Popup help(RESOLVED)

Pyromaniac · #1 (**permalink**) 16-05-2008, 12:46 AM

Recently my computer starting having popup issues only when an IE is open. I have run multiple scans, Norton, Ewido, Adaware, Spydoctor, etc. and nothing has shown up. As of right now the popups only display a "cannot be displayed" page. Also, even after I exit out of IE, it is still sometimes open in the task manager. Help please. Here is my Hijack list. Even right now you can see that there are two IE programs running but I only actually have one open.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:45:06 PM, on 5/15/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\DigitalPersona\Bin\DPWinLct.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe
C:\Program Files\ATI\Catalyst Media Center\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\GEEK SQUAD UPS\ppped.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.ex e
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\G15\Plugin\LCDSirReal.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
C:\Program Files\ATI\Catalyst Media Center\CMCService.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\GEEK SQUAD UPS\pppeuser.exe
C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\Tyler\Desktop\WCAT.EXE
C:\Program Files\Trillian\trillian.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Downloads\MRI\SPYWARE\TREND MICRO\HIJACKTHIS\HIJACKTHIS V2.0.2.EXE

O2 - BHO: {03bc4e25-4771-4bb9-28d4-b1c9a910bc5d} - {d5cb019a-9c1b-4d82-9bb4-177452e4cb30} - C:\WINDOWS\System32\odiqahsd.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DPAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
O4 - HKLM\..\Run: [CMCService] "C:\Program Files\ATI\Catalyst Media Center\CMCService.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [00f7b4bb] rundll32.exe "C:\WINDOWS\System32\cbdqwdyo.dll",b
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.24\AsRunHelp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BM03c48727] Rundll32.exe "C:\WINDOWS\System32\lxrnppit.dll",s
O4 - HKCU\..\Run: [PowerPanel Personal Edition User Interaction] "C:\Program Files\GEEK SQUAD UPS\pppeuser.exe"
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [WatchCat] C:\Documents and Settings\Tyler\Desktop\WCAT.EXE
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/tech...bs/tgctlsr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1207946365562
O20 - Winlogon Notify: DPWLN - C:\WINDOWS\System32\DPWLEvHd.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\ATI\Catalyst Media Center\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.ex e
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\b2new.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: GEEK SQUAD POWER MANAGEMENT Service (ppped) - Unknown owner - C:\Program Files\GEEK SQUAD UPS\ppped.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsAuxs.exe (file missing)
O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsSvc.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 10642 bytes

Neal · #2 (**permalink**) 16-05-2008, 09:29 PM

Welcome,

We must disable Spy Sweeper for it may interfere with our fix

To disable SpySweeper:

Right click on the SpySweeper icon in your System Tray (near the clock).
From the pop up menu, left click on Shields, this will open the program at the same time.
- Under the Internet Explorer Tab, uncheck all boxes (if already checked).
- Under the Windows System Tab, uncheck the following shields (if already checked):
  - Memory Shield
  - Spy Installation Shield
- Under the Startup Programs Tab, uncheck the Startup Shield box (if already checked).
- Under the Browser Add-ons Tab, uncheck the Browser Helper Object box (if already checked).

Note: Remember to re-enable these shields once we have completed our work.

Download SDFIX and save it to your Desktop.

Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

In Safe Mode, right click the SDFix.zip folder and choose Extract All,
Open the extracted folder and double click RunThis.bat to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log

Please download and install SUPERAntiSpyware Trial Pro Edition http://www.superantispyware.com/superantispyware.html

* Load SUPERAntiSpyware and click the Check for Updates button.
* Once the update has finished, exit SUPERAntiSpyware. Please do NOT run a scan yet!

IMPORTANT: Do NOT open any other windows or programs while SUPERAntiSpyware is scanning, it may interfere with the scanning process.

