Explorer has become infected with ad software. I've spent hours trying to get rid of it with AdAware and SpyBot . . . keeps coming back. It puts shortcuts to junk web sites on my desktop and pops windows open even when Explorer is not running for dating sites, instant messaging, etc. Help! I can't get rid of it. Here is my Hijack This log: I suspect it is "all about searching.com" infection, this keeps coming back along with other things. I'm going crazy. I suspect something in my registry regenerating itself, but can't figure out what it is. Hijack this log follows: Logfile of HijackThis v1.97.7 Scan saved at 5:51:06 AM, on 5/3/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\tbctray.exe C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe C:\WINDOWS\System32\ctfmon.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\WINDOWS\Nhksrv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\WINDOWS\SYSTEM32\GEARSEC.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\System32\MsPMSPSv.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\TEMP\Rem5.exe C:\Documents and Settings\McCain Family.MCCAIN\Desktop\RegSeeker\RegSeeker\RegSeeker.exe C:\WINDOWS\System32\wuauclt.exe C:\Documents and Settings\McCain Family.MCCAIN\Desktop\Utilities\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://allaboutsearching.com/searchbar.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://allaboutsearching.com/searchbar.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = allaboutsearching.com R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://allaboutsearching.com/searchbar.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://allaboutsearching.com/searchbar.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://allaboutsearching.com/searchbar.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://allaboutsearching.com/searchbar.html O2 - BHO: (no name) - {207F2CBE-721E-58C3-B14B-B83429FAAAA2} - C:\PROGRA~1\EACHRE~1\toolmeal.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: Grim Ace - {5CF66552-BB8E-AF1C-8159-16810DEFE892} - C:\PROGRA~1\EACHRE~1\toolmeal.dll O4 - HKLM\..\Run: [SSRunScript] "C:\Program Files\Support.com\Charter\bin\SSRunScript.exe" /script "C:\Program Files\Support.com\Charter\vbs\verifyconnection.vbs" /args //b startupdelay O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.exe O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray.exe O4 - HKLM\..\Run: [htm audio] C:\PROGRA~1\DEFYBI~1\64downloadbook.exe O4 - HKCU\..\Run: [PopUpStopperFreeEdition] C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab ptmccain

Check the immunize button in "Spybot" and most of the junk will not come back. Also use CW shredder to clean up the rest of the adware.

Hello, before you run the scan with Adaware and Spybot, make certain that you've checked for updates, as new definitions are periodically added. So update, then scan and delete all the junk found. Also, if you don't have it, install SpywareBlaster also, as it will stop most junk from entering your computer in the first place. I don't remember the exact download site for SpywareBlaster....maybe javacool software....but you can easily google the site. I don't really yet understand how to accurately decipher HijackThis logs, so someone with more experience than I will have to assist you on that one. Good luck! ~Tommyo

These should not be posted here...... REMOVE: C:\WINDOWS\SYSTEM32\GEARSEC.exe C:\WINDOWS\TEMP\Rem5.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://allaboutsearching.com/searchbar.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://allaboutsearching.com/searchbar.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = allaboutsearching.com R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://allaboutsearching.com/searchbar.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://allaboutsearching.com/searchbar.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://allaboutsearching.com/searchbar.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://allaboutsearching.com/searchbar.html O2 - BHO: (no name) - {207F2CBE-721E-58C3-B14B-B83429FAAAA2} - C:\PROGRA~1\EACHRE~1\toolmeal.dll O3 - Toolbar: Grim Ace - {5CF66552-BB8E-AF1C-8159-16810DEFE892} - C:\PROGRA~1\EACHRE~1\toolmeal.dll O4 - HKLM\..\Run: [SSRunScript] "C:\Program Files\Support.com\Charter\bin\SSRunScript.exe" /script "C:\Program Files\Support.com\Charter\vbs\verifyconnection.vbs" /args //b startupdelay O4 - HKLM\..\Run: [htm audio] C:\PROGRA~1\DEFYBI~1\64downloadbook.exe The latter O4's may be innocent, but looked strange so I'd delete it. You could be the better judge. (This should not be on a production system) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe J.