This page comes up showing either a Virus Infection page, or a page showing porn both asking to dwnload a spyware removal tool. I saw aanother thread with showing the exact same issue. I followed all of the initial requirements before posting this. I have attached an activescan file from Panda, and a new HJT file. Thanks for your help. Dan

Logfile of HijackThis v1.99.1
Scan saved at 10:31:03 PM, on 3/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\ps2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\SIERRA\CardStudio\PLNRnote.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us6.hpwis.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - Startup: Quicken 2002 New User Edition.lnk = C:\Program Files\QUICKENW\QW.EXE
O4 - Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = C:\SIERRA\CardStudio\PLNRnote.exe
O4 - Global Startup: Forget Me Not.lnk = C:\Program Files\Broderbund\AG Crafts\AGremind.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: 3 Point Showdown by pogo - http://game1.pogo.com/applet-6.9.2.40/threepoint/threepoint-en_US.cab
O16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.com/applet-6.4.3.36/omaha/omaha-ob-assets.cab
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.9.0.61/aces/aces-en_US.cab
O16 - DPF: Ali Baba Slots TM by pogo - http://game1.pogo.com/applet-6.3.0.53/slots/alibaba-ob-assets.cab
O16 - DPF: All Star Football by pogo - http://game1.pogo.com/applet-6.8.1.38/allstarfb/allstarfb-en_US.cab
O16 - DPF: All-Star Football Challenge by pogo - http://game1.pogo.com/applet-6.4.0.48/allstarfb2/allstarfb2-ob-assets.cab
O16 - DPF: Animal Ark by pogo - http://playweb06.pogo.com/applet-6.1.0.39/animal/animal-ob-assets.cab
O16 - DPF: Armored Attack by pogo - http://game1.pogo.com/applet-6.1.3.28/cctank/cctank-ob-assets.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.com/applet-6.3.4.49/backgammon/backgammon-ob-assets.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-6.9.0.43/blackjack/blackjack-en_US.cab
O16 - DPF: Blackjack Carnival by pogo - http://game1.pogo.com/applet-6.8.1.38/vbjack2/vbjack2-en_US.cab
O16 - DPF: Blooop by pogo - http://game1.pogo.com/applet-6.8.0.32/cascade/cascade-en_US.cab
O16 - DPF: Bowling by pogo - http://game1.pogo.com/applet-6.8.2.23/bowling/bowling-en_US.cab
O16 - DPF: Buckaroo Blackjack TM by pogo - http://game1.pogo.com/applet-6.4.0.41/videoblackjack/videoblackjack-ob-assets.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.9.0.61/canasta/canasta-en_US.cab
O16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.9.2.33/checkers2/checkers-en_US.cab
O16 - DPF: Chess by pogo - http://game1.pogo.com/applet-6.8.0.32/chess2/chess2-en_US.cab
O16 - DPF: Command and Conquer Comanche by pogo - http://game1.pogo.com/applet-6.1.4.29/ccstrike/ccstrike-ob-assets.cab
O16 - DPF: Cribbage by pogo - http://game1.pogo.com/applet-6.9.1.38/cribbage/cribbage-en_US.cab
O16 - DPF: Dice City Roller by pogo - http://game1.pogo.com/applet-6.9.2.40/ytz/ytz-en_US.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.9.2.40/checkeredflag/checkeredflag-en_US.cab
O16 - DPF: Dominoes by pogo - http://game1.pogo.com/applet-6.7.5.28/domino/domino-en_US.cab
O16 - DPF: Double Deuce Poker by pogo - http://game1.pogo.com/applet-6.4.0.34/videopoker2/doubledeuce-ob-assets.cab
O16 - DPF: EA Sports Web Soccer by pogo - http://game1.pogo.com/applet-6.9.2.22/soccer/soccer-en_US.cab
