[iuboy2006]

Hi,
I noticed pop-ups started popping up almost every couple of minutes on my computer. I noticed in the task manager that there are usually three iexplorer.exe tasks open at all times. I have tried several anti-virus and anti-spyware programs and nothing seems to get rid of it. I just took a log with hijack this...... can anyone help?

Thanks so much!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:10:32 PM, on 3/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtTry.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Microsoft Outlook\OFFICE11\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\UpdDlg.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://companyweb/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [MVS Splash] "C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe"
O4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyagtTry.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [MATH DOES FIRST MODE] C:\Documents and Settings\All Users\Application Data\live 64 math does\amen tray.exe
O4 - HKCU\..\Run: [Roadsite] C:\DOCUME~1\ron\APPLIC~1\UPLOAD~1\surf mpeg stop.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Uniblue RegistryBooster2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Wallpaper.lnk = C:\Wallpaper\Bginfo.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://companyweb
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} (Scanner.SysScanner) - http://i.dell.com/images/global/js/s...SYSSCANNER.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {40C83AF8-FEA7-4A6A-A470-431EE84A0886} (SecureObjectFactory Class) - http://vs.mcafeeasap.com/MC/ENU/VS40...0504175614.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://bl108fd.blu108.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - http://upload.facebook.com/controls/...oUploader2.cab
O16 - DPF: {5C86F808-EDD2-4E5D-9C4F-E0D1ADA859AF} (Web Conferencing) - http://server.mymeetingcentral.com/join_a.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1149363255347
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft Terminal Services Client Control (redist)) - http://safari-fs/tsweb/msrdp.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_inst...syInstallX.CAB
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://ere.webex.com/client/T25L10N...nt/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = safari.local
O17 - HKLM\Software\..\Telephony: DomainName = safari.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = safari.local
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: EngineServer - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
O23 - Service: McShield - McAfee, Inc. - C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
O23 - Service: McAfee Virus and Spyware Protection Service (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS. exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 9346 bytes

[KanoakaVirus]

You only need 1 anti virus and spyware program other wise they may conflict, do you have a firewall? one that can block both inbound and outgoing? if not i can find the link for comodo a very good free firewall. Also what spyware do you have ? i had an ongoing pop up for 3 months that spybot s&d sorted out.

[iuboy2006]

Well, this is my work computer. We have McAfee. I downloaded and tried spybot search & destroy, avg spyware, avg anti-virus, registry blocker, and a few others I can't remember. Nothing every comes up when I scanned the PC with them, it always says all clean.This has been going on for several months now.

[Hybr!d]

Kanoakavirus.

Let me make this clear.

We have a professional malware removal procedure here at CJ.

If you do not have the desire to follow it then stay out of these threads.

Thanks.

[KanoakaVirus]

Ok.

[evilfantasy]

Download NoLop to your desktop from one of the links below...

• Link 1
• Link 2

• Close any programs you have running since a reboot is required
• Double click NoLop.exe to run it
• Next, click the button labeled: Search and Destroy
  • Your computer will now be scanned for infected files
• When the scan finishes, if infected, you are prompted to reboot
• Click OK
• Now click: REBOOT
• A Message should popup from NoLop. If not, double click the program again and it will finish.
• Post the contents of C:\NoLop.log in the next reply.

Note: If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program.

----------

You have Viewpoint installed.

Viewpoint Media Player/Manager/Toolbar is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". See Viewpoint to Plunge Into Adware

It is suggested to remove the program now.
Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.

• Viewpoint
• Viewpoint Manager
• Viewpoint Media Player
• Viewpoint Toolbar
• Viewpoint Experience Technology

If you have trouble removing Viewpoint, I suggest that you use ViewpointKiller

Once you have downloaded ViewpointKiller, unzip it to a convenient location such as your desktop.
Run ViewpointKiller, and select File > Do All Killings
Follow the prompts, selecting Yes or No, depending on which selection you are most comfortable with.

----------

Rename Hijackthis and run a new scan then post that log as well.

• Go to C:\Program Files\Trend Micro\HijackThis.exe
• Right click on HijackThis.exe and select Rename.
• Type in sniper.exe and press Enter.
• Right-click on sniper.exe and select Send To > Desktop (create shortcut)

Although we have renamed Hijackthis to sniper, we will still refer to it as Hijackthis or HJT.

