[bubbles4u35]

Rambro,
Here is the unistall list.
Thank You



Access ThinkPad
Ad-Aware SE Personal
Adobe Acrobat 5.0
Agere Systems AC'97 Modem
ATI Display Driver
AVG Free Edition
ewido anti-malware
HijackThis 1.99.1
IBM Access Connections
IBM Rapid Restore PC Setup
IBM ThinkPad Access Support
IBM ThinkPad Battery MaxiMiser and Power Management Features
IBM ThinkPad Configuration
IBM ThinkPad EasyEject Utility
IBM ThinkPad Power Management Driver
IBM ThinkPad Presentation Director
IBM TrackPoint Accessibility Features
IBM TrackPoint Support
IBM Update Connector
Intel® PRO Ethernet Adapter and Software
InterVideo WinDVD
J2SE Runtime Environment 5.0 Update 7
Keyboard Express 3
Macromedia Flash Player 8
Microsoft Office Professional Edition 2003
Musicmatch® Jukebox
Nero OEM
Netscape (7.2)
RelevantKnowledge
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 8 (KB911565)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905495)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Spybot - Search & Destroy 1.4
Support.com Software
ThinkPad FullScreen Magnifier
ThinkPad Software Installer
TrojanHunter 4.5
Uninstall PC-Doctor
Update for Windows XP (KB835409)
Update for Windows XP (KB898461)
Update for Windows XP (KB910437)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows XP Hotfix - KB823559
Windows XP Hotfix - KB828741
Windows XP Hotfix - KB833407
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB842773
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892944
Windows XP Hotfix (SP2) [See Q329048 for more information]
Windows XP Hotfix (SP2) [See Q329115 for more information]
Windows XP Hotfix (SP2) [See Q329390 for more information]
Windows XP Hotfix (SP2) [See Q329834 for more information]
Windows XP Hotfix (SP2) Q329170
Windows XP Hotfix (SP2) Q329441
Windows XP Hotfix (SP2) Q810577
Windows XP Hotfix (SP2) Q810833
Windows XP Hotfix (SP2) Q815021
Windows XP Hotfix (SP2) Q817606
XoftSpy
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar

[Advertisements]

Dear bubbles4u35,

I was looking at your "Add/Remove Software list" log from your last post, remove the following programs through your "Add or Remove" programs via your Control Panel:

RelevantKnowledge

XoftSpy was initially considerered a "Rogue/Suspect Anti-Spyware" program. However, it has been "de-listed" as a "rogue" program, see the following link: http://www.spywarewa...re.htm#naw_note.

To play safe, please uninstall this software.

Uninstall the following program/programs through Add/Remove programs (if they exist):

XoftSpy
******************

I also want to give you some information on how to "sure up" your IE settings:

IE settings changes

Here's some recommended changes in IE settings that will help protect you.

Go to the Tools menu, then choose Internet Options.

Click on the Privacy tab and click on the Advanced button.

In the box that pops up, check both the Override automatic cookie handling and
Always allow session cookies boxes. Set First party cookies to "Allow" and Third party cookies to "Block".
Click OK

Go to the Security tab & click the Custom Level button.

The following ActiveX section settings should be changed as follows:

* Download signed ActiveX controls: Prompt
* Download unsigned ActiveX controls: Prompt
* Initialize and script ActiveX controls not marked as safe: Disable

In the Microsoft VM section (if it exists), set Java Permissions to "High Safety".

In the Miscellaneous section, set Installations of desktop items to "Prompt"

Click on the Advanced tab and uncheck both Install on demand items.

Click on Apply, then OK.

[rambro]

Dear bubbles4u35,

I was looking at your "Add/Remove Software list" log from your last post, remove the following programs through your "Add or Remove" programs via your Control Panel:

RelevantKnowledge

XoftSpy was initially considerered a "Rogue/Suspect Anti-Spyware" program. However, it has been "de-listed" as a "rogue" program, see the following link: http://www.spywarewa...re.htm#naw_note.

To play safe, please uninstall this software.

Uninstall the following program/programs through Add/Remove programs (if they exist):

XoftSpy
******************

I also want to give you some information on how to "sure up" your IE settings:

IE settings changes

Here's some recommended changes in IE settings that will help protect you.

Go to the Tools menu, then choose Internet Options.

Click on the Privacy tab and click on the Advanced button.

In the box that pops up, check both the Override automatic cookie handling and
Always allow session cookies boxes. Set First party cookies to "Allow" and Third party cookies to "Block".
Click OK

Go to the Security tab & click the Custom Level button.

The following ActiveX section settings should be changed as follows:

* Download signed ActiveX controls: Prompt
* Download unsigned ActiveX controls: Prompt
* Initialize and script ActiveX controls not marked as safe: Disable

In the Microsoft VM section (if it exists), set Java Permissions to "High Safety".

In the Miscellaneous section, set Installations of desktop items to "Prompt"

Click on the Advanced tab and uncheck both Install on demand items.

Click on Apply, then OK.

[rambro]

Dear bubbles4u35,

You may want to print out these instructions or save them as a text file with "Notepad" to your desktop because we will be restarting into Safe Mode later on in the fix and you might not be able to access the Internet.
******************************

1. Prepare Ewido Security Suite for use:

• Download the trial version of Ewido Security Suite.
• Install the Program.
• Click on the "update" button on the left hand side of the window.
• Click on "Start Update".

