I am still infected with popups and redirects.

Ads by Targetedbanner etc...

I cannot access some of my favorites on Internet Explorer. I have uninstalled and reinstalled IE as other sites advised.
I can get into some sites, but not myspace or my bank.


Here is a copy of my hijackthis file.





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:15:53 PM, on 6/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\srvany.exe
C:\pvsw\bin\w3dbsmgr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Dantz\RETROS~1\retrospect.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/a/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: mysidesearch browser optimizer - {25c8fadb-4cc4-e912-523c-31995c3c992c} - C:\WINDOWS\system32\{4a734107-cafd-672c-8ba0-a81bfbcc25a9}.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {994E2FD0-E605-47A7-BAE2-6859BC400E46} - C:\WINDOWS\system32\vtUmJDwX.dll (file missing)
O2 - BHO: targetedbanner browser optimizer - {ab381803-098a-7530-2d01-1c58f4121ca2} - C:\WINDOWS\system32\{a73fd03c-f2ec-3310-7e69-07a029f0741a}.dll
O2 - BHO: (no name) - {B76CF1F4-ECDC-4CA1-89F8-32403496528E} - C:\WINDOWS\system32\ddcBqPHW.dll (file missing)
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] "C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [AOLDialer] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKLM\..\Run: [MXOBG] C:\Documents and Settings\USER 1\Local Settings\Temp\{231F68F4-70E4-41A6-BEDA-7E7934169B54}\MXOALDR.EXE
O4 - HKLM\..\Run: [RetroExpress] "C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe" /h
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PeachtreePrefetcher.exe] "C:\PROGRA~1\SAGESO~1\PEACHT~1\PeachtreePrefetcher. exe" /configfile:peachtreeprefetcher.winstart.config
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [BM43a62add] Rundll32.exe "C:\WINDOWS\system32\tyfkpues.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\jmwnw64q.exe
O4 - Startup: LimeWire On Startup.lnk = E:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=laptop
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_6.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1146493170406
O20 - Winlogon Notify: ddcBqPHW - ddcBqPHW.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID. EXE
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: konfig - Unknown owner - f:\opt\MBCASE\pm\bin\mcp (file missing)
O23 - Service: license - Unknown owner - f:\opt\MBCASE\pm\bin\mcp (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: mcp - Unknown owner - f:\opt\MBCASE\pm\bin\mcp (file missing)
O23 - Service: Pervasive.SQL Workgroup Engine - Unknown owner - C:\WINDOWS\system32\srvany.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Retrospect Express HD Restore Helper (RetroExp Helper) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TransBaseService - Unknown owner - f:\opt\MBCASE\WIS\TBCD\tbmux32.exe (file missing)

--
End of file - 11474 bytes

I assume that you ran a full Spyware Doctor scan and if you do not have Spyware Doctor with anti-virus, an anti-virus scan with your current tool

Try these simple changes. Delete these entries from HiJackThis

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: mysidesearch browser optimizer - {25c8fadb-4cc4-e912-523c-31995c3c992c} - C:\WINDOWS\system32\{4a734107-cafd-672c-8ba0-a81bfbcc25a9}.dll
O2 - BHO: (no name) - {994E2FD0-E605-47A7-BAE2-6859BC400E46} - C:\WINDOWS\system32\vtUmJDwX.dll (file missing)
O2 - BHO: targetedbanner browser optimizer - {ab381803-098a-7530-2d01-1c58f4121ca2} - C:\WINDOWS\system32\{a73fd03c-f2ec-3310-7e69-07a029f0741a}.dll
O2 - BHO: (no name) - {B76CF1F4-ECDC-4CA1-89F8-32403496528E} - C:\WINDOWS\system32\ddcBqPHW.dll (file missing)
Winlogon Notify: ddcBqPHW - ddcBqPHW.dll (file missing)
O23 - Service: konfig - Unknown owner - f:\opt\MBCASE\pm\bin\mcp (file missing)
O23 - Service: license - Unknown owner - f:\opt\MBCASE\pm\bin\mcp (file missing)

These services look suspicious. Check them out in Admin Tools Windows Services
O23 - Service: mcp - Unknown owner - f:\opt\MBCASE\pm\bin\mcp (file missing)
O23 - Service: TransBaseService - Unknown owner - f:\opt\MBCASE\WIS\TBCD\tbmux32.exe (file missing)

TeresaDe,
Make sure you have an anti-spyware, antivirus and a firewall installed on your computer and make sure these are always up to date with the latest signature database. This is the requirements for any computer.