* Open SUPERAntiSpyware and click the Scan your Computer button.
* Check Perform Complete Scan and then click Next.
* SUPERAntiSpyware will now scan your computer and when it’s finished it will list all the infections it has found.
* Make sure that they all have a check next to them, and then click Next.
* Click Finish and you will be taken back to the main interface.
* It could be possible that it will ask you to reboot your computer in order to delete some files after reboot.
* I'll need a log afterwards of what has been found.
* To get the log, click Preferences and then click the Statistics/Logs tab. Click the dated log and press View Log and a text file will appear.
* Please post the results of the SUPERAntiSpyware log in your next reply.

I need:

1. SDFix log
2. Super anti-spyware scan log
3. New hijackthis log

Use two posts if you have to, to get it all in.

Pyromaniac · #3 (**permalink**) 18-05-2008, 03:53 AM

New Hijackthis Log file

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:51:55 PM, on 5/17/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\DigitalPersona\Bin\DPWinLct.exe
C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe
C:\Program Files\ATI\Catalyst Media Center\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\GEEK SQUAD UPS\ppped.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.ex e
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
C:\Program Files\ATI\Catalyst Media Center\CMCService.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Logitech\G-series Software\G15\Plugin\LCDSirReal.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\GEEK SQUAD UPS\pppeuser.exe
C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\Tyler\Desktop\WCAT.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Downloads\MRI\SPYWARE\TREND MICRO\HIJACKTHIS\HIJACKTHIS V2.0.2.EXE

O2 - BHO: {03bc4e25-4771-4bb9-28d4-b1c9a910bc5d} - {d5cb019a-9c1b-4d82-9bb4-177452e4cb30} - C:\WINDOWS\System32\odiqahsd.dll (file missing)
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DPAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
O4 - HKLM\..\Run: [CMCService] "C:\Program Files\ATI\Catalyst Media Center\CMCService.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.24\AsRunHelp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [PowerPanel Personal Edition User Interaction] "C:\Program Files\GEEK SQUAD UPS\pppeuser.exe"
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [WatchCat] C:\Documents and Settings\Tyler\Desktop\WCAT.EXE
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/tech...bs/tgctlsr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1207946365562
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: DPWLN - C:\WINDOWS\System32\DPWLEvHd.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\ATI\Catalyst Media Center\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.ex e
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: GEEK SQUAD POWER MANAGEMENT Service (ppped) - Unknown owner - C:\Program Files\GEEK SQUAD UPS\ppped.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsAuxs.exe (file missing)
O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsSvc.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10365 bytes

SUPERAntiSpyware Scan Log

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/17/2008 at 07:14 PM

Application Version : 4.0.1154

Core Rules Database Version : 3463
Trace Rules Database Version: 1454

Scan type : Complete Scan
Total Scan Time : 00:12:07

Memory items scanned : 466
Memory threats detected : 1
Registry items scanned : 5601
Registry threats detected : 1
File items scanned : 15238
File threats detected : 126

Trojan.Downloader-NewJuan/VM
C:\WINDOWS\SYSTEM32\ODIQAHSD.DLL
C:\WINDOWS\SYSTEM32\ODIQAHSD.DLL

Adware.Vundo Variant
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks#{C7BBC1FA-E415-4926-9A47-9AB58D0B3BC8}

Adware.Tracking Cookie
C:\Documents and Settings\Tyler\Cookies\tyler@ads.funadvice[1].txt
C:\Documents and Settings\Tyler\Cookies\tyler@serving-sys[2].txt
C:\Documents and Settings\Tyler\Cookies\tyler@apmebf[1].txt
C:\Documents and Settings\Tyler\Cookies\tyler@image.masterstats[1].txt
C:\Documents and Settings\Tyler\Cookies\tyler@sales.liveperson[2].txt
C:\Documents and Settings\Tyler\Cookies\tyler@ads.vlaze[2].txt
C:\Documents and Settings\Tyler\Cookies\tyler@ads.sun[2].txt
C:\Documents and Settings\Tyler\Cookies\tyler@collective-media[1].txt
C:\Documents and Settings\Tyler\Cookies\tyler@rotator.adjuggler[1].txt
C:\Documents and Settings\Tyler\Cookies\tyler@atwola[1].txt
C:\Documents and Settings\Tyler\Cookies\tyler@44153975[2].txt
C:\Documents and Settings\Tyler\Cookies\tyler@eyewonder[1].txt
C:\Documents and Settings\Tyler\Cookies\tyler@media6degrees[2].txt
C:\Documents and Settings\Tyler\Cookies\tyler@tacoda[1].txt
C:\Documents and Settings\Tyler\Cookies\tyler@crackserialkeygen[2].txt
C:\Documents and Settings\Tyler\Cookies\tyler@ats[1].txt
C:\Documents and Settings\Tyler\Cookies\tyler@cgi-bin[2].txt
C:\Documents and Settings\Tyler\Cookies\tyler@ads.react2media[1].txt
C:\Documents and Settings\Tyler\Cookies\tyler@servedby.adxpower[1].txt
C:\Documents and Settings\Tyler\Cookies\tyler@ads.soft32[2].txt
C:\Documents and Settings\Tyler\Cookies\tyler@consumergain[2].txt
C:\Documents and Settings\Tyler\Cookies\tyler@tracking.dsmmadvantag e[1].txt
C:\Documents and Settings\Tyler\Cookies\tyler@mediaplex[1].txt
C:\Documents and Settings\Tyler\Cookies\tyler@myaccount.verizonwire less[1].txt
C:\Documents and Settings\Tyler\Cookies\tyler@server.iad.liveperson[1].txt
C:\Documents and Settings\Tyler\Cookies\tyler@www.click2translate[1].txt
C:\Documents and Settings\Tyler\Cookies\tyler@1051950887[1].txt
C:\Documents and Settings\Tyler\Cookies\tyler@ads.pointroll[2].txt
C:\Documents and Settings\Tyler\Cookies\tyler@cgi-bin[1].txt
C:\Documents and Settings\Tyler\Cookies\tyler@interclick[1].txt
C:\Documents and Settings\Tyler\Cookies\tyler@ads.belointeractive[1].txt
C:\Documents and Settings\Tyler\Cookies\tyler@1a3ca0b010[1].txt
C:\Documents and Settings\Tyler\Cookies\tyler@clicksor[2].txt
C:\Documents and Settings\Tyler\Cookies\tyler@ads.emedtv[2].txt
C:\Documents and Settings\Tyler\Cookies\tyler@adnetserver[1].txt
C:\Documents and Settings\Tyler\Cookies\tyler@server.cpmstar[2].txt
C:\Documents and Settings\Tyler\Cookies\tyler@xml.click9[2].txt
C:\Documents and Settings\Tyler\Cookies\tyler@fandango[2].txt
C:\Documents and Settings\Tyler\Cookies\tyler@advertpro[1].txt
C:\Documents and Settings\Tyler\Cookies\tyler@fastclick[2].txt
C:\Documents and Settings\Tyler\Cookies\tyler@nextag[1].txt
C:\Documents and Settings\Tyler\Cookies\tyler@ad[2].txt
C:\Documents and Settings\Tyler\Cookies\tyler@clicktorrent[1].txt
C:\Documents and Settings\Tyler\Cookies\tyler@track.bestbuy[1].txt
C:\Documents and Settings\Tyler\Cookies\tyler@anad.tacoda[2].txt
C:\Documents and Settings\Tyler\Cookies\tyler@bs.serving-sys[1].txt
C:\Documents and Settings\Tyler\Cookies\tyler@html[2].txt
C:\Documents and Settings\Tyler\Cookies\tyler@toplist[1].txt
C:\Documents and Settings\Tyler\Cookies\tyler@1058220004[1].txt
C:\Documents and Settings\Tyler\Cookies\tyler@partner.finditquick[1].txt
C:\Documents and Settings\Tyler\Cookies\tyler@ads.glispa[2].txt
C:\Documents and Settings\Tyler\Cookies\tyler@adportmedia[1].txt
C:\Documents and Settings\Tyler\Cookies\tyler@partner2profit[2].txt
C:\Documents and Settings\Tyler\Cookies\tyler@tagiq.clickforensics[1].txt
C:\Documents and Settings\Tyler\Cookies\tyler@atdmt[2].txt
C:\Documents and Settings\Tyler\Cookies\tyler@adserver[1].txt
C:\Documents and Settings\Tyler\Cookies\tyler@ads.gameforgeads[1].txt
C:\Documents and Settings\Tyler\Cookies\tyler@fallastarmedia[1].txt
C:\Documents and Settings\Tyler\Cookies\tyler@advertising[1].txt
C:\Documents and Settings\Tyler\Cookies\tyler@richmedia.yahoo[2].txt
