deleting internet explorer?

[christopher]

about to attempt safemode, be back whenever!

[christopher]

---------------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

+ Created at: 8:31:27 PM 3/8/2007

+ Scan result:

C:\System Volume Information\_restore{0768B94C-A9C5-4980-AAC7-F2FA66E33BB8}\RP1156\A0073226.dll -> Adware.Virtumonde : Ignored.

C:\VundoFix Backups\wvuspmm.dll.bad -> Adware.Virtumonde : Ignored.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq43FF.tmp -> TrackingCookie.247realmedia : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq38CF.tmp -> TrackingCookie.2o7 : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4699.tmp -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\christopher\Cookies\christopher@aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.

C:\Documents and Settings\christopher\Cookies\christopher@grouplotto.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3917.tmp -> TrackingCookie.Adserver : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3D9D.tmp -> TrackingCookie.Adserver : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppqF.tmp -> TrackingCookie.Adtech : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq38D7.tmp -> TrackingCookie.Advertising : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3905.tmp -> TrackingCookie.Advertising : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4400.tmp -> TrackingCookie.Advertising : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq440F.tmp -> TrackingCookie.Advertising : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq38D8.tmp -> TrackingCookie.Atdmt : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3D9C.tmp -> TrackingCookie.Atdmt : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq38DA.tmp -> TrackingCookie.Bfast : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5FD9.tmp -> TrackingCookie.Bfast : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq38DC.tmp -> TrackingCookie.Bluestreak : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4402.tmp -> TrackingCookie.Bluestreak : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq38E2.tmp -> TrackingCookie.Bridgetrack : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq55DC.tmp -> TrackingCookie.Bridgetrack : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq38DF.tmp -> TrackingCookie.Burstnet : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq469A.tmp -> TrackingCookie.Burstnet : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq38E0.tmp -> TrackingCookie.Casalemedia : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq469B.tmp -> TrackingCookie.Casalemedia : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq38E1.tmp -> TrackingCookie.Centrport : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq55DB.tmp -> TrackingCookie.Centrport : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5FDB.tmp -> TrackingCookie.Cj : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4D15.tmp -> TrackingCookie.Clickbank : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1C2.tmp -> TrackingCookie.Clickzs : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq38E7.tmp -> TrackingCookie.Clickzs : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq38E4.tmp -> TrackingCookie.Com : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4404.tmp -> TrackingCookie.Com : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq38E5.tmp -> TrackingCookie.Comclick : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4B7A.tmp -> TrackingCookie.Commission-junction : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5FDC.tmp -> TrackingCookie.Commission-junction : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq38E8.tmp -> TrackingCookie.Coremetrics : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq46C1.tmp -> TrackingCookie.Coremetrics : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5FDA.tmp -> TrackingCookie.Counted : Cleaned.

C:\Documents and Settings\christopher\Cookies\christopher@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.

C:\Documents and Settings\christopher\Cookies\christopher@cpvfeed[3].txt -> TrackingCookie.Cpvfeed : Cleaned.