----------

Next post please add
No Lop log
New Hijackthis log

[iuboy2006]

NoLop Log:

NoLop! Log by Skate_Punk_21
Fix running from: C:\Documents and Settings\ron\Desktop
[3/25/2008]
[2:21:40 PM]
---Infection Files Found/Removed---
C:\WINDOWS\tasks\8862BA9A82712A82.job
Beginning Removal...
Rebooting...
Removing Lop's Leftover Files/Folders...
Editing Registry...
**Fix Complete!**
---Listing AppData sub directories---
C:\Documents and Settings\Administrator\Application Data\Identities
C:\Documents and Settings\Administrator\Application Data\Microsoft
C:\Documents and Settings\Administrator\Application Data\Sun
C:\Documents and Settings\Administrator.safari\Application Data\Adobe
C:\Documents and Settings\Administrator.safari\Application Data\Adobeaum
C:\Documents and Settings\Administrator.safari\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Administrator.safari\Application Data\Identities
C:\Documents and Settings\Administrator.safari\Application Data\Interact Commerce
C:\Documents and Settings\Administrator.safari\Application Data\Microsoft
C:\Documents and Settings\Administrator.safari\Application Data\Sun
C:\Documents and Settings\All Users\Application Data\Acronis
C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Aol
C:\Documents and Settings\All Users\Application Data\Aol Downloads
C:\Documents and Settings\All Users\Application Data\Aol Ocp
C:\Documents and Settings\All Users\Application Data\Avg7 -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Brother
C:\Documents and Settings\All Users\Application Data\Common Files
C:\Documents and Settings\All Users\Application Data\Google
C:\Documents and Settings\All Users\Application Data\Grisoft
C:\Documents and Settings\All Users\Application Data\Installshield
C:\Documents and Settings\All Users\Application Data\Intuit
C:\Documents and Settings\All Users\Application Data\Lavasoft
C:\Documents and Settings\All Users\Application Data\Live 64 Math Does
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Mumbojumbo
C:\Documents and Settings\All Users\Application Data\Protexis
C:\Documents and Settings\All Users\Application Data\Sandlot Games
C:\Documents and Settings\All Users\Application Data\Sbsi
C:\Documents and Settings\All Users\Application Data\Simply Super Software
C:\Documents and Settings\All Users\Application Data\Temp -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Trymedia
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\All Users\Application Data\Yahoo!
C:\Documents and Settings\Allison\Application Data\3m
C:\Documents and Settings\Allison\Application Data\Adobe
C:\Documents and Settings\Allison\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Allison\Application Data\Coffeecup Software
C:\Documents and Settings\Allison\Application Data\Cyberlink
C:\Documents and Settings\Allison\Application Data\Globalscape
C:\Documents and Settings\Allison\Application Data\Google
C:\Documents and Settings\Allison\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Allison\Application Data\Identities
C:\Documents and Settings\Allison\Application Data\Installshield Installation Information
C:\Documents and Settings\Allison\Application Data\Interact Commerce
C:\Documents and Settings\Allison\Application Data\Intuit
C:\Documents and Settings\Allison\Application Data\Ipswitch
C:\Documents and Settings\Allison\Application Data\Leadertech
C:\Documents and Settings\Allison\Application Data\Macromedia
C:\Documents and Settings\Allison\Application Data\Microsoft
C:\Documents and Settings\Allison\Application Data\Mozilla
C:\Documents and Settings\Allison\Application Data\Smartftp
C:\Documents and Settings\Allison\Application Data\Snapfish
C:\Documents and Settings\Allison\Application Data\Sonic
C:\Documents and Settings\Allison\Application Data\Sun
C:\Documents and Settings\Allison\Application Data\Symantec -- EMPTY Directory
C:\Documents and Settings\Allison\Application Data\Upload Frag -- EMPTY Directory
C:\Documents and Settings\Allison\Application Data\Webex
C:\Documents and Settings\Allison\Application Data\Yahoo!
C:\Documents and Settings\Allison\Application Data\{d4914e09-364e-480a-835b-91f1f8c21e8c}
C:\Documents and Settings\Application Data\Application Data\Microsoft
C:\Documents and Settings\Dana\Application Data\3m
C:\Documents and Settings\Dana\Application Data\Identities
C:\Documents and Settings\Dana\Application Data\Microsoft
C:\Documents and Settings\Dana\Application Data\Sun
C:\Documents and Settings\Default User\Application Data\Identities
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Default User\Application Data\Sun
C:\Documents and Settings\Heather\Application Data\Identities
C:\Documents and Settings\Heather\Application Data\Macromedia
C:\Documents and Settings\Heather\Application Data\Microsoft
C:\Documents and Settings\Heather\Application Data\Sun
C:\Documents and Settings\Heather\Application Data\Webex
C:\Documents and Settings\Kellie\Application Data\Identities
C:\Documents and Settings\Kellie\Application Data\Interact Commerce
C:\Documents and Settings\Kellie\Application Data\Macromedia
C:\Documents and Settings\Kellie\Application Data\Microsoft
C:\Documents and Settings\Kellie\Application Data\Sun
C:\Documents and Settings\Localservice\Application Data\Avg7 -- EMPTY Directory
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Mcafeemvsuser\Application Data\Identities
C:\Documents and Settings\Mcafeemvsuser\Application Data\Microsoft
C:\Documents and Settings\Mcafeemvsuser\Application Data\Sun
C:\Documents and Settings\Mcafeemvsuser.ssxp01\Application Data\Identities
C:\Documents and Settings\Mcafeemvsuser.ssxp01\Application Data\Microsoft
C:\Documents and Settings\Mcafeemvsuser.ssxp01\Application Data\Sun
C:\Documents and Settings\Mcafeemvsuser.ssxp01.000\Application Data\Identities
C:\Documents and Settings\Mcafeemvsuser.ssxp01.000\Application Data\Microsoft
C:\Documents and Settings\Mcafeemvsuser.ssxp01.000\Application Data\Sun
C:\Documents and Settings\Meredith\Application Data\Identities
C:\Documents and Settings\Meredith\Application Data\Microsoft
C:\Documents and Settings\Meredith\Application Data\Sonic
C:\Documents and Settings\Meredith\Application Data\Sun
C:\Documents and Settings\Networkservice\Application Data\Microsoft
C:\Documents and Settings\Ron\Application Data\3m
C:\Documents and Settings\Ron\Application Data\7wonders
C:\Documents and Settings\Ron\Application Data\Acccore
C:\Documents and Settings\Ron\Application Data\Adobe
C:\Documents and Settings\Ron\Application Data\Adobeaum
C:\Documents and Settings\Ron\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Ron\Application Data\Aim
C:\Documents and Settings\Ron\Application Data\Avg7
C:\Documents and Settings\Ron\Application Data\Bittorrent
C:\Documents and Settings\Ron\Application Data\Cyberlink
C:\Documents and Settings\Ron\Application Data\Dna
C:\Documents and Settings\Ron\Application Data\Gamelab
C:\Documents and Settings\Ron\Application Data\Google
C:\Documents and Settings\Ron\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Ron\Application Data\Identities
C:\Documents and Settings\Ron\Application Data\Interact Commerce
C:\Documents and Settings\Ron\Application Data\Intuit
C:\Documents and Settings\Ron\Application Data\Ipswitch
C:\Documents and Settings\Ron\Application Data\Leadertech
C:\Documents and Settings\Ron\Application Data\Limewire
C:\Documents and Settings\Ron\Application Data\Macromedia
C:\Documents and Settings\Ron\Application Data\Math Funk Bash -- EMPTY Directory
C:\Documents and Settings\Ron\Application Data\Microsoft
C:\Documents and Settings\Ron\Application Data\Mozilla
C:\Documents and Settings\Ron\Application Data\Playfirst
C:\Documents and Settings\Ron\Application Data\Simply Super Software -- EMPTY Directory
C:\Documents and Settings\Ron\Application Data\Snapfish
C:\Documents and Settings\Ron\Application Data\Sonic
C:\Documents and Settings\Ron\Application Data\Stickies
C:\Documents and Settings\Ron\Application Data\Sun
C:\Documents and Settings\Ron\Application Data\Symantec -- EMPTY Directory
C:\Documents and Settings\Ron\Application Data\Trojanhunter
C:\Documents and Settings\Ron\Application Data\Uniblue
C:\Documents and Settings\Ron\Application Data\Upload Frag
C:\Documents and Settings\Ron\Application Data\Viewpoint
C:\Documents and Settings\Ron\Application Data\Winrar -- EMPTY Directory
C:\Documents and Settings\Ron\Application Data\Yahoo!
C:\Documents and Settings\Ron.old\Application Data\Acccore
C:\Documents and Settings\Ron.old\Application Data\Adobe
C:\Documents and Settings\Ron.old\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Ron.old\Application Data\Google
C:\Documents and Settings\Ron.old\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Ron.old\Application Data\Identities
C:\Documents and Settings\Ron.old\Application Data\Interact Commerce
C:\Documents and Settings\Ron.old\Application Data\Macromedia
C:\Documents and Settings\Ron.old\Application Data\Microsoft
C:\Documents and Settings\Ron.old\Application Data\Myspace
C:\Documents and Settings\Ron.old\Application Data\Sun
C:\Documents and Settings\Shelli\Application Data\Adobe
C:\Documents and Settings\Shelli\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Shelli\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Shelli\Application Data\Identities
C:\Documents and Settings\Shelli\Application Data\Interact Commerce
C:\Documents and Settings\Shelli\Application Data\Leadertech
C:\Documents and Settings\Shelli\Application Data\Macromedia
C:\Documents and Settings\Shelli\Application Data\Microsoft
C:\Documents and Settings\Shelli\Application Data\Sonic
C:\Documents and Settings\Shelli\Application Data\Sun
C:\Documents and Settings\Stephanie\Application Data\Adobe
C:\Documents and Settings\Stephanie\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Stephanie\Application Data\Google
C:\Documents and Settings\Stephanie\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Stephanie\Application Data\Identities
C:\Documents and Settings\Stephanie\Application Data\Interact Commerce
C:\Documents and Settings\Stephanie\Application Data\Leadertech
C:\Documents and Settings\Stephanie\Application Data\Macromedia
C:\Documents and Settings\Stephanie\Application Data\Microsoft
C:\Documents and Settings\Stephanie\Application Data\Sonic
C:\Documents and Settings\Stephanie\Application Data\Sun
C:\Documents and Settings\Susan\Application Data\3m
C:\Documents and Settings\Susan\Application Data\Identities
C:\Documents and Settings\Susan\Application Data\Microsoft
C:\Documents and Settings\Susan\Application Data\Sun
C:\Documents and Settings\Xrbs\Application Data\Adobe
C:\Documents and Settings\Xrbs\Application Data\Google -- EMPTY Directory
C:\Documents and Settings\Xrbs\Application Data\Identities
C:\Documents and Settings\Xrbs\Application Data\Macromedia
C:\Documents and Settings\Xrbs\Application Data\Microsoft
C:\Documents and Settings\Xrbs\Application Data\Sun
C:\Documents and Settings\__sbs_netsetup__\Application Data\Identities
C:\Documents and Settings\__sbs_netsetup__\Application Data\Microsoft
C:\Documents and Settings\__sbs_netsetup__\Application Data\Sun

New HiJackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:00:16 PM, on 3/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtTry.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
\Up-3\c$\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [MVS Splash] "C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe"
O4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyagtTry.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [MATH DOES FIRST MODE] C:\Documents and Settings\All Users\Application Data\live 64 math does\amen tray.exe
O4 - HKCU\..\Run: [Roadsite] C:\DOCUME~1\ron\APPLIC~1\UPLOAD~1\surf mpeg stop.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Uniblue RegistryBooster2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Wallpaper.lnk = C:\Wallpaper\Bginfo.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://companyweb
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} (Scanner.SysScanner) - http://i.dell.com/images/global/js/s...SYSSCANNER.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {40C83AF8-FEA7-4A6A-A470-431EE84A0886} (SecureObjectFactory Class) - http://vs.mcafeeasap.com/MC/ENU/VS40...0504175614.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://bl108fd.blu108.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - http://upload.facebook.com/controls/...oUploader2.cab
O16 - DPF: {5C86F808-EDD2-4E5D-9C4F-E0D1ADA859AF} (Web Conferencing) - http://server.mymeetingcentral.com/join_a.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1149363255347
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft Terminal Services Client Control (redist)) - http://safari-fs/tsweb/msrdp.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_inst...syInstallX.CAB
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://ere.webex.com/client/T25L10N...nt/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = safari.local
O17 - HKLM\Software\..\Telephony: DomainName = safari.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = safari.local
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: EngineServer - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
O23 - Service: McShield - McAfee, Inc. - C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
O23 - Service: McAfee Virus and Spyware Protection Service (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS. exe
--
End of file - 8722 bytes

I noticed that iexploree.exe is only popping up once on the task manager now and I haven't had any pop-ups yet.

[evilfantasy]

Looking better, but still more left to do.

Create An Uninstall List

• Start HijackThis
• Click on the Open the Misc Tools section
• Click on the Open Uninstall Manager button.
• Click on the Save list button and specify where you would like to save this file and click Save.
  • When you press Save button a notepad will open with the contents of that file.
• Copy and paste that list in your reply.

[iuboy2006]

Sorry, yesterday at work got busy. I wasn't able to do this step or reply back. When I logged onto my computer the pop-ups were back today. Below is the unistall list.

ACT!
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player ActiveX
Adobe Reader 7.0.8
Adobe Shockwave Player
Adobe® Photoshop® Album Starter Edition 3.0
AIM 6
ATI - Software Uninstall Utility
ATI Display Driver
Barracuda Networks Outlook Plugin 0.9d
Broadcom Advanced Control Suite
Brother MFL-Pro Suite
ClearType Tuning Control Panel Applet
Compatibility Pack for the 2007 Office system
e/pop Web Conferencing Client
Google Earth
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Intel(R) Graphics Media Accelerator Driver
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
McAfee Virus and Spyware Protection Service
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Outlook 2003
Microsoft Office Small Business Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (2.0.0.12)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
PowerDVD 5.5
QuickBooks Pro 2007
QuickBooks Product Listing Service
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
Shadow Copy Client
Sonic Copy Module
Sonic DLA
Sonic Express Labeler
Sonic RecordNow Audio
Sonic RecordNow Data
Sonic Update Manager
SoundMAX
SupportSoft Assisted Service
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
WebEx
Windows Defender
Windows Defender Signatures
Windows Imaging Component
Windows Internet Explorer 7
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
WinRAR archiver

[evilfantasy]

Go to My Computer->Tools->Folder Options->View tab:

• Under the Hidden files and folders heading:
• Select Show hidden files and folders.
• Uncheck Hide protected operating system files (recommended) option.
• Also, make sure there is no checkmark beside Hide file extensions for known file types.
• Click OK

----------

Go to add/remove programs and uninstall the following:

• Java(TM) 6 Update 2
• Java(TM) 6 Update 3

----------

Open Hijackthis and select Do a system scan only.

Place a check mark next to the following entries: (if there)

• O4 - HKLM\..\Run: [MATH DOES FIRST MODE] C:\Documents and Settings\All Users\Application Data\live 64 math does\amen tray.exe
• O4 - HKCU\..\Run: [Roadsite] C:\DOCUME~1\ron\APPLIC~1\UPLOAD~1\surf mpeg stop.exe

Important: Close all windows except for Hijackthis and then click Fix checked.

Exit Hijackthis.

----------

Now double click My Computer from the desktop and locate these folders and delete the entire folder.

C:\Documents and Settings\All Users\Application Data\live 64 math does

C:\Documents and Settings\ron\Application Data\UPLOAD~1

TheUPLOAD~1 is abbreviated for something but it will begin with Upload.

----------

Please download Combofix by sUBs from one of the below links.
(Try all three if necessary)

• Link #1
• Link #2
• Link #3

Important! Combofix.exe MUST be saved to and ran from the Desktop.

• Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting Combofix.
• Important! Temporarily disable your antivirus, script blocking and any antispyware real time protection before performing a scan.
  • Click this link to see a list of security programs that should be disabled and how to disable them.
  • If yours is not listed and you don't know how to disable it, please ask.
• Warning: Combofix disconnects your computer from the internet. The connection is automatically restored before Combofix completes its run.
• Double click combofix.exe & follow the prompts.
  • From the keyboard select 1 and press Enter
• When finished, it will produce a log for you.
• Post that log in your next reply.

Warning: Do not mouseclick combofix's window while it is running. That may cause it to stall

• If Combofix runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your computer.
• Important: Remember to re-enable your antivirus and antispyware before reconnecting to the Internet.

----------

Next post please add
Combofix log

Also let me know how things are now.