[Osiris]

remove these entries

O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - WorldWinner Cash Competitions

O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab

O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - WorldWinner Cash Competitions

O17 - HKLM\System\CCS\Services\Tcpip\..\{8029D8D4-92DF-4A85-A55A-952B26BA748A}: NameServer = 85.255.116.154,85.255.112.155

O17 - HKLM\System\CCS\Services\Tcpip\..\{C2AD366A-FF95-4A03-BD93-95071B565D8E}: NameServer = 85.255.116.154,85.255.112.155

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.154 85.255.112.155

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.154 85.255.112.155

O17 - HKLM\System\CS2\Services\Tcpip\..\{10BC5EED-56FD-4497-84A0-C6D88D8975FA}: NameServer = 85.255.116.154,85.255.112.155

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.154 85.255.112.155



then post a new log

[Norcent]

Logfile of HijackThis v1.99.1
Scan saved at 8:47:50 PM, on 10/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Sign In
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

[Osiris]

much better, are you still getting popups/redirects, etc?

[Norcent]

yeah can you still help?

[Norcent]

bump bump

[Norcent]

bump bump

[Osiris]

did you disable system restore yet? If not, do so, download Ewido, update it, then reboot into safemode and run Ewido, once finished, reboot and log back in and see if you still get those popups.

[Norcent]

Thank you so much. That fixed that message from coming up. How do I get rid of searching in google and it sending me to the wrong sites? Also I can't update Adware se pro and I have a feeling its a virus, or spyware or something along those lines.

[Osiris]

Does Adaware give you an error message? try reinstalling it. I thought I said to disable system restore earlier but it must have been another user. Is this FF or IE that is redirecting you?

[Norcent]

Yeah adaware is giving me an error message when I want to update it. Both browsers redirect me.