C:\Documents and Settings\christopher\Cookies\christopher@cpvfeed[4].txt -> TrackingCookie.Cpvfeed : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1A17.tmp -> TrackingCookie.Dealtime : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq469C.tmp -> TrackingCookie.Dealtime : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq38EB.tmp -> TrackingCookie.Doubleclick : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq46C2.tmp -> TrackingCookie.Doubleclick : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq38EF.tmp -> TrackingCookie.Falkag : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4406.tmp -> TrackingCookie.Falkag : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq46C0.tmp -> TrackingCookie.Falkag : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4B78.tmp -> TrackingCookie.Falkag : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq38F0.tmp -> TrackingCookie.Fastclick : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq469D.tmp -> TrackingCookie.Fastclick : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq38F1.tmp -> TrackingCookie.Fortunecity : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq46D0.tmp -> TrackingCookie.Fortunecity : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq13.tmp -> TrackingCookie.Hitbox : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1A18.tmp -> TrackingCookie.Hitbox : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3.tmp -> TrackingCookie.Hitbox : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq38ED.tmp -> TrackingCookie.Hitbox : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq38F2.tmp -> TrackingCookie.Hitbox : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq38F3.tmp -> TrackingCookie.Hitbox : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq38F4.tmp -> TrackingCookie.Hitbox : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq38F5.tmp -> TrackingCookie.Hitbox : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq38F6.tmp -> TrackingCookie.Hitbox : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq38F7.tmp -> TrackingCookie.Hitbox : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4.tmp -> TrackingCookie.Hitbox : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4405.tmp -> TrackingCookie.Hitbox : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4407.tmp -> TrackingCookie.Hitbox : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4408.tmp -> TrackingCookie.Hitbox : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4409.tmp -> TrackingCookie.Hitbox : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq46C3.tmp -> TrackingCookie.Hitbox : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4B7C.tmp -> TrackingCookie.Hitbox : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4D16.tmp -> TrackingCookie.Hitbox : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5.tmp -> TrackingCookie.Hitbox : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq507F.tmp -> TrackingCookie.Hitbox : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq38F8.tmp -> TrackingCookie.Hitslink : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq45F3.tmp -> TrackingCookie.Hitslink : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4B7E.tmp -> TrackingCookie.Hitslink : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6B34.tmp -> TrackingCookie.Hotlog : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq38F9.tmp -> TrackingCookie.Internetfuel : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq46C4.tmp -> TrackingCookie.Internetfuel : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq15.tmp -> TrackingCookie.Linksynergy : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq38FC.tmp -> TrackingCookie.Mediaplex : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq46D1.tmp -> TrackingCookie.Mediaplex : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4B83.tmp -> TrackingCookie.Ne : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4B81.tmp -> TrackingCookie.Onestat : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq55DD.tmp -> TrackingCookie.Onestat : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3900.tmp -> TrackingCookie.Paycounter : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq440B.tmp -> TrackingCookie.Paycounter : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq38E6.tmp -> TrackingCookie.Pro-market : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4B7F.tmp -> TrackingCookie.Qksrv : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4DED.tmp -> TrackingCookie.Qksrv : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3902.tmp -> TrackingCookie.Questionmarket : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq440C.tmp -> TrackingCookie.Questionmarket : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3903.tmp -> TrackingCookie.Realmedia : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq440D.tmp -> TrackingCookie.Realmedia : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq440E.tmp -> TrackingCookie.Realtracker : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4D18.tmp -> TrackingCookie.Realtracker : Cleaned.

:mozilla.64:C:\Documents and Settings\christopher\Application Data\Mozilla\Firefox\Profiles\c1y7hqer.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.

:mozilla.65:C:\Documents and Settings\christopher\Application Data\Mozilla\Firefox\Profiles\c1y7hqer.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.

:mozilla.66:C:\Documents and Settings\christopher\Application Data\Mozilla\Firefox\Profiles\c1y7hqer.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.

:mozilla.67:C:\Documents and Settings\christopher\Application Data\Mozilla\Firefox\Profiles\c1y7hqer.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.

:mozilla.68:C:\Documents and Settings\christopher\Application Data\Mozilla\Firefox\Profiles\c1y7hqer.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.

:mozilla.69:C:\Documents and Settings\christopher\Application Data\Mozilla\Firefox\Profiles\c1y7hqer.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3904.tmp -> TrackingCookie.Revenue : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5FDD.tmp -> TrackingCookie.Revenue : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq38EC.tmp -> TrackingCookie.Ru4 : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4B7B.tmp -> TrackingCookie.Ru4 : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq38DE.tmp -> TrackingCookie.Serving-sys : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3906.tmp -> TrackingCookie.Serving-sys : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4403.tmp -> TrackingCookie.Serving-sys : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4B80.tmp -> TrackingCookie.Serving-sys : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1C4.tmp -> TrackingCookie.Sexlist : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq46D2.tmp -> TrackingCookie.Sexlist : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1C5.tmp -> TrackingCookie.Sextracker : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3907.tmp -> TrackingCookie.Sextracker : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3908.tmp -> TrackingCookie.Sextracker : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3909.tmp -> TrackingCookie.Sextracker : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4410.tmp -> TrackingCookie.Sextracker : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4411.tmp -> TrackingCookie.Sextracker : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq45F4.tmp -> TrackingCookie.Sextracker : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq45F5.tmp -> TrackingCookie.Sextracker : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq46C7.tmp -> TrackingCookie.Sextracker : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8.tmp -> TrackingCookie.Sextracker : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4412.tmp -> TrackingCookie.Spylog : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq390C.tmp -> TrackingCookie.Statcounter : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4B82.tmp -> TrackingCookie.Statcounter : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq19.tmp -> TrackingCookie.Tacoda : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq557A.tmp -> TrackingCookie.Tacoda : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq390D.tmp -> TrackingCookie.Targetnet : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4413.tmp -> TrackingCookie.Targetnet : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq390E.tmp -> TrackingCookie.Tradedoubler : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq469F.tmp -> TrackingCookie.Tradedoubler : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq390F.tmp -> TrackingCookie.Trafficmp : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq46A0.tmp -> TrackingCookie.Trafficmp : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1A19.tmp -> TrackingCookie.Tribalfusion : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3910.tmp -> TrackingCookie.Tribalfusion : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq46A1.tmp -> TrackingCookie.Tribalfusion : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6B36.tmp -> TrackingCookie.Valuead : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3912.tmp -> TrackingCookie.Valueclick : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3913.tmp -> TrackingCookie.Valueclick : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4414.tmp -> TrackingCookie.Valueclick : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3914.tmp -> TrackingCookie.Webtrendslive : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4DEE.tmp -> TrackingCookie.Webtrendslive : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5577.tmp -> TrackingCookie.Yieldmanager : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6F.tmp -> TrackingCookie.Yieldmanager : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3918.tmp -> TrackingCookie.Zedo : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq46C8.tmp -> TrackingCookie.Zedo : Cleaned.

