Hi! I am new so forgive me if I missed any of your steps. I ran my spyware programs, cleared my cache, etc. I use Windows XP Pro Media Center Edition. (Not that these 2 things have anything to do with each other - i dunno - but I'm also having problems doing a major reformat. I had been having so many different Windows Installer problems, Media Center crashed, and Not being able to run recovery normally - I just thought I better tell ya - HP even "overnighted" the set of OEM revocery disks, the supplemental disk (for MCE) and the recovery console disk, but I think I'm going to have to buy the regular full installation disks - hopefully not, hopefully you'll be my savior!)

Anyhow, I ran Ad-Aware and for the 3rd time it detected Searchfast - 7 in all - 5 regkey and 2 file) Evidently my 1st 2 times trying to remedy this failed. How come there can't be a program that can Prevent malware, not just detect them - because by that time the damage is probably already done? So, I'm asking for your expertise this time.

Thank you more than you can know! Here's my HiJack Log:

Logfile of HijackThis v1.99.1
Scan saved at 10:29:08 PM, on 4/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\McAfee.com\PERSON~1\Mp***ent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\HP\KBD\KBD.EXE
C:\Documents and Settings\HP_Administrator\My Documents\Unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

http://www.symantec.com/techsupp/ser...=Norton+Intern

et+Security&version=8.3
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat

7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program

files\mcafee.com\mps\popupkiller.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI

RoboForm\roboform.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber

Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} -

C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} -

C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) -

http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.microsoft.com/microsof...?1136904502010
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -

http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
O16 - DPF: {BE71A78B-77DB-451C-A761-59B37022D544} -

http://pictures.aolcdn.com/ap/Resour...s.10.1.0.0.cab
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common

Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common

Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive

Software\DiskeeperLite\DKService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company -

C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc -

C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation -

C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe

Again, thanks and Bless You!
Geni

Please disable the following application(s), as it/they may hinder the removal of some entries. Otherwise, certain cleaning attempts may be wrongly recognized and blocked as hijacking attempts or other potentially inappropriate behavior. You can re-enable such tools after your computer is clean.



Disable WinPatrol:

1. Right Click the 'Scotty Dog ' icon in the system tray
2. Click Always Run Winpatrol
3. When WinPatrol dialog comes up asking about Startup change, click Yes.
4. Reboot your machine for the changes to take effect before running HJT.

Please download WebRoot SpySweeper from HERE (It's a 14 day trial):
http://www.webroot.com/consumer/prod...de=af1&rc=3597
OR
http://www.webroot.com/shoppingcart/...php?bjpc=64011

• Click the Free Trial link to download the program.
  
• Double-click the file to install it as follows:
  • Click "Next", read the agreement, Click "Next"
  • Choose "Custom" click "Next".
  • Leave the default installation directory as it is, then click "Next".
  • UNcheck "Run SpySweeper at Windows Startup" and "Add Sweep for Spyware to Windows Explorer Context Menu". Click "Next".
  • On the following screen you can leave the e-mail address field blank, if you wish. Click "Next".
  • Finally, click "Install"
• Once the program is installed, it will open.
• It will prompt you to update to the latest definitions, click Yes.
  
  Once the definitions are installed, click Options on the left side.
  Click the Sweep Options tab.
  Under What to Sweep please put a check next to the following:
  • Sweep Memory
  • Sweep Registry
  • Sweep Cookies
  • Sweep All User Accounts
  • Enable Direct Disk Sweeping
  • Sweep Contents of Compressed Files
  • Sweep for Rootkits
  • Please UNCHECK Do not Sweep System Restore Folder.
  
  Disable SpySweeper Shields
  • Click Shields on the left.
  • Click Internet Explorer and uncheck all items.
  • Click Windows System and uncheck all items.
  • Click Startup Programs and uncheck all items.
• Once the definitions are installed and shields disabled, click Sweep Now on the left side.
• Click the Start button.
• When it's done scanning, click the Next button.
• Make sure everything has a check next to it, then click the Next button.
• It will remove all of the items found.
• Click Session Log in the upper right corner, copy everything in that window.
• Click the Summary tab and click Finish.
• Paste the contents of the session log you copied into your next reply.

Post the SpySweeper session log here along with a fresh HiJackThis log. Tell us if anything has changed.

