dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
1418

LeslieB
@verizon.net

LeslieB

Anon

HJT Log - Need to get rid of Aurora pop-ups

Our computer is plagued by aurora pop-ups (now "The Best Offer" - same animal just with different stripes). They seem to be getting more frequent and seem to know when I'm looking at security sites!

I did the following to try and fix the problem (in all cases checking for updates before running software.
1. Ran Norton - it reported no viruses.
2. Ran 2 AV scanners: TrendMicro 's HouseCall reported and removed 5 spyware. spyw exctsear.a, awd widesearch.a, spyw aroundweb.a adw minigolf.a awd miway.e.
Mcaffee found Adsquash
3. Ran the 4 AS products. CWShredd found no cases of CoolWebSearch. AboutBuster also found nothing. Spybot which I already use regularly found the usual Aurora garbage and couldn't remove all problems. Most of the unremovables are similar to this Hkey-local-machine\system\control...\services\svcproc Adaware (which I also use regularly) finds several critical objects and removes them but when I re-run it (after reboot) it finds more critical problems
4. Ran Ewido several times: here is the last run's log:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 9:42:40 AM, 9/20/2005
+ Report-Checksum: AD469B3F

+ Scan result:

[1684] C:\WINDOWS\system32\ekjpfo.exe -> Trojan.Agent.cp : Cleaned with backup
C:\Documents and Settings\Dick\Cookies\dick@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Dick\Cookies\dick@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
:mozilla.10:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.11:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.12:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.15:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.16:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.24:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\James\Cookies\james@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Leslie\Application Data\Mozilla\Firefox\Profiles\0acgw7nc.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Leslie\Cookies\leslie@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Leslie\Cookies\leslie@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1073\A0244516.exe -> TrojanDropper.Paradrop.a : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1073\A0244520.exe -> TrojanDropper.Paradrop.a : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1073\A0244528.exe -> TrojanDropper.Paradrop.a : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1075\A0244595.exe -> TrojanDropper.Paradrop.a : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1075\A0244600.exe -> TrojanDropper.Paradrop.a : Cleaned with backup
C:\WINDOWS\SYSTEM32\ekjpfo.exe -> TrojanDropper.Paradrop.a : Cleaned with backup
C:\WINDOWS\Temp\Cookies\leslie@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\WINDOWS\Temp\Cookies\leslie@abetterinternet[1].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\WINDOWS\Temp\Cookies\leslie@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup

::Report End

The bottom line is the $&*%( pop ups are still here please if anyone can help I'll give you my first born!

The following is the hft log:

Logfile of HijackThis v1.99.1
Scan saved at 8:14:55 AM, on 9/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\RioMSC.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\system32\jknbdqh.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Stephanie\My Documents\Stuff\aim.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
G:\WinZip\WZQKPICK.EXE
C:\Program Files\Linksys\WUSB11 Config Utility\WUSB11Cfg.exe
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Program Files\Internet Explorer\iexplore.exe
G:\WINZIP\winzip32.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://education.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll (file missing)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [effhunu] C:\WINDOWS\system32\jknbdqh.exe r
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Documents and Settings\Stephanie\My Documents\Stuff\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: HPAiODevice(hp psc 900 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O4 - Global Startup: WinZip Quick Pick.lnk = G:\WinZip\WZQKPICK.EXE
O4 - Global Startup: Wireless USB Network Adapter Config Utility.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Documents and Settings\Stephanie\My Documents\Stuff\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} (Cameractl Class) - http://www.berkeley.edu/webcams/camera.cab
O16 - DPF: {CE9E88DD-FC6F-11D4-87EC-00B0D025628B} (SAS Graph v9) - http://www2.sas.com/codebase/graph/v9/sasgraph.exe
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/35/install/gtdownde.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4585/mcfscan.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: sasrfc Service (sasrfcService) - Unknown owner - C:\Program Files\SAS Institute\SAS\V8\access\sasexe\sasrfc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe

Thank you, one and all.