2. When installing, under 'Additional Options' uncheck:

• Install background guard
• Install scan via context menu

3. You should not run the program yet so Exit the program.
4. Reboot into Safe mode. To reboot in Safe mode:

• Restart your computer and immediately begin tapping the F8 key on your keyboard.
• If done right a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.

5. Run Ewido Security Suite:

• Open Ewido Security Suite.
• Click on the "scanner" button on the left hand side of the window.
• Click on "Complete System Scan".
• After the scan is completed, save the logfile from the scan.

6. Restart your computer normally to return to normal mode.
7. Prepare in your reply:

• Please post a fresh HijackThis log.
• Please post the Ewido Security Suite log.

In addition, let me know in detail how your computer system is running after performing the above steps.

[bubbles4u35]

Rambro,

I made the changes to IE as you instructed. Below is the Ewido log and the new Hjk log. I wasnt sure if I was suppoed to clean the infected items so I didnt. Please let me know if I need to run it again and clean,
Thank You
Bubbs


---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 12:16:46 AM, 6/1/2006
+ Report-Checksum: 5A8544D5

+ Scan result:

HKLM\SOFTWARE\Classes\IeBHOs.Control -> Adware.E2G : Ignored
HKLM\SOFTWARE\Classes\IeBHOs.Control\CLSID -> Adware.E2G : Ignored
HKLM\SOFTWARE\Classes\IeBHOs.Control\CurVer -> Adware.E2G : Ignored
HKLM\SOFTWARE\Classes\IeBHOs.Control.1 -> Adware.E2G : Ignored
:mozilla.18:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Mediaplex : Ignored
:mozilla.19:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Doubleclick : Ignored
:mozilla.20:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.2o7 : Ignored
:mozilla.21:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.2o7 : Ignored
:mozilla.22:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.2o7 : Ignored
:mozilla.23:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.2o7 : Ignored
:mozilla.24:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.2o7 : Ignored
:mozilla.25:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.2o7 : Ignored
:mozilla.26:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.2o7 : Ignored
:mozilla.27:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.2o7 : Ignored
:mozilla.28:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.2o7 : Ignored
:mozilla.29:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.2o7 : Ignored
:mozilla.30:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.2o7 : Ignored
:mozilla.34:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Com : Ignored
:mozilla.39:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Advertising : Ignored
:mozilla.40:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Advertising : Ignored
:mozilla.41:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Advertising : Ignored
:mozilla.42:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Ru4 : Ignored
:mozilla.43:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Ru4 : Ignored
:mozilla.44:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Ru4 : Ignored
:mozilla.45:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Ru4 : Ignored
:mozilla.46:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Ru4 : Ignored
:mozilla.48:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Tribalfusion : Ignored
:mozilla.49:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Tribalfusion : Ignored
:mozilla.50:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Tribalfusion : Ignored
:mozilla.51:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Tribalfusion : Ignored
:mozilla.52:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Tribalfusion : Ignored
:mozilla.62:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Trafficmp : Ignored
:mozilla.63:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Trafficmp : Ignored
:mozilla.65:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Trafficmp : Ignored
:mozilla.66:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Trafficmp : Ignored
:mozilla.68:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Trafficmp : Ignored
:mozilla.69:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Trafficmp : Ignored
:mozilla.70:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Trafficmp : Ignored
:mozilla.71:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Trafficmp : Ignored
:mozilla.72:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Trafficmp : Ignored
:mozilla.74:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Atdmt : Ignored
:mozilla.75:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Zedo : Ignored
:mozilla.76:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Zedo : Ignored
:mozilla.77:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Zedo : Ignored
:mozilla.78:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Zedo : Ignored
:mozilla.79:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Zedo : Ignored
:mozilla.83:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Pointroll : Ignored
:mozilla.84:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Pointroll : Ignored
:mozilla.85:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Pointroll : Ignored
:mozilla.86:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Pointroll : Ignored
:mozilla.100:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Falkag : Ignored
:mozilla.101:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Falkag : Ignored
:mozilla.103:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Falkag : Ignored
:mozilla.104:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Falkag : Ignored
:mozilla.107:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Statcounter : Ignored
:mozilla.108:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Statcounter : Ignored
:mozilla.109:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Statcounter : Ignored
:mozilla.111:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Fastclick : Ignored
:mozilla.112:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Fastclick : Ignored
