I've tried continuously to "clean" my laptop..with adware and spybot S&D to no avail. I just installed a mcafeefirewall and found HijackThis to create a log so someone might be able to help me finally remove keys or files that will stop the same popups and tracking cookies? that appear on my desktop. I think the 2nd, 3rd and 5th lines definately should not be there...any other help is much much appreciated. Thanks in advance. Logfile of HijackThis v1.97.7 Scan saved at 21:43:25, on 13/01/2004 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: <nobr><a class="iAs" style="border-bottom:darkgreen 1px solid;text-decoration:underline;color:darkgreen;background-color:transparent;" href="http://itxt.vibrantmedia.com/al.asp?ipid=7&cc=uk&cf=1&ai=13849314&di=160827&ts=20040113140926" target="_blank" oncontextmenu="return false;" onmouseover="kwE(event,160827);" onmouseout="kwL(event);" onmousemove="kwM(160827);">Internet</nobr> Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\<nobr><a class="iAs" style="border-bottom:darkgreen 1px solid;text-decoration:underline;color:darkgreen;background-color:transparent;" href="http://itxt.vibrantmedia.com/al.asp?ipid=7&cc=uk&cf=1&ai=13849314&di=160846&ts=20040113140926" target="_blank" oncontextmenu="return false;" onmouseover="kwE(event,160846);" onmouseout="kwL(event);" onmousemove="kwM(160846);">Network</nobr> Associates\VirusScan\Avsynmgr.exe C:\WINNT\System32\svchost.exe C:\WINNT\System32\NTME\METHWNT.exe C:\WINNT\System32\NTME\brad32.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\Program Files\Network Associates\VirusScan\VsStat.exe C:\WINNT\Explorer.exe C:\Program Files\Network Associates\VirusScan\Vshwin32.exe C:\Program Files\McAfee\McAfee Firewall\CPD.exe C:\Program Files\Network Associates\VirusScan\Avconsol.exe C:\Program Files\McAfee\McAfee Firewall\CPDCLNT.exe C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe C:\WINNT\ARUpdate.exe C:\Program Files\Common Files\slmss\slmss.exe C:\WINNT\mwsvm.exe C:\WINNT\system32\iefeatures.exe C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe C:\WINNT\system32\internat.exe C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Program Files\WinZip\WZQKPICK.exe C:\Documents and Settings\jessica puccio\Desktop\HijackThis.exe R0 - HKCU\Software\<nobr><a class="iAs" style="border-bottom:darkgreen 1px solid;text-decoration:underline;color:darkgreen;background-color:transparent;" href="http://itxt.vibrantmedia.com/al.asp?ipid=7&cc=uk&cf=1&ai=13849314&di=22537&ts=20040113140926&redir=http://www60.overture.com/d/sr/?xargs=02u3hs9yoakFVuzSDDhBAmn10cjH4HA9kUljHLcnehYIuhLHGCpwHb7cXXqIdae0at8zv2zVn%2FjVopc%2FnMRUukUzledvdEWDaTU5fSpbF6%2BNkycUdJZruWG%2BkTOn2KYZhhq2dZTYQxhKQNQo8EECwC0AgRgp6gYAEnXcG8xSiY9p6nsd7NVkzfjY3ex9uluGDdu1YL5UzxrLkpO5aHjHV%2BS6Iwi8KhGKGkURzVoJYS4U%2BOrY%2FhlKYIwlKBDqLryxh1BjA%2FbrTWfaOPLV6Ww%2Frd8CN6mWBFobCI3P4QQiCT4bzkDErbI8Q%2FTN0gAu6qwXiu4MUWL2yNgg%3D%3D" target="_blank" oncontextmenu="return false;" onmouseover="kwE(event,22537);" onmouseout="kwL(event);" onmousemove="kwM(22537);">Microsoft</nobr>\Internet Explorer\Main,Start Page = http://www.msn.co.uk/Default.<nobr><a class="iAs" style="border-bottom:darkgreen 1px solid;text-decoration:underline;color:darkgreen;background-color:transparent;" href="http://itxt.vibrantmedia.com/al.asp?ipid=7&cc=uk&cf=1&ai=13849314&di=22658&ts=20040113140926&redir=http://www60.overture.com/d/sr/?xargs=02u3hs9yoaj1UPSzCChBBN%2F2SPlbcellB6iSkPN0neqoGXhNbSv8fLF7jB2acyZE3zD%2FjnQ9PPtPx11b5yLx2LoZj%2BIpzKkCArlHXFD6ko5ZuaP4%2FZVna2jypaYP3Wm6%2BUL6FXQ1cG9jZCbH%2FvqZwC3i5qRwRnvl05MUEjQksA5DOSVIzaeNPGV%2BLd0CYQheC5w1Q0DtIK7X8iu0Wljr46%2FJLXO1MFWIrxIi1yyzTJnZmSYozLw%2FipjWpqxN6OHWVLSbIiZAPwwAiqUg%3D%3D" target="_blank" oncontextmenu="return false;" onmouseover="kwE(event,22658);" onmouseout="kwL(event);" onmousemove="kwM(22658);">asp</nobr>?Ath=f R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://popnav.