Greetings...
i would need some help to restore my internet explorer.

here is the problem: when i using addresses from IE, it show me:
%65%68%74%74%70%2e%63%63/? and after this original address.
exmp:
%65%68%74%74%70%2e%63%63/?www.google.com...

i tried solve this problem with ad-aware, but after cleaning, "possible browser hijack attempt" (data miner) is back

for now, i can surf on internet, but this is realm pain in my eyes, and i afraid that something worse could happen?

this is my first "meeting" with hijacks, so i'm not sure did i propertly posted log:
Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry


23. 05. 04 18:40:11 - Scan started. (Smart mode)

Listing running processes
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

#:1 [kernel32.dll]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4279186995
Threads : 4
Priority : High
FileSize : 460 KB
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
Copyright : Copyright © Microsoft Corp. 1991-1999
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
OriginalFilename : KERNEL32.DLL
ProductName : Microsoft® Windows® Operating System
Created on : 01. 01. 01
Last accessed : 22. 05. 04 22:00:00
Last modified : 23. 04. 99 20:22:00

#:2 [msgsrv32.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294918747
Threads : 1
Priority : Normal
FileSize : 11 KB
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
Copyright : Copyright © Microsoft Corp. 1992-1998
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
OriginalFilename : MSGSRV32.EXE
ProductName : Microsoft® Windows® Operating System
Created on : 01. 01. 01
Last accessed : 22. 05. 04 22:00:00
Last modified : 23. 04. 99 20:22:00

#:3 [mprexe.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294931659
Threads : 1
Priority : Normal
FileSize : 28 KB
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
Copyright : Copyright © Microsoft Corp. 1993-1998
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
OriginalFilename : MPREXE.EXE
ProductName : Microsoft® Windows® Operating System
Created on : 01. 01. 01
Last accessed : 22. 05. 04 22:00:00
Last modified : 23. 04. 99 20:22:00

#:4 [mmtask.tsk]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294930307
Threads : 1
Priority : Normal
FileSize : 1 KB
FileVersion : 4.03.1998
ProductVersion : 4.03.1998
Copyright : Copyright
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
OriginalFilename : mmtask.tsk
ProductName : Microsoft Windows
Created on : 01. 01. 01
Last accessed : 22. 05. 04 22:00:00
Last modified : 23. 04. 99 20:22:00

#:5 [mstask.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294957059
Threads : 2
Priority : Normal
FileSize : 116 KB
FileVersion : 4.71.1959.1
ProductVersion : 4.71.1959.1
Copyright : Copyright © Microsoft Corp. 1997
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
OriginalFilename : mstask.exe
ProductName : Microsoft
Created on : 01. 01. 01
Last accessed : 22. 05. 04 22:00:00
Last modified : 23. 04. 99 20:22:00

#:6 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 4294964391
Threads : 6
Priority : Normal
FileSize : 176 KB
FileVersion : 4.72.3110.1
ProductVersion : 4.72.3110.1
Copyright : Copyright © Microsoft Corp. 1981-1997
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft® Windows NT® Operating System
Created on : 23. 04. 99 20:22:00
Last accessed : 22. 05. 04 22:00:00
Last modified : 23. 04. 99 20:22:00

#:7 [taskmon.exe]
FilePath : C:\WINDOWS\
ProcessID : 4294841067
Threads : 1
Priority : Normal
FileSize : 28 KB
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
Copyright : Copyright © Microsoft Corp. 1998
CompanyName : Microsoft Corporation
FileDescription : Task Monitor
InternalName : TaskMon
OriginalFilename : TASKMON.EXE
ProductName : Microsoft® Windows® Operating System
Created on : 01. 01. 01
Last accessed : 22. 05. 04 22:00:00
Last modified : 23. 04. 99 20:22:00

#:8 [systray.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294851683
Threads : 2
Priority : Normal
FileSize : 32 KB
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
Copyright : Copyright © Microsoft Corp. 1993-1998
CompanyName : Microsoft Corporation
FileDescription : System Tray Applet
InternalName : SYSTRAY
OriginalFilename : SYSTRAY.EXE
ProductName : Microsoft® Windows® Operating System
Created on : 01. 01. 01
Last accessed : 22. 05. 04 22:00:00
Last modified : 23. 04. 99 20:22:00

#:9 [sm56hlpr.exe]
FilePath : C:\WINDOWS\
ProcessID : 4294864115
Threads : 1
Priority : Normal
FileSize : 404 KB
FileVersion : 4.10.80.4
ProductVersion : Release 4.10 AD04/AD05/AD06 Build 80.4
Copyright : Copyright
CompanyName : Motorola Inc.
FileDescription : SM56 Modem Win32 Utility
InternalName : SM56 Modem Helper
OriginalFilename : SM56HLPR.EXE
ProductName : Motorola SM56 PCI Modem
Created on : 12. 05. 12 13:23:20
Last accessed : 22. 05. 04 22:00:00
Last modified : 11. 11. 99 17:29:06