LeslieB

John2g
Qui Tacet Consentit
Premium Member
join:2001-08-10
England

John2g

Premium Member

This should help you. The part dealing with nailfix is the part you need to follow.

»HJT Log, Major Infection
John2g

John2g to LeslieB

Premium Member

to LeslieB
This is almost certainly some malware.

C:\WINDOWS\system32\jknbdqh.exe
O4 - HKLM\..\Run: [effhunu] C:\WINDOWS\system32\jknbdqh.exe r

TheJoker
MVM
join:2001-04-26
Charlottesville, VA

TheJoker to LeslieB

MVM

to LeslieB
John2g - the fix you referenced is old, there is a new fix that should take care of both the Nail infection, and the often difficult to remove Epolvy trojan that installs it (your second reply), and another infection that is often bundled.

LeslieB, BEFORE BEGINNING, Please read completely through the instructions below and download the files from the links provided. You may want to save or print out these instructions for easier reference.

First, update Ewido Security Suite.
1. From the main ewido screen, click on update in the left menu, then click the Start update button.
2. After the update finishes (the status bar at the bottom will display "Update successful")

Next, download Lavasoft's Ad-Aware and the VX2 Cleaner Plug-in. Install Ad-Aware using the default options, then install vx2cleaner_inst.exe, taking all the defaults there as well.

Run Ad-Aware, update to the latest definitions, then click on Add-ons in the lefthand column. Select VX2 Cleaner V2.0 and click Run Tool. Click "OK", then, if something is found, click "Clean" as in the directions given. Click "Close", and exit Ad-Aware.

Reboot your PC and run Ad-Aware again. This time, click on the Start button in Ad-Aware, select "Perform smart system scan" and click Next. Once the scan finishes, click "Next" again. Select all objects found (right click anywhere in the list of found objects and click "Select All Objects"). Click "Next" one more time, then "OK" to confirm the removal.

You will be prompted to set Ad-Aware to run on reboot, click "OK". Exit Ad-Aware and restart your PC once again.

When Ad-Aware starts up, click on "Start", then "Next". Follow the steps above if anything is found, or click "Finish", then exit Ad-Aware.

Now run Ewido again
1. Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.
2. If ewido finds anything, it will pop up a notification. We have been finding some cases of false positives with the new version of Ewido, so we need to step through the fixes one-by-one. If Ewido finds something that you KNOW is legitimate (for example, parts of AVG Antivirus, pcAnywhere and the game "Risk" have been flagged), select "none" as the action. DO NOT check "Perform action with all infections". If you are unsure of an entry, select "none" for the time being. I'll see that in the log you will post later and let you know if ewido needs to be run again.
3. When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.

Please finish up by rebooting your system once more, and posting a new HijackThis log and the log from the Ewido scan.

John2g
Qui Tacet Consentit
Premium Member
join:2001-08-10
England

John2g

Premium Member

Thank you. I'd not heard of the Epolvy trojan before. I now read that they are commonly linked.

LeslieB
@verizon.net

LeslieB to TheJoker

Anon

to TheJoker
Thanks for answering so quickly. I did what you suggested.

When I ran Ad-Aware with the VX2 plug-in the first time there was one instance of vx2, after I rebooted and ran the smart system scan it found 33 criticals 29 of those were VX2 related. The third time I ran it (Ad-aware) it was clean!
The following is the log form Ewido. As you can see I deleted 'abetterinternet' and 'trojan...' but not the other spyware cookies:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 12:20:59 PM, 9/22/2005
+ Report-Checksum: 24B205E1

+ Scan result:

