I have looked at many threads and found none that apply to my problem. I have checked for Virtumundo, i have ad-aware, spybot, e-trust, and Counter Spy. They do not help me. I keep getting pop-ups that originate from ads.cs.. or newads.... and no matter what I do they come up about every 1 or 2 minutes. Here is my HJT log.

Logfile of HijackThis v1.99.1
Scan saved at 1:12:25 PM, on 4/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\Program Files\EQBranch\EQBranch.exe
C:\Program Files\Webshots\webshots.scr
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.e xe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.e xe" /StartupJobs
O4 - HKLM\..\Run: [eTrust PestPatrol Active Protection] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [Outpost Firewall] C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dumps_startup
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [EQBranch] "C:\Program Files\EQBranch\EQBranch.exe"
O4 - HKCU\..\RunOnce: [CounterSpyCleaner] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunASCleaner.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O20 - AppInit_DLLs: Runner.dll,cfanmgib.dll,Runner.dll,EQMini.dll C:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll
O20 - Winlogon Notify: ddabb - C:\WINDOWS\system32\ddabb.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

Thank you guys very much for your help.

I have used many spyware and adware removal programs and they have all not worked at all. I still get pop-ups coming from ads.cs... or newads1... and I am kind of suspicious of EQBranch. Spyware Guide on the internet sais that it may be a variant of EQAdvice. I am not sure though. (I am using ad-aware, spybot, counter-spy, and spyware doctor). Please help me. Here is my HJT log.


Logfile of HijackThis v1.99.1
Scan saved at 9:05:33 PM, on 4/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\Program Files\EQBranch\EQBranch.exe
C:\Program Files\Webshots\webshots.scr
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.e xe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.e xe" /StartupJobs
O4 - HKLM\..\Run: [eTrust PestPatrol Active Protection] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [Outpost Firewall] C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dumps_startup
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [EQBranch] "C:\Program Files\EQBranch\EQBranch.exe"
O4 - HKCU\..\RunOnce: [CounterSpyCleaner] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunASCleaner.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O20 - AppInit_DLLs: Runner.dll,cfanmgib.dll,Runner.dll,EQMini.dll C:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll
O20 - Winlogon Notify: ddabb - C:\WINDOWS\system32\ddabb.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

Please download VundoFix.exe to your desktop.

http://www.atribune.org/ccount/click.php?id=4

Double-click VundoFix.exe to run it.

Click the Scan for Vundo button.

Once it's done scanning, click the Remove Vundo button.

You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.

Please post the contents of C:\vundofix.txt and a new HiJackThis log.

I have already done that before and it said that it removed the infected files. I still get pop-ups. But I ran it again and it found nothing. This is where I am baffled at what is going on. Do you see anything in my HJT log??

Then try this:



Please download WebRoot SpySweeper from HERE (It's a 14 day trial):
http://www.webroot.com/consumer/prod...de=af1&rc=3597
OR
http://www.webroot.com/shoppingcart/...php?bjpc=64011

• Click the Free Trial link to download the program.
  
• Double-click the file to install it as follows:
  • Click "Next", read the agreement, Click "Next"
  • Choose "Custom" click "Next".
  • Leave the default installation directory as it is, then click "Next".
  • UNcheck "Run SpySweeper at Windows Startup" and "Add Sweep for Spyware to Windows Explorer Context Menu". Click "Next".
  • On the following screen you can leave the e-mail address field blank, if you wish. Click "Next".
  • Finally, click "Install"
• Once the program is installed, it will open.
• It will prompt you to update to the latest definitions, click Yes.
  
  Once the definitions are installed, click Options on the left side.
  Click the Sweep Options tab.
  Under What to Sweep please put a check next to the following:
  • Sweep Memory
  • Sweep Registry
  • Sweep Cookies
  • Sweep All User Accounts
  • Enable Direct Disk Sweeping
  • Sweep Contents of Compressed Files
  • Sweep for Rootkits
  • Please UNCHECK Do not Sweep System Restore Folder.
  
  Disable SpySweeper Shields
  • Click Shields on the left.
  • Click Internet Explorer and uncheck all items.
  • Click Windows System and uncheck all items.
  • Click Startup Programs and uncheck all items.
• Once the definitions are installed and shields disabled, click Sweep Now on the left side.
• Click the Start button.
• When it's done scanning, click the Next button.
• Make sure everything has a check next to it, then click the Next button.
• It will remove all of the items found.
• Click Session Log in the upper right corner, copy everything in that window.
• Click the Summary tab and click Finish.
• Paste the contents of the session log you copied into your next reply.

