KForsythe

Thank you very much, it seems the problem is solved. Pop ups are gone, system runs smoother. I still wonder if there's slowdown though, but it's hard to gauge. Here is my log. I'm curious as to why I have 3 copies of svchost.exe running though. Logfile of HijackThis v1.99.1 Scan saved at 11:54:39 PM, on 22/01/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\sy

Logfile of HijackThis v1.99.1 Scan saved at 5:13:51 PM, on 21/01/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\AVGFRE~1\avgupsvc.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\SafeNet\SoftRemoteLT\IPSecMon.exe C:\PROGRA~1\AVGFRE~1\avgw.exe C:\WINDOWS\System32\nvsvc32.ex

L2MFIX find log 010406 These are the registry keys present ******************************************************************************** ** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\axxt32] "secureUID"="[18562223121373254711]" "secureTIME"="13:1" "DllName"=hex(2):61,00,78,00,78,00,74,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,\ 00,00 "Startup"="SeAllocate" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 "MaxWa

We'll see how it goes then. Thanks for spending so much time on this. I'll just add, that the slowdown due to being hijacked with spyware is ridiculous on this computer. It takes a minute and a half to load this page. log: L2MFIX find log 010406 These are the registry keys present ******************************************************************************** ** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\axxt32] "secureU

Won't be quick indeed. I attempted to run the scan as you stated, however, internet explorer is fried and will not run, and since the scan is not set up with any other browser, I could not run the scan. Having that failed, I downloaded the trial versions of kaspersky anti-hacker and kaspersky anti-virus. Both installed, but anti-hacker would not run. Anti-virus made a clean search. This system is quite fried. I was wondering if you had any other suggestions, because I'm all ready to reformat (next week).

Thanks very much. However, I am still getting popups. Here's the hijack log: Logfile of HijackThis v1.99.1 Scan saved at 3:12:41 PM, on 15/01/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\AVGFRE~1\avgupsvc.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\system32\rundll32.exe C

My sister was too lazy to protect her new computer, so approximately 3 months later, it was unsurprisingly heavily infected. Ad-aware was run 4 times until it was clean, as was AVG anti-virus. I was unable to install Spybot SD, but this may be because of the plethora of viri on her computer. Currently that problem is that approximately every 2 minutes an ad opens up in a new tab in Opera. The ad generally has this format: (www.site.com/normal/yyy65.html) for example: (http://www.browserbuy-out.com/normal/yyy65.html) This screams to me ActiveX problems. Of course, I've never learned how to fix