[apex1]

I think I've tried everything. I did a search on google on this company and I found these forums you guys seem to know your stuff I would definatly appriciate any help on this I can get here is a HJT log of mine. THANKS guys!

Logfile of HijackThis v1.99.1
Scan saved at 5:18:58 PM, on 9/2/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\System32\pctspk.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\AIM95\aim.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\winCMAPP\wincmapp.exe
C:\WINDOWS\System32\yhfizq.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Eric\FTP\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Roadrunner
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PicShow Class - {4487598C-2EC7-43A2-870E-6D8D720FDD9F} - C:\WINDOWS\System32\pkshlrni.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [zjsegjk] C:\WINDOWS\System32\yhfizq.exe r
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [pshower] C:\WINDOWS\System32\pshwr.exe
O4 - HKCU\..\Run: [wincmap] "C:\Program Files\winCMAPP\wincmapp.exe"
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.activatio...oad/tgctlcm.cab
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://64.124.45.181...s/ccpm_0237.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1125698819065
O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.blizzard....des/cabs/si.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.14...tiveXImgCtl.CAB
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - Unknown owner - C:\WINDOWS\system32\pctspk.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Edited by apex1, 02 September 2005 - 04:20 PM.

[Advertisements]

Hi apex1 and welcome to GeeksToGo! My name is Excal and I will be helping you.

I can see that you have some malware issues. This maybe a few step process in removing it. I encourage you to stick with it and follow my directions as closely as possible so as to avoid complicating the problem further.


DOWNLOAD PROGRAMS

Please download ewido security suite it is a trial version of the program.

• Install ewido security suite
• When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
• Launch ewido, there should be an icon on your desktop double-click it.
• The program will now go to the main screen

You will need to update ewido to the latest definition files.

• On the left hand side of the main screen click update
• Then click on Start Update

The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates Do NOT run a scan yet. (if you already have, please just update)

Please download Nailfix from Here
please do NOT run it yet.

Download and install CleanUp! Here*NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.
We will use this program later.


THE FIX

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

1. Click this link to be sure you can view hidden files.

2. Ensure you are NOT connected to the internet.

3. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

4. Once in Safe Mode, please double-click on
Nailfix.exe on your desktop. Click next, then finished. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

5. Now open and run Ewido:

• Click on scanner
• Click Complete System Scan and the scan will begin.
• During the scan when it ask if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK
• When the scan is finished, look at the bottom of the screen and click the Save report button.
• Save the report to your desktop

Close Ewido

6. Close all browsers, windows and unneeded programs.

7. Open HiJack and do a scan.

8. Put a Check next to the following items:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: PicShow Class - {4487598C-2EC7-43A2-870E-6D8D720FDD9F} - C:\WINDOWS\System32\pkshlrni.dll
O4 - HKLM\..\Run: [qtbfiar] C:\WINDOWS\System32\hsubech.exe r
O4 - HKCU\..\Run: [pshower] C:\WINDOWS\System32\pshwr.exe
O4 - HKCU\..\Run: [wincmap] "C:\Program Files\winCMAPP\wincmapp.exe"
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe

9. click the Fix Checked box

10. Please remove the following folders using Windows Explorer (if present):

C:\Program Files\winCMAPP

11. Please remove just the files from the following paths using Windows Explorer (if present):

C:\WINDOWS\System32\pshwr.exe

12. Run the program CleanUp!

13. Reboot into normal mode and please run this online virus scan: ActiveScan - Save the results from the scan!

14. Please post an Active scan log , Ewido Scan log and a fresh HiJackThis log. Let me know how your computer is running.

[Excal]

Hi apex1 and welcome to GeeksToGo! My name is Excal and I will be helping you.

I can see that you have some malware issues. This maybe a few step process in removing it. I encourage you to stick with it and follow my directions as closely as possible so as to avoid complicating the problem further.


DOWNLOAD PROGRAMS

Please download ewido security suite it is a trial version of the program.