C:\Documents and Settings\Tyler\Cookies\tyler@doubleclick[1].txt
C:\Documents and Settings\Tyler\Cookies\tyler@track.asus[1].txt
C:\Documents and Settings\Tyler\Cookies\tyler@login.tracking101[2].txt
C:\Documents and Settings\Tyler\Cookies\tyler@adopt.euroclick[2].txt
C:\Documents and Settings\Tyler\Cookies\tyler@ads.vr-zone[2].txt
C:\Documents and Settings\Tyler\Cookies\tyler@ads.joinaxxess[2].txt
C:\Documents and Settings\Tyler\Cookies\tyler@revsci[2].txt
C:\Documents and Settings\Tyler\Cookies\tyler@azjmp[1].txt
C:\Documents and Settings\Tyler\Cookies\tyler@gadget[2].txt
C:\Documents and Settings\Tyler\Cookies\tyler@eas.apm.emediate[2].txt
C:\Documents and Settings\Tyler\Cookies\tyler@adopt.specificclick[1].txt
C:\Documents and Settings\Tyler\Cookies\tyler@hornymatches[2].txt
C:\Documents and Settings\Tyler\Cookies\tyler@adultfriendfinder[2].txt
C:\Documents and Settings\Tyler\Cookies\tyler@tribalfusion[2].txt
C:\Documents and Settings\Tyler\Cookies\tyler@kontera[2].txt
C:\Documents and Settings\Tyler\Cookies\tyler@adlegend[1].txt
C:\Documents and Settings\Tyler\Cookies\tyler@trafficmp[2].txt
C:\Documents and Settings\Tyler\Cookies\tyler@tracking.vindicosuite[1].txt
C:\Documents and Settings\Tyler\Cookies\tyler@redirect.clickshield[1].txt
C:\Documents and Settings\Tyler\Cookies\tyler@adecn[1].txt
C:\Documents and Settings\Tyler\Cookies\tyler@2.go.globaladsales[1].txt
C:\Documents and Settings\Tyler\Cookies\tyler@downloadwarez[2].txt
C:\Documents and Settings\Tyler\Cookies\tyler@realmedia[1].txt
C:\Documents and Settings\Tyler\Cookies\tyler@windowsmedia[1].txt
C:\Documents and Settings\Tyler\Cookies\tyler@www.burstbeacon[2].txt
C:\Documents and Settings\Tyler\Cookies\tyler@ad1.clickhype[1].txt
C:\Documents and Settings\Tyler\Cookies\tyler@hotlog[1].txt
C:\Documents and Settings\Tyler\Cookies\tyler@40462137[1].txt
C:\Documents and Settings\Tyler\Cookies\tyler@adinterax[2].txt
C:\Documents and Settings\Tyler\Cookies\tyler@insightexpressai[1].txt
C:\Documents and Settings\Tyler\Cookies\tyler@questionmarket[1].txt
C:\Documents and Settings\Tyler\Cookies\tyler@cdn.atwola[1].txt
C:\Documents and Settings\Tyler\Cookies\tyler@warezreleases[2].txt
C:\Documents and Settings\Tyler\Cookies\tyler@ads.adbrite[1].txt
C:\Documents and Settings\Tyler\Cookies\tyler@ad.yieldmanager[2].txt
C:\Documents and Settings\Tyler\Cookies\tyler@casalemedia[2].txt
C:\Documents and Settings\Tyler\Cookies\tyler@statse.webtrendslive[2].txt
C:\Documents and Settings\Tyler\Cookies\tyler@ads[1].txt
C:\Documents and Settings\Tyler\Cookies\tyler@1056544282[1].txt
C:\Documents and Settings\Tyler\Cookies\tyler@adrevolver[3].txt
C:\Documents and Settings\Tyler\Cookies\tyler@www.couponmountain[1].txt
C:\Documents and Settings\Tyler\Cookies\tyler@ads.bleepingcomputer[1].txt
C:\Documents and Settings\Tyler\Cookies\tyler@bluestreak[2].txt
C:\Documents and Settings\Tyler\Cookies\tyler@www.downloadwarez[1].txt
C:\Documents and Settings\Tyler\Cookies\tyler@www.advertyz[2].txt
C:\Documents and Settings\Tyler\Cookies\tyler@findwhat[1].txt
C:\Documents and Settings\Tyler\Cookies\tyler@media.adrevolver[2].txt
C:\Documents and Settings\Tyler\Cookies\tyler@counter.hitslink[1].txt
C:\Documents and Settings\Tyler\Cookies\tyler@click-now[2].txt
C:\Documents and Settings\Tyler\Cookies\tyler@heavycom.122.2o7[1].txt
C:\Documents and Settings\Tyler\Cookies\tyler@www.pornsitejourney[1].txt
C:\Documents and Settings\Tyler\Cookies\tyler@specificclick[1].txt
C:\Documents and Settings\Tyler\Cookies\tyler@toseeka[1].txt
C:\Documents and Settings\Tyler\Cookies\tyler@adrevolver[2].txt
C:\Documents and Settings\Tyler\Cookies\tyler@clickbank[2].txt
C:\Documents and Settings\Tyler\Cookies\tyler@y.a1.interclick[1].txt
C:\Documents and Settings\Tyler\Cookies\tyler@adbrite[1].txt
C:\Documents and Settings\Tyler\Cookies\tyler@tribalfusion[1].txt
C:\Documents and Settings\Tyler\Cookies\tyler@accounts[2].txt
C:\Documents and Settings\Tyler\Cookies\tyler@AdDisplayTrackerServl et[1].txt

