I have taken the steps you suggested and reinstalled xp.
Adware came up with:
WindowsSecurityCenter.AntivirusDisableNotify and
WindowsSecurityCenter.FirewallDisableNotify
Ewida came up with:
HKLM\SOFTWARE\Classes\Interface\{8578D35E-C6C0-4808-9A80- 0F6C29A2C423} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BC190DA5-0187-4D99-B3AC-6C45EA1B9324} -> Spyware.HotBar : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Al\My Documents\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Al\My Documents\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.13:C:\Program Files\Handspring\BradbuA\QuickInstall\ExpCard\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.29:C:\Program Files\Handspring\BradbuA\QuickInstall\ExpCard\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.30:C:\Program Files\Handspring\BradbuA\QuickInstall\ExpCard\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
Panda came up with:
Backdoor Program (rnbpju.exe)
All above were neutralized
Windows would not update (Error number: 0x80072EFF).
Rebooted and still hapenning.
Hijack this was as follows:
Logfile of HijackThis v1.99.1
Scan saved at 3:08:21 PM, on 9/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\PrivacyEraser Computing\Privacy Eraser Pro\PrivacyEraser.exe
C:\Program Files\mfk\MFK.EXE
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\ePrompter\ePrompter.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Rainlendar\Rainlendar.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\WebProxy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\SYSTEM32\SOL.EXE
C:\Program Files\JGsoft\EditPadLite\EditPad.exe
C:\Documents and Settings\Al\My Documents\New Folder\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://news.google.com/news?ned=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Program%20Files/Mozilla%20Firefox/firefox.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8100
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdcatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSO Plus Password Wizard - {F81D63ED-E9EE-4581-A3E6-BA279CA68600} - C:\DOCUME~1\Al\MYDOCU~1\MYDOWN~1\pgiexpl.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [Privacy Eraser Pro] C:\Program Files\PrivacyEraser Computing\Privacy Eraser Pro\PrivacyEraser.exe /Startup
O4 - HKCU\..\Run: [MyKeys] "C:\Program Files\mfk\MFK.EXE" /M
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Startup: ePrompter.lnk = C:\Program Files\ePrompter\ePrompter.exe
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Learn Page - {F81D63ED-E9EE-4581-A3E6-BA279CA68600} - C:\DOCUME~1\Al\MYDOCU~1\MYDOWN~1\pgiexpl.dll (file missing)
O9 - Extra 'Tools' menuitem: Learn Page - {F81D63ED-E9EE-4581-A3E6-BA279CA68600} - C:\DOCUME~1\Al\MYDOCU~1\MYDOWN~1\pgiexpl.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: ComcastHSI - {01778BA6-B0D6-4D7B-9301-DC34EA5994AE} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Help - {017DDD4C-98B6-4F5C-A67B-F5F998623F02} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: Support - {E0036B3E-CA58-4926-BA4C-E7A6E93CC1D8} - http://www.comcastsupport.com (file missing) (HKCU)
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1126036107140
O18 - Protocol: x-mem1 - {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - C:\WINDOWS\system32\wowctl2.dll
O20 - AppInit_DLLs: ssohook
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: hpdj5100 - Unknown owner - C:\DOCUME~1\Al\LOCALS~1\Temp\hpdj5100.exe (file missing)
O23 - Service: WorldMail IMAP4 Server (IMAP4A) - Rockliffe - C:\Program Files\Qualcomm\Worldmail3\IMAP4A.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
O23 - Service: Panda Pavkre (Pavkre) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
O23 - Service: Panda PavProt (PavProt) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
O23 - Service: SSO Plus (pgpwdmon) - Unknown owner - C:\DOCUME~1\Al\MYDOCU~1\MYDOWN~1\pgpwdmon.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
O23 - Service: Desktop (Service_Desktop) - Unknown owner - C:\Program Files\Free-Soft\Virtual Desktop\Desktop.exe
Thanks to anyone that can help - I don't like being forced to use IE!
Albrad