9 replies to this topic

[Tray456]

I have been having some weird stuff going on with my computer (music playing by itself-and no way to turn it off, pop ups, etc). I recently wiped my computer and had a new version of windows xp pro installed. I found a program called "adssite browser optimizer" and several other related programs. I removed the related programs but adssite browser optimizer was asking me for a confirmation code in order to remove the program? Im not sure where to go from here. Any help would be greatly appreciated.

[IndiGenus]

Hi Tray456 and welcome to the forums.

Read through the information in this link. It will tell you how to download HJT and post a log. It also has other information about how to do things here. Please read through the whole topic then go ahead and download, run, and post your HJT log here. Please do not start a new topic but reply here.

http://forums.whatth...ers_t34502.html

[Tray456]

Here is my log thank you so much for the help.
Also when i logged back on to this web site Mozilla kept trying to shut down....but only on this site.....weird.

Logfile of HijackThis v1.99.1
Scan saved at 9:23:34 PM, on 10/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dlbtcoms.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: ads_optimizer - {26E45419-7205-4fac-BBFE-174BC7337A79} - C:\WINDOWS\system32\nsp12D.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1191126057718
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: dlbt_device - - C:\WINDOWS\system32\dlbtcoms.exe

[IndiGenus]

Looks like you got at least some of it.

I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes.
Disable Spybot's TeaTimer. * Open Spybot Search & Destroy.
* In the Mode menu click "Advanced mode" if not already selected.
* Choose Yes at the Warning prompt.
* Expand the Tools menu.
* Click Resident.
* Uncheck the Resident "TeaTimer" (Protection of overall system settings) active. box.
* In the File menu click Exit to exit Spybot Search & Destroy.
Run HijackThis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:

O2 - BHO: ads_optimizer - {26E45419-7205-4fac-BBFE-174BC7337A79} - C:\WINDOWS\system32\nsp12D.dll

Then close all windows except this one and press Fix checked.

--------------------------------------------------------------------------------------------

Download the trial version of AVG Anti-Spyware from here and install it. When the program has been installed, and you click the Finish button, AVG Anti-Spyware will open.

If the program does not automatically update itself during installation, or you are unsure whether it has done so, please do the following:

• Click the Update icon at the top and under Manual Update click the Start update button.
• The program will either update or inform you that no update was available.
• It is essential that you get the update - keep trying until successful. (Note: If you have problems getting the update, you can download an installer for the full database from here (save it on your desktop). Once you have downloaded the installer, make sure that AVG Anti-Spyware is closed and then double-click on avgas-signatures-full-current.exe to install the database).

Please set up the program as follows:

• Click the Shield icon at the top and under Resident shield is... click active. This should now
  change to inactive.
• Click the Update icon and untick the automatic update option.
• Click on Scanner on the toolbar.
• Click on the Settings tab.
• Under How to act? - make sure that Quarantine is selected.
• Under How to scan? - All checkboxes should be ticked.
• Under Possibly unwanted software - All checkboxes should be ticked.
• Under Reports - Select Do not automatically generate reports.
• Under What to scan? - Select Scan every file.

Close all open windows.



Please download ATF Cleaner here by Atribune. This program is for XP and Windows 2000 only.
It does not require any installation and uses minimal system resources. It is set up to clean IE, FireFox and Opera, and detects the browsers you have and grays out the other(s).

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Recommend UNCHECKING COOKIES if you rely on system remembered passwords.
• Click the Empty Selected button.
  
  If you use Firefox browser
• Click Firefox at the top and choose: Select All EXCEPT FIREFOX SAVED PASSWORDS
• Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  
  If you use Opera browser
• Click Opera at the top and choose: Select All EXCEPT COOKIES AND SAVED PASSWORDS
• Click the Empty Selected button.
• NOTE: If you would like to keep your cookies and saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.


We Now Need To Boot Into Safemode Now

Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine,
amount of memory, hard drives installed etc (BOOT SCREEEN).
At this point you should gently tap the F8 key repeatedly until you are presented with a Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode.