Post the SpySweeper session log here along with a fresh HiJackThis log.

Okay, here are the results. I am still getting the same pop-ups.

10:01 PM: | Start of Session, Sunday, April 23, 2006 |
10:01 PM: Spy Sweeper started
10:01 PM: Sweep initiated using definitions version 663
10:01 PM: Starting Memory Sweep
10:03 PM: Found Adware: fullcontext
10:03 PM: Detected running threat: C:\WINDOWS\system32\cfanmgib.dll (ID = 215)
10:04 PM: Memory Sweep Complete, Elapsed Time: 00:03:16
10:04 PM: Starting Registry Sweep
10:04 PM: Registry Sweep Complete, Elapsed Time:00:00:16
10:04 PM: Starting Cookie Sweep
10:04 PM: Found Spy Cookie: specificclick.com cookie
10:04 PM: weston adams@adopt.specificclick[2].txt (ID = 3400)
10:04 PM: Found Spy Cookie: azjmp cookie
10:04 PM: weston adams@azjmp[2].txt (ID = 2270)
10:04 PM: Found Spy Cookie: adjuggler cookie
10:04 PM: weston adams@rotator.adjuggler[1].txt (ID = 2071)
10:04 PM: Found Spy Cookie: videodome cookie
10:04 PM: weston adams@videodome[1].txt (ID = 3638)
10:04 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
10:04 PM: Starting File Sweep
10:24 PM: a0016151.exe (ID = 209217)
10:25 PM: a0016176.exe (ID = 257229)
10:31 PM: File Sweep Complete, Elapsed Time: 00:26:54
10:31 PM: Full Sweep has completed. Elapsed time 00:30:28
10:31 PM: Traces Found: 7
10:32 PM: Removal process initiated
10:32 PM: Quarantining All Traces: fullcontext
10:32 PM: Quarantining All Traces: adjuggler cookie
10:32 PM: Quarantining All Traces: azjmp cookie
10:32 PM: Quarantining All Traces: specificclick.com cookie
10:32 PM: Quarantining All Traces: videodome cookie
10:32 PM: Warning: Launched explorer.exe
10:32 PM: Warning: Quarantine process could not restart Explorer.
10:33 PM: Removal process completed. Elapsed time 00:00:22



Logfile of HijackThis v1.99.1
Scan saved at 3:40:45 PM, on 4/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\Program Files\EQBranch\EQBranch.exe
C:\Program Files\Webshots\webshots.scr
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.e xe" /StartupJobs
O4 - HKLM\..\Run: [eTrust PestPatrol Active Protection] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [Outpost Firewall] C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dumps_startup
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [EQBranch] "C:\Program Files\EQBranch\EQBranch.exe"
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O20 - AppInit_DLLs: Runner.dll,cfanmgib.dll,Runner.dll,EQMini.dll C:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll
O20 - Winlogon Notify: ddabb - C:\WINDOWS\system32\ddabb.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

Please download, install, update and scan your system with the free (trial) version of Ewido TROJAN scanner
[Developed for Windows 2000 and XP]:

1. When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
2. When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
3. From the main ewido screen, click on update in the left menu, then click the Start update button.
4. After the update finishes (the status bar at the bottom will display "Update successful"), click on the Scanner button in the left menu, then click on the Start button. This scan can take quite a while to run, so time to go get a drink and a snack....
5. If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
6. When the scan finishes, click on "Save Report". This will create a text file. Please then paste the contents of the text file to this thread.

Note: Ewido is a free trial product for 14 days. Since Ewido is a trial version, the realtime guard and automatic update will stop functioning after 14 days. We are not installing the guard because it might interfere with the cleanup or the malware removal process. You can use Ewido as an on-demand scanner (recommended) but you will have to manually update the definition file each time you scan. If you decide to purchase Ewido, you can enable the 'Realtime Protect' and 'Automatic Update' functions by clicking on the 'Status' bar (Top left) and clicking on both items under "Your Security Status".

REBOOT.




Please do an online scan (scan only tool) with Kaspersky WebScanner



[Internet Explorer required]
Go to Kaspersky website: www.kaspersky.com/virusscanner and click on the Kaspersky Online Scanner BUTTON/BOX.