#:10 [internat.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294871819
Threads : 1
Priority : Normal
FileSize : 28 KB
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
Copyright : Copyright © Microsoft Corp. 1998
CompanyName : Microsoft Corporation
FileDescription : Keyboard Language Indicator Applet
InternalName : INTERNAT
OriginalFilename : INTERNAT.EXE
ProductName : Microsoft® Windows® Operating System
Created on : 01. 01. 01
Last accessed : 22. 05. 04 22:00:00
Last modified : 23. 04. 99 20:22:00

#:11 [ddhelp.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294834763
Threads : 6
Priority : Realtime
FileSize : 31 KB
FileVersion : 4.08.01.0881
ProductVersion : 4.08.01.0881
Copyright : Copyright
CompanyName : Microsoft Corporation
FileDescription : Microsoft DirectX Helper
InternalName : DDHelp.exe
OriginalFilename : DDHelp.exe
ProductName : Microsoft
Created on : 30. 10. 01 06:10:00
Last accessed : 22. 05. 04 22:00:00
Last modified : 30. 10. 01 06:10:00

#:12 [wmiexe.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294892715
Threads : 3
Priority : Normal
FileSize : 16 KB
FileVersion : 5.00.1755.1
ProductVersion : 5.00.1755.1
Copyright : Copyright © Microsoft Corp. 1981-1998
CompanyName : Microsoft Corporation
FileDescription : WMI service exe housing
InternalName : wmiexe
OriginalFilename : wmiexe.exe
ProductName : Microsoft® Windows NT® Operating System
Created on : 01. 01. 01
Last accessed : 22. 05. 04 22:00:00
Last modified : 23. 04. 99 20:22:00

#:13 [rnaapp.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294808319
Threads : 3
Priority : Normal
FileSize : 44 KB
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
Copyright : Copyright © Microsoft Corp. 1992-1996
CompanyName : Microsoft Corporation
FileDescription : Dial-Up Networking Application
InternalName : RNAAPP
OriginalFilename : RNAAPP.EXE
ProductName : Microsoft® Windows® Operating System
Created on : 01. 01. 01
Last accessed : 22. 05. 04 22:00:00
Last modified : 23. 04. 99 20:22:00

#:14 [tapisrv.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294697315
Threads : 5
Priority : Normal
FileSize : 120 KB
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
Copyright : Copyright © Microsoft Corp. 1994-1998
CompanyName : Microsoft Corporation
FileDescription : Microsoft
InternalName : Telephony Service
OriginalFilename : TAPISRV.EXE
ProductName : Microsoft® Windows® Operating System
Created on : 01. 01. 01
Last accessed : 22. 05. 04 22:00:00
Last modified : 23. 04. 99 20:22:00

#:15 [pstores.exe]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294715543
Threads : 3
Priority : Normal
FileSize : 79 KB
FileVersion : 5.00.1877.3
ProductVersion : 5.00.1877.3
Copyright : Copyright © Microsoft Corp. 1981-1998
CompanyName : Microsoft Corporation
FileDescription : Protected storage server
InternalName : Protected storage server
OriginalFilename : Protected storage server
ProductName : Microsoft® Windows NT® Operating System
Created on : 01. 01. 01
Last accessed : 22. 05. 04 22:00:00
Last modified : 23. 04. 99 20:22:00

#:16 [iexplore.exe]
FilePath : C:\PROGRAM FILES\INTERNET EXPLORER\
ProcessID : 4294810979
Threads : 10
Priority : Normal
FileSize : 76 KB
FileVersion : 5.00.2614.3500
ProductVersion : 5.00.2614.3500
Copyright : Copyright © Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Microsoft Internet Explorer
InternalName : iexplore
OriginalFilename : IEXPLORE.EXE
ProductName : Microsoft® Windows ® 2000 Operating System
Created on : 23. 04. 99 20:22:00
Last accessed : 22. 05. 04 22:00:00
Last modified : 23. 04. 99 20:22:00

#:17 [ad-aware.exe]
FilePath : D:\LAVASOFT\AD-AWARE 6\
ProcessID : 4294759239
Threads : 2
Priority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 12. 05. 12 18:00:10
Last accessed : 22. 05. 04 22:00:00
Last modified : 12. 07. 03 20:00:20

Memory scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0


Started registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0


Started deep registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Pageabout:blank

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "about:blank"
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "about:blank"

Possible browser hijack attempt : .Default\Software\Microsoft\Internet Explorer\MainStart Pageabout:blank

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "about:blank"
Rootkey : HKEY_USERS
Object : .Default\Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "about:blank"


Deep registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 2
Objects found so far: 2

Download *Hijack This!*
http://www.merijn.org/files/hijackthis.zip
http://www.mjc1.com/mirror/hjt/
http://downloads.net-integration.net/HijackThis.exe
http://www.computercops.biz/downloads-file-328.html

Unzip to a folder other than your Desktop or the Temp folder. Then, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that and copy & paste its contents here.

Most of what it lists will be harmless or even essential, don't fix anything yet. Someone will be along to tell you what steps to take after you post the contents of the scan results

thx for help. unfortunatly, it doesn't work.

i followed your instructions (download, creating new folder), but when i try extract hijackthis to new folder this message appeared:
error starting program
a required.DLL file, MSVBVM60.DLL was not found...

i used winRAR program...???