:mozilla.113:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Casalemedia : Ignored
:mozilla.114:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Casalemedia : Ignored
:mozilla.115:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Casalemedia : Ignored
:mozilla.116:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Casalemedia : Ignored
:mozilla.117:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Casalemedia : Ignored
:mozilla.118:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Casalemedia : Ignored
:mozilla.119:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Casalemedia : Ignored
:mozilla.120:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Fastclick : Ignored
:mozilla.121:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Fastclick : Ignored
:mozilla.122:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Fastclick : Ignored
:mozilla.132:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Specificclick : Ignored
:mozilla.133:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Specificclick : Ignored
:mozilla.134:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Specificclick : Ignored
:mozilla.135:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Specificclick : Ignored
:mozilla.136:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Specificclick : Ignored
:mozilla.149:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Adjuggler : Ignored
:mozilla.150:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Adjuggler : Ignored
:mozilla.151:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Adjuggler : Ignored
:mozilla.152:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Adjuggler : Ignored
:mozilla.157:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Myaffiliateprogram : Ignored
:mozilla.164:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Webtrendslive : Ignored
:mozilla.165:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Burstbeacon : Ignored
:mozilla.167:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Tracking101 : Ignored
:mozilla.168:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Tacoda : Ignored
:mozilla.169:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Tacoda : Ignored
:mozilla.170:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Tacoda : Ignored
:mozilla.171:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Burstnet : Ignored
:mozilla.172:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Burstnet : Ignored
:mozilla.174:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Questionmarket : Ignored
:mozilla.175:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Questionmarket : Ignored
:mozilla.181:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Revenue : Ignored
:mozilla.182:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Revenue : Ignored
:mozilla.183:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Revenue : Ignored
:mozilla.184:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Revenue : Ignored
:mozilla.191:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.2o7 : Ignored
:mozilla.198:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Googleadservices : Ignored
:mozilla.209:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Yieldmanager : Ignored
:mozilla.210:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Yieldmanager : Ignored
:mozilla.211:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Yieldmanager : Ignored
:mozilla.221:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Overture : Ignored
:mozilla.222:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Googleadservices : Ignored
:mozilla.225:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Googleadservices : Ignored
:mozilla.227:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Clickbank : Ignored
:mozilla.228:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Googleadservices : Ignored
:mozilla.256:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Cpvfeed : Ignored
:mozilla.257:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Cpvfeed : Ignored
C:\Documents and Settings\Ed\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Ignored
C:\Documents and Settings\Ed\Cookies\ed@247realmedia[1].txt -> TrackingCookie.247realmedia : Ignored
C:\Documents and Settings\Ed\Cookies\ed@2o7[2].txt -> TrackingCookie.2o7 : Ignored
C:\Documents and Settings\Ed\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Ignored
C:\Documents and Settings\Ed\Cookies\[email protected][2].txt -> TrackingCookie.Specificclick : Ignored
C:\Documents and Settings\Ed\Cookies\ed@adrevolver[1].txt -> TrackingCookie.Adrevolver : Ignored
C:\Documents and Settings\Ed\Cookies\[email protected][1].txt -> TrackingCookie.Addynamix : Ignored
C:\Documents and Settings\Ed\Cookies\[email protected][1].txt -> TrackingCookie.Pointroll : Ignored
C:\Documents and Settings\Ed\Cookies\[email protected][1].txt -> TrackingCookie.Revenue : Ignored
C:\Documents and Settings\Ed\Cookies\ed@adtech[2].txt -> TrackingCookie.Adtech : Ignored
C:\Documents and Settings\Ed\Cookies\ed@advertising[1].txt -> TrackingCookie.Advertising : Ignored
C:\Documents and Settings\Ed\Cookies\[email protected][2].txt -> TrackingCookie.Tacoda : Ignored
C:\Documents and Settings\Ed\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Ignored
C:\Documents and Settings\Ed\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Ignored
C:\Documents and Settings\Ed\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : Ignored
C:\Documents and Settings\Ed\Cookies\ed@atdmt[1].txt -> TrackingCookie.Atdmt : Ignored
C:\Documents and Settings\Ed\Cookies\[email protected][1].txt -> TrackingCookie.Searchingbooth : Ignored
C:\Documents and Settings\Ed\Cookies\ed@bfast[2].txt -> TrackingCookie.Bfast : Ignored
C:\Documents and Settings\Ed\Cookies\ed@bluestreak[2].txt -> TrackingCookie.Bluestreak : Ignored
C:\Documents and Settings\Ed\Cookies\ed@burstnet[2].txt -> TrackingCookie.Burstnet : Ignored
C:\Documents and Settings\Ed\Cookies\[email protected][1].txt -> TrackingCookie.Enhance : Ignored
C:\Documents and Settings\Ed\Cookies\[email protected][2].txt -> TrackingCookie.Goclick : Ignored