Thank you sooooo much for your help. I follow directions very well and did what you said - the only thing that struck me was at the end there was an "Alert" -

(That blurb above is supposed to be a screen shot of it???) Anyhow - it said a program called TKBellexe was trying to download or install, so I had it removed.

Here is the log for Spy Sweeper. HiJack This log to follow.


********
2:41 AM: | Start of Session, Thursday, April 20, 2006 |
2:41 AM: Spy Sweeper started
2:41 AM: Sweep initiated using definitions version 661
2:41 AM: Starting Memory Sweep
2:45 AM: Memory Sweep Complete, Elapsed Time: 00:03:02
2:45 AM: Starting Registry Sweep
2:45 AM: Found Adware: gozilla
2:45 AM: HKCR\go.netscape.viewer\ (3 subtraces) (ID = 126952)
2:45 AM: HKCR\goiehlp.iehlprobj.1\ (3 subtraces) (ID = 126954)
2:45 AM: HKCR\goiehlp.iehlprobj\ (5 subtraces) (ID = 126955)
2:45 AM: Registry Sweep Complete, Elapsed Time:00:00:10
2:45 AM: Starting Cookie Sweep
2:45 AM: Cookie Sweep Complete, Elapsed Time: 00:00:00
2:45 AM: Starting File Sweep
3:16 AM: File Sweep Complete, Elapsed Time: 00:31:16
3:16 AM: Full Sweep has completed. Elapsed time 00:34:29
3:16 AM: Traces Found: 14
3:17 AM: Removal process initiated
3:17 AM: Quarantining All Traces: gozilla
3:17 AM: Removal process completed. Elapsed time 00:00:04
********
2:36 AM: | Start of Session, Thursday, April 20, 2006 |
2:36 AM: Spy Sweeper started
2:37 AM: Your spyware definitions have been updated.
2:41 AM: | End of Session, Thursday, April 20, 2006 |




Logfile of HijackThis v1.99.1
Scan saved at 3:20:58 AM, on 4/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\Mp***ent.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\cidaemon.exe
c:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Documents and Settings\HP_Administrator\My Documents\Unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

http://www.symantec.com/techsupp/ser...=Norton+Intern

et+Security&version=8.3
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat

7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program

files\mcafee.com\mps\popupkiller.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI

RoboForm\roboform.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber

Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} -

C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} -

C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) -

http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.microsoft.com/microsof...?1136904502010
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -

http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
O16 - DPF: {BE71A78B-77DB-451C-A761-59B37022D544} -

http://pictures.aolcdn.com/ap/Resour...s.10.1.0.0.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common

Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common

Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive

Software\DiskeeperLite\DKService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company -

C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc -

C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation -

C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy

Sweeper\WRSSSDK.exe



Thank you so much! Did I already tell you I can't really use the Internet Explorer browser - it's acting up - so I'm having to use Netscape - I even tried Opera - which I don't care for, but it's the only one that will let me login to a game site I've gone to for years. Now all of a sudden I can't login to the site, but I can access it. I've been complaining to them for months about how I feel like their new Focalex pop-ups are messing things up. They don't seem to know what I'm talking about - I get duplicate screens, and windows just pop open for no reason, loads extreeeeeemly slow - and I thought cable connections were supposed to be so fast - gosh, I'd be a hundred by now if I was still using dial-up! LOL : )

One quick ? - are there no indications that "Searchfast" was or is a culprit? And one other thing, When I rebooted this time, I did not need the Acronis boot disk, nor is that Windows installer 'set of 6' error messages coming up any more! Coincidence? I haven't done any other tasks other than what you directed me to. I have a "G" drive (Maxtor 100) with an Acronis True Image "clone" and back-up copies of My Documents. - I didn't know if that was something you needed for consideration or not. (I don't keep it plugged in to the C drive until I need to use it)

14 traces were found by SS mostly related to Gozilla - potentially the source of your Searchfast and other issues.

2:45 AM: Found Adware: gozilla
3:16 AM: Traces Found: 14
3:17 AM: Removal process initiated
3:17 AM: Quarantining All Traces: gozilla

Is searchfast no longer present? Are your IE problems mostly or only associated with your 'game site'? A 'FREE GAME SITE' may have obvious tradeoffs such as popups and other 'undesirables'. What is the site URL link?

Hello again, Oh, Angel of the Internet! I'm going to first answer what you asked and then I'll try to briefly tell you the rest of my woes!