OK, it's because you don't have the VB 6 runtime files. Every program progammed in VB 6 needs the VB 6 runtime files in order to run.

Download and run this file:

http://download.microsoft.com/download/vb6...-US/VBRun60.exe

Follow the on-screen instructions and it'll install the runtime files. Re-run HijackThis and it should work :)

It's really nice to have you here, SpyDie!!!!! :thumb:

Glad to be here :thumb:

applause applause :thx:

it worked, and i hope this time i posted good log:

ogfile of HijackThis v1.97.7
Scan saved at 21:30:59, on 24. 05. 04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SM56HLPR.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
D:\PRILAGODBA\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://homepage.com
%00@www.e-finder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://homepage.com
%00@www.e-finder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://homepage.com
%00@www.e-finder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://homepage.com
%00@www.e-finder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://homepage.com
%00@www.e-finder.cc/search/ (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.com
%00@www.e-finder.cc/hp/ (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://homepage.com
%00@www.e-finder.cc/search/ (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://homepage.com
%00@www.e-finder.cc/search/ (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://homepage.com
%00@www.e-finder.cc/search/ (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://homepage.com
%00@www.e-finder.cc/search/ (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://homepage.com
%00@www.e-finder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://homepage.com
%00@www.e-finder.cc/search/ (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://homepage.com
%00@www.e-finder.cc/search/ (obfuscated)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SM56ACL] sm56hlpr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [Ad-aware] "D:\LAVASOFT\AD-AWARE 6\AD-AWARE.EXE" +c
O4 - HKLM\..\Run: [RunOdigo] D:\Odigo\Odigo\Bin\Odigo.exe -m
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O13 - DefaultPrefix: http://%65%68%74%74%70%2E%63%63/?
O13 - WWW Prefix: http://%65%68%74%74%70%2E%63%63/?

You Have a CoolWebSearch Infection.

Please Download CoolWebShredder, from
http://www.merijn.org/files/cwshredder.zip
http://www.zerosrealm.com/downloads/CWShredder.zip

Extract CWShredder to its own folder,

Reboot in Safe Mode*** and run the program.

Click the 'Fix ->' button.

Make sure you let it fix all CWS Remnants.

Afterwards Reboot.

Then, please Post a fresh Hijack This log in this thread.

thank you very much... those %65% symbols dissapeared from my address bar....

here is a log:

Logfile of HijackThis v1.97.7
Scan saved at 23:28:36, on 24. 05. 04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SM56HLPR.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
D:\PRILAGODBA\HIJACKTHIS\HIJACKTHIS.EXE

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SM56ACL] sm56hlpr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [Ad-aware] "D:\LAVASOFT\AD-AWARE 6\AD-AWARE.EXE" +c
O4 - HKLM\..\Run: [RunOdigo] D:\Odigo\Odigo\Bin\Odigo.exe -m
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe

First:
You are running an outdated and therefore unsafe version of Internet Explorer.
You NEED to upgrade to IE 6.0 SP1 http://www.microsoft.com/windows/ie/downlo...sp1/default.asp
(Make sure you get the correct language version for your operating system! ).

Next, go to the Windows Update site, and download and install ALL Critical Updates on offer.
That will fix innumerable bugs, update a large number of important system files, and plug many security holes.

This step is mandatory if you are to avoid Gaobot, Sasser, and Help file exploits.



Second:
At last, your system is clean and free of spyware! Want to keep it that way?

Here are some simple steps you can take to reduce the chance of infection in the future.

1. Visit Windows Update:
Make sure that you have all the Critical Updates recommended for your operating system and IE. The first defense against infection is a properly patched OS.
a. Windows Update: http://v4.windowsupdate.microsoft.com/en/default.asp

2. Adjust your security settings for ActiveX:
Go to Internet Options/Security/Internet, press 'default level', then OK.
Now press "Custom Level."
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to 'prompt', and 'Initialize and Script ActiveX controls not marked as safe" to 'disable'.

3. Download and install the following free programs:
a. SpywareBlaster: http://www.javacoolsoftware.com/spywareblaster.html
b. SpywareGuard: http://www.wilderssecurity.net/spywareguard.html
c. IE/Spyad: http://www.staff.uiuc.edu/~ehowes/resource.htm

4. Install Spyware Detection and Removal Programs:
You may also want to consider installing either or both of AdAware (free version) and Spybot S&D (freeware). Use these programs to regularly scan your system for and remove many forms of spyware/malware.
a. AdAware: http://www.lavasoft.de/software/adaware/
b. SpyBot S&D: http://security.kolla.de/index.php?lang=en&page=download


For more information about Spyware, the tools available, and other informative material, including information on how you may have been infected in the first place, please check out this link: http://forum.gladiator-antivirus.com/index...?showtopic=9857


Good luck, and thanks for coming to Gladiator Security Forums.

thank you and other people who helped me!.. and of course, i appreciate your useful advice for keeping my system clean in future :)

you guys and girls are apsolutly GREAT!