C:\Documents and Settings\Ed\Cookies\[email protected][1].txt -> TrackingCookie.Zedo : Ignored
C:\Documents and Settings\Ed\Cookies\ed@casalemedia[1].txt -> TrackingCookie.Casalemedia : Ignored
C:\Documents and Settings\Ed\Cookies\[email protected][2].txt -> TrackingCookie.Gamingpromo : Ignored
C:\Documents and Settings\Ed\Cookies\[email protected][1].txt -> TrackingCookie.Hitslink : Ignored
C:\Documents and Settings\Ed\Cookies\ed@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Ignored
C:\Documents and Settings\Ed\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Ignored
C:\Documents and Settings\Ed\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Ignored
C:\Documents and Settings\Ed\Cookies\[email protected][2].txt -> TrackingCookie.Overture : Ignored
C:\Documents and Settings\Ed\Cookies\ed@doubleclick[1].txt -> TrackingCookie.Doubleclick : Ignored
C:\Documents and Settings\Ed\Cookies\[email protected][1].txt -> TrackingCookie.Ru4 : Ignored
C:\Documents and Settings\Ed\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Ignored
C:\Documents and Settings\Ed\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Ignored
C:\Documents and Settings\Ed\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Ignored
C:\Documents and Settings\Ed\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Ignored
C:\Documents and Settings\Ed\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Ignored
C:\Documents and Settings\Ed\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Ignored
C:\Documents and Settings\Ed\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Ignored
C:\Documents and Settings\Ed\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Ignored
C:\Documents and Settings\Ed\Cookies\ed@fastclick[1].txt -> TrackingCookie.Fastclick : Ignored
C:\Documents and Settings\Ed\Cookies\ed@findwhat[1].txt -> TrackingCookie.Findwhat : Ignored
C:\Documents and Settings\Ed\Cookies\ed@gamingpromo[1].txt -> TrackingCookie.Gamingpromo : Ignored
C:\Documents and Settings\Ed\Cookies\[email protected][2].txt -> TrackingCookie.Starware : Ignored
C:\Documents and Settings\Ed\Cookies\ed@hitbox[2].txt -> TrackingCookie.Hitbox : Ignored
C:\Documents and Settings\Ed\Cookies\[email protected][2].txt -> TrackingCookie.Tracking101 : Ignored
C:\Documents and Settings\Ed\Cookies\[email protected][2].txt -> TrackingCookie.Fastclick : Ignored
C:\Documents and Settings\Ed\Cookies\[email protected][1].txt -> TrackingCookie.Top-banners : Ignored
C:\Documents and Settings\Ed\Cookies\ed@mediaplex[2].txt -> TrackingCookie.Mediaplex : Ignored
C:\Documents and Settings\Ed\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Ignored
C:\Documents and Settings\Ed\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Ignored
C:\Documents and Settings\Ed\Cookies\ed@overture[1].txt -> TrackingCookie.Overture : Ignored
C:\Documents and Settings\Ed\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Ignored
C:\Documents and Settings\Ed\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Ignored
C:\Documents and Settings\Ed\Cookies\ed@popuptraffic[1].txt -> TrackingCookie.Popuptraffic : Ignored
C:\Documents and Settings\Ed\Cookies\ed@qksrv[1].txt -> TrackingCookie.Qksrv : Ignored
C:\Documents and Settings\Ed\Cookies\ed@questionmarket[1].txt -> TrackingCookie.Questionmarket : Ignored
C:\Documents and Settings\Ed\Cookies\[email protected][2].txt -> TrackingCookie.Valuead : Ignored
C:\Documents and Settings\Ed\Cookies\ed@revenue[1].txt -> TrackingCookie.Revenue : Ignored
C:\Documents and Settings\Ed\Cookies\[email protected][2].txt -> TrackingCookie.Adjuggler : Ignored
C:\Documents and Settings\Ed\Cookies\ed@searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Ignored
C:\Documents and Settings\Ed\Cookies\[email protected][1].txt -> TrackingCookie.Liveperson : Ignored
C:\Documents and Settings\Ed\Cookies\ed@serving-sys[2].txt -> TrackingCookie.Serving-sys : Ignored
C:\Documents and Settings\Ed\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Ignored
C:\Documents and Settings\Ed\Cookies\ed@statcounter[2].txt -> TrackingCookie.Statcounter : Ignored
C:\Documents and Settings\Ed\Cookies\[email protected][2].txt -> TrackingCookie.Reliablestats : Ignored
C:\Documents and Settings\Ed\Cookies\[email protected][1].txt -> TrackingCookie.Webtrendslive : Ignored
C:\Documents and Settings\Ed\Cookies\ed@tacoda[2].txt -> TrackingCookie.Tacoda : Ignored
C:\Documents and Settings\Ed\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Ignored
C:\Documents and Settings\Ed\Cookies\ed@targetnet[2].txt -> TrackingCookie.Targetnet : Ignored
C:\Documents and Settings\Ed\Cookies\ed@trafficmp[1].txt -> TrackingCookie.Trafficmp : Ignored
C:\Documents and Settings\Ed\Cookies\ed@trafic[1].txt -> TrackingCookie.Trafic : Ignored
C:\Documents and Settings\Ed\Cookies\ed@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Ignored
C:\Documents and Settings\Ed\Cookies\[email protected][2].txt -> TrackingCookie.Starware : Ignored
C:\Documents and Settings\Ed\Cookies\[email protected][1].txt -> TrackingCookie.Adtrak : Ignored
C:\Documents and Settings\Ed\Cookies\[email protected][1].txt -> TrackingCookie.Burstbeacon : Ignored
C:\Documents and Settings\Ed\Cookies\[email protected][1].txt -> TrackingCookie.Myaffiliateprogram : Ignored
C:\Documents and Settings\Ed\Cookies\ed@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Ignored
C:\Documents and Settings\Ed\Cookies\[email protected][1].txt -> TrackingCookie.Adserver : Ignored
C:\Documents and Settings\Ed\Cookies\ed@zedo[2].txt -> TrackingCookie.Zedo : Ignored
C:\Documents and Settings\Ed\Local Settings\Temp\temp.frA170\IeBHOs.dll -> Adware.E2Give : Ignored
C:\Documents and Settings\Ed\Local Settings\Temporary Internet Files\Content.IE5\0DEFC1UN\webplugin[1].cab/wupdt.exe -> Downloader.OneClickNetSearch.f : Ignored
C:\System Volume Information\_restore{AA4E835D-3F85-4E33-9C96-239BC514A036}\RP76\A0043749.dll -> Adware.WebRebates : Ignored
C:\System Volume Information\_restore{AA4E835D-3F85-4E33-9C96-239BC514A036}\RP76\A0043810.dll -> Adware.E2Give : Ignored


