Need a bit of help please

[Unregistered]

Code:

Logfile of HijackThis v1.99.1
Scan saved at 1:06:21 PM, on 3/14/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\AlteerUser.ALTEER.000\Local Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://216.130.185.122/sidesearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://216.130.185.122/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Provided by Advanced Medical Technologies
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F3 - REG:win.ini: run= 
O1 - Hosts: 66.180.173.39 www.google.ae
O1 - Hosts: 66.180.173.39 www.google.am
O1 - Hosts: 66.180.173.39 www.google.as
O1 - Hosts: 66.180.173.39 www.google.at
O1 - Hosts: 66.180.173.39 www.google.az
O1 - Hosts: 66.180.173.39 www.google.be
O1 - Hosts: 66.180.173.39 www.google.bi
O1 - Hosts: 66.180.173.39 www.google.ca
O1 - Hosts: 66.180.173.39 www.google.cd
O1 - Hosts: 66.180.173.39 www.google.cg
O1 - Hosts: 66.180.173.39 www.google.ch
O1 - Hosts: 66.180.173.39 www.google.ci
O1 - Hosts: 66.180.173.39 www.google.cl
O1 - Hosts: 66.180.173.39 www.google.co.cr
O1 - Hosts: 66.180.173.39 www.google.co.hu
O1 - Hosts: 66.180.173.39 www.google.co.il
O1 - Hosts: 66.180.173.39 www.google.co.in
O1 - Hosts: 66.180.173.39 www.google.co.je
O1 - Hosts: 66.180.173.39 www.google.co.jp
O1 - Hosts: 66.180.173.39 www.google.co.ke
O1 - Hosts: 66.180.173.39 www.google.co.kr
O1 - Hosts: 66.180.173.39 www.google.co.ls
O1 - Hosts: 66.180.173.39 www.google.co.nz
O1 - Hosts: 66.180.173.39 www.google.co.th
O1 - Hosts: 66.180.173.39 www.google.co.ug
O1 - Hosts: 66.180.173.39 www.google.co.uk
O1 - Hosts: 66.180.173.39 www.google.co.ve
O1 - Hosts: 66.180.173.39 www.google.com
O1 - Hosts: 66.180.173.39 www.google.com.ag
O1 - Hosts: 66.180.173.39 www.google.com.ar
O1 - Hosts: 66.180.173.39 www.google.com.au
O1 - Hosts: 66.180.173.39 www.google.com.br
O1 - Hosts: 66.180.173.39 www.google.com.co
O1 - Hosts: 66.180.173.39 www.google.com.cu
O1 - Hosts: 66.180.173.39 www.google.com.do
O1 - Hosts: 66.180.173.39 www.google.com.ec
O1 - Hosts: 66.180.173.39 www.google.com.fj
O1 - Hosts: 66.180.173.39 www.google.com.gi
O1 - Hosts: 66.180.173.39 www.google.com.gr
O1 - Hosts: 66.180.173.39 www.google.com.gt
O1 - Hosts: 66.180.173.39 www.google.com.hk
O1 - Hosts: 66.180.173.39 www.google.com.ly
O1 - Hosts: 66.180.173.39 www.google.com.mt
O1 - Hosts: 66.180.173.39 www.google.com.mx
O1 - Hosts: 66.180.173.39 www.google.com.my
O1 - Hosts: 66.180.173.39 www.google.com.na
O1 - Hosts: 66.180.173.39 www.google.com.nf
O1 - Hosts: 66.180.173.39 www.google.com.ni
O1 - Hosts: 66.180.173.39 www.google.com.np
O1 - Hosts: 66.180.173.39 www.google.com.pa
O1 - Hosts: 66.180.173.39 www.google.com.pe
O1 - Hosts: 66.180.173.39 www.google.com.ph
O1 - Hosts: 66.180.173.39 www.google.com.pk
O1 - Hosts: 66.180.173.39 www.google.com.pr
O1 - Hosts: 66.180.173.39 www.google.com.py
O1 - Hosts: 66.180.173.39 www.google.com.sa
O1 - Hosts: 66.180.173.39 www.google.com.sg
O1 - Hosts: 66.180.173.39 www.google.com.sv
O1 - Hosts: 66.180.173.39 www.google.com.tr
O1 - Hosts: 66.180.173.39 www.google.com.tw
O1 - Hosts: 66.180.173.39 www.google.com.ua
O1 - Hosts: 66.180.173.39 www.google.com.uy
