Message Edited by zbestwun2001 on 12-05-2005 11:22 AM

1. Install ewido security suite
2. When installing the program, under "Additional Options" uncheck...
   • Install background guard
   • Install scan via context menu
3. Launch ewido, there should now be an icon on your desktop, double-click it.
4. The program will now open to the main screen.
5. When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
6. You will need to update ewido to the latest definition files:
   • On the left hand side of the main screen click update.
   • Then click on Start Update.
7. The update will start and a progress bar will show the updates being installed.
8. (the status bar at the bottom will display "Update successful")
9. Close Ewido Security SuiteIf you are having problems with the updater, you can use this link to manually update ewido.
10. Ewido manual updates
    
    Once the updates are installed, do the following:
    1. Reboot computer into "Safe Mode" using the "F8" method...
       • As soon as the BIOS is loaded begin tapping the F8 key until the Boot Menu appears
       • Use the arrow keys to select the Safe Mode menu item
    2. Once in Safe Mode start Ewido Security Suite
    3. Click on scanner. (Note: Do not start any programs or open any windows while Ewido is scanning)
    4. Click on Complete System Scan, the scan will now begin.
    5. While the scan is in progress you will be prompted to clean files, click OK.
    6. When it asks if you want to clean the first file, put a checkmark in the lower left corner of the box that says "Perform action on all infections", then choose clean and click OK.
    7. Once the scan has completed, there will be a button located at the bottom of the screen named Save Report.
    8. Click Save Report.
    9. Now save the report .txt file to your desktop.
    10. Close Ewido Security Suite
    11. 
        
        Steve

Thanks Steve.  I downloaded spyaxefix.exe and, believe that I followed your instructions as to running it.  I have posted below the fresh HJT log.  In the process I, although SpyAxe appears to be eliminated, I picked up a virus identified as iworm_attack v122.02a.  Len Shri

Logfile of HijackThis v1.99.1
Scan saved at 10:17:51 PM, on 12/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\mssearchnet.exe
C:\WINDOWS\system32\nvctrl.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/nwshp?hl=en&tab=wn&q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/nwshp?hl=en&tab=wn&q=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AT&T Worldnet Service
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: HomepageBHO - {3e9b951e-6f72-431b-82cf-4a9fbf2f53bc} - C:\WINDOWS\system32\hp7B69.tmp
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Lyric Bar - {9AD83196-4AF7-4f08-8C6F-B763DB67F2D9} - C:\PROGRA~1\RARELY~1\Toolbar\lyricbar.dll (file missing)
O3 - Toolbar: (no name) - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file)
O3 - Toolbar: Zango Toolbar - {EA0D26BD-9029-431A-86E0-83152D67828A} - C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll (file missing)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Outlook Mail Services] express.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file)
O9 - Extra 'Tools' menuitem: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Lyric Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\PROGRA~1\RARELY~1\Toolbar\lyricbar.dll (file missing)
O9 - Extra 'Tools' menuitem: Lyric Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\PROGRA~1\RARELY~1\Toolbar\lyricbar.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c10.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe

Thanks again.  Took about half hour to run Ewido, but you see a lot of viruses were found.  I do use Adaware and Spybot regularly, in addition to the McAfee virus scan and dell products loaded in the windows bundle.  Anyway, here's the report from Ewido, and once again, a very sincere thank you.  By the way, part of the delay is that Dell is not permitting me to post this message as "the message body contains the following prohibited content "Secks."  You must remove this content before submitting your post."  Apparently my son visits a lot of sites with the word "secks" in the address.  I'm trying to delete the "x" so that you can still make sense of the log.                LenShri

 ewido security suite - Scan report
---------------------------------------------------------

 + Created on:   11:38:32 PM, 12/5/2005
 + Report-Checksum:  14F5CEF4

 + Scan result:

 HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
 HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} -> Spyware.Locators : Cleaned with backup
 HKU\S-1-5-21-834303486-3126972647-3701894167-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A26ABCF0-1C8F-46E7-A67C-0489DC21B9CC} -> Spyware.Locators : Cleaned with backup
 C:\Documents and Settings\Adam\Cookies\adam@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
 C:\Documents and Settings\Adam\Cookies\adam@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
 C:\Documents and Settings\Adam\Cookies\adam@adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
 C:\Documents and Settings\Adam\Cookies\adam@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
 C:\Documents and Settings\Adam\Cookies\adam@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
 C:\Documents and Settings\Adam\Cookies\adam@as-us.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
 C:\Documents and Settings\Adam\Cookies\adam@atdmt[1].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
 C:\Documents and Settings\Adam\Cookies\adam@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
 C:\Documents and Settings\Adam\Cookies\adam@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
 C:\Documents and Settings\Adam\Cookies\adam@citi.bridgetrack[1].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
 C:\Documents and Settings\Adam\Cookies\adam@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
 C:\Documents and Settings\Adam\Cookies\adam@counter4.setracker[2].txt -> Spyware.Cookie.Setracker : Cleaned with backup
 C:\Documents and Settings\Adam\Cookies\adam@counter6.setracker[1].txt -> Spyware.Cookie.Setracker : Cleaned with backup
 C:\Documents and Settings\Adam\Cookies\adam@counter9.setracker[1].txt -> Spyware.Cookie.Setracker : Cleaned with backup
 C:\Documents and Settings\Adam\Cookies\adam@cs.secounter[2].txt -> Spyware.Cookie.Secounter : Cleaned with backup
 C:\Documents and Settings\Adam\Cookies\adam@cz7.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
 C:\Documents and Settings\Adam\Cookies\adam@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
 C:\Documents and Settings\Adam\Cookies\adam@edfinancial.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
 C:\Documents and Settings\Adam\Cookies\adam@edge.ru4[1].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
 C:\Documents and Settings\Adam\Cookies\adam@ehg-comcast.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
 C:\Documents and Settings\Adam\Cookies\adam@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
 C:\Documents and Settings\Adam\Cookies\adam@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
 C:\Documents and Settings\Adam\Cookies\adam@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
 C:\Documents and Settings\Adam\Cookies\adam@paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
 C:\Documents and Settings\Adam\Cookies\adam@popunder.paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
 C:\Documents and Settings\Adam\Cookies\adam@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
 C:\Documents and Settings\Adam\Cookies\adam@rotator.adjuggler[2].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
 C:\Documents and Settings\Adam\Cookies\adam@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
 C:\Documents and Settings\Adam\Cookies\adam@selist[1].txt -> Spyware.Cookie.Selist : Cleaned with backup
 C:\Documents and Settings\Adam\Cookies\adam@setracker[2].txt -> Spyware.Cookie.Setracker : Cleaned with backup
 C:\Documents and Settings\Adam\Cookies\adam@statcounter[2].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
 C:\Documents and Settings\Adam\Cookies\adam@tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
 C:\Documents and Settings\Adam\Cookies\adam@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
 C:\Documents and Settings\Adam\Cookies\adam@valueclick[2].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
 C:\Documents and Settings\Adam\Cookies\adam@www.burstbeacon[2].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
 C:\Documents and Settings\Adam\Cookies\adam@www.burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
 C:\Documents and Settings\Adam\Cookies\adam@xxxcounter[1].txt -> Spyware.Cookie.Xxxcounter : Cleaned with backup
 C:\Documents and Settings\Adam\Cookies\adam@yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
 C:\Documents and Settings\Adam\Cookies\adam@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
 C:\Documents and Settings\Adam\Local Settings\Application Data\Wildtangent\Cdacache\00\00\07.dat/files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