O16 - DPF: Euchre by pogo - http://game1.pogo.com/applet-6.7.2.24/euchre/euchre-en_US.cab
O16 - DPF: EZ Win Bingo by pogo - http://game1.pogo.com/applet-6.1.3.28/bingo/bingoe-ob-assets.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/applet-6.9.2.40/firstclass2/firstclass2-en_US.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-6.9.3.29/superbingo/superbingo-en_US.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-6.9.2.33/greenback/greenback-en_US.cab
O16 - DPF: Hangman Hijinks by pogo - http://game1.pogo.com/applet-6.9.3.39/hangman/hangman-en_US.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.8.2.23/harvest/harvest-en_US.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.com/applet-6.9.2.22/hearts/hearts-en_US.cab
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.com/applet-6.8.4.51/drawpoker/drawpoker-en_US.cab
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-6.9.2.33/pool2/pool-en_US.cab
O16 - DPF: Hog Heaven Slots by pogo - http://game1.pogo.com/applet-6.9.1.38/fancy/fancy-en_US.cab
O16 - DPF: Its Outta Here 2 by pogo - http://game1.pogo.com/applet-6.4.0.48/itsoutofhere/itsoutofhere-ob-assets.cab
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.4.1.46/jigsaw/jigsaw-ob-assets.cab
O16 - DPF: Jokers Wild Poker by pogo - http://game1.pogo.com/applet-6.3.1.26/videopoker2/jokerswild-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.9.1.32/gin2/gin2-en_US.cab
O16 - DPF: Lost Temple Poker by pogo - http://game1.pogo.com/applet-6.8.1.30/mhpoker/mhpoker-en_US.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.8.4.51/lottso/lottso-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.9.1.32/mahjong/mahjong-en_US.cab
O16 - DPF: Multiline Slots by pogo - http://game1.pogo.com/applet-6.7.3.23/mlslots/mlslots-en_US.cab
O16 - DPF: NASCAR Web Racing by pogo - http://game1.pogo.com/applet-6.9.2.33/nascar/nascar-en_US.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/applet-6.9.0.43/paigow/paigow-en_US.cab
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.com/applet-6.9.0.43/freecell/freecell-en_US.cab
O16 - DPF: Payday Freecell Solitaire by pogo - http://game1.pogo.com/applet-6.9.2.22/freecell2/freecell2-en_US.cab
O16 - DPF: Pebble Beach 3 Hole Challenge by pogo - http://game1.pogo.com/applet-6.7.0.40/threehole/threehole-en_US.cab
O16 - DPF: Pebble Beach Golf by pogo - http://game1.pogo.com/applet-6.4.0.48/pebble/pebble-ob-assets.cab
O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.com/applet-6.9.3.29/penguins/penguins-en_US.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/applet-6.9.2.22/waterwheel/waterwheel-en_US.cab
O16 - DPF: Perfect Passer by pogo - http://game1.pogo.com/applet-6.4.0.48/perfectpasser/perfectpasser-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.8.3.22/flinger/flinger-en_US.cab
O16 - DPF: Pinochle by pogo - http://game1.pogo.com/applet-6.4.2.30/pinochle/pinochle-ob-assets.cab
O16 - DPF: Pirate's Gold by pogo - http://game1.pogo.com/applet-6.4.2.30/piratesgold/piratesgold-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.9.0.61/popfu/popfu-en_US.cab
O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.com/applet-6.9.1.32/poppazoppa/poppazoppa-en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.9.0.43/poppit2/poppit2-en_US.cab
O16 - DPF: Quick Quack by pogo - http://game1.pogo.com/applet-6.7.4.35/hotstreak/hotstreak-en_US.cab