O1 - Hosts: 66.180.173.39 www.google.com.vc
O1 - Hosts: 66.180.173.39 www.google.com.vn
O1 - Hosts: 66.180.173.39 www.google.de
O1 - Hosts: 66.180.173.39 www.google.dj
O1 - Hosts: 66.180.173.39 www.google.dk
O1 - Hosts: 66.180.173.39 www.google.es
O1 - Hosts: 66.180.173.39 www.google.fi
O1 - Hosts: 66.180.173.39 www.google.fm
O1 - Hosts: 66.180.173.39 www.google.fr
O1 - Hosts: 66.180.173.39 www.google.gg
O1 - Hosts: 66.180.173.39 www.google.gl
O1 - Hosts: 66.180.173.39 www.google.gm
O1 - Hosts: 66.180.173.39 www.google.hn
O1 - Hosts: 66.180.173.39 www.google.ie
O1 - Hosts: 66.180.173.39 www.google.it
O1 - Hosts: 66.180.173.39 www.google.kz
O1 - Hosts: 66.180.173.39 www.google.li
O1 - Hosts: 66.180.173.39 www.google.lt
O1 - Hosts: 66.180.173.39 www.google.lu
O1 - Hosts: 66.180.173.39 www.google.lv
O1 - Hosts: 66.180.173.39 www.google.mn
O1 - Hosts: 66.180.173.39 www.google.ms
O1 - Hosts: 66.180.173.39 www.google.mu
O1 - Hosts: 66.180.173.39 www.google.mw
O1 - Hosts: 66.180.173.39 www.google.nl
O1 - Hosts: 66.180.173.39 www.google.no
O1 - Hosts: 66.180.173.39 www.google.off.ai
O1 - Hosts: 66.180.173.39 www.google.pl
O1 - Hosts: 66.180.173.39 www.google.pn
O1 - Hosts: 66.180.173.39 www.google.pt
O1 - Hosts: 66.180.173.39 www.google.ro
O1 - Hosts: 66.180.173.39 www.google.ru
O1 - Hosts: 66.180.173.39 www.google.rw
O1 - Hosts: 66.180.173.39 www.google.se
O1 - Hosts: 66.180.173.39 www.google.sh
O1 - Hosts: 66.180.173.39 www.google.sk
O1 - Hosts: 66.180.173.39 www.google.sm
O1 - Hosts: 66.180.173.39 www.google.td
O1 - Hosts: 66.180.173.39 www.google.tm
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINNT\systb.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINNT\isrvs\sysupd.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: Begin2Search.com Bar - {207AEF46-0596-4966-A7BF-098F247E85BB} - C:\WINNT\system32\ic2_win.dll
O3 - Toolbar: (no name) - {12EE7A5E-0674-42f9-A76B-000000004D00} - (no file)
O3 - Toolbar: Search Bar - {4E7BD74F-2B8D-469E-A1F6-FC7EB590A97D} - C:\WINNT\DOWNLO~1\search3.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Opware12] "C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe"
O4 - HKLM\..\Run: [urqdvrfzrs] C:\WINNT\system32\poxqfkh.exe
O4 - HKLM\..\Run: [conscorr] C:\WINNT\conscorr.exe
O4 - HKLM\..\Run: [MoodLogic Updater] C:\Program Files\MoodLogic\Service\Updater.exe
O4 - HKLM\..\Run: [satmat] C:\WINNT\satmat.exe
O4 - HKLM\..\Run: [antiware] C:\winnt\system32\elitetcz32.exe
O4 - HKLM\..\Run: [winupdtl] C:\WINNT\system32\winupdt.exe
O4 - HKLM\..\Run: [npkdbc] C:\WINNT\system32\npkdbc.exe
O4 - HKLM\..\Run: [woshnahj] C:\Program Files\woshnahj\woshnahj.exe
O4 - HKLM\..\Run: [C:\WINNT\npnwmnq.exe] C:\WINNT\npnwmnq.exe
O4 - HKLM\..\Run: [xyzfmc] C:\WINNT\system32\xyzfmc.exe
O4 - HKLM\..\Run: [App32dll] C:\winnt\system32\msnavc32.exe lee0105
O4 - HKLM\..\Run: [Bvowtmn] C:\Program Files\Rkka\Hpxt.exe
O4 - HKLM\..\Run: [Gpdwphac] C:\Program Files\Tcdhmd\Yeinnkp.exe
O4 - HKLM\..\Run: [{12EE7A5E-0674-42f9-A76B-000000004D00}] rundll32.exe stlb2.dll,DllRunMain
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [scrsvc] C:\WINNT\system32\scrsvc.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [SiS Tray] C:\WINNT\system32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINNT\system32\khooker.exe