 C:\Documents and Settings\Adam\Local Settings\Temp\Cookies\adam@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
 C:\Documents and Settings\Adam\Local Settings\Temp\Cookies\adam@ads.euniverseads[1].txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
 C:\Documents and Settings\Adam\Local Settings\Temp\sahagent.exe -> Adware.SAHA : Cleaned with backup
 :mozilla.7:C:\Documents and Settings\Constance\Application Data\Mozilla\Firefox\Profiles\g0v6fos1.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
 C:\Documents and Settings\Constance\Cookies\constance@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
 C:\Documents and Settings\Constance\Cookies\constance@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
 C:\Documents and Settings\Constance\Cookies\constance@e-2dj6wjkochdjalo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
 C:\Documents and Settings\Constance\Cookies\constance@www.burstbeacon[1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
 :mozilla.13:C:\Documents and Settings\Ellie\Application Data\Mozilla\Firefox\Profiles\e7oeprsw.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
 :mozilla.14:C:\Documents and Settings\Ellie\Application Data\Mozilla\Firefox\Profiles\e7oeprsw.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
 :mozilla.15:C:\Documents and Settings\Ellie\Application Data\Mozilla\Firefox\Profiles\e7oeprsw.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
 :mozilla.16:C:\Documents and Settings\Ellie\Application Data\Mozilla\Firefox\Profiles\e7oeprsw.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
 C:\Documents and Settings\Ellie\Cookies\ellie@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
 C:\Documents and Settings\Ellie\Cookies\ellie@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
 C:\Documents and Settings\Ellie\Cookies\ellie@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
 C:\Documents and Settings\Ellie\Cookies\ellie@cnn.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
 C:\Documents and Settings\Ellie\Cookies\ellie@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
 C:\Documents and Settings\Ellie\Cookies\ellie@e-2dj6wfliqoazcbo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
 C:\Documents and Settings\Ellie\Cookies\ellie@e-2dj6wflyuodpeho.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
 C:\Documents and Settings\Ellie\Cookies\ellie@rotator.adjuggler[2].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
 C:\Documents and Settings\Ellie\Local Settings\Temporary Internet Files\Content.IE5\1WS7LPG5\mm[1].js -> Spyware.Chitika : Cleaned with backup
 C:\Documents and Settings\Lenny\Cookies\lenny@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
 C:\Documents and Settings\Lenny\Local Settings\Temp\apjdbmmd.exe -> Trojan.Dialer.ay : Cleaned with backup
 C:\Documents and Settings\Lenny\Local Settings\Temporary Internet Files\Content.IE5\Q5SZUPYT\gdnUS2218[1].exe -> Downloader.Small.ayl : Cleaned with backup
 C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug : Cleaned with backup
 C:\Program Files\InetGet2\CP.GH2.exe -> Trojan.Crypt.t : Cleaned with backup
 :mozilla.9:C:\Program Files\support.com\backup\Co\cookies.txt\1034_551c210aa_/cookies.txt -> Spyware.Cookie.Statcounter : Error during cleaning
 :mozilla.13:C:\Program Files\support.com\backup\Co\cookies.txt\1049_5fc0ea3cc_/cookies.txt -> Spyware.Cookie.Doubleclick : Error during cleaning
 :mozilla.14:C:\Program Files\support.com\backup\Co\cookies.txt\1049_5fc0ea3cc_/cookies.txt -> Spyware.Cookie.Mediaplex : Error during cleaning
 :mozilla.15:C:\Program Files\support.com\backup\Co\cookies.txt\1049_5fc0ea3cc_/cookies.txt -> Spyware.Cookie.Bluestreak : Error during cleaning
 :mozilla.16:C:\Program Files\support.com\backup\Co\cookies.txt\1049_5fc0ea3cc_/cookies.txt -> Spyware.Cookie.Atdmt : Error during cleaning
 :mozilla.18:C:\Program Files\support.com\backup\Co\cookies.txt\10801_5a39e0988_/cookies.txt -> Spyware.Cookie.Atdmt : Error during cleaning
 :mozilla.44:C:\Program Files\support.com\backup\Co\cookies.txt\10801_5a39e0988_/cookies.txt -> Spyware.Cookie.Mediaplex : Error during cleaning
 :mozilla.49:C:\Program Files\support.com\backup\Co\cookies.txt\10801_5a39e0988_/cookies.txt -> Spyware.Cookie.Valueclick : Error during cleaning
 :mozilla.50:C:\Program Files\support.com\backup\Co\cookies.txt\10801_5a39e0988_/cookies.txt -> Spyware.Cookie.Valueclick : Error during cleaning
 :mozilla.53:C:\Program Files\support.com\backup\Co\cookies.txt\10801_5a39e0988_/cookies.txt -> Spyware.Cookie.Onestat : Error during cleaning
 :mozilla.54:C:\Program Files\support.com\backup\Co\cookies.txt\10801_5a39e0988_/cookies.txt ->

