i was surfing the web yesterday and now every couple minutes an internet explorer window pops up advertising some dating service. i ran hijackthis and deleted everying that i thought would help but it didn't. then i ran adaware and fixed all that but that didn't help either. here's my hijackthis log. thanks for your help. Logfile of HijackThis v1.97.2 Scan saved at 1:40:35 PM, on 1/22/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\D-Tools\daemon.exe C:\WINDOWS\System32\GEARSEC.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\winrar.exe C:\Documents and Settings\Alex\Local Settings\Temp\Temporary Directory 13 for hijackthis.zip\HijackThis.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [rlgkhan] "C:\WINDOWS\System32\rlgkhan.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Truefonts] C:\WINDOWS\Fonts\fonts.hta O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [regsrv32.exe] regsrv32.exe O4 - HKCU\..\Run: [quicken] C:\WINDOWS\waol.exe O4 - HKCU\..\Run: [editpad] C:\WINDOWS\editpad.exe O9 - Extra button: AIM (HKLM) O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Hi, you have an outdated version of HJT,(now 1.97.7) use the update feature in HJT, use the config button> misc tools. Unzip it to C:\ hijackthis and run from there, in a temp folder as now we have no backups if anything goes amiss. :-( do you have anything disabled using msconfig? This could hide problems. We need to check in normal start up mode. Post back with a fresh Hijackthis log from the updated verion.

Ctrl_Alt_Delete... End Task "WAOL" and Exit Process Rename C:\WINDOWS\WAOL.exe to something else (you may need to) Rename C:\WINDOWS\EDITPAD.exe Rename C:\WINDOWS\WINRAR.exe (these were not on my computer) Google search = CONSPY + WAOL current best = Trend Micro "TROJ_CONSPY.C"

i have the same exact problem. please help