::Report End







Logfile of HijackThis v1.99.1
Scan saved at 12:22:07 AM, on 6/1/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\tp4serv.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Documents and Settings\Ed\My Documents\Highjackthis.exe\HijackThis.exe

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.../7_2/home.html"); (C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\prefs.js)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1148887527406
O16 - DPF: {B495C654-5860-45D4-8EAA-5663B9393F33} (OVA Class) - http://go.microsoft....k/?linkid=49480
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: QCONSVC - Unknown owner - C:\WINDOWS\System32\QCONSVC.EXE

[rambro]

Dear bubbles4u35,

Yes, please run an Ewido scan again and clean those items found in the scan. Then post the results here in a reply to this post.

rambro

[rambro]

Dear bubbles4u35,

Here are a few extra things that you might want to do frequently to your computer system.
**************************

Do a Disk Cleanup frequently on your computer system: See the followin link: http://www.theelderg...nup_utility.htm.
Make sure the following checkboxes are checked:

Temporary Files
Temporary Internet Files
Recycle Bin

or

Clean out temporary and Temporary Internet files. Go to Start -> Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure these 3 are checked and then press *ok* to remove:

Temporary Files
Temporary Internet Files
Recycle Bin
*************************************

Clean your IE cookies and cache frequently:

• Close all instances of Outlook Express and Internet Explorer
• Go to Control Panel > Internet Options > General tab
• Click the "Delete Cookies" button
• Next to it, Click the "Delete Files" button
• When prompted, place a check in: "Delete all offline content", click OK

*****************************

Clear the cookies from your Mozilla's FireFox browser frequently. Here is how it is done.

Open up the FireFox browser.

Go to the "Tools" menu and select the "Options" option under the Tools menu.
The Options dialog box should pop up, choose the "Privacy" icon (i.e. the icon looks like a lock).
In the "Privacy" page choose the "Cookies" tab.
Under the "Cookies" tab press the "Clear Cookies Now" button.
Then press the "OK" button to get out of the "Options" dialog box.
*****************************************************

In the Tools -> Options dialog box in the FireFox browser their is a button called "Settings". Press this button. A "Clear Private Data" dialog box will popup. I usually have the following checkboxes checked.

In the "Private Data" section check the following checkboxes:

• Browsing History
• Saved Form Information
• Download History
• Cookies
• Cache
• Authenticated Sessions

In the "Settings" section check the following checkboxes:

• Ask me before clearing private data.

Then press the "OK" button to get out of the "Clear Private Data" dialog box.
Then press the "OK" button to get out of the "Options" dialog box.

Then in the FireFox browser, go to Tools -> choose the "Clear Private Data" option -> the Clear Private Data dialog box will pop up and choose the "Clear Private Data Now" button.

[bubbles4u35]

Hi Rambro,
Thank You for the maintence info. Below is the Ewido Log and the new Hjk Log. A pop up came up duing the scan for one of the last infections it was embedded in a temporary file and asked me if I wanted to delete the whole archive. Have no idea if I should of but I did.

As soon as I restarted in normal mode I was hit with alot of popups. Also I've seem to have lost a way to get into IE. Its not on my desktop or listed under start programs. The only way I was able to access it was to click on Windows update, stop the load, then clean the cookies and cache. I saw mazilla in the scan but I havent downloaded it yet unloess it was preinstalled and also dont see where to access it. Also my windows update alert is coming up should I be downloading any more updates yet?

Thank You
Bubbles



---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 4:39:58 PM, 6/1/2006
+ Report-Checksum: 12274D66

+ Scan result:

HKLM\SOFTWARE\Classes\IeBHOs.Control -> Adware.E2G : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control\CLSID -> Adware.E2G : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control\CurVer -> Adware.E2G : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control.1 -> Adware.E2G : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
:mozilla.162:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Tracking101 : Cleaned with backup
:mozilla.163:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.164:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.165:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.166:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.167:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.169:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.170:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.204:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.205:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.206:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.216:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.217:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.220:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.222:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup
:mozilla.223:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.251:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup
:mozilla.252:C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\ed@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\ed@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\[email protected][2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\ed@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\[email protected][1].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\[email protected][1].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\[email protected][1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\ed@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\ed@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\[email protected][2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\ed@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\[email protected][1].txt -> TrackingCookie.Searchingbooth : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\ed@bfast[2].txt -> TrackingCookie.Bfast : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\ed@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\ed@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\[email protected][1].txt -> TrackingCookie.Enhance : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\[email protected][2].txt -> TrackingCookie.Goclick : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\[email protected][1].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\ed@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\[email protected][2].txt -> TrackingCookie.Gamingpromo : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\[email protected][1].txt -> TrackingCookie.Hitslink : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\ed@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\[email protected][2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\ed@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\[email protected][1].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\ed@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\ed@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\ed@gamingpromo[1].txt -> TrackingCookie.Gamingpromo : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\[email protected][2].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\ed@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\[email protected][2].txt -> TrackingCookie.Tracking101 : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\[email protected][2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\[email protected][1].txt -> TrackingCookie.Top-banners : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\ed@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\ed@overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\ed@popuptraffic[1].txt -> TrackingCookie.Popuptraffic : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\ed@qksrv[1].txt -> TrackingCookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\ed@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\[email protected][2].txt -> TrackingCookie.Valuead : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\ed@revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\[email protected][2].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\ed@searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\[email protected][1].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\ed@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\ed@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\[email protected][2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\[email protected][1].txt -> TrackingCookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\ed@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\ed@targetnet[2].txt -> TrackingCookie.Targetnet : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\ed@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\ed@trafic[1].txt -> TrackingCookie.Trafic : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\ed@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\[email protected][2].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\[email protected][1].txt -> TrackingCookie.Adtrak : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\[email protected][1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\[email protected][1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\ed@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\[email protected][1].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\Ed\Cookies\ed@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Ed\Local Settings\Temp\temp.frA170\IeBHOs.dll -> Adware.E2Give : Cleaned with backup
C:\Documents and Settings\Ed\Local Settings\Temporary Internet Files\Content.IE5\0DEFC1UN\webplugin[1].cab/wupdt.exe -> Downloader.OneClickNetSearch.f : Cleaned with backup
C:\System Volume Information\_restore{AA4E835D-3F85-4E33-9C96-239BC514A036}\RP76\A0043749.dll -> Adware.WebRebates : Cleaned with backup
C:\System Volume Information\_restore{AA4E835D-3F85-4E33-9C96-239BC514A036}\RP76\A0043810.dll -> Adware.E2Give : Cleaned with backup


