I need a little help on this please. I have a virus on my system and when i try to browse the internet hundreds of pop-ups will come swamping me and i cant do anything but shut it down through alt-ctrl-del. I did a hijackthis scan and i copyed the log. Please can you help me get rid of things that might be causing this. Ive tried Ad-Aware, Spybot and McAffe already and the files cant be removed. Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\WINDOWS\System32\svchost.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\WINDOWS\Explorer.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\System32\wsxsvc\wsxsvc.exe C:\WINDOWS\System32\vmss\vmss.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\WINDOWS\System32\wuauclt.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Winamp\Winamp.exe C:\Documents and Settings\Administrator\Desktop\Spyware Adware\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.theweathernetwork.com/weather/cities/can/pages/CAON0624.htm R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - C:\WINDOWS\BTGrab.dll O2 - BHO: (no name) - {017C20C1-F86F-11D8-9B25-000ACD002AE3} - C:\WINDOWS\Helper101.dll O2 - BHO: (no name) - {277A4046-B470-4875-BB7F-7A556D0BEF7A} - C:\WINDOWS\System32\vkqdk.dll O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-A1F6-FC7EB590A97D} - C:\WINDOWS\DOWNLO~1\search3.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SafeGuard Protect PCShield - {564FFB73-9EEF-4969-92FA-5FC4A92E2C2A} - C:\WINDOWS\System32\PDF644d.dll O2 - BHO: (no name) - {6488ACB1-04A5-4A67-847F-44A479CF9D55} - C:\WINDOWS\System32\tyxlm.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [CSV10P70] C:\Program Files\CSBB\CSv10P070.exe O4 - HKLM\..\Run: [tyxlmc] C:\WINDOWS\System32\tyxlmc.exe O4 - HKLM\..\Run: [version] C:\WINDOWS\System32\adl_dh.exe O4 - HKLM\..\Run: [vkqdkc] C:\WINDOWS\System32\vkqdkc.exe O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\System32\wsxsvc\wsxsvc.exe O4 - HKLM\..\Run: [vmss] C:\WINDOWS\System32\vmss\vmss.exe O4 - HKLM\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\System32\PDF644d.dll" O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.exe" /background O4 - HKCU\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\System32\PDF644d.dll" O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O9 - Extra button: AIM (HKLM) O9 - Extra button: WeatherBug (HKCU)

Read ALL of THIS about posting Hijack logs HijackThis log tutorial That helps in using the logs. To find out what each Startup(or Process) item does or means, and any recommendation as to if you should close the process: Task List Programs Also look here if you want: The Process Library Not all found at each place. Each advertises their software product.

Here is a report on your log, you have a few nasty things to rid or fix with HJT http://hijackthis.de/logfiles/58d141bee3fc89a22dea92d74749c8e9.html HTH Alan56 Any fool can make a rule and any fool will follow it www.wankerdrivers.com

Thank you very much!

As Alan says, you may have some nasty things that need getting rid of, but that doesn't mean you've been hijacked. Do you know what virus you have? Do you have a good firewall active? Do you have a good popup blocker active? A good one is the Google toolbar which you can download and install. Very useful. Do you have Spyware Blaster installed, updated, and running? Do you have the new MS Spyware scanner downloaded, updated, and installed? When you say the files that Spybot, AdAware, etc. find can't be deleted, what exactly do you mean? Answer all these questions and I'll give you some links to solve your problems.

Hi thanx so much for your quick reply. First off it was my daughter that posted initially. Anyway Not a clue what the virus is just know what it is doing to her machine. As for a good firewall well what were using is what came with the router supposedly built in a good one so they say. She does have a good popup blocker but it doesnt stop these. All of her spyware is updated. When she runs spybot and adaware they find problems but say they cant be removed. All i know is that when she opens up her browser around 100 maybe more popups suddenly open and the only way she can get rid of them is by doing alt ctrl del. As you know she ran hijack this and posted it im not sure as to what is to be gotten rid of. Thanx tons angelluv