Trojan.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{25E9CC7D-2501-4C7A-9962-76BCE0D9C8B7}\RP4\A0000513.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{25E9CC7D-2501-4C7A-9962-76BCE0D9C8B7}\RP4\A0000514.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{25E9CC7D-2501-4C7A-9962-76BCE0D9C8B7}\RP4\A0000517.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{25E9CC7D-2501-4C7A-9962-76BCE0D9C8B7}\RP4\A0000518.EXE

Trace.Known Threat Sources
C:\Documents and Settings\Tyler\Local Settings\Temporary Internet Files\Content.IE5\THNZESUP\install_en[1].cab

SDfix log

SDFix: Version 1.183
Run by Tyler on Sat 05/17/2008 at 06:51 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\DOCUME~1\Tyler\Desktop\SDFix\SDFix

Checking Services :

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting

Checking Files :

No Trojan Files Found

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1359.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-17 18:55:41
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]

Remaining Files :

File Backups: - C:\DOCUME~1\Tyler\Desktop\SDFix\SDFix\backups\back ups.zip

Files with Hidden Attributes :

Thu 7 Dec 2006 3,096,576 A..H. --- "C:\Documents and Settings\Tyler\Application Data\U3\temp\Launchpad Removal.exe"

Finished!

Neal · #4 (**permalink**) 18-05-2008, 08:14 PM

Run hijackthis and click on "scan system only" button and put checks next to these:

O2 - BHO: {03bc4e25-4771-4bb9-28d4-b1c9a910bc5d} - {d5cb019a-9c1b-4d82-9bb4-177452e4cb30} - C:\WINDOWS\System32\odiqahsd.dll (file missing)

Please close ALL browser windows (including this one).