::Report End





Logfile of HijackThis v1.99.1
Scan saved at 4:58:38 PM, on 6/1/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\tp4serv.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Ed\My Documents\Highjackthis.exe\HijackThis.exe

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.../7_2/home.html"); (C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\prefs.js)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1148887527406
O16 - DPF: {B495C654-5860-45D4-8EAA-5663B9393F33} (OVA Class) - http://go.microsoft....k/?linkid=49480
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: QCONSVC - Unknown owner - C:\WINDOWS\System32\QCONSVC.EXE

[rambro]

Dear bubbles4u35,

A pop up came up duing the scan for one of the last infections it was embedded in a temporary file and asked me if I wanted to delete the whole archive. Have no idea if I should of but I did.

Yes, good job on that.

In my last post, when I mentioned things you should do frequently to your computer system, one of them is to perform a "Disk Cleanup" which should delete the files in your Temp and Temporary Internet Folders.
************************

As soon as I restarted in normal mode I was hit with alot of popups.

This is not good and concerns me. I believe it has something to do with the "e2give" spyware. See the following link: http://securityrespo...are.e2give.html.

If you look at the Ewido Scan you will find this data:

HKLM\SOFTWARE\Classes\IeBHOs.Control -> Adware.E2G : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control\CLSID -> Adware.E2G : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control\CurVer -> Adware.E2G : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control.1 -> Adware.E2G : Cleaned with backup

Therefore, bubbles4u35, you could see another registry edit in the future.
*********************************

Also I've seem to have lost a way to get into IE. Its not on my desktop or listed under start programs. The only way I was able to access it was to click on Windows update, stop the load, then clean the cookies and cache.

The file for your internet explorer is called "iexplore.exe" and the path to this file is the following "C:\Program Files\Internet Explorer\iexplore.exe". So now it just of matter of right clicking on your desktop, selecting "New", and selecting "Shortcut" and then browsing to C:\Program Files\Internet Explorer\iexplore.exe in the text box labeled "Type the location of item:" and then continue with the process of creating a shortcut.

To create the Internet Explorer shortcut in you start -> programs folder do the following:

In windows explorer navigate to C:\Document and Settings\Ed\Start Menu\Programs. In the "right pane" of the windows explorer create a shortcut for you Internet Explorer.
*************************

I saw mazilla in the scan but I havent downloaded it yet unloess it was preinstalled and also dont see where to access it.

Go to the following link: http://www.mozilla.com/. On this web page their should be a green colored thing that says "Download Firefox - 1.5.0.3 for windows, English (4.9 mb). Dear bubbles4u35, what I do is create a folder on my desktop and name it "Firefox download", download the firefox executable file to this folder, and then I extract this executable from this folder.
*******************************

Also my windows update alert is coming up should I be downloading any more updates yet?

Always, Always, Always go for downloading a critical windows update.
*******************************

Lastly, did you unistall the programs "RelevantKnowledge" and "XoftSpy" in your Add or Remove programs?

rambro

[rambro]

Dear bubbles4u35,

By now you should know how to backup you registry. Please backup your registry and name the .reg file, "backup3.reg". Then do the following:
**************************

Edit your registry

Please run Notepad and paste the following text into a new file:

REGEDIT4

[-HKEY_CURRENT_USER\SOFTWARE\PTech]

[-HKEY_CLASSES_ROOT\AppID\{3B99F202-145A-4E5A-AC7B-88A36910BF5E}]

[-HKEY_CLASSES_ROOT\AppID\IeBHOs.DLL]

[-HKEY_CLASSES_ROOT\IeBHOs.Control.1]

[-HKEY_CLASSES_ROOT\IeBHOs.Control]

[-HKEY_CLASSES_ROOT\TypeLib\{3B99F202-145A-4E5A-AC7B-88A36910BF5E}]

[-HKEY_CLASSES_ROOT\CLSID\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6}]

[-HKEY_CLASSES_ROOT\CLSID\{4A5B0528-1EE4-4871-8546-AB34DF31E861}]

[-HKEY_CLASSES_ROOT\CLSID\{4A5B0D43-13BE-4B7C-820E-660CED71CDBF}]

[-HKEY_CLASSES_ROOT\CLSID\{4A5B482D-E087-43C9-8FD6-0F36510CF2B9}]

[-HKEY_CLASSES_ROOT\CLSID\{4A5ADB4F-48EE-4840-8DAB-166A239F7E86}]

[-HKEY_LOCAL_MACHINE\Software\E2G]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\e2g Plugin]

[-HKEY_LOCAL_MACHINE\Software\Classes\AppID\{3B99F202-145A-4E5A-AC7B-88A36910BF5E}]

[-HKEY_LOCAL_MACHINE\Software\Classes\AppID\IeBHOs.DLL]

[-HKEY_LOCAL_MACHINE\Software\Classes\IeBHOs.Control.1]

[-HKEY_LOCAL_MACHINE\Software\Classes\IeBHOs.Control]

[-HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{3B99F202-145A-4E5A-AC7B-88A36910BF5E}]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6}]

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6}]

Save the file to the desktop as fix.reg and make sure the "Save as Type" field says "All Files".