• Install ewido security suite
• When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
• Launch ewido, there should be an icon on your desktop double-click it.
• The program will now go to the main screen

You will need to update ewido to the latest definition files.

• On the left hand side of the main screen click update
• Then click on Start Update

The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates Do NOT run a scan yet. (if you already have, please just update)

Please download Nailfix from Here
please do NOT run it yet.

Download and install CleanUp! Here*NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.
We will use this program later.


THE FIX

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

1. Click this link to be sure you can view hidden files.

2. Ensure you are NOT connected to the internet.

3. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

4. Once in Safe Mode, please double-click on
Nailfix.exe on your desktop. Click next, then finished. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

5. Now open and run Ewido:

• Click on scanner
• Click Complete System Scan and the scan will begin.
• During the scan when it ask if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK
• When the scan is finished, look at the bottom of the screen and click the Save report button.
• Save the report to your desktop

Close Ewido

6. Close all browsers, windows and unneeded programs.

7. Open HiJack and do a scan.

8. Put a Check next to the following items:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: PicShow Class - {4487598C-2EC7-43A2-870E-6D8D720FDD9F} - C:\WINDOWS\System32\pkshlrni.dll
O4 - HKLM\..\Run: [qtbfiar] C:\WINDOWS\System32\hsubech.exe r
O4 - HKCU\..\Run: [pshower] C:\WINDOWS\System32\pshwr.exe
O4 - HKCU\..\Run: [wincmap] "C:\Program Files\winCMAPP\wincmapp.exe"
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe

9. click the Fix Checked box

10. Please remove the following folders using Windows Explorer (if present):

C:\Program Files\winCMAPP

11. Please remove just the files from the following paths using Windows Explorer (if present):

C:\WINDOWS\System32\pshwr.exe

12. Run the program CleanUp!

13. Reboot into normal mode and please run this online virus scan: ActiveScan - Save the results from the scan!

14. Please post an Active scan log , Ewido Scan log and a fresh HiJackThis log. Let me know how your computer is running.

[apex1]

Active scan log:

Incident Status Location

Adware:adware/hotoffers No disinfected C:\WINDOWS\SYSTEM32\Inkline Global PC tuneup.ico
Adware:adware/sidesearch No disinfected C:\PROGRAM FILES\Lycos
Spyware:spyware/istbar No disinfected C:\PROGRAM FILES\COMMON FILES\Totem Shared
Adware:adware program No disinfected C:\WINDOWS\SYSTEM32\cache32dsrf4535dfs
Spyware:spyware/betterinet No disinfected Windows Registry
Spyware:Spyware/Abcsearch No disinfected C:\WINDOWS\SYSTEM32\msjpnd.dll
Adware:Adware/P2PNetworking No disinfected C:\WINDOWS\SYSTEM32\P2P Networking v124.cpl
Adware:Adware/Hotoffers No disinfected C:\WINDOWS\SYSTEM32\msodae.dll
Spyware:Spyware/ClientMan No disinfected C:\System Volume Information\_restore{7AA2535B-7E92-4BA3-809F-A90F4B13C083}\RP288\A0065798.DLL
Adware:Adware/SideSearch No disinfected C:\System Volume Information\_restore{7AA2535B-7E92-4BA3-809F-A90F4B13C083}\RP288\A0065800.DLL
Adware:Adware/BrilliantDigitalNo disinfected C:\System Volume Information\_restore{7AA2535B-7E92-4BA3-809F-A90F4B13C083}\RP289\A0065944.rbf
Adware:Adware/BrilliantDigitalNo disinfected C:\System Volume Information\_restore{7AA2535B-7E92-4BA3-809F-A90F4B13C083}\RP289\A0065951.MSI[unk_0021][bdcore.dll]
Adware:Adware/Apropos No disinfected C:\System Volume Information\_restore{7AA2535B-7E92-4BA3-809F-A90F4B13C083}\RP289\A0066016.dll
Adware:Adware/P2PNetworking No disinfected C:\System Volume Information\_restore{7AA2535B-7E92-4BA3-809F-A90F4B13C083}\RP289\A0066024.DLL
Adware:Adware/P2PNetworking No disinfected C:\System Volume Information\_restore{7AA2535B-7E92-4BA3-809F-A90F4B13C083}\RP289\A0066025.exe
Adware:Adware/BookedSpace No disinfected C:\System Volume Information\_restore{7AA2535B-7E92-4BA3-809F-A90F4B13C083}\RP295\A0066286.exe
Adware:Adware/Yahoo No disinfected C:\System Volume Information\_restore{7AA2535B-7E92-4BA3-809F-A90F4B13C083}\RP295\A0066287.dll