O4 - HKLM\..\Run: [Narrator] C:\WINNT\system32\wvgrki.exe
O4 - HKLM\..\Run: [Desktop Search] C:\WINNT\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINNT\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [SAHBundle] C:\DOCUME~1\ALTEER~1.000\LOCALS~1\Temp\BundleLite_razormedia1003.exe run
O4 - HKLM\..\Run: [We4M502m] C:\winnt\system32\We4M502m.exe
O4 - HKLM\..\Run: [gZxZJ.exe] c:\winnt\system32\gZxZJ.exe
O4 - HKLM\..\Run: [BPT] "C:\Program Files\Bpt\bpt.exe"
O4 - HKLM\..\Run: [DI2] "C:\DOCUME~1\ALTEER~1.000\LOCALS~1\Temp\27.exe\27.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [vga256] C:\WINNT\system32\vga256.exe
O4 - HKCU\..\Run: [wshtcpip] C:\WINNT\system32\wshtcpip.exe
O4 - HKCU\..\Run: [sysmonnt] C:\WINNT\system32\sysmonnt
O4 - HKCU\..\Run: [ezwbr] C:\WINNT\system32\ezwbr.exe
O4 - Startup: OpenOffice.org 1.1.3.lnk = C:\Program Files\OpenOffice.org1.1.3\program\quickstart.exe
O4 - Global Startup: hkitnu.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ScanDirect.lnk = C:\Program Files\Visioneer\PaperPort\ppscandr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: Your PC is infected with Spyware - click here to fix your PC - {FB74C951-ACA1-4e33-A94C-A9261EB2CCB7} - https://www.spydeleter.com/order2.php?KBID=1062 (file missing)
O15 - Trusted Zone: http://ad.searchsquire.com
O15 - Trusted Zone: http://search.searchsquire.com
O15 - Trusted Zone: http://update.searchsquire.com
O15 - Trusted Zone: http://www.searchsquire.com
O15 - Trusted Zone: http://*.searchsquire.com
O16 - DPF: {07637823-C894-4A52-B3F9-5D777FD8E36A} - http://www.mydailyhoroscope.net/mdh/install.cab
O16 - DPF: {197AB1D7-A7DD-4C86-A938-1FCC0DB21B85} (DMProxyCtl Class) - http://dm.cometsystems.com/dm/dm_286.cab
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} - http://static.topconverting.com/activex/loader2.ocx
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_01) - 
O16 - DPF: {8E66A776-A350-4D69-8783-906DB0E6DF14} (Jaunt Class) - http://download.jaunt.com/public/jaunt.cab
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) - 
O16 - DPF: {EB623776-492A-42CA-9571-3AA39F58530B} - http://www.alwaysupdatednews.com/install/aun_0010.exe
O16 - DPF: {FE4BBEA8-1EFD-4B8A-BD1B-341CCDBEEAA6} - http://ads.dealhelper.com/updates/DealHelperNew.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = alteer.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = alteer.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = alteer.local
O18 - Protocol: relatedlinks - {CD8D1CAA-FE4A-45DF-A06C-028AAF1821DE} - (no file)
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINNT\isrvs\mfiltis.dll
O20 - Winlogon Notify: CSCSettings - C:\WINNT\system32\jtlu0739e.dll
O20 - Winlogon Notify: PCANotify - C:\WINNT\SYSTEM32\PCANotify.dll
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: DM1Service - OLYMPUS Corporation - C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Windows Installer (MSIServer) - Unknown owner - C:\WINNT\System32\MsiExec.exe (file missing)
O23 - Service: OmniForm Printer - Unknown owner - C:\WINNT\System32\ofps.exe (file missing)