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.topfivesearch.com/search.asp R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekseek.com/quicksearch.asp?session=C03E3742-C534-4CA6-838D-0CE7FB0E9A1C&version_id=18 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchwww.com/search.cgi?s=%s R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www-config.strath.ac.uk/proxy.config R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O2 - BHO: DefaultSearch.SeekSeek - {5074851C-F67A-488E-A9C9-C244573F4068} - C:\WINNT\ieasst.dll O2 - BHO: (no name) - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - C:\WINNT\AdRoar.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O3 - Toolbar: Band Class - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - C:\WINNT\AdRoar.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot O4 - HKLM\..\Run: [AdRoarUpdate] C:\WINNT\ARUpdate.exe O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe O4 - HKLM\..\Run: [Mwsvm] C:\WINNT\mwsvm.exe O4 - HKLM\..\Run: [absr] C:\WINNT\mwsvm.exe O4 - HKLM\..\Run: [MSVersion] C:\WINNT\system32\internetfeatures.exe O4 - HKLM\..\Run: [iefeatures] C:\WINNT\system32\iefeatures.exe O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor O4 - Global <nobr><a class="iAs" style="border-bottom:darkgreen 1px solid;text-decoration:underline;color:darkgreen;background-color:transparent;" href="http://itxt.vibrantmedia.com/al.asp?ipid=7&cc=uk&cf=1&ai=13849314&di=155144&ts=20040113140926" target="_blank" oncontextmenu="return false;" onmouseover="kwE(event,155144);" onmouseout="kwL(event);" onmousemove="kwM(155144);">Startup</nobr>: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: AIM (HKLM) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab O16 - DPF: {086A694F-91FB-4068-B44C-124FB69BF05D} - http://www.searchwww.com/search.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab O16 - DPF: {1FDEC088-A699-46FE-BF76-D5FD6DAE6150} (UCSearch.ucUCSearch) - http://www.armbender.com/UCSearch.CAB O16 - DPF: {42F2D240-B23C-11D6-8C73-70A05DC10000} - http://63.217.31.12/dial6/058439uk.exe O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/30f0ef540998c13cdb06/netzip/RdxIE2.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - https://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37866.3775115741 O16 - DPF: {A0F0D762-D1DE-43AF-B70E-D87864743EB3} (NSLiteUpdateCtrl Class) - http://217.145.76.16/nslite/nslite.cab O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.cab O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://D:\system\intralaunch.CAB O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave.com/content/thinktanks/BTDownloadCtrl.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4308/mcfscan.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = eee.strath.ac.uk O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = eee.strath.ac.uk O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = eee.strath.ac.uk

Hello, there's a lot of crap over there. Start with download,update and run CWShredder http://www.spywareinfo.com/~merijn/downloads.html And post a new HT log,so we can see what's left

I ran CWShredder and it said there were no files (everything was clean) before I ran the old HT log. A new problem arose last night when my computer would not boot up at all...it went into a start-up/shut-down cycle that ran until I removed the battery. Hopefully I can find a boot diskette and that should solve things and then do another HT log for this forum. THanks for reading my post. Jessica