Run AVG

• Click on Scanner on the toolbar.
• Click on Complete System Scan to start the scan process.
• Let the program scan your computer.
• When the scan has finished, follow the instructions below:
  • Make sure that Set all elements to: shows Quarantine
  • Important: Click on the Apply all Actions button This must done before saving the report
  • When the program has finished, it will display the message All actions have been applied.
  • Then click the Save Scan Report button.
  • Click the Save Report as button.
  • Save the report to your Desktop.
    
• Right-click the AVG Tray Icon and select Exit.
• Now copy the report back to this topic.

Restart into normal mode and post the AVG Log and a new HJT Log. Also how are things now

[Tray456]

I completed everything that you asked except i could not figure out how to empty old passwords under the Firefox browser section of your instructions. I am still geting pop ups and the adssite browser optimizer is still under add or remove programs.
Here are the logs you requested-and thank you again for all of you help : )

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:24:32 AM 10/12/2007

+ Scan result:



:mozilla.127:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.260:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.268:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.276:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.37:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.38:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.39:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.98:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.357:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.358:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.49:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.50:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.51:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.62:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.504:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.505:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.86:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.112:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.56:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.21:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.553:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.516:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.508:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.Live : Cleaned.
:mozilla.509:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.Live : Cleaned.
:mozilla.510:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.Live : Cleaned.
:mozilla.520:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.521:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.296:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.297:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.298:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.564:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.63:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.64:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.65:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.66:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.67:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.68:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.69:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.70:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.71:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.323:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.324:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.327:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.328:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.329:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.335:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.336:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.337:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.338:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.339:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.340:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.341:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.342:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.460:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.147:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.148:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.343:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.344:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.345:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.346:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.347:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.99:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.497:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.360:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.361:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.362:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.363:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.472:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.372:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.385:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.92:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.498:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.452:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.453:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.454:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.455:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.456:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.457:C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\ufb6ytij.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end

Logfile of HijackThis v1.99.1
Scan saved at 12:34:33 AM, on 10/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\WINDOWS\system32\dlbtcoms.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1191126057718
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: dlbt_device - - C:\WINDOWS\system32\dlbtcoms.exe

[IndiGenus]

Hi, No problem on the passwords. When you go to remove the Adssite Browser Optimizer under Add/Remove Programs I know it asks for a code. Isn't the code displayed right in the window that pops up asking that?

[Tray456]

Cool I got rid of it and my computer seems to be running great-no more pop-ups or mysterious shutting down of the internet. Thank you so much for all of your help. You rock Should I leave all of the software you had me install on my computer alone-or is it safe to delete it all? Thanks again

[IndiGenus]

Great, glad things are running better. You can delete HJT, but you may want to keep AVG AS and ATFCleaner. I use those a couple of times a month for regular scans and cleanup. But there are other options too.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: (You will lose all previous restore points which may be infected anyway).

Click Start>Help and Support>Undo changes to your computer with System Restore
Select Create A Restore Point then click Next. Give it a name it and then click Create

Click Start>Run and type Cleanmgr
Click the More Options Tab.
Click Clean Up in the System Restore section.

In addition to updating and using what you currently have you may want to consider the following:

Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. Here are some free and evalutation versions that provide
better security than the Windows Firewall.Sunbelt Personal Firewall
Outpost Firewall
For a tutorial on Firewalls and a listing of some other available ones see the link below:
Understanding and Using Firewalls

Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly or set your computer to receive automatic updates. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware

Install SpywareGuard - SpywareGuard provides a real-time protection solution against spyware that is a great addition to SpywareBlaster's protection method.
A tutorial on installing & using this product can be found here:
Using SpywareGuard to protect your computer from Spyware and Malware

Use IESpy-Ad -
IESpy-Ad will block access to malicious websites so you cannot be redirected to them from an infected site or email. Instructions for set up and use can be found at the website.

Update all of your Anti-Malware programs regularly - Make sure you update all the programs I have listed and the ones you are currently running regularly. Without regular updates you Will Not be protected when new malicious programs are released.

Here is a great link to a post here on securing your PC after an attack.

http://forums.tomcoy...mp;#entry257163

[Tray456]

Thank you so much for all of your help. This has been by far the best experience I have ever had with an online technical service site. You guys rock

[IndiGenus]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.