Please go to the desktop and double-click on fix.reg, and click Yes to merge it with the registry.
******************************

Please restart your computer and then post a new HijackThis log.

In addition, let me know in detail how your computer system is running after performing the above steps.

[bubbles4u35]

Dear Rambro,

Ok info on my computer. I could hardly navigte between all the popups and finally freezing. I had to keep restarting it. Im hoping this last registry edit helps that. (was the near future lol)

I did uninstall the 2 programs at the time you posted it. I'll worry about getting IE on my desktop later since im not using it. I also downloaded mazilla and am using it as my default browser. Its kinda cool

The windows update that is coming up, is for service pack 2. Should I install this? I thought I remembered you saying it wasnt a good idea while this stuff was going on? Let me know.

I completed the registry edit. So far no popups. Below is the new Hjk log.

Thank You
bubbs


Logfile of HijackThis v1.99.1
Scan saved at 10:39:04 PM, on 6/1/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\tp4serv.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\7a57263d52ef89a3cee46b33df8a0a10\update\update.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ed\My Documents\Highjackthis.exe\HijackThis.exe

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.../7_2/home.html"); (C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\prefs.js)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1148887527406
O16 - DPF: {B495C654-5860-45D4-8EAA-5663B9393F33} (OVA Class) - http://go.microsoft....k/?linkid=49480
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: QCONSVC - Unknown owner - C:\WINDOWS\System32\QCONSVC.EXE

[rambro]

Dear bubbles4u35,

The windows update that is coming up, is for service pack 2. Should I install this? I thought I remembered you saying it wasnt a good idea while this stuff was going on? Let me know.

Yes, don't install windows xp service pack 2 until we clear your computer system of spyware.
**************************

(Note/Disclaimer: Hi bubbles4u35, in this next post, I would like you run the "MWAV antivirus tool" scan. When you download and install this application, it likes to install itself in a temporary folder by default, which is not a good idea. If you delete your Temp and Temporary Internet Files, this application might not run and you may have to re-install this application. However, try running this application and try following the instructions below. Good Luck!)

I would like you to download a program to your computer that will check for bad, hidden, files that the HijackThis program may not recognize.

Please create a folder on your desktop and rename it to something like "MWAV or MWAV application".

Please download the free MWAV antivirus tool from here: ftp://ftp.microworldsystems.com/download/tools/mwav.exe.

Save the downloaded "executable file" to this folder and "extract it" (Note: by default it will self-extract to a temporary directory). The MWAV antivirus tool application should run.

Press the "Scan" button

(Note #1: The application will "prompt" you to ask you if you want to purchase this product, just close out of this prompt/dialog box".)

Follow the prompts to scan your system for viruses. Then please post for me the log of infected files from the BOTTOM panel of the scan window in a reply to this post.

(Note #2: When you run the MWAV antivirus tool scan, I do not want the log produced when pressing the view log button. When you run this application to scan your computer, you will see two panes or panels. By pressing the "view log button" it will give you the information in the top pane or panel. I want you to post the information in the bottom pane or panel. The title for the bottom pane/panel should say: Virus Log Information. Please post the information in the bottom pane/panel in a reply to this post.)

(Note #3: Some users were having trouble copying the information in the bottom pane or panel. To copy the information from the bottom pane or panel, highligt the information in the "bottom pane/panel" with your mouse then on your keyboard press the following keys simultaneously: Ctrl + c. This will copy the information in the bottom pane to your clipboard. Then open up your notepad application, and paste the information from your clipboard into notepad and save the notepad file as "mwav.txt". Or you can past the contents of the clipboard directly into your next post using the paste function or pressing the following keys on your keyboard simultaneously, Ctrl + v.)

Please restart your computer and then post a new HijackThis log, along with the log from the MWAV antivirus tool application.

In addition, let me know in detail how your computer system is running after performing the above steps.

[bubbles4u35]

Hi Rambro,

I ran the MWAV tool. Below is the log along with the new Hjk log.
Thanks
Bubbs


Object "surfsidekick Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "lop.com Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "smitfraud Browser Hijacker" found in File System! Action Taken: No Action Taken.
Object "smitfraud Browser Hijacker" found in File System! Action Taken: No Action Taken.
File C:\WINDOWS\chadch.exe tagged as "not-a-virus:AdWare.Win32.SideFind.a". Action Taken: No Action Taken.
File C:\WINDOWS\unstall.exe tagged as "not-a-virus:AdWare.Win32.MediaMotor.o". Action Taken: No Action Taken.
File C:\WINDOWS\System32\svchq.exe infected by "Trojan-Downloader.Win32.Small.cqs" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\VSL03.exe.tcf infected by "Trojan-Downloader.Win32.Small.ctp" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\VSL05.exe infected by "Trojan-Downloader.Win32.Small.ctp" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\Ed\LOCALS~1\TEMPOR~1\Content.IE5\CPIRS9U3\count[1].jar infected by "Exploit.Java.ByteVerify" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\Ed\LOCALS~1\TEMPOR~1\Content.IE5\KT230XIR\new[1].htm infected by "Constructor.Perl.Msdds.b" Virus! Action Taken: No Action Taken.