::Report end

sextracker is my fav!

Logfile of HijackThis v1.99.1

Scan saved at 8:39:31 PM, on 3/8/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\ezSP_Px.exe

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\TGTSoft\StyleXP\StyleXP.exe

C:\Program Files\AIM95\aim.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe

C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\christopher\Desktop\c\scan.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [sTYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe

O11 - Options group: [iNTERNATIONAL] International*

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1161395254515

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1161395242343

O20 - Winlogon Notify: winhoo32 - winhoo32.dll (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

O23 - Service: VAIO Media Music Server (Application) (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (Application) (file missing)

O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)

O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

O23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe

O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)

O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe

[jeff.sadowski]

What is VundoFix.exe?

What licence is it under?

how can we be guaranteed that it is safe to use and not hijacked itself?

Using linux for so long has made me weary of software licenses and conferming that the file I download has the credentials it is suppose to.

(I acctually like MS's plan to confirm the place that produced the software)

[christopher]

What is VundoFix.exe?

What licence is it under?

how can we be guaranteed that it is safe to use and not hijacked itself?

Using linux for so long has made me weary of software licenses and conferming that the file I download has the credentials it is suppose to.

(I acctually like MS's plan to confirm the place that produced the software)

vundofix worked well for me, i haven't seen any bad side effects yet. it searches through bad .dll's and points them out for you to delete. i was skeptical at first but i did a little research. haven't found malicious talk about it yet and other people seem to have no problems either.

it def. helped my IE problem, no popups from IE and usually i get them in spurts every 4 hours or so.

still have a firefox prob that just came to life since after i created this thread.

[coltm4carbine]

Go to add/remove program and remove:

• McAfee personal firewall
  

Although I do suggest you keep the firewall...

...Apart from that...

Clean! Congratulations.

Let's reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion.

• * Click Start.
  * Open My Computer.
  * Select the Tools menu and click Folder Options.
  * Select the View tab.
  * Under the Hidden files and folders heading UNSELECT Show hidden files and folders.
  * CHECK the Hide protected operating system files (recommended) option.
  * Click Yes to confirm.
  * Click OK.
  

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

1. Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
   
2. AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
   
3. SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
   
4. SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
   
5. IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
   
6. CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
   
7. Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
   
8. Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
   
9. Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
   

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein

====================

What is VundoFix.exe?

Vundofix is a tool that finds vundo and removes it.

What licence is it under?

Freeware...

how can we be guaranteed that it is safe to use and not hijacked itself?

Because of this tool the creator was awarded the Microsoft MVP for windows security... It's used all over the antispyware community...

It worked on the OP and the other people I've used it on...

Can you also remind me what the firefox problem? Although I may not be able to help I'm sure some of the brains on here will be able to help...

Edited March 9, 2007 by coltm4carbine

[christopher]

basically the same issue i had with IE.. but now it's firefox! ha! i thought nothing was supposed to happen to firefox!

[coltm4carbine]

Oh shoot, missed something (harmless though...so don't panic).

Open HJT and fix the following:

O20 - Winlogon Notify: winhoo32 - winhoo32.dll (file missing)

Show hidden files and delete (if it's still there - it should be gone anyway - just incase):

C:\WINDOWS\SYSTEM32\winhoo32.dll

Reboot.

I also suggest you remove all your versions of Java and install a new one here.

I have also noticed that you have both ad-aware personal and pro. You might want to remove one.