Everything closed out but hijackthis and click on "fix checked"

Reboot your PC

Update Java: Security Issue

* Go to Start > Control Panel double-click on the Software icon > add/remove programs.
* Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )

It should have next icon next to it:

Select it and click Remove.
* The current version can be downloaded from Sun here: http://java.sun.com/javase/downloads/index.jsp Scroll down the page to 'Java Runtime Environment (JRE) 6u6 and press the 'Download' button. On the new web page, click the 'Accept License Agreement' button. Then select 'Windows Offline Installation, Multi-language' in the Windows Platform area just below the Accept button.

What is happening now?

Pyromaniac · #5 (**permalink**) 19-05-2008, 09:20 AM

Everything seems to be working great now. No extra IE open and no more popups

thanks for the help, much better than having to format.

Neal · #6 (**permalink**) 19-05-2008, 03:05 PM

Great news.

If you are no longer having any more trouble here is some preventative measures for you.

Be sure to re-hide hidden files/folders if you were asked to unhide them

Here are some preventive measures you can take to keep your computer from getting infected again. Also keep SpybotS&D updated.

Read This First - IMPORTANT Instructions

Flush your restore points in ME and XP, by turning System Restore off and then back on.
This will create a fresh restore point.

Explained Here:
Windows XP: http://vil.nai.com/vil/SystemHelpDoc...ysRestore.aspx

Explained Here
Microsoft ME:
http://service1.symantec.com/SUPPORT...rc=sec_doc_nam

Please download ATF Cleaner by Atribune to desktop.
http://www.atribune.org/public-beta/ATF-Cleaner.exe

Double-click ATF-Cleaner.exe to run the program, to clean junk files off your PC.

If you would like to keep your cookies don't check that item

* Under Main "Select Files to Delete" choose: Select All.
* Click the Empty Selected button.
* If you use Firefox browser click Firefox at the top and choose: Select All
* Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
* If you use Opera browser click Opera at the top and choose: Select All
* Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

To reduce the re-infection potential for malware and protect yourself against spyware, here are a few helpful suggestions:

1. Keep Windows and Internet Explorer current with the latest critical security updates from Microsoft. This will patch many of the security holes through which attackers can gain access to your computer. You CANNOT complete this update using an alternate browser.
http://v5.windowsupdate.microsoft.co....aspx?ln=en-us

http://www.microsoft.com/windows/ie/default.asp

2. Run your antivirus software regularly, and to keep its definitions up-to-date. If you are thinking about switching, there are a some good free Antivirus programs that are decent, including AVG and Avast!.
AVG: http://free.grisoft.com/doc/1

Avast: http://www.avast.com/eng/avast_4_home.html

3. In addtion to using Ad-aware consider using another free malware scanning/removal program:
Windows Defender

http://www.microsoft.com/athome/secu...e/default.mspx

4. Consider using a free firewall if you are not already using one. Some good free ones are:
Kerio

Sunbelt

Comodo Personal Firewall:

Comodo

5. Consider using an alternate free browser for general web surfing but you must use IE for windows update.
Mozilla Firefox: www.mozilla.org/products/firefox/

6. Consider increasing your browser security by using these programs:
SpywareGuard will protect your homepage from being hijacked: http://www.javacoolsoftware.com/spywareguard.html
SpywareBlaster will increase browser protection by blocking Thousands of known malware sites by adding them to IE's restricted sites zone. Download it here:

http://www.javacoolsoftware.com/spywareblaster.html

If you use SpywareBlaster, you can also use a customblocklist to add even more entries into IE restricted sites zone. Go to this site for the current list and how to use instructions: http://customblockinglist.cjb.net/

IE-SPYAD is similar in that it adds thousands more known malware sites to IE's restricted zone. Download it here:
https://netfiles.uiuc.edu/ehowes/www/resource.htm

Block access to Untrustworthy Sites

You can prevent your computer from visiting a myriad of untrustworthy sites and ad-servers by installing a customised hosts file. One of the best available is the: MVPS Hosts File. Simply follow the instructions to install the file in the correct location. This will not only make surfing safer but will improve website load times and block popups from many of the large ad-servers.

*Remember just like your primary anti-virus software, it is important to keep all of these programs up-to-date and use them on a regular basis. It's Free

And also see TonyKlein's good advice
So how did I get infected in the first place? (My Favorite)