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make sure that the following are selected:
  • Scan using the following Anti-Virus database:
    - Extended (if available otherwise Standard)
  • Scan Options:
    - Scan Archives
    - Scan Mail Bases
• Click OK
• Now under select a target to scan:
  • Select My Computer
• This program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

You might also want to run this scan as an added check:


[Internet Explorer required]
Place a shortcut to Panda ActiveScan on your desktop (FREE Version is mostly a scan only tool) .


Run the Panda ActiveScan shortcut.
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.


Post a Panda log back here, if anything is reported.

I was able to use Ewido and kasperskey, but when I tried to download the active x from panda, avast went crazy and said it was trying to give me a virus. so here are the logs from Ewido and Kasperskey.
Ewido found EQBranch, should I get rid of that. It may be the root of my problems.

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 8:07:09 PM, 4/24/2006
+ Report-Checksum: 25956F9B

+ Scan result:

[252] C:\Program Files\EQBranch\EQBranch.exe -> Adware.PurityScan : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Paycounter : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Cqcounter : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.158:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.161:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.165:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Masterstats : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.183:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.184:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.185:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.188:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.189:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.207:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.208:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.209:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.210:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.211:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.235:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.236:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.237:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.238:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.239:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.248:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.249:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.251:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.260:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.261:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.262:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.263:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.264:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.266:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.281:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.282:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.301:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.302:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.303:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.304:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.305:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.308:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.315:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.316:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.317:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.318:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.319:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.320:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.328:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Goclick : Cleaned with backup
:mozilla.329:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Goclick : Cleaned with backup
:mozilla.337:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.338:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.339:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.340:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.341:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.342:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.344:C:\Documents and Settings\Weston Adams\Application Data\Mozilla\Firefox\Profiles\jrrrat0i.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Weston Adams\Cookies\weston adams@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Weston Adams\Local Settings\Temp\MONEY1.exe -> Downloader.Adload.t : Cleaned with backup
C:\Program Files\DIGStream\digstream.exe -> Not-A-Virus.Downloader.Win32.DigStream : Cleaned with backup
C:\Program Files\EQBranch\EQBranch.exe -> Adware.PurityScan : Cleaned with backup


::Report End

C:\Documents and Settings\Weston Adams\Local Settings\Temp\cmapp10upd.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ed skipped
C:\Documents and Settings\Weston Adams\Local Settings\Temp\cmapp10upd.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP12\A0001636.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.i skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP12\A0001637.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.l skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP46\A0015965.dll Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP46\A0016000.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP46\A0016001.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP46\A0016002.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP46\A0016003.dll Infected: not-a-virus:AdWare.Win32.NewDotNet.i skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP46\A0016004.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP47\A0016124.exe Infected: Trojan-Downloader.Win32.Dyfuca.ex skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP68\A0028061.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.am skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP69\A0031233.exe/stream/data0002 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP69\A0031233.exe/stream Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP69\A0031233.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP70\A0032529.exe/stream/data0009 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP70\A0032529.exe/stream Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP70\A0032529.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP76\A0033157.dll Infected: not-a-virus:AdWare.Win32.Agent.e skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP77\A0033281.exe Infected: not-a-virus:AdWare.Win32.PurityScan.ed skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP77\A0033282.exe Infected: not-a-virusownloader.Win32.DigStream skipped
Scan process completed.

OK - Avast seems to have a compatibility issue with Panda.


You also have infected 'restore points' which can generally be dealt with as a last cleanup step.



Go to Start > Run and type: CLEANMGR.EXE and hit enter.
When prompted select the C: drive and click ok.
Check the boxes for:

• Temporary Internet Files
• Downloaded Program Files
• Recycle Bin
• Temporary Files

Click OK or Enter


Also Delete FILE, if still present:
C:\Documents and Settings\Weston Adams\Local Settings\Temp\cmapp10upd.exe





EQBranch.exe is subject to some differing opinions or in some cases is associated with Purityscan (and unacceptible behavior). Lets ensure that all of it is removed:

Go to Start>Control Panel>Add/Remove Programs and look for PuritySCAN By OIN, OuterInfo, OIN or similar , click on it and click remove.

If not listed, download and run this uninstaller:
http://www.outerinfo.com/OiUninstaller.exe

Tutorial for the uninstaller if needed

Reboot when done and delete this folder if found:
C:\Program Files\PurityScan



POST A REVISED HIJACKTHIS LOG for review:
Reboot and post a new HijackThis log with any feedback as appropriate - how things are now behaving: any new or remaining apparent issues.