Incident Status Location
Spyware:spyware/smitfraud No disinfected C:\WINDOWS\System32\OLEEXT.dll
Virus:W32/Smitfraud.E Disinfected Operating system
Adware:adware/cws No disinfected C:\DOCUMENTS AND SETTINGS\JONATHAN\FAVORITES\FUN & GAMES\Betting.lnk
Spyware:spyware/smitfraud No disinfected C:\WINDOWS\SYSTEM32\oleext.dll
Adware:adware/psguard No disinfected C:\DOCUMENTS AND SETTINGS\ALL USERS\DESKTOP\PSGuard spyware remover.lnk
Adware:adware/wupd No disinfected C:\PROGRAM FILES\ErrorGuard
Adware:adware/spywareno No disinfected Windows Registry
Dialer:Dialer.CTY No disinfected C:\Documents and Settings\Jonathan\Local Settings\Temp\pplhgkpd.exe
Dialer:Dialer.NO No disinfected C:\Documents and Settings\Jonathan\Local Settings\Temporary Internet Files\Content.IE5\5TKOLF2V\gdnUS1104[1].exe
Dialer:Dialer.BEW No disinfected C:\Documents and Settings\Jonathan\Local Settings\Temporary Internet Files\Content.IE5\CD83SHOP\fr[2].htm
Adware:Adware/WUpd No disinfected C:\Documents and Settings\Jonathan\Local Settings\Temporary Internet Files\Content.IE5\CD83SHOP\index[1].htm
Spyware:Spyware/ISTBar No disinfected C:\Documents and Settings\Jonathan\Local Settings\Temporary Internet Files\Content.IE5\CD83SHOP\index[2].htm
Spyware:Spyware/XXXToolbar No disinfected C:\Documents and Settings\Jonathan\Local Settings\Temporary Internet Files\Content.IE5\CD83SHOP\prompt[2].php
Adware:Adware/nCase No disinfected C:\Documents and Settings\Jonathan\Local Settings\Temporary Internet Files\Content.IE5\CD83SHOP\prompt_ie_win[1].js
Virus:Exploit/LoadImage Disinfected C:\Documents and Settings\Jonathan\Local Settings\Temporary Internet Files\Content.IE5\CD83SHOP\sploit[1].anr
Spyware:Spyware/ISTBar No disinfected C:\Documents and Settings\Jonathan\Local Settings\Temporary Internet Files\Content.IE5\GLUFWL6N\index[4].htm
Spyware:Spyware/ISTBar No disinfected C:\Documents and Settings\Jonathan\Local Settings\Temporary Internet Files\Content.IE5\NORP198I\0006_regular[1].cab[istactivex.dll]
Adware:Adware/nCase No disinfected C:\Documents and Settings\Jonathan\Local Settings\Temporary Internet Files\Content.IE5\NORP198I\init[1].js
Virus:Exploit/LoadImage Disinfected C:\Documents and Settings\Jonathan\Local Settings\Temporary Internet Files\Content.IE5\NORP198I\psg[1].anr
Virus:Exploit/LoadImage Disinfected C:\Documents and Settings\Melissa\Local Settings\Temporary Internet Files\Content.IE5\012F45IJ\psg[1].anr
Adware:Adware/WUpd No disinfected C:\Documents and Settings\Melissa\Local Settings\Temporary Internet Files\Content.IE5\KBIXMZMD\index[2].htm
Spyware:Spyware/ISTBar No disinfected C:\Documents and Settings\Melissa\Local Settings\Temporary Internet Files\Content.IE5\UJ83GNCP\index[1].htm
Adware:Adware/nCase No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\0E5DBFB8-075E-40C1-B64C-09094E\8896730F-34A5-4DE6-9CEE-27500F
Virus:Trj/Agent.AFI Disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\218DA8E9-C184-41F3-ADFB-14FF23\22BA16D1-E3D2-41AD-A542-0F774F
Virus:Trj/Agent.AFI Disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\218DA8E9-C184-41F3-ADFB-14FF23\557C9529-6071-4405-8A62-288539
Adware:Adware/SpywareNo No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\218DA8E9-C184-41F3-ADFB-14FF23\867AFC95-996C-4901-9399-C4EC4F
Adware:Adware/SpywareNo No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\218DA8E9-C184-41F3-ADFB-14FF23\AB993EC9-65D5-4968-B725-8D9703
Adware:Adware/SpySheriff No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\218DA8E9-C184-41F3-ADFB-14FF23\E6955D1F-6AAF-4107-9939-BA7A40
Adware:Adware/SpySheriff No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\42488EA5-B0B7-49F9-BA80-EE6188\52115DE8-1742-4192-ABB1-73B5D1
Adware:Adware/SpywareNo No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\42488EA5-B0B7-49F9-BA80-EE6188\70CF19DE-6C3E-4A64-B3D7-06DD2C
Adware:Adware/SpywareNo No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\42488EA5-B0B7-49F9-BA80-EE6188\BDCDF9D5-E8BC-4DC9-90D2-E6573C
Spyware:Spyware/ISTBar No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\45BF0FC7-655D-4FB3-B17A-32CAFB\09E9463D-EAE7-446B-A315-900358
Virus:Trj/Agent.AFI Disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\F4FD701F-231F-47EE-BE98-D026D4\3FF3694B-8C40-4C17-81D9-BEC2A6
Adware:Adware/Popuper No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\F4FD701F-231F-47EE-BE98-D026D4\476C81A4-57F1-4FD8-9FB5-54E473
Adware:Adware/SpywareNo No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\F4FD701F-231F-47EE-BE98-D026D4\84E5C561-1154-4244-B834-503C16
Adware:Adware/SpySheriff No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\F4FD701F-231F-47EE-BE98-D026D4\C5C498C8-3903-47F7-9630-28C1D2
Adware:Adware/SpywareNo No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\F4FD701F-231F-47EE-BE98-D026D4\C90F722A-991D-4B01-BCF3-473218
Adware:Adware/SpySheriff No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\F4FD701F-231F-47EE-BE98-D026D4\D012E26D-A805-4166-B528-F8F2AB
Virus:Trj/Agent.AFI Disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\F4FD701F-231F-47EE-BE98-D026D4\E419A546-2F72-4E41-B7BF-297BF8