Also I think there's a newer version of adobe acrobat reader... (I am not sure, I use foxit)

I'll leave your firefox issue with the other people who knows a lot more about computers than me, but a suggestion. do you have an ad blocker? sounds like online adverts to me.

Edited March 9, 2007 by coltm4carbine

[jeff.sadowski]

basically the same issue i had with IE.. but now it's firefox! ha! i thought nothing was supposed to happen to firefox!

That is a common misconception on Firefox. Firefox also has some vulnerabilities. I hate all web browsers they all have issues.

just be careful about what you click on and things will work alright.

Actually it sounds as though something might be opening something using your default web browser. So no matter what you use you will have the issue until you disable that program. Do you have any file sharing programs? or downloaded warez apps this sounds like something like that.

Oh and by the way I had a friend show me that you can do windows updates with firefox so if you really wanted you could get rid of IE but I recommend against it because it should also be your file browser. I do everything from cmd with dir to list and cd to go to different folders call me weird but it helps when scripting. Just about everything I do is scriptable. You could install cyqwin and use lynx to browse but thats going too far for me. Ascii art (a command line method of displaying pictures using best fit algorithms to fit ascii characters together to make a picture) is missing too much of the pictures for me. Microsoft should have never developed a gui os for a server. If they wanted a gui they should have developed a php interface over ssl to the servers. I still feel servers should be headless. They just perpetuated bad program design.

[RJARRRPCGP]

It's not recommended to remove Internet Explorer as it is integrated into Windows. Simply disable the desktop shortcuts and basically "hide" it. Those nLite can remove it; it does not remove it properly and can cause many ill effects. Your best bet is to hide the shortcuts and if you have a irewall, you can simply disable Internet Explorers access to the Internet.

nLite usually does remove it properly and leaves some registry entries so that some applications won't refuse to continue.

But expect the following if you remove Internet Explorer:

1. Comodo Personal Firewall will fail. It probably fails with generic errors and is terminated.

2. You're not able to play the games at pogo.com. Because the games at pogo.com are known to fail to load with Firefox, you probably just get a white box.

-----------------------------------------------------------------------------------------------------------

Applications that possibly have problems with Internet Explorer removed:

Skype

AIM

Perfect Disk

O&O Defrag

.Net Framework

Any application that uses the .Net Framework

--------------------------------------------------------------------------------------------------------

There aren't many issues with Internet Explorer removed. Especially if you're a gamer.

I haven't came across any 3D game that fails because of Internet Explorer being removed!

Games are more likely to love you for removing Internet Explorer.

Edited March 21, 2007 by RJARRRPCGP

[Jeremy]

But expect the following if you remove Internet Explorer:

1. Comodo Personal Firewall will fail. It probably fails with generic errors and is terminated.

2. You're not able to play the games at pogo.com. Because the games at pogo.com are known to fail to load with Firefox, you probably just get a white box.

-----------------------------------------------------------------------------------------------------------

Applications that possibly have problems with Internet Explorer removed:

Skype

AIM

Perfect Disk

O&O Defrag

.Net Framework

Any application that uses the .Net Framework

I've removed IE and:

Comodo works fine. I don't play website games but I have played on shockwave.com which uses flash, no issues.

Skype works fine, so does PD, O&O and every .NET app I have used.

[RJARRRPCGP]

But expect the following if you remove Internet Explorer:

1. Comodo Personal Firewall will fail. It probably fails with generic errors and is terminated.

2. You're not able to play the games at pogo.com. Because the games at pogo.com are known to fail to load with Firefox, you probably just get a white box.

-----------------------------------------------------------------------------------------------------------

Applications that possibly have problems with Internet Explorer removed:

Skype

AIM

Perfect Disk

O&O Defrag

.Net Framework

Any application that uses the .Net Framework

I've removed IE and:

Comodo works fine. I don't play website games but I have played on shockwave.com which uses flash, no issues.

Skype works fine, so does PD, O&O and every .NET app I have used.

I mentioned Comodo Firewall, because when I tried to use it under Windows 2000 Pro with the FDV fileset, AFAIK, the Comodo Firewall installer didn't display any error messages and thus seemed to be fine, but after I rebooted, error messages popped up and Comodo Firewall was terminated.

Also, about the internet games, I talked about that, because I worked on a PC for someone that does use pogo.com and I decided to test it with Firefox and when I tested it with Firefox a while ago, gotten nothing but a box!

nLite, even with Internet Explorer stripped, has good compatibility, AFAIK. I rarely, if at all, see an application complain about Internet Explorer not being installed.

Edited March 24, 2007 by RJARRRPCGP