O16 - DPF: Quick Shot by pogo - http://game1.pogo.com/applet-6.4.1.46/quickshot/quickshot-ob-assets.cab
O16 - DPF: QWERTY by pogo - http://game1.pogo.com/applet-6.9.2.33/squares/squares-en_US.cab
O16 - DPF: Ricochet by pogo - http://game1.pogo.com/applet-6.1.4.29/ricochet/ricochet-ob-assets.cab
O16 - DPF: Sawgrass Golf by pogo - http://game1.pogo.com/applet-6.4.2.30/sawgrass/sawgrass-ob-assets.cab
O16 - DPF: SciFi Slots by pogo - http://game1.pogo.com/applet-6.4.3.36/slots/scifi-ob-assets.cab
O16 - DPF: Showbiz Slots 2 by pogo - http://game1.pogo.com/applet-6.9.1.38/slots/showbiz2-en_US.cab
O16 - DPF: Showbiz Slots by pogo - http://game1.pogo.com/applet-6.4.4.34/slots/showbiz-ob-assets.cab
O16 - DPF: Shuffle Bump by pogo - http://game1.pogo.com/applet-6.7.0.32/puck/puck-en_US.cab
O16 - DPF: Spades 2 by pogo - http://game1.pogo.com/applet-6.9.2.40/spades2/spades2-en_US.cab
O16 - DPF: Spades by pogo - http://game1.pogo.com/applet-6.4.4.34/spades/spades-ob-assets.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-6.9.2.40/spider/spider-en_US.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.9.0.43/squelchies/squelchies-en_US.cab
O16 - DPF: Stax by pogo - http://game1.pogo.com/applet-6.9.2.33/stax/stax-en_US.cab
O16 - DPF: Stellar Sweeper by pogo - http://game1.pogo.com/applet-6.9.3.39/sweeper/sweeper-en_US.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.com/applet-6.8.3.35/sweettooth/sweettooth-en_US.cab
O16 - DPF: Tank Hunter by pogo - http://www.pogo.com/applet-6.9.2.40/tank/tank-en_US.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.9.2.22/holdem/holdem-en_US.cab
O16 - DPF: The Sims Pinball by pogo - http://game1.pogo.com/applet-6.4.3.36/simball/simball-ob-assets.cab
O16 - DPF: Top Down Baseball Challenge by pogo - http://game1.pogo.com/applet-6.7.2.24/topdown2/topdown2-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.8.4.51/peaks/peaks-en_US.cab
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.com/applet-6.7.5.28/jumbee/jumbee-en_US.cab
O16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.com/applet-6.6.2.35/turbo21/turbo21-en_US.cab
O16 - DPF: Turbo 21 v2 by pogo - http://game1.pogo.com/applet-6.8.4.51/turbo22/turbo22-en_US.cab
O16 - DPF: Vert Skater by pogo - http://game1.pogo.com/applet-6.8.0.25/vertskater/vertskater-en_US.cab
O16 - DPF: Video Poker by pogo - http://game1.pogo.com/applet-6.7.2.33/videopoker2/videopoker-en_US.cab
O16 - DPF: Wonderland Memories by pogo - http://game1.pogo.com/applet-6.8.2.23/memories/memories-en_US.cab
O16 - DPF: Word Craft by pogo - http://game1.pogo.com/applet-6.8.3.35/babble/babble-en_US.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.9.3.29/wordwhomp2/whomp2-en_US.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-6.9.3.29/whackdown/whackdown-en_US.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-6.7.5.21/wordjong/wordjong-en_US.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.9.3.29/worldclass/worldclass-en_US.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX28.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab
O16 - DPF: {C3CBFE35-9BE8-11D1-B31B-006008948294} (OrgPublisher PluginX) - http://elrancho.rjf.com/controls/OrgPubX.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://play05.pogo.com/game/deluxe/zuma/popcaploader_v5.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://secureaccess.rjf.com/dana-cached/setup/JuniperSetupSP1.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

