove just close Internet Explorer, run HijackThis (scan only) and check them then Fix Checked.

If you are not running the latest version of Adobe you should consider updating.  There are reports of a loophole for hackers in pre 7.03 versions.
As an alternative you can dump adobe completely and use fox-it instead:
http://www.foxitsoftware.com/pdf/rd_intro.php

If you do not have an antivirus program or the one you have was a trial that has expired then try the free antivirus for home users from Avast!
http://www.avast.com/eng/download-avast-home.html  (Uninstall any other antivirus program first.)

If you run Macromedia Flash make sure you have the latest version.  We just got a warning the following versions are vulnerable:
* Flash Player 8.0.22.0 and earlier
* Flash Professional 8
* Flash Basic
* Flash MX 2004
* Flash Debug Player 7.0.14.0 and earlier
* Flex 1.5
* Breeze Meeting Add-In 5.1 and earlier
* Adobe Macromedia Shockwave Player 10.1.0.11 and earlier