As for Searchfast - I ran AdAware again - it only (!) found 16 negligible (MRU) objects. I also ran Trend MIcro Anti-Spyware - it found nothing. I ran Bug Doctor - it found 1 missing shortcut error and supposedly fixed it. I, on a whim, ran the WinTask Checkup (that accompanies the advertising) for WinPro Tasks - its results were rather disturbing (but it could be a ploy to get me to buy it?) It determined that my security, stability, and speed were all poor; and the CPU and Memory usage were "clogged" because of "large number of unnecessary and harmful processes running in the background" - and that there are "invisible processes and residuals from uninstalled programs occupying system & hardware resources." But it did also say my system was "average" - go figure!

As for my IE problems, I am not sure how to answer this and what I need to tell you without boring you with the unnecessary. Alls I can attest to is many Windows Installer problems - .msi drivers missing (although that error message - Error code 1706 -

http://office.microsoft.com/en-us/as...185721033.aspx

popping up every time I (re)started has all of a sudden stopped??)

Then the Media Center program crashed and sent the report to Microsoft. Then I used my "G" (external) drive to make a clone of the system and copied My Documents to it as well. (I used Acronis True Image 9 to make the clone as well as a boot disk).

Then shortly after, Adware found Searchfast for the first time. Downloaded Trend Micro Anti-spyware (which I love!) and it found Searchfast, GoZilla, Purityscan, and 2020Search - supposedly it was fixed. (BTW my Gozilla woes began after I downloaded/installed Firefox (which I have uninstalled - didn't like).

Then weird things started happening within IE - windows duplicating on screen, not being able to restart without cutting off the power, freezes, etc. Contacted HP tech support - baffled. Each time I called a diff tech gave me a diff fix to do. After the Media Center crashed, they said I would need to order the appropriate recovery disks- I pitched a little fit (it has been acting up ever since 6 days after I brought it home - I was dubious because it had been the Office Depot display model (probably a bad call in hindsight!) - anyhow HP overnighted me the disks and the supplemental. The disks did nothing - could not get anywhere with them. So the next tech wanted me to change the BIOS boot order - that didn't help either.

Then the next one figured there was soemthing corrupted and was sending me the recovery console disk. I am indecisive as to what I'm supposed to do next. I'm afraid of monkeying around in regedit - I don't know enough.

Then I got a few more Windows installer problems with it trying to install "Sonic" which came pre-installed (??) Those error pop-ups were merciless! I couldn't cancel/click out of those for the life of me! And they kept coming back!

Earlier this week I went to windows update to see if there were any (even tho I'm set up for automatic ) there were 3 non criticals there - so I proceeded to DL/install them. But, guess what!? The whole system crashed! Got the dad-gum Black screen and everything! Had to use the Acronis Boot disk to get back up and so far so good.

As for the gamesite - it is Gamerival http://www.gamerival.com/(that I've been going to regularly for 3 years!) It seems to me that when they started using Focalex advertising, my problems (with them, I thought) began - the pages were taking incredibly/unusually long to load, if at all - at times, they "timed out". Now I cannot successfully login - only the Opera browser gets me logged in (and I'm not fond of Opera) - Lately, I've been using Netscape - but nothing beats IE - that is, IMHO! (I am using IE right now tho)

New questions: Did SpySweeper handle GoZilla? Am I now protected? It looked as if this is the type of program I was wondering about - to protect/block the malware from the "get-go" - instead of removing them after they've already come along and "pooped" all over my system!

Regarding the 14 "traces" it found, were they in My Documents? Since I backed those files up to my G drive, could there be "issues" there too?

Last ? for now, regarding those results from WinPro Tasks 5 - do I need it too? Or will the DAL "Angels" be able to assist me with these "cleanup" duties?

I am so in love with D-A-L!

Geni

http://genifla.bravehost.com/
http://jaxgeni1.bravehost.com/

It just occurred to me - if the malware is all cleaned up now, do you reckon the recovery disks may now work? I feel that it would be in my best interests to completely reformat/reinstall/recover - what do you think? I don't have the expertise to make such a call but I figure it may be best to start with a fresh slate.

Thank you in advance - you guys are really earning my upcoming donation!

Sorry for any delays. Intend to respond in some detail later tonight or early tomorrow.