i've tried using these programs and none get rid of it:
Adaware
Spybot
Microsoft Antispyware
VirusScan
eWidoSecuritySuite
Killbox
Ccleaner
Cleanup!
Logfile of HijackThis v1.99.1
Scan saved at 11:43:44 PM, on 10/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\PackethSvc.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common
Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common
Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Network Associates\Common
Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Compaq\Easy Access Button
Support\StartEAK.exe
C:\Program Files\Compaq\Easy Access Button
Support\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQInet.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common
Framework\UpdaterUI.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\System Files\System.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Documents and Settings\Jump Cut\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page = http://www.myspace.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window
Title = Microsoft Internet Explorer provided by Compaq
R1 -
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet
Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) -
_{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: (no name) -
{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program
Files\SurfSideKick 3\SskBho.dll
F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\
F1 - win.ini: run=C:\WINDOWS\
O2 - BHO: AcroIEHlprObj Class -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D}
- C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O2 - BHO: (no name) -
{53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
files\google\googletoolbar3.dll
O3 - Toolbar: REALBAR -
{4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} -
C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O3 - Toolbar: &Google -
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program
Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program
Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection]
C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program
Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program
Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program
Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [ashMaiSv]
C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network
Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program
Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Itunes] C:\dials.exe
O4 - HKLM\..\Run: [MSConfig]
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program
Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CAS2] "C:\Program Files\System
Files\System.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe
-cnetwait.odl
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program
Files\America Online 9.0a\AOL.EXE" -b
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program
Files\SurfSideKick 3\Ssk.exe
O7 -
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Sy
stem, DisableRegedit=1
O8 - Extra context menu item: &AIM Search -
res://C:\Program Files\AIM
Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search -
res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search -
res://c:\program
files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Search -
http://bar.mywebsear...?p=ZNxdm006YYUS
O8 - Extra context menu item: &Translate English Word -
res://c:\program
files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links -
res://c:\program
files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -
res://c:\program
files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages -
res://c:\program
files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English
- res://c:\program
files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: (no name) -
{9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java -
{9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: AIM -
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program
Files\AIM95\aim.exe
O9 - Extra button: PartyPoker.com -
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program
files\partypoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com -
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program
files\partypoker\IEExtension.dll
O9 - Extra button: (no name) -
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra button: Support -
{4D2222B2-AE9B-490B-AACB-D8BCD6D6C58D} - C:\Program
Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
O16 - DPF: Texas Hold'em Poker by pogo -
http://holdem2.pogo....dem/holdem-ob-a
ssets.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02}
(HouseCall Control) -
http://housecall60.t...all/xscan60.cab
O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} -
http://download.bull...ad/bargain_budd
y/cab/installer_MARKETING11.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://a1540.g.akama...6/qtinstall.inf
o.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN
Photo Upload Tool) -
http://by103fd.bay10...rces/MsnPUpld.c
ab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
(WUWebControl Class) -
http://v5.windowsupd...sumer/V5Control
s/en/x86/client/wuweb_site.cab?1105660858096
O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} -
http://69.56.176.78/webplugin.cab
O16 - DPF: {C4DD6732-1E82-4AE7-BD94-180331B84082}
(DeltaCVX Control) -
http://www.mathxl.co...ts/deltacvx.cab
O16 - DPF: {E9670165-86FE-4C34-8C4B-D3158DDC5D92}
(Installer Class) -
http://downloads.sho...tall/SRInstall4
110_sp2.cab
O20 - AppInit_DLLs: repairs302972949.dll
O23 - Service: Adobe LM Service - Unknown owner -
C:\Program Files\Common Files\Adobe Systems
Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) -
America Online - C:\Program Files\Common
Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor)
- America Online, Inc - C:\Program Files\Common
Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - Unknown owner -
C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Command Service (cmdService) - Unknown
owner - C:\WINDOWS\SnVtcCBDdXQA\command.exe (file missing)
O23 - Service: ewido security suite control - ewido
networks - C:\Program Files\ewido\security
suite\ewidoctrl.exe
O23 - Service: McAfee Framework Service (McAfeeFramework)
- Network Associates, Inc. - C:\Program Files\Network
Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) -
Network Associates, Inc. - C:\Program Files\Network
Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager
(McTaskManager) - Network Associates, Inc. - C:\Program
Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America
Online, Inc. - C:\WINDOWS\system32\PackethSvc.exe
any help appreciated, thanks.