OK, it was dumb. I lent my laptop to my friend - Honest!
<snip for brevity>
1.Clear the (IE) temporary Internet files and the history cache.
Click Start==>Run... then type (or copy/paste) "inetcpl.cpl" (w/out
quotation marks) into the box, then click the 'OK' button.
In Internet Properties panel 'General' tab, under 'Browsing history', click
'Delete...'button, in 'Delete Browsing History' panel, click the 'Delete
all...'button then place a checkmark into the box beside 'Also delete files
and settings stored by add-ons', Click 'Yes' and exit the Internet
Properties panel by clicking the 'OK' button.
2.Clean HDD
1.Click Start==>Run... then type (or copy/paste) "cleanmgr" (w/out
quotation marks into the box, then click the 'OK' button. Select your drive
(presumably WinXP (C
and click OK.
2a. Delete files using Disk Cleanup (if on Vista)
http://windowshelp.microsoft.com/Windows/en-US/help/1264bc24-72a8-48aa-84e3-a355327139d91033.mspx
3.Malwarebytes© Corporation - Anti-Malware
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
4.SuperAntispyware - Free
http://www.superantispyware.com/superantispywarefreevspro.html
After the software is updated, it is suggested scanning the system in Safe
Mode.
How do you boot to Safe Mode?
By pressing/tabbing F8 (or F5 on some keyboards) during re-boot.
A description of the Safe Mode Boot options in Windows XP
http://support.microsoft.com/default.aspx?scid=315222
Start your computer in safe mode (Vista)
http://windowshelp.microsoft.com/Windows/en-us/help/323ef48f-7b93-4079-a48a-5c58eec904a11033.mspx
5.Download and execute HiJack This! (HJT)
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis
Please, do not post HJT logs to this newsgroup.
Fora where you can get expert advice for HiJack This! (HJT) logs.
http://www.thespykiller.co.uk/index.php?board=3.0
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.tomcoyote.org/index.php?showforum=27
http://www.bleepingcomputer.com/forums/forum22.html
http://www.malwarebytes.org/forums/index.php?showforum=7
http://www.5starsupport.com/ipboard/index.php?showforum=18
http://www.theeldergeek.com/forum/index.php?s=2e9ea4e19d3289dd877ab75a8220bff6&showforum=29
NOTE: Registration is required in any of the above mentioned fora
before posting a HJT log and read the 'stickies'
(instructions/guidelines) for the respective HJT forum.
6.After your operating system is considered 'clean' flush your System
Restore cache.
Right click 'My Computer' icon and select Properties from the drop down
list.
On the system Properties click on System Restore Tab and [check] the box
'Turn off System Restore on all drives'.
Click 'Apply' then click 'OK'.
Reboot.
Right click 'My Computer' icon and select Properties from the drop down
list.
On the system Properties click on System Restore Tab and [uncheck] the box
'Turn off System Restore on all drives'.
Note: ensure that under 'Available drives' the Status of Drive does show
'Monitoring'.
And then manually create a Restore point.
Go to:
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/systemrestore.mspx
And scroll down to: Create a Restore Point.
7.Routinely practice Safe-Hex.
http://www.claymania.com/safe-hex.html
FYI:
There aren't any 'good' on-line scanners out there! On-line scanners are
the most unsafe and next to useless. Because by the time you've started
your infected Windows and connected to the Internet via this infected code
base, and start to look for scanning sites through infected DNS, you are
almost certain to have the malware perfectly positioned to overrule your
attempts to clean it.
What happens if active malware is found? Don't expect that the on-line
scanner will do anything about it. Most of them are just just marketing
tools for selling you their products. Quite often, malware removal on the
NT based OS (Win 2K and XP) is far from easy. Sometimes a (good) resident
AV can deal with it in Safe Mode.
Other reasons to stay away from on'line scanners are:
1. You have to use IE on very low security setting - ActiveX is required.
2. Many users will lower security in the Internet Zone to use the service
and then forget to set the Internet Zone back to highest possible security
- which is the only way that IE should be set.
David H. Lipman's Multi-AV and some 'other' stand-alone AV tools are
*impressively better and safer*, because you don't have to be on-line to
use them (they have no dependencies on using a web browser to perform their
function), and they can be used in Safe Mode.
Download David's MULTI_AV.EXE directly:
http://www.pctip.ch/ds/28400/28470/Multi_AV.exe
or
http://212.98.39.7/ds/28400/28470/Multi_AV.exe
http://www.pctip.ch/downloads/dl/35905.asp
or
http://212.98.39.7/downloads/dl/35905.asp
English:
http://www.raymond.cc/blog/archives/2008/01/09/scan-your-computer-with-multiple-anti-virus-for-free/
NOTE: You may have to disable your software FireWall or allow WGET.EXE to
go through your FireWall to allow it to download the needed AV vendor
related files.
When the menu is displayed hitting 'H' or 'h' will bring up a more
comprehensive PDF help file.
Additional Instructions:
http://pcdid.com/Multi_AV.htm
NOTE: To use this utility, perform the following...
Execute; Multi_AV.exe {Note: You must use the default folder C:\AV-CLS}
Choose; Unzip
Choose; Close
Execute; C:\AV-CLS\StartMenu.BAT
{or Double-click on 'Start Menu' in C:\AV-CLS}
Other quality Standalone Malware Scanners are:
Kaspersky® AVPTool
http://avptool.virusinfo.info/en/
Direct:
http://downloads5.kaspersky-labs.com/devbuilds/AVPTool/
--and--
Dr.Web CureIt!® Utility - FREE
http://www.freedrweb.com/cureit/
--and--
Malwarebytes© Corporation - Anti-Malware
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Kaspersky® AVPTool, Dr.Web CureIt!® have no update feature (so they don't
turn into full blown scanners), thus they need to be re-downloaded every
time there's an update.
Re: K/AVPTool; Uninstall after use. To uninstall/move this program "enable
self-defense' must be unchecked!
It's safer still if you can avoid running any code from the infected system
at all, and that can be done by working from Bart CDR boot.
But that means having a clean system to build the Bart disk, and more to
the point, a fair bit of effort and technical fiddling.
Bart's Preinstalled Environment (BartPE) bootable live windows CD/DVD
http://www.nu2.nu/pebuilder/
Good luck