hojack this log:
Logfile of HijackThis v1.99.1
Scan saved at 9:59:36 PM, on 9/2/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\System32\pctspk.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\AIM95\aim.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Eric\FTP\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Roadrunner
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [wincmap] "C:\Program Files\winCMAPP\wincmapp.exe"
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.activatio...oad/tgctlcm.cab
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://64.124.45.181...s/ccpm_0237.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1125698819065
O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.blizzard....des/cabs/si.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.14...tiveXImgCtl.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - Unknown owner - C:\WINDOWS\system32\pctspk.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe






EWIDO log:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 7:23:00 PM, 9/2/2005
+ Report-Checksum: 8AD4FBBF

+ Scan result:

C:\WINDOWS\Local Settings\Temporary Internet Files\Content.IE5\ZF7TLMK0\Nail[1].exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\fmtqqifom.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\nreaptbj.exe -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Yahoo!\Companion\ycomp.cab/ycomp5_0_2_7.dll -> Spyware.Yahoo : Cleaned with backup
C:\Program Files\Yahoo!\Companion\ycomp5_0_2_7.dll -> Spyware.Yahoo : Cleaned with backup
C:\Documents and Settings\APEX\Local Settings\Temp\Cookies\apex@abetterinternet[1].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\APEX\Local Settings\Temp\Cookies\apex@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\APEX\Local Settings\Temp\Cookies\[email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\APEX\Local Settings\Temp\Cookies\[email protected][1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\APEX\Local Settings\Temp\Cookies\[email protected][1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\APEX\Local Settings\Temp\Temporary Internet Files\Content.IE5\18G0F1WC\dun[1].exe -> Spyware.DealHelper : Cleaned with backup
C:\Documents and Settings\APEX\Local Settings\Temp\__unin__.exe -> Spyware.Altnet : Cleaned with backup
C:\Documents and Settings\APEX\Local Settings\Temp\ms17F.tmp -> TrojanDownloader.Small.nj : Cleaned with backup
C:\Documents and Settings\APEX\Local Settings\Temp\ms13E.tmp -> TrojanDownloader.Apropo.ae : Cleaned with backup
C:\Documents and Settings\APEX\Local Settings\Temp\ms16A.tmp -> TrojanDownloader.Agent.hw : Cleaned with backup
C:\Documents and Settings\APEX\Local Settings\Temp\sntaudio.tmp -> Spyware.SafeSurfing : Cleaned with backup
C:\Documents and Settings\APEX\Cookies\apex@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\APEX\Cookies\[email protected][1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\APEX\Cookies\apex@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\APEX\Cookies\[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\APEX\Cookies\apex@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\APEX\Cookies\apex@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\APEX\Cookies\[email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\APEX\Cookies\apex@abetterinternet[1].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\APEX\Cookies\apex@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\System Volume Information\_restore{7AA2535B-7E92-4BA3-809F-A90F4B13C083}\RP288\A0065799.DLL -> Spyware.180Solutions : Cleaned with backup
C:\System Volume Information\_restore{7AA2535B-7E92-4BA3-809F-A90F4B13C083}\RP288\A0065815.DLL -> Spyware.ClearSearch : Cleaned with backup