Steve, my family reports no virus activity today.  Attached is the log from HJT, thanks:

Steve, thanks once again.  I hope I followed your instructions carefully.  I scanned with HJT (after not finding viewpoint manager with the Process Manager function) and then fixed the items which we found.  I then searched my files and found C:\Program Files\Viewpoint, and deleted it, with two files in it, Viewpoint Experience Technology and Viewpoint Media Player (they are now in my recycle bin).  One result is that when I click on Internet Explorer, the home page says about:blank.  By going to my favorites I can access either google or yahoo.  After I hear from you I assume I will be able to reset a home page.  Here's the latest HJT log:

• Download and run CleanUp and clean up all the junk we have left.
  
  
• Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
• You can find instructions on how to enable and re enable system restore here:
  Managing Windows Millennium System Restore
  or
  Windows XP System Restore Guide
  re-enable system restore with instructions from tutorial above
  
  
• Make your Internet Explorer more secure - This can be done by following these simple instructions:
• From within Internet Explorer click on the Tools menu and then click on Options.
• Click once on the Security tab
• Click once on the Internet icon so it becomes highlighted.
• Click once on the Custom Level button.
• 1. 
     This is my normal post for when you are clear - which you now are - or seem to be. Please advise of any problems you still have :-
     
     Here are some last minute instructions.
     
     
  2. Download and run CleanUp and clean up all the junk we have left.
     
     
  3. Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
  4. You can find instructions on how to enable and re enable system restore here:
     Managing Windows Millennium System Restore
     or
     Windows XP System Restore Guide
     re-enable system restore with instructions from tutorial above
     
     
  5. Make your Internet Explorer more secure - This can be done by following these simple instructions:
  6. From within Internet Explorer click on the Tools menu and then click on Options.
  7. Click once on the Security tab
  8. Click once on the Internet icon so it becomes highlighted.
  9. Click once on the Custom Level button.
  10. 1. 
         
      2. Change the Download signed ActiveX controls to Prompt
      3. Change the Download unsigned ActiveX controls to Disable
      4. Change the Initialise and script ActiveX controls not marked as safe to Disable
      5. Change the Installation of desktop items to Prompt
      6. Change the Launching programs and files in an IFRAME to Prompt
      7. Change the Navigate sub-frames across different domains to Prompt
      8. When all these settings have been made, click on the OK button.
      9. If it prompts you as to whether or not you want to save the settings, press the Yes button.
• Next press the Apply button and then the OK to exit the Internet Properties page.
• 
  Use an Anti Virus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. See this link for a listing of some on line & their stand-alone anti virus programs:
• Computer Safety On line - Anti-Virus
  
  
• Update your Anti Virus Software - It is imperitive that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.
• 
  
• Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For an article on Firewalls and a listing of some available ones see the link below:
• Computer Safety On line - Software Firewalls
  
  
• Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
• 
  
• Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option.
• This will provide real-time spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an anti virus software. A tutorial on installing & using this product can be found here:
  Instructions for - Spybot S & D and Ad-aware
  
  
• Install Ad-Aware - Install and download Ad-Aware. You should also scan your computer with the program on a regular basis just as you would an anti virus software in conjunction with Spybot. A tutorial on installing & using this product can be found here:
• Instructions for - Spybot S & D and Ad-aware
  
  
• Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A article on anti-malware products with links for this program and others can be found here:
• Computer Safety on line - Anti-Malware
  
  
• Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
• Follow this list and your potential for being infected again will reduce dramatically.
  
  Steve