I have gone through all the steps to the best of my ability. I have gotten rid of many things but it seems a few are still hanging in there.
I have in the past downloaded many crucial windows updates but my Add/remove programs no longer reflect it. Windows update says there are no crucial updates to download. I do have SP1a.
Your help would be greatly appreciated!
MM
Logfile of HijackThis v1.99.1
Scan saved at 7:15:02 PM, on 7/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\PV92Tray.exe
C:\WINDOWS\system32\InetCntrl\InetCntrl.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WinFixer 2005\WFX5.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Palm\HOTSYNC.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\Program Files\Common Files\WinSoftware\WFF.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\THEDAD~1\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://triton.net/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Bsecure Popup Blocker - {E0019445-4C1F-414D-A70E-AD80F231C584} - C:\WINDOWS\system32\InetCntrl\PopupKil\BsafeBHO.dll
O2 - BHO: RichEditor Class - {F79A2C4B-8776-4ED7-8B2F-4786A4A3500A} - C:\WINDOWS\system32\richedtr.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [PV92TRAY] PV92Tray.exe
O4 - HKLM\..\Run: [InetCntrl] C:\WINDOWS\system32\InetCntrl\InetCntrl.exe
O4 - HKLM\..\Run: [HDAudio Driver] C:\WINDOWS\system32\sviasd.exe
O4 - HKLM\..\Run: [HDAudio Driver 1.0] C:\WINDOWS\system32\rpom.exe
O4 - HKLM\..\Run: [HDAudio Driver 2.0] C:\WINDOWS\system32\cplotn.exe
O4 - HKLM\..\Run: [richup] C:\WINDOWS\system32\richup.exe
O4 - HKLM\..\Run: [WinFixer 2005] C:\Program Files\WinFixer 2005\wfx5.exe /min
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WinFixer 2005] C:\Program Files\WinFixer 2005\WFX5.exe /min
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'inetcntrl.dll' missing
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{C5801496-A2B5-4671-BFE4-1388617668B5}: NameServer = 209.172.0.5 209.172.0.8
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 5:15:38 PM, 7/19/2005
+ Report-Checksum: 18CD89AA
+ Scan result:
C:\Documents and Settings\The DAD\Cookies\the [email protected][1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\The DAD\Cookies\the dad@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\The DAD\Local Settings\Temp\cmlbmpmd.exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\system\Loader.dll -> TrojanDownloader.Agent.li : Cleaned with backup
C:\WINDOWS\system32\bahjcew.exe -> TrojanDownloader.Small.ayl : Cleaned with backup
C:\WINDOWS\system32\drtpmxfd.exe -> TrojanDownloader.Small.ayl : Cleaned with backup
C:\WINDOWS\system32\dwtwncsq.exe -> TrojanDownloader.Small.ayl : Cleaned with backup
C:\WINDOWS\system32\eapzd.exe -> TrojanDownloader.Small.ayl : Cleaned with backup
C:\WINDOWS\system32\gqtybjak.exe -> TrojanDownloader.Small.ayl : Cleaned with backup
C:\WINDOWS\system32\iftvdcu.exe -> TrojanDownloader.Small.ayl : Cleaned with backup
C:\WINDOWS\system32\ijyhbw.exe -> TrojanDownloader.Small.ayl : Cleaned with backup
C:\WINDOWS\system32\mvsqbp.exe -> TrojanDownloader.Small.ayl : Cleaned with backup
C:\WINDOWS\system32\mzzo.exe -> TrojanDownloader.Small.ayl : Cleaned with backup
C:\WINDOWS\system32\njasbr.exe -> TrojanDownloader.Small.ayl : Cleaned with backup
C:\WINDOWS\system32\richup.exe -> Spyware.SafeSurfing : Cleaned with backup
C:\WINDOWS\system32\xbyzwgpr.exe -> TrojanDownloader.Small.ayl : Cleaned with backup
C:\WINDOWS\system32\zhmqkrp.exe -> TrojanDownloader.Small.ayl : Cleaned with backup
C:\WINDOWS\system32\__delete_on_reboot__cplotn.exe -> TrojanDownloader.Agent.qu : Cleaned with backup
C:\WINDOWS\system32\__delete_on_reboot__nse35.dll -> Spyware.HotSearchBar : Cleaned with backup
::Report End