:mozilla.11:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Burstnet : Ignored
:mozilla.12:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Burstnet : Ignored
:mozilla.13:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Ignored
:mozilla.14:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Ignored
:mozilla.19:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Statcounter : Ignored
:mozilla.20:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Ignored
:mozilla.21:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Ignored
:mozilla.22:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Ignored
:mozilla.27:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Trafficmp : Ignored
:mozilla.28:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Trafficmp : Ignored
:mozilla.29:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Trafficmp : Ignored
:mozilla.30:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Trafficmp : Ignored
:mozilla.31:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Trafficmp : Ignored
:mozilla.32:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Trafficmp : Ignored
:mozilla.33:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Trafficmp : Ignored
:mozilla.34:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Trafficmp : Ignored
:mozilla.42:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Ignored
:mozilla.43:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Doubleclick : Ignored
:mozilla.44:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Ignored
:mozilla.46:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Ignored
:mozilla.47:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Ignored
:mozilla.58:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.59:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.60:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.62:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.63:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.73:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Fastclick : Ignored
:mozilla.74:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Fastclick : Ignored
:mozilla.75:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Fastclick : Ignored
:mozilla.76:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Fastclick : Ignored
:mozilla.77:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Specificclick : Ignored
:mozilla.78:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Specificclick : Ignored
:mozilla.79:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Specificclick : Ignored
:mozilla.80:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Specificclick : Ignored
:mozilla.81:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Specificclick : Ignored
:mozilla.89:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Mediaplex : Ignored
:mozilla.91:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Euroclick : Ignored
:mozilla.92:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Euroclick : Ignored
:mozilla.93:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Euroclick : Ignored
:mozilla.94:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Ignored
:mozilla.107:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Com : Ignored
:mozilla.108:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Com : Ignored
:mozilla.109:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Pointroll : Ignored
:mozilla.110:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Pointroll : Ignored
:mozilla.111:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Pointroll : Ignored
:mozilla.114:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Serving-sys : Ignored
:mozilla.115:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Serving-sys : Ignored
:mozilla.116:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Serving-sys : Ignored
:mozilla.117:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Serving-sys : Ignored
:mozilla.118:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Targetnet : Ignored
:mozilla.119:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Targetnet : Ignored
:mozilla.121:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Casalemedia : Ignored
:mozilla.122:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Casalemedia : Ignored
:mozilla.123:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Bluestreak : Ignored
:mozilla.125:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Questionmarket : Ignored
:mozilla.8:C:\Documents and Settings\Leslie\Application Data\Mozilla\Firefox\Profiles\0acgw7nc.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.12:C:\Documents and Settings\Leslie\Application Data\Mozilla\Firefox\Profiles\0acgw7nc.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.14:C:\Documents and Settings\Leslie\Application Data\Mozilla\Firefox\Profiles\0acgw7nc.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.15:C:\Documents and Settings\Leslie\Application Data\Mozilla\Firefox\Profiles\0acgw7nc.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.18:C:\Documents and Settings\Leslie\Application Data\Mozilla\Firefox\Profiles\0acgw7nc.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.19:C:\Documents and Settings\Leslie\Application Data\Mozilla\Firefox\Profiles\0acgw7nc.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.20:C:\Documents and Settings\Leslie\Application Data\Mozilla\Firefox\Profiles\0acgw7nc.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.21:C:\Documents and Settings\Leslie\Application Data\Mozilla\Firefox\Profiles\0acgw7nc.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.22:C:\Documents and Settings\Leslie\Application Data\Mozilla\Firefox\Profiles\0acgw7nc.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.23:C:\Documents and Settings\Leslie\Application Data\Mozilla\Firefox\Profiles\0acgw7nc.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.24:C:\Documents and Settings\Leslie\Application Data\Mozilla\Firefox\Profiles\0acgw7nc.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.44:C:\Documents and Settings\Leslie\Application Data\Mozilla\Firefox\Profiles\0acgw7nc.default\cookies.txt -> Spyware.Cookie.Adserver : Ignored