You may also want to check out a security suite for convenience and less conflicts. One example is the PC Tools Internet Security - http://www.pctools.com/internet-security/ or you may want to mix and match certain applications to suit your needs :)

A great additional application to have is ThreatFire, the pc tools internet suite has Behavior guard, which is ThreatFire built in. Spyware Doctor also has behavior guard.

Another thing I have recently installed and like is browser defender. For more information on this, check out the browser defender forum: http://www.pctools.com/forum/forumdisplay.php?f=63

kt

I assume that you ran a full Spyware Doctor scan and if you do not have Spyware Doctor with anti-virus, an anti-virus scan with your current tool

Try these simple changes. Delete these entries from HiJackThis

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: mysidesearch browser optimizer - {25c8fadb-4cc4-e912-523c-31995c3c992c} - C:\WINDOWS\system32\{4a734107-cafd-672c-8ba0-a81bfbcc25a9}.dll
O2 - BHO: (no name) - {994E2FD0-E605-47A7-BAE2-6859BC400E46} - C:\WINDOWS\system32\vtUmJDwX.dll (file missing)
O2 - BHO: targetedbanner browser optimizer - {ab381803-098a-7530-2d01-1c58f4121ca2} - C:\WINDOWS\system32\{a73fd03c-f2ec-3310-7e69-07a029f0741a}.dll
O2 - BHO: (no name) - {B76CF1F4-ECDC-4CA1-89F8-32403496528E} - C:\WINDOWS\system32\ddcBqPHW.dll (file missing)
Winlogon Notify: ddcBqPHW - ddcBqPHW.dll (file missing)
O23 - Service: konfig - Unknown owner - f:\opt\MBCASE\pm\bin\mcp (file missing)
O23 - Service: license - Unknown owner - f:\opt\MBCASE\pm\bin\mcp (file missing)

These services look suspicious. Check them out in Admin Tools Windows Services
O23 - Service: mcp - Unknown owner - f:\opt\MBCASE\pm\bin\mcp (file missing)
O23 - Service: TransBaseService - Unknown owner - f:\opt\MBCASE\WIS\TBCD\tbmux32.exe (file missing)
Thank you so much for your help. I have spyware Doctor with antivirus. Does it not show the antivirus on there? It runs a scan (often) and a full scan takes about 4 hrs.

I will try these when I get back to the office.

I do appreciate your help and how fast it was as well. I am very glad I found this forum.

TeresaDe,
Make sure you have an anti-spyware, antivirus and a firewall installed on your computer and make sure these are always up to date with the latest signature database. This is the requirements for any computer.

You may also want to check out a security suite for convenience and less conflicts. One example is the PC Tools Internet Security - http://www.pctools.com/internet-security/ or you may want to mix and match certain applications to suit your needs :)

A great additional application to have is ThreatFire, the pc tools internet suite has Behavior guard, which is ThreatFire built in. Spyware Doctor also has behavior guard.

Another thing I have recently installed and like is browser defender. For more information on this, check out the browser defender forum: http://www.pctools.com/forum/forumdisplay.php?f=63

kt
Thank you for your quick response and suggestions as well. I will try these in the morning. I thank you very much!

A great FREE utility from Steven Gould...cleanup!

Removes a lot of junk from your PC where baddies hide. Be sure to check options and temp files check.

http://www.stevengould.org/index.php?option=com_content&task=view&id=29&Itemid=223

A great FREE utility from Steven Gould...cleanup!