I have ran spybot and stinger and gotten rid of alot of stuff but need help with this. I attempted to upload info to the site but it gave me an error.

Any help would be appreciated.


Thanks in advance

Jeremy

[Ruby]

Hello Jeremy - welcome to HijackThis.

Please take a visit to Windows
www.windowsupdate.com to get all the updates and Patches you have missed and ServicePack2.

Turn off System Restore.

Make sure you set windows to see the hidden files and folders.

Remember that Hijackthis must be run in an own folder. Only if Hijackthis run in an own folder it will create backups!
C:\Program Files\HijackThis\

Please give at first the following files to Upload malicious software:

C:\WINDOWS\System32\MSDATLST.exe
c:\MSudt32.exe
c:\mwseput32.exe
C:\WINDOWS\qvedfoc.exe
C:\Program\COMMON~1\tsa\tsl2.exe
MSDATLST.exe
C:\WINDOWS\inst\kill.exe
C:\WINDOWS\System32\wuytc.exe

We must check it out which kind of malware it is.

[Ruby]

Example HOSTFILE:
#open HijackThis
Config< Misc Tools < Open Hosts file Manager < Delete line <
delete all but:
# 102.54.94.97 rhino.acme.com # Quellserver
# 38.25.63.10 x.acme.com # x-Clienthost
127.0.0.1 localhost

hoster.zip
Press 'Restore Original Hosts' and press 'OK'
Exit Program.

------------------------
--> !!! save it to your desktop!!! --> DelDomains.inf
Close your Internet Explorer! Double-click on "DelDomains.inf" -> install it to your desktop.
Run by Double-Click.
This will remove all entries in the "Trusted Zone" and "Ranges" also.
------------------------

Please print out this instructions of safe it as a textfile (*.txt) since we ask you to
work offline in safe mode. Follow the STEPS.

STEP 1
Turn off System Restore during the whole time we are working at your system.

STEP 2
Download:

zipgenius (if you have no zip-tool)
mwavscan: mwav.exe -
(MUST!) Unzip the 'mwav.exe' into a new to create directory 'c:\bases' (!).
Use 'kavupd.exe' to get the latest signatures (MUST!).
If you 'hear' that the signatures are more than 30 days old, stay trying.
You will get the actual signatures. Keep trying!

STEP 3
Turn to safe mode. Disconnect to the net.

STEP 4
Run mwavscan

Close everything else, close all windows, all browsers, all programs.

Start a full scan (all files!) [Memory, StartUp-Folders, Drives, All Local Drives,
Registry and INI Files, System Folders, Services must be checkmarked] by
running 'mwavscan.com' (directory c:\bases): Click on 'Scan clean' of 'Scan'.
The Scan can take some hours. When it's finished, 'view log' and safe it!

STEP 5
Reboot your system into normal mode.

STEP 6
Search the logfile 'mwav.log' in directory 'c:\bases'. Open the logfile with an
editor. Look for the files which are tagged as "virus" (of "infected").
Copy&paste all these files tagged as "virus" (of "infected") in a new document.

STEP 7
---> post every file mwavscan tagged as "virus" (of "infected")
---> and the names of the virusses.

(It looks like this: File C:\WINDOWS\sssasasb32.exe infected by "Trojan-Downloader.Win32.Agent.ig" Virus. Action Taken)

---> Also post the result:

=>Total Number of Files Scanned:
=>Total Number of Virus(es) Found:
=>Total Number of Disinfected Files:
=>Total Number of Files Renamed:
=>Total Number of Deleted Files:
=>Total Number of Errors:
***** Scanning complete. *****


Please note: Adware T.V. Media Program Removal Tool - Keep your computer safe

[MrWho]

Thanks for the response Ruby. First of all this is windows 2k running sp4 and I do not believe there is an option for system restore unless you know of something but I checked it is already off. I uploaded a handful of files to the upload site I will be running the scan here shortly and will post when it is done.