:mozilla.45:C:\Documents and Settings\Leslie\Application Data\Mozilla\Firefox\Profiles\0acgw7nc.default\cookies.txt -> Spyware.Cookie.Adserver : Ignored
:mozilla.46:C:\Documents and Settings\Leslie\Application Data\Mozilla\Firefox\Profiles\0acgw7nc.default\cookies.txt -> Spyware.Cookie.Fastclick : Ignored
:mozilla.47:C:\Documents and Settings\Leslie\Application Data\Mozilla\Firefox\Profiles\0acgw7nc.default\cookies.txt -> Spyware.Cookie.Fastclick : Ignored
:mozilla.48:C:\Documents and Settings\Leslie\Application Data\Mozilla\Firefox\Profiles\0acgw7nc.default\cookies.txt -> Spyware.Cookie.Fastclick : Ignored
:mozilla.49:C:\Documents and Settings\Leslie\Application Data\Mozilla\Firefox\Profiles\0acgw7nc.default\cookies.txt -> Spyware.Cookie.Fastclick : Ignored
:mozilla.63:C:\Documents and Settings\Leslie\Application Data\Mozilla\Firefox\Profiles\0acgw7nc.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Ignored
:mozilla.66:C:\Documents and Settings\Leslie\Application Data\Mozilla\Firefox\Profiles\0acgw7nc.default\cookies.txt -> Spyware.Cookie.Mediaplex : Ignored
:mozilla.72:C:\Documents and Settings\Leslie\Application Data\Mozilla\Firefox\Profiles\0acgw7nc.default\cookies.txt -> Spyware.Cookie.Googleadservices : Ignored
C:\Documents and Settings\Dick\Cookies\dick@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
:mozilla.41:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.45:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.61:C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\rnc7wepj.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Leslie\Cookies\leslie@abetterinternet[1].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1063\A0244001.exe -> Trojan.Stervis.h : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1068\A0244193.exe -> Trojan.Stervis.h : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1068\A0244194.dll -> Trojan.Agent.iw : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1069\A0244262.exe -> Trojan.Stervis.h : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1069\A0244263.dll -> Trojan.Agent.iw : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1069\A0244278.exe -> Trojan.Stervis.h : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1069\A0244279.dll -> Trojan.Agent.iw : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1069\A0244296.exe -> Trojan.Stervis.h : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1069\A0244297.dll -> Trojan.Agent.iw : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1070\A0244314.exe -> Trojan.Stervis.h : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1070\A0244339.exe -> Trojan.Stervis.h : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1070\A0244340.dll -> Trojan.Agent.iw : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1070\A0244360.exe -> Trojan.Stervis.h : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1070\A0244361.dll -> Trojan.Agent.iw : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1073\A0244539.exe -> Trojan.Stervis.h : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1073\A0244540.dll -> Trojan.Agent.iw : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1074\A0244552.dll -> Trojan.Agent.iw : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1074\A0244554.exe -> Trojan.Stervis.h : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1075\A0244560.dll -> Trojan.Agent.iw : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1075\A0244588.exe -> Trojan.Stervis.h : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1076\A0244620.dll -> Trojan.Agent.iw : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1076\A0244621.exe -> Trojan.Stervis.h : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1077\A0244634.dll -> Trojan.Agent.iw : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1077\A0244638.exe -> TrojanDropper.Paradrop.a : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1077\A0244646.exe -> Trojan.Stervis.h : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1078\A0244660.exe -> TrojanDropper.Paradrop.a : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1079\A0244681.exe -> TrojanDropper.Paradrop.a : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1079\A0244692.exe -> TrojanDropper.Paradrop.a : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1079\A0244693.exe -> TrojanDropper.Paradrop.a : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1079\A0244694.exe -> TrojanDropper.Paradrop.a : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1079\A0244717.exe -> TrojanDropper.Paradrop.a : Cleaned with backup
C:\WINDOWS\SYSTEM32\jknbdqh.exe -> TrojanDropper.Paradrop.a : Cleaned with backup
C:\WINDOWS\Temp\Cookies\leslie@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\WINDOWS\Temp\Cookies\leslie@abetterinternet[1].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\WINDOWS\Temp\Cookies\leslie@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup

::Report End

Finally, here is my new HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 12:26:13 PM, on 9/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\RioMSC.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
G:\WinZip\WZQKPICK.EXE
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://education.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll (file missing)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: HPAiODevice(hp psc 900 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O4 - Global Startup: WinZip Quick Pick.lnk = G:\WinZip\WZQKPICK.EXE
O4 - Global Startup: Wireless USB Network Adapter Config Utility.lnk.disabled
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Documents and Settings\Stephanie\My Documents\Stuff\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} (Cameractl Class) - http://www.berkeley.edu/webcams/camera.cab
O16 - DPF: {CE9E88DD-FC6F-11D4-87EC-00B0D025628B} (SAS Graph v9) - http://www2.sas.com/codebase/graph/v9/sasgraph.exe
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/35/install/gtdownde.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4585/mcfscan.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: sasrfc Service (sasrfcService) - Unknown owner - C:\Program Files\SAS Institute\SAS\V8\access\sasexe\sasrfc.exe

TheJoker
MVM
join:2001-04-26
Charlottesville, VA

TheJoker to LeslieB

MVM

to LeslieB
Why keep the other tracking cookies? Those are for tracking, I would get rid of them if it was me, but they won't harm anything. If you decide to do that, just run Ewido again, and there would be no need to run it in Safe mode like before.

Now you need to run HijackThis and click "Do a system scan only." Place a check next to the following entries (if they are still there):

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = »red.clientapps.yahoo.com/customize/ie/..
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing)
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll (file missing)
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll (file missing)


You can optionally check the following entry. This is part of Microsoft Office located in your Startup folder, but it’s not needed, and it’s a resource hog:
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

Now close all browser and other windows except for HijackThis, and click "Fix Checked" to have HijackThis fix the entries you checked.

Please restart your system, can post a new HijackThis log.

LeslieB
@verizon.net

LeslieB

Anon

I kept the cookies because, although I know what tracking cookies are, I did not know exactly who put them there. Actually, at that time I think I'd done one too many scans (some of which take hours) and was getting a bit loopy. However, I have since removed them and ran the HJT 'fix checked' job as you suggested.
I'm keeping my fingers crossed, because I have seen no more unwanted pop-ups since running the VX2 Cleaner plug-in with Ad-Aware. So if you still want my first born.... No, really thank you, my family and I can't thank you enough.

One tiny question. I opened the program remover task on the control panel. The task "The Best Offers" is still there and still won't let me remove it unless I go to their web site and use their remover. Now I know sometimes I do dumb things like not removing tracking cookies, but I'm not THAT stupid. Any idea how to manually remove it and/or any thoughts that it may start up again since it's still sitting there.

Once again thank you,

Leslie
LeslieB

LeslieB

Anon

I meant to attach my last log from HJT to my above message:

Logfile of HijackThis v1.99.1
Scan saved at 8:02:25 AM, on 9/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\RioMSC.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Verizon Online\bin\mpbtn.exe
G:\WinZip\WZQKPICK.EXE
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Program Files\Common Files\Vbox\Common\vboxm.dll
C:\WINDOWS\system32\RUNDLL32.exe
C:\WINDOWS\system32\RUNDLL32.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://education.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: HPAiODevice(hp psc 900 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
O4 - Global Startup: Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O4 - Global Startup: WinZip Quick Pick.lnk = G:\WinZip\WZQKPICK.EXE
O4 - Global Startup: Wireless USB Network Adapter Config Utility.lnk.disabled
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Documents and Settings\Stephanie\My Documents\Stuff\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} (Cameractl Class) - http://www.berkeley.edu/webcams/camera.cab
O16 - DPF: {CE9E88DD-FC6F-11D4-87EC-00B0D025628B} (SAS Graph v9) - http://www2.sas.com/codebase/graph/v9/sasgraph.exe
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/35/install/gtdownde.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4585/mcfscan.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: sasrfc Service (sasrfcService) - Unknown owner - C:\Program Files\SAS Institute\SAS\V8\access\sasexe\sasrfc.exe

TheJoker
MVM
join:2001-04-26
Charlottesville, VA

TheJoker to LeslieB

MVM

to LeslieB
Congratulations, your HijackThis log is clean.

All I see left is the uninstall entry for Best Offers that you mentioned, so lets get rid of that.

Open HijackThis, and click the "Open the Misc Tools section" button, and in the window that opens, click the "Open Uninstall Manager" button. In the program list, find "Best Offers", left click on it once, and then left-click the "Delete this entry" button. Ok your way out, and close HijackThis.

You need a software firewall. I didn't see one in your HijackThis log. Two free firewalls are Zone Alarm from zonelabs.com »www.zonelabs.com/store/c ··· load.jsp or Kerio Personal Firewall available from »www.kerio.com/us/kpf_home.html. There is a tutorial on understanding firewalls at »www.bleepingcomputer.com ··· l60.html.

There are several free utilities you can use to help keep malware off your system:

A HOSTS file will prevent Internet Explorer from communicating with sites associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available at »www.mvps.org/winhelp2002 ··· osts.htm.

IE/SPYAD adds sites associated with ads and spyware to your Internet Restricted Zone and you can download that at »netfiles.uiuc.edu/ehowes ··· #IESPYAD.

A free non-resident utility to prevent the installation of ActiveX-based malware is JavaCool's SpywareBlaster. For real-time protection, there is SpywareGuard. Both are available at »www.javacoolsoftware.com ··· cts.html.

I recommend reading Tony Klein's article How did I get Infected? at »www.computercops.biz/pos ··· 36-.html

Does your problem appear fixed?

LeslieB
@verizon.net

LeslieB

Anon

Thanks again - that worked. And yes, I'm glad of your advice to install a software firewall. Once I fixed things, I intended to figure out how to prevent this happening again. It's been a long strange journey (For someone from UNIX land). First you're told to install something like Norton. Then Adaware and Spybot and let's not forget to clean up all the temp files so there's Cleanup! Then a problem like this occurs and you need all the utilities like ewido and cwshredder. I'm starting to think that half my PC will be devoted to protecting my PC.

But, at least my faith in humanity is being restored by people like you and the rest on this board! You don't by any chance have an aunt and uncle who just moved to VA?

UncleJesse
@dhcp.ftwo.tx.charter

UncleJesse to TheJoker

Anon

to TheJoker
Thank's Joker. I didn't have to ask the question and you've saved me hours of work allready. You really have gone above and beyond for LeslieB so I just wanted you to know that it didn't stop there. Thanks again.
Flatey
join:2005-12-02
Winnipeg, MB

Flatey to John2g

Member

to John2g
Hi, site noob here.
I wont quote everything here tho but i just read joker explain this.
Now im just trying to understand it all.

So... Ill just say that ive been having bandwidth problems, PC cillin didnt catch anything, and niether did microcraps antiSpyware for XP.
SO the first thing i did was use Scan with Microtrend HOUSECALL and came up with a pile of cookies and SPYW EXCTSEAR.A So not knowing what this was i got housecall to remove them all.
SO i did a search on that spyw exctsear.a and it gave me this site.
So hear i am.
THEN i read through everything here and downloaded the following.
:ewido security suite
: Adaware SE personal
: CCleaner
:spybotS&D
and Hijackthis
Ive installed everything and only ran Adaware... i dont see the original file Housecall removed.
COuldnt update ewido for some reason after installing it.
Showed no updates, so hopefully its just the right version.
So im guessing this is why i didnt see anything displayed as " update Successful"
DL'd and installed adaware with the VX2 Cleaner plug in only after id already scanned once(think thats where i messed up already).
If ive already screwed up here... Can i get a little help in the right sequence i can try again?...
I dont wanna mess anything else up. If thats possible.
Much appreciated folks. bear with me.
:inflateablesoulmate

John2g
Qui Tacet Consentit
Premium Member
join:2001-08-10
England

John2g

Premium Member

I didn't understand your post. If you have a problem with your computer, you should start here:»Security »I think my computer is infected or hijacked. What should I do?
Flatey
join:2005-12-02
Winnipeg, MB

Flatey to LeslieB

Member

to LeslieB
alright. thnx
The only reason i started here is becuase when i first did a search on SPYW EXCTSEAR.A This thread was the only result.
But ill go check out noobland.