<div>
web_tracker... I did what you said at msconfig. &nbsp;I then ran malwarebytes again. &nbsp;(Didn't find anything.) &nbsp;But now the symptom I described has not shown up since then for several days. &nbsp;<br />
<br />
Chris M., ... I want to study your article and maybe use it at home also. &nbsp;I see one of your favorite tools is Combofix. &nbsp;I have used it with good effect in recent years. &nbsp;I have also heard warnings about it, that it's maybe a bit too invasive. &nbsp;Do I have to beware of using Combofix? &nbsp;Currently netstat does not show any usage of Port 9421. &nbsp;Maybe that's a result of doing what web_tracker had me do.
</div>


<div>
Hermhart, I used ComboFix on my own personal business computer for the purposes of that article. &nbsp;I'll give you the standard &quot;legal disclaimer&quot; of things are at your own risk, etc. but with that being said I have used it on probably 100 computers and had 0 issues.<br />
<br />
Chances are, if you are running ComboFix, whatever its removing is causing more problems then it ever could.<br />
<br />
Also always keep backups of your important things, take a backup of the registry before starting, etc.
</div>


<div>
Chris, I really like your article at <a href="http://bit.ly/HVE57U" rel="ugc">http://bit.ly/HVE57U</a>. &nbsp;It's very much where I'm at. &nbsp;Just a footnote on AVG free. &nbsp;The latest version of it does not give you the option to uncheck search engine and the toolbar. &nbsp;What works though is to go ahead and install it and then go to Control Panel &gt;&nbsp;Add or remove programs and run Change for AVG. &nbsp;In there you are given the opportunity to undo those features.<br />
<br />
I have used Spybot S&amp;D for years and I like it. &nbsp;But now they want a fistful of money for businesses. &nbsp;Also I use SuperAntispyware. &nbsp;It mostly finds harmless cookies, but it also gets some trojans. &nbsp;<br />
<br />
Thanks for the encouragement regarding Combofix.
</div>


<div>
My issue was resolved and I have some tips for the future. &nbsp;I didn't give an A because the area of malware seems to me to be rather fuzzy, not very clear black or white. &nbsp;When I have a success, I'm not quite sure just which tool was the main one that did the job.
</div>


<div>
<div class="content wysiwyg-content">
My computer is running Windows XP Pro in a network. &nbsp;I've run Malwarebytes Anti-Malware, and SuperAntispyware &nbsp;several times recently, and have gotten a few Trojans. &nbsp;But I still continue to have the following issue... Every morning a couple of websites come up. &nbsp;The URL changes about once a week. &nbsp;Here are some of them...<br />
web.tofushopnews.com<br />
milesandkms.com<br />
longfintuna.net<br />
salesresourcdepartners.com<wbr /><br />
australiabrewingcompany.co<wbr />m<br />
<br />
Attached is my HijackThis log. &nbsp;An analysis would be appreciated.<br />
<a href="https://filedb.experts-exchange.com/incoming/2013/11_w46/687433/hijackthis20131111.log" target="_blank" class="file-inline" title="Hijack This log for Nov 11, 2013 (15 KB)"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><path d="M67.508 468.467c-58.005-58.013-58.016-151.92 0-209.943l225.011-225.04c44.643-44.645 117.279-44.645 161.92 0 44.743 44.749 44.753 117.186 0 161.944l-189.465 189.49c-31.41 31.413-82.518 31.412-113.926.001-31.479-31.482-31.49-82.453 0-113.944L311.51 110.491c4.687-4.687 12.286-4.687 16.972 0l16.967 16.971c4.685 4.686 4.685 12.283 0 16.969L184.983 304.917c-12.724 12.724-12.73 33.328 0 46.058 12.696 12.697 33.356 12.699 46.054-.001l189.465-189.489c25.987-25.989 25.994-68.06.001-94.056-25.931-25.934-68.119-25.932-94.049 0l-225.01 225.039c-39.249 39.252-39.258 102.795-.001 142.057 39.285 39.29 102.885 39.287 142.162-.028A739446.174 739446.174 0 0 1 439.497 238.49c4.686-4.687 12.282-4.684 16.969.004l16.967 16.971c4.685 4.686 4.689 12.279.004 16.965a755654.128 755654.128 0 0 0-195.881 195.996c-58.034 58.092-152.004 58.093-210.048.041z"/></svg>hijackthis20131111.log</a>
</div>
</div>


hijackthis20131111.log

My computer is running Windows XP Pro in a network.  I've run Malwarebytes Anti-Malware, and SuperAntispyware  several times recently, and have gotten a few Trojans.  But I still continue to have the following issue... Every morning a couple of websites come up.  The URL changes about once a week.  Here are some of them...
web.tofushopnews.com
milesandkms.com
longfintuna.net
salesresourcdepartners.com
australiabrewingcompany.com

Attached is my HijackThis log.  An analysis would be appreciated.

Hijack This log to help diagnose my machine

Spyware is software that aims to gather information about a person or organization without their knowledge and that may send such information to another entity without the consumer's consent, or that asserts control over a computer without the consumer's knowledge; it has also come to include programs that engage in various kinds of electronic fraud. Anti-spyware is software that removes or blocks that software; some common vendors include Malwarebytes, McAfee, Spybot-Search and Destroy, Ad-Aware and BitDefender.

Anti-Spyware

A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.