Virus:Trj/Mitglieder.DQ Disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP260\A0021718.exe
Virus:Trj/Clicker.FU Disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP260\A0021722.exe
Spyware:Spyware/BargainBuddy No disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP260\A0021725.srg
Virus:Trj/Mitglieder.DQ Disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP260\A0021730.exe
Virus:Trj/Mitglieder.DQ Disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP261\A0021747.exe
Virus:Trj/Mitglieder.DQ Disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP261\A0021755.exe
Virus:Trj/Mitglieder.DQ Disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP261\A0021768.exe
Virus:Trj/Mitglieder.DQ Disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP263\A0022242.exe
Virus:Trj/Mitglieder.DQ Disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP263\A0022256.exe
Virus:Trj/Mitglieder.DQ Disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP265\A0023255.exe
Virus:Trj/Mitglieder.DQ Disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP265\A0024255.exe
Virus:Trj/Mitglieder.DQ Disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP267\A0024269.exe
Virus:Trj/Mitglieder.DQ Disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP267\A0024286.exe
Virus:Trj/Mitglieder.DQ Disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP267\A0024296.exe
Virus:Trj/Mitglieder.DQ Disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0025297.exe
Virus:Trj/Mitglieder.DQ Disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP275\A0025335.exe
Virus:Trj/Mitglieder.DQ Disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP275\A0025347.exe
Virus:Trj/Mitglieder.DQ Disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP276\A0025366.exe
Virus:Trj/Mitglieder.DQ Disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP277\A0026346.exe
Dialer:Dialer.AVV No disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP277\A0026357.dll
Virus:Trj/Mitglieder.DQ Disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP278\A0027347.exe
Virus:Trj/Mitglieder.DQ Disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP282\A0027379.exe
Virus:Trj/Mitglieder.DQ Disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP282\A0027380.exe
Spyware:Spyware/BargainBuddy No disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP283\A0027407.srg
Virus:Trj/Mitglieder.DQ Disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP283\A0027428.exe
Virus:Trj/Mitglieder.DQ Disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP283\A0027429.exe
Virus:W32/Smitfraud.E Disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP286\snapshot\MFEX-1.DAT
Dialer:Dialer.NO No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\gdnUS1104.exe
Dialer:Dialer.NO No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\gdnUS2089.exe
Dialer:Dialer.NO No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.2\gdnUS2089.exe
Dialer:Dialer.NO No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.3\gdnUS2089.exe
Dialer:Dialer.NO No disinfected C:\WINDOWS\Downloaded Program Files\gdnUS1104.exe
Dialer:Dialer.NO No disinfected C:\WINDOWS\Downloaded Program Files\gdnUS2089.exe
Virus:Trj/Clicker.FU Disinfected C:\WINDOWS\SYSTEM32\gclib.exe
Virus:W32/Smitfraud.E Disinfected C:\WINDOWS\SYSTEM32\wininet.dll
Virus:Trj/Mitglieder.DQ Disinfected C:\WINDOWS\SYSTEM32\wiwshost.exe
Here is my hijack this log:
Logfile of HijackThis v1.99.1
Scan saved at 12:25:38 PM, on 9/5/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Juno\exec.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Microsoft Works\WkDStore.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Documents and Settings\Jonathan\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.juno.com/s...ch?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s...ch?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.juno.com/s...ch?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s...ch?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.juno.com/s...ch?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.juno.com/s...ch?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\JUSearch\SearchEnh1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: BHOmodObj Class - {7F6828CA-9E42-462C-BC60-418C8144012C} - c:\windows\system\BHOmod.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: JunoBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\Juno\Toolbar.dll
O3 - Toolbar: JunoBar - {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - C:\Program Files\Juno\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [vmtuner] gclib.exe
O4 - HKLM\..\Run: [lCVh$v/fC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\lhpjmch.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [Juno_uoltray] C:\Program Files\Juno\exec.exe regrun
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\JUSearch\juspc.exe" -w
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
The thing is, we stopped going on-line altogether and we are still getting this, even when adaware cleans stuff, a few days later it finds it again. I ran clean-up etc. Please help.