C:\System Volume Information\_restore{7AA2535B-7E92-4BA3-809F-A90F4B13C083}\RP289\A0066044.dll -> Spyware.WildTangent : Cleaned with backup
C:\System Volume Information\_restore{7AA2535B-7E92-4BA3-809F-A90F4B13C083}\RP289\A0066060.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{7AA2535B-7E92-4BA3-809F-A90F4B13C083}\RP289\A0066061.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{7AA2535B-7E92-4BA3-809F-A90F4B13C083}\RP289\A0066062.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{7AA2535B-7E92-4BA3-809F-A90F4B13C083}\RP289\A0066070.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{7AA2535B-7E92-4BA3-809F-A90F4B13C083}\RP289\A0066132.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{7AA2535B-7E92-4BA3-809F-A90F4B13C083}\RP291\A0066140.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{7AA2535B-7E92-4BA3-809F-A90F4B13C083}\RP291\A0066142.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{7AA2535B-7E92-4BA3-809F-A90F4B13C083}\RP291\A0066149.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{7AA2535B-7E92-4BA3-809F-A90F4B13C083}\RP291\A0066155.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{7AA2535B-7E92-4BA3-809F-A90F4B13C083}\RP291\A0066191.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{7AA2535B-7E92-4BA3-809F-A90F4B13C083}\RP291\A0066207.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{7AA2535B-7E92-4BA3-809F-A90F4B13C083}\RP291\A0066214.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{7AA2535B-7E92-4BA3-809F-A90F4B13C083}\RP295\A0066249.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{7AA2535B-7E92-4BA3-809F-A90F4B13C083}\RP295\A0066257.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{7AA2535B-7E92-4BA3-809F-A90F4B13C083}\RP295\A0066272.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{7AA2535B-7E92-4BA3-809F-A90F4B13C083}\RP295\A0066273.exe -> Spyware.DealHelper : Cleaned with backup
C:\System Volume Information\_restore{7AA2535B-7E92-4BA3-809F-A90F4B13C083}\RP295\A0066274.exe -> Spyware.SafeSurfing : Cleaned with backup
C:\System Volume Information\_restore{7AA2535B-7E92-4BA3-809F-A90F4B13C083}\RP295\A0066275.exe -> Trojan.Stervis.f : Cleaned with backup
C:\System Volume Information\_restore{7AA2535B-7E92-4BA3-809F-A90F4B13C083}\RP295\A0066280.exe -> Trojan.Agent.ay : Cleaned with backup
C:\System Volume Information\_restore{7AA2535B-7E92-4BA3-809F-A90F4B13C083}\RP295\A0066281.dll -> Spyware.SafeSurfing : Cleaned with backup
C:\System Volume Information\_restore{7AA2535B-7E92-4BA3-809F-A90F4B13C083}\RP295\A0066284.exe -> Adware.BetterInternet : Cleaned with backup


::Report End

[Excal]

Just a few random bad files and folders to clean up.

Please remove the following folders using Windows Explorer (if present):

C:\WINDOWS\SYSTEM32\Inkline Global PC tuneup.ico
C:\PROGRAM FILES\Lycos
C:\PROGRAM FILES\COMMON FILES\Totem Shared
C:\WINDOWS\SYSTEM32\cache32dsrf4535dfs

• Open HiJackThis
• Click on the configure button on the bottom right
• Click on the tab "Misc Tools"
• Click on "Delete File on Reboot"
• Navigate to this file - C:\WINDOWS\SYSTEM32\msjpnd.dll
• Double click on that file.
• HJT asks you if you want to reboot, now. Click "no".
  
  Do that for the following files also, until you get to the last one, then click "yes" when HJT asks you to reboot.

C:\WINDOWS\SYSTEM32\P2P Networking v124.cpl
C:\WINDOWS\SYSTEM32\msodae.dll

Post back when you finish and tell me how your computer is running

[apex1]

After I did what you asked the first time the computer had no pop-ups so whatever I did worked. However, I did go a head and do these last steps that you requested and computer seems to be running excellent! Thanks for your help!

[Excal]

Nice to hear! everyhing seeme to look good!



Excal

[Excal]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.