hi edge1334,

lets try AVG anitspyware to see what it can dig up on your computer.

Download AVG Anti-Spyware(ewido) from and save that file to your
desktop:

http://www.ewido.net/en/download/

This is a 30 day trial of the program

1. Once you have downloaded ewido anti-spyware, locate the icon on the desktop
and double-click it to launch the set up program.
2. Once the setup is complete you will need run ewido and update the definition
files.
3. On the main screen select the icon "Update" then select the "
Update now" link.
* Next select the "Start Update" button, the update will start and a
progress bar will show the updates being installed.
4. Once the update has completed select the "Scanner" icon at the top of
the screen, then select the "Settings" tab.
5. Once in the Settings screen click on "Recommended actions" and then
select "Quarantine".
6. Under "Reports"
* Select "Automatically generate report after every scan"
* Un-Select "Only if threats were found"

* Select the "Scanner" icon at the top and then the "Scan" tab
then click on "Complete System Scan".
* ewido(AVG) will now begin the scanning process, be patient this may take a little
time.
Once the scan is complete do the following:
* If you have any infections you will prompted, then select "Apply all
actions"
* Next select the "Reports" icon at the top.
* Select the "Save report as" button in the lower left hand of the
screen and save it to a text file on your computer somewhere so you can find it. Please post the saved AVG log in next reply.

shelf life

Attached is the log from the AVG anti spyware.

I had to delete hundreds of duplicate messages:

HKLM\SOFTWARE\Classes\CLSID\{FF477E96-3AEA-042A-F3F3-EC30EE10E70D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).

The text file was to big to send.

Still having same issue after using AVG Amti-spyware.

Thanks

hi edge1334,

thanks for the info, i have pasted the AVG report for easier viewing:


AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:00:49 PM 3/22/2007

+ Scan result:



C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP522\A0102627.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\My Documents\My Downloads\kazaa_setup.exe -> Adware.Altnet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP522\A0101596.exe -> Adware.Altnet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP522\A0102624.exe -> Adware.Altnet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP522\A0102644.exe -> Adware.Altnet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP522\A0102654.exe -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned with backup (quarantined).
C:\Program Files\SpongeBob SquarePants Obstacle Odyssey\bfgt_silent_en.exe/nickarcade.dll -> Adware.BHO : Cleaned with backup (quarantined).

HKLM\SOFTWARE\Classes\CLSID\{FF477E96-3AEA-042A-F3F3-EC30EE10E70D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{FF731508-CD28-E0B0-3E85-0CF55FDE9FBA} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{FF8D1BCC-E9D5-0E11-8C8A-9E40FE12BD0D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{FFCDF546-F480-31CB-7C6B-5F25BAA47B24} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP522\A0102619.exe -> Adware.P2PNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP522\A0102622.exe -> Adware.P2PNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP522\A0102652.exe -> Adware.P2PNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP522\A0101163.dll -> Adware.Viewpoint : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.


::Report end
--------------------------------
looks like avg cleaned up some stuff. lets try this for now: might have to do this first to show all files:

Windows XP

* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.
----------------------------

using explorer(right click on start>explore) drill down to these >>> you want to delete whats >inside< the folder, not the folder itself<<delete what you can.

C:\Windows\Temp\

C:\Documents and Settings\-Your Profile-\Local Settings\Temporary Internet Files\ (will dump all your cached internet content including cookies)

C:\Documents and Settings\-Your Profile-\Local Settings\Temp\

C:\Documents and Settings\-Any other users Profile-\Local Settings\Temporary Internet Files\

C:\Documents and Settings\-Any other users Profile-\Local Settings\Temp\

click start->settings->control panel->internet options->programs tab->RESET WEB SETTINGS
--------------------------------
start>run type in cmd (hit enter)

at the shell prompt type in ipconfig /flushdns (hit enter) there is a space after ipconfig.

shelf life

This seems to have taken care of the issue. I really appreciate your help.

hi edge1334,

good. glad to help.

good idea to make new clean retore points like this:

1. Turn off System Restore. (deletes old possibly infected restore point)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.(new restore points on a clean system)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK, then reboot

How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;310405

for your reference:

Prevention-or How Can I Help Myself? (http://security-central.us/SafeHex/prevention.htm)


shelf life