Removes a lot of junk from your PC where baddies hide. Be sure to check options and temp files check.

http://www.stevengould.org/index.php?option=com_content&task=view&id=29&Itemid=223

I did this and good grief! It removed over 10,000 files! I hope I didn't need them.

My computer is still not allowing me access to 2 websites. One is Regions Bank and the other is Myspace.

Yes, I know I'm too old to be playing on myspace, but that's how I keep up with my kids!

Any more suggestions? Do I need to Hijack again to see what else is there? The MBCase files that where questionable were from an old program for Mercedes diagnostics. I removed it a long time ago so I deleted those files as well.

Thanks again for all your help. I really can make myself feel stupid when it comes to computers.

Hi
I would head to a dedicated help forum as you look to have one of the new variants of the Vundo Trojan that is always a stubborn one. Try one of these forums:
www.malwareremoval.com/forum/index.php?f=11
http://temerc.com/forums/viewforum.php?f=12

I must really have some hidden bugs because it won't let me open these forums. I have registered and ready to post my HJT log, but it just freezes up my screen the same as my blocked websites.

Anything else?

Hi
This may help you get on to many sites. I've been in contact with the HijackThis helper at www.temerc.com/forums and he is willing to assist you further.
Download HostsXpert v4.1 (http://www.funkytoad.com/download/HostsXpert.zip) and unzip it to your computer, somewhere where you can find it.
Double click on HostsXpert.exe to launch the program.
Click on Restore MS Hosts File to restore your Hosts file to its default condition.
Click on Make ReadOnly to secure it against further infection.
Exit the program.

Visit the Website (http://www.funkytoad.com/content/view/13/31/) for more information.

OK, I tried HostsXpert.exe, and so far I'm not noticing anything different.

I have to be logged on in safe mode to access the malware site. I haven't gotten a response from them yet. I signed up for the tmerc forum, but I haven't gotten my email confirmation yet. I got an email stating my registration was received, but they would send approval in another email.

Sorry to be so stupid on here. I am learning a few things though. Thanks.

The following is from Gizmo Richards http://www.techsupportalert.com/

.3 Easy Way to Detect Infections
In the editorial column in issue #157, I suggested that you submit a HiJackThis log of your computer to free security forums to identify possible malware infections. Several users wrote in to say that many forums no longer provide this service. Here's an alternative that's quicker and simpler, though not quite as accurate: Use a web service that will analyze your HiJackThis log using an automated technique. I know of two such services. All you have to do is paste your HJT log to the website and the results come back within seconds. Of the two sites, I found the analysis from the first site more informative.
http://www.hijackthis.de
http://hjt.networktechs.com/

1.4 More Malware Scanning Options
Last month I also suggested that you use Jotti [1] to scan suspect files. I should have also mentioned Virus Total [2], another free online scanning service that uses 32 scanning engines rather than 20 used at Jotti. However, for new malware products it doesn't matter how many signature-based scanning engines you use, because the malware product's signature may not be in any of their databases. That's why I like the free Anubis service [3], which is a behavioral-based (rather than a signature-based) scanner. It's a little slow, but the results are very comprehensive. If a file scans clean on Anubis and either Jotti or Virus Scan, then you can be pretty confident that it's OK. Thanks to regular contributor Howie Mirkin for suggesting Anubis.
[1] http://virusscan.jotti.org
[2] http://www.virustotal.com/
[3] http://anubis.iseclab.org/

Hopefully that may help you.

Hi

In the editorial column in issue #157, I suggested that you submit a HiJackThis log of your computer to free security forums to identify possible malware infections. Several users wrote in to say that many forums no longer provide this service. Here's an alternative that's quicker and simpler, though not quite as accurate: Use a web service that will analyze your HiJackThis log using an automated technique. I know of two such services. All you have to do is paste your HJT log to the website and the results come back within seconds. Of the two sites, I found the analysis from the first site more informative.
http://www.hijackthis.de
http://hjt.networktechs.com/Unfortunately TeresaDe cannot access many of these websites.