Thanks again
Jeremy

[Ruby]

Hello MrWho

Sorry for asking you to turn off system restore. I didn't see that you run another OS. I'm used to work with people running WindowsXP. So sometimes I don't mention that there is somebody running something else...

Let me please know the results of the scan, also post a new HJT-Logfile and then we can go on to free your system from the pest.

[MrWho]

Once I get to that office today I will post everything up for you. I was told by a lady at the office that it had found 500+ infected files and deleted almost 200 of them. Now supposedly the remaining were all spyware files. Now I have ran Spybot and obviously it did not get too far. Is there something better or newer? Anyways I will get back to you later this afternoon. Thanks for all the help.


Jeremy

[Ruby]

Hi MrWho

first of all, I will see all virus files which are deleted. If you let me see, some of your adware files, I can tell you what to do with. I think that you could get rid of a part of your adware files by using Ad-Aware SE. But some of these files are so deep in the system, that they can only be removed manually. It will be much work. But you also may formate your system, then perhaps you won't have so much work.

[MrWho]

Ruby I am having trouble loading the logfile from mwav so I have uploaded it to my site please go to the following link for the log file. http://www.atvci.net/~archer/mwav.log it is a 6 MB file which maybe the problem with uploading it to the site. I have already sent in a msg to the webmaster and tech support of the site with the error I am getting when posting. Please advise me further. Thanks once again.


Jeremy

[Ruby]

Hi Jeremy

I won't see the whole logfile of mwavscan...
I only wanted to see 430 Virus-files.

Thu Mar 17 15:15:45 2005 => Total Number of Files Scanned: 61710
Thu Mar 17 15:15:45 2005 => Total Number of Virus(es) Found: 430
Thu Mar 17 15:15:45 2005 => Total Number of Disinfected Files: 0
Thu Mar 17 15:15:45 2005 => Total Number of Files Renamed: 6
Thu Mar 17 15:15:45 2005 => Total Number of Deleted Files: 134
Thu Mar 17 15:15:45 2005 => Total Number of Errors: 11
Thu Mar 17 15:15:45 2005 => Time Elapsed: 00:36:00
Thu Mar 17 15:15:45 2005 => Virus Database Date: 2005/03/17
Thu Mar 17 15:15:45 2005 => Virus Database Count: 122325


Well the viruses are deleted. Now we will have to delete the adware files. But first of all you must clean up your system:

Please download:

IE Privacy Keeper 2.3

ClearProg
"Clear all" and "Clear" must be chekcmarked.

CCleaner (Crap Cleaner)
Under windows tab check internet explorer, windows explorer, and system. Then click Run Cleaner.

Let the programs scan your system and clean all (temporary) folders.

Reboot in safe mode [F8]:

Go to START > run and type: cleanmgr and click ok.
Let it scan your system for files to remove.
Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked. Press OK to remove them.

Go to START > run and type: %temp% and click ok.

Delete the whole content of C:\Documents and Settings\Your Name\Local Settings\Temp <== this folder.

Reboot into normal mode.

1) Open Control Panel
2) Click on Internet Options
3) On the General Tab, in the middle of the screen, click on Delete Files
4) You may also want to check the box "Delete all offline content"
5) Click on OK and wait for the hourglass icon to stop after it deletes the temporary internet files
6) You can now click on Delete Cookies and click OK to delete cookies that websites have placed on your hard drive

IE Settings

If you have done this ...........

run Ad-Aware SE (Adaware SE 1.05 Tutorial)

Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Change all red X to green ones. Take a full system scan. Delete the content of the ad-aware folders when scan is finished. Safe the logfile.

Run Spybot Search & Destroy (Spybot Search & Destroy 1.3 Tutorial)

Pleast post the Logfile of Ad-Aware and a new Hijackthis Logfile in Code->.

Thanks.

[MrWho]

Thanks Ruby for the info. I will get on that sometime today.

Jeremy