Logfile of HijackThis v1.99.1
Scan saved at 12:06:25 AM, on 6/2/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\tp4serv.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ed\My Documents\Highjackthis.exe\HijackThis.exe

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.../7_2/home.html"); (C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\prefs.js)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1148887527406
O16 - DPF: {B495C654-5860-45D4-8EAA-5663B9393F33} (OVA Class) - http://go.microsoft....k/?linkid=49480
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: QCONSVC - Unknown owner - C:\WINDOWS\System32\QCONSVC.EXE

[rambro]

Dear bubbles4u35,

(Note: Please read through these instructions a couple of times before executing the steps in this post.)

You may want to print out these instructions or save them as a text file with "Notepad" to your desktop because we will be restarting into Safe Mode later on in the fix and you might not be able to access the Internet.
**************************

• Please download the Killbox by O^E. Unzip it to the desktop but do NOT run it yet.
  
• Then please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.
  
• Once in Safe Mode, please run Killbox. Put a check mark next to "End Explorer Shell While Killing File".
  
• In the main screen of Pocket KillBox, go to Tools in the top menu bar, and select: Delete Temp Files.
  
• When a box pops up, click the "Deleted Selected Temp Files" button.This may take a while.
  
• When it is done, click the "Exit (Save Settings)" button.
  
• Next, select "Delete on Reboot" button. The "Single File" button will be selected by default.
  
• Copy the file names below to the clipboard by highlighting them and pressing Control-C:
  
  
  C:\WINDOWS\chadch.exe
  C:\WINDOWS\unstall.exe
  C:\WINDOWS\System32\svchq.exe
  C:\WINDOWS\System32\VSL03.exe.tcf
  C:\WINDOWS\System32\VSL05.exe
  C:\Documents and Settings\Ed\Local Settngs\Temporary Internet Files\Content.IE5\CPIRS9U3\count[1].jar.
  C:\Documents and Settings\Ed\Local Settings\Temporary Internet Files\Content.IE5\KT230XIR\new[1].htm
  
  
• Return to Killbox, go to the File menu, and choose "Paste from Clipboard". Now you will see, that the files are pasted in the "Full Path of File to Delete" field. There's a little arrow (dropdown-arrow) next to that field. If you expand it, these lines must be there together!
  
• If you have mutliple files to delete: Press the "All Files"button. If you have one file to delete: Press the "Single File" button.
  
• Click the red-and-white "Delete File" button.If the "Single File" button is selected:
• A "Delete next Reboot" dialog box will pop up.
• A prompt will tell the user that "File will be removed on reboot, Do you want to reboot now"
• Click "Yes" at the "Delete next Reboot" dialog box if you want to reboot now.
• Click "No" at the "Delete next Reboot" dialog box if you want to do a manual reboot at a later time.

If the "All Files" button is selected:

• A "Delete next Reboot" dialog box will pop up.
• A prompt will tell the user that "Files will be removed on reboot, Do you want to reboot now"
• Click "Yes" at the "Delete next Reboot" dialog box if you want to reboot now.
• Click "No" at the "Delete next Reboot" dialog box if you want to do a manual reboot at a later time.

[*] The KillBox application will start the process to reboot your computer (i.e. you have the option to "abort" this reboot process).
[/list](Note: As a double check, search for the file/files I had you delete through the Killbox application to see if they are actually deleted. Let me know in detail if they were deleted.)

Please restart your computer and then post a new HijackThis log, along with a new log from the MWAV antivirus tool application.

In addition, let me know in detail how your computer system is running after performing the above steps.

[bubbles4u35]

Good Morning Rambro,
I ran Killbox in safe mode. Upon reboot into normal mode I was hit with alot of popups again. I searched for the files and nothing was found. I ran MWAV, below is the log file. Also the hjk log is listed.
Have a great day!
Bubbles


Object "surfsidekick Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "lop.com Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "smitfraud Browser Hijacker" found in File System! Action Taken: No Action Taken.
Object "smitfraud Browser Hijacker" found in File System! Action Taken: No Action Taken.





Logfile of HijackThis v1.99.1
Scan saved at 7:55:13 AM, on 6/2/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\tp4serv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ed\My Documents\Highjackthis.exe\HijackThis.exe

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.../7_2/home.html"); (C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Ed\Application Data\Mozilla\Profiles\default\825n7aha.slt\prefs.js)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1148887527406
O16 - DPF: {B495C654-5860-45D4-8EAA-5663B9393F33} (OVA Class) - http://go.microsoft....k/?linkid=49480
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: QCONSVC - Unknown owner - C:\WINDOWS\System32\QCONSVC.EXE

[rambro]

Dear bubbles4u35,

With the last post you performed are you still experiencing a great deal of popups?

Can you tell me what some of the popups say, if you are still experiencing these popups?

Dear bubbles4u35, you computer system looks clean to me, but I'll have you run a couple of more scans if you are still experiencing these popups?

Edited by rambro, 02 June 2006 - 06:10 PM.