I will post log and info about this. Your scan on Ad-Aware SE Plus which i PAYED for doesn't detect this. I uninstalled bearshare and WhenUsave adware was probably bundled with it.

Logfile of HijackThis v1.99.1
Scan saved at 3:34:44 PM, on 5/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE
C:\program files\valve\steam\steam.exe
C:\Program Files\PerSono\perstray.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Victor\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE /s
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - Startup: LifeDrive™ Manager.lnk = C:\Program Files\palmOne\LifeDriveMgrTray.exe
O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Perstray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1113710506767
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15021/CTPID.cab
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

there is my log...


---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 4:20:17 PM, 5/4/2006
+ Report-Checksum: 9141D900

+ Scan result:

:mozilla.7:C:\Documents and Settings\Victor\Application Data\Mozilla\Firefox\Profiles\eug7msnx.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Victor\Application Data\Mozilla\Firefox\Profiles\eug7msnx.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Victor\Application Data\Mozilla\Firefox\Profiles\eug7msnx.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Victor\Application Data\Mozilla\Firefox\Profiles\eug7msnx.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Victor\Application Data\Mozilla\Firefox\Profiles\eug7msnx.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Victor\Application Data\Mozilla\Firefox\Profiles\eug7msnx.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Victor\Application Data\Mozilla\Firefox\Profiles\eug7msnx.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Victor\Application Data\Mozilla\Firefox\Profiles\eug7msnx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Victor\Application Data\Mozilla\Firefox\Profiles\eug7msnx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Victor\Application Data\Mozilla\Firefox\Profiles\eug7msnx.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Victor\Application Data\Mozilla\Firefox\Profiles\eug7msnx.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Victor\Application Data\Mozilla\Firefox\Profiles\eug7msnx.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Victor\Application Data\Mozilla\Firefox\Profiles\eug7msnx.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Victor\Application Data\Mozilla\Firefox\Profiles\eug7msnx.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Victor\Application Data\Mozilla\Firefox\Profiles\eug7msnx.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Victor\Application Data\Mozilla\Firefox\Profiles\eug7msnx.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Victor\Application Data\Mozilla\Firefox\Profiles\eug7msnx.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Victor\Application Data\Mozilla\Firefox\Profiles\eug7msnx.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Victor\Application Data\Mozilla\Firefox\Profiles\eug7msnx.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Victor\Application Data\Mozilla\Firefox\Profiles\eug7msnx.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Victor\Application Data\Mozilla\Firefox\Profiles\eug7msnx.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Victor\Application Data\Mozilla\Firefox\Profiles\eug7msnx.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Victor\Application Data\Mozilla\Firefox\Profiles\eug7msnx.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Victor\Application Data\Mozilla\Firefox\Profiles\eug7msnx.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Victor\Application Data\Mozilla\Firefox\Profiles\eug7msnx.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Victor\Application Data\Mozilla\Firefox\Profiles\eug7msnx.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Victor\Application Data\Mozilla\Firefox\Profiles\eug7msnx.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Victor\Application Data\Mozilla\Firefox\Profiles\eug7msnx.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Victor\Application Data\Mozilla\Firefox\Profiles\eug7msnx.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Victor\Application Data\Mozilla\Firefox\Profiles\eug7msnx.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned with backup


::Report End


thats the scan....

Also heres where pest patrol database says the bearshare infection is..

Here is the webpage for the info about it

http://www.pestpatrol.com/zks/pestinfo/w/whenusave.asp

I don't know how to remove it, im not good with computers enough... dry.gif


sorry if i posted in wrong area im new

Can you explain more what you mean about a "BearShare infection"?

BearShare is a file sharing client (aka P2P) that gives you access to files connected to a network.

With the exception of that WeatherBug item, everything Ewido found is a tracking cookie.

Lavasoft has a WhenU uninstaller on the download page of its website:
http://www.lavasoftusa.com/support/download/

I don't see WhenU in the HJT log ...

I think Nick said he already uninstalled it. I'm not confident their uninstaller works, but ...

Nick ... remember that you'll need to temporarily disable Ad-Watch when you are removing malware.

Also, if you uninstalled BearShare, why is it still in your startup?

O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause

How did you uninstall it?

This item isn't necessary:

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

Regardless of the HJT log, I just wanted to point out that Lavasoft does have a WhenU uninstaller. It should also be noted that the detected cookies are in the Firefox browser, and the current build of Ad Aware does not handle cookies in Firefox.
http://www.lavasoftsupport.com/index.php?s...=215&hl=Firefox

Good point about the cookies, OldRebel. In fact, there is less and less concern about tracking cookies, considering what the malware providers dish out. Note that Windows Defender doesn't even scan for tracking cookies.

http://www.lavasoftsupport.com/index.php?s...=378&hl=firefox

this topic has more info, go to it