Still having problems.
Here is the last About:Buster log, Ewido log, and HijackThis Log. More help is appreciated.
AboutBuster 5.0 reference file 31
Scan started on [8/16/2005] at [10:08:02 PM]
------------------------------------------------
No Ads Found!
------------------------------------------------
Removed File! : C:\Windows\jgium.dat
Removed File! : C:\Windows\System32\tkzuy.dat
Removed File! : C:\Windows\System32\vpsmi.dat
Removed File! : C:\Windows\System32\vyqle.dll
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 10:08:52 PM
AboutBuster 5.0 reference file 31
Scan started on [8/16/2005] at [10:09:49 PM]
------------------------------------------------
No Ads Found!
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 10:10:27 PM
AboutBuster 5.0 reference file 31
Scan started on [8/16/2005] at [10:13:35 PM]
------------------------------------------------
No Ads Found!
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 10:14:23 PM
AboutBuster 5.0 reference file 31
Scan started on [8/19/2005] at [9:58:44 PM]
------------------------------------------------
Removed Stream! C:\WINDOWS\hpbafd.ini:fvgrci
Removed Stream! C:\WINDOWS\KB820291.log:jxchsf
Removed Stream! C:\WINDOWS\KB899587.log:jsdujj
Removed Stream! C:\WINDOWS\TradeStation.bmp:hwffjx
Removed Stream! C:\WINDOWS\vminst.log:syiqgk
------------------------------------------------
Removed File! : C:\Windows\System32\jddil.dat
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 9:59:38 PM
AboutBuster 5.0 reference file 31
Scan started on [8/20/2005] at [7:42:22 PM]
------------------------------------------------
Removed Stream! C:\WINDOWS\KB899587.log:jsdujj
Removed Stream! C:\WINDOWS\TradeStation.bmp:hwffjx
Removed Stream! C:\WINDOWS\vminst.log:syiqgk
------------------------------------------------
Removed File! : C:\Windows\yslef.dll
Removed File! : C:\Windows\System32\jddil.dat
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 7:43:27 PM
AboutBuster 5.0 reference file 31
Scan started on [8/21/2005] at [6:48:07 PM]
------------------------------------------------
No Ads Found!
------------------------------------------------
Removed File! : C:\Windows\gayow.dll
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 6:48:49 PM
AboutBuster 5.0 reference file 31
Scan started on [8/21/2005] at [6:49:18 PM]
------------------------------------------------
No Ads Found!
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 6:49:48 PM
AboutBuster 5.0 reference file 31
Scan started on [8/21/2005] at [6:52:27 PM]
------------------------------------------------
No Ads Found!
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 6:53:11 PM
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 7:56:50 PM, 8/21/2005
+ Report-Checksum: 17D1000E
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{E404F826-ABE4-D856-61BA-BCBD539933F8} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW -> Spyware.CoolWebSearch : Cleaned with backup
[684] C:\WINDOWS\ipee.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
[1460] C:\WINDOWS\apimx.exe -> Trojan.Agent.bi : Cleaned with backup
C:\Documents and Settings\JeffA\Desktop\backups\backup-20050816-231609-809.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\JeffA\Desktop\backups\backup-20050820-194811-990.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\apimx.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3xk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\DtcInstall.log:fukjv -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\gayow.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\Gone Fishing.bmp:hmeapz -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\hpbafd.ini:zmxgsk -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\iesz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipcx.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipee.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\javafk32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB828741.log:nrjxab -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\netxn.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\sdkzt32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\adduh32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\apisk.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlde32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3ir.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\mfciq.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\mskr32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\WindowsUpdate.log:nooeeg -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\winnt256.bmp:xoyrgi -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\_default.pif:paimx -> TrojanDownloader.Agent.bc : Cleaned with backup
::Report End
Logfile of HijackThis v1.99.1
Scan saved at 7:15:28 PM, on 8/21/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\Atievxx.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\ipee.exe
C:\WINDOWS\apimx.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Documents and Settings\JeffA\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\gayow.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\gayow.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\gayow.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\gayow.dll/sp.html#37049
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Class - {DAD64CB5-6A52-35C2-38BD-73771485436C} - C:\WINDOWS\system32\mfciq.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [ntgp32.exe] C:\WINDOWS\ntgp32.exe
O4 - HKLM\..\Run: [atlpd.exe] C:\WINDOWS\atlpd.exe
O4 - HKLM\..\Run: [cret.exe] C:\WINDOWS\system32\cret.exe
O4 - HKLM\..\Run: [iepa.exe] C:\WINDOWS\system32\iepa.exe
O4 - HKLM\..\Run: [ipee.exe] C:\WINDOWS\ipee.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) -
http://208.62.27.145...TS/IFTWCLIX.CABO16 - DPF: {AECD14A8-F662-11D1-A395-00805F535788} (Plotwon Control) -
http://www.investors...ocx/plotwon.ocxO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn...pDownloader.cabO17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = kpffsea.com
O17 - HKLM\Software\..\Telephony: DomainName = kpffsea.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = kpffsea.com
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\apimx.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe