[domeyboy]

First of all let me start by saying that I am a novice at this so I hope that I have done everything that you need. I have gone through everything that you stated to do twice, just in case I missed something the first time but am still having the same issues even though I do believe the process did clean up some things. I do believe that at least some of my problems may have to do with abcsearch. I noticed that when I searched for something on google if I clicked on the link of what I searched for I was taken to a different site entirely. When I clicked the back button it would take me to abcsearch. What ever I have is also causing problems with my IE browser. The first browser that I open up is fine but if I open up another then all of my toolbars are gone. The only thing I can see is the address bar. The only way to get them back is to clear all temp and history files and reboot.

The AVG virus scan also keeps popping up with the following find “Resident Shield reports Trojan horse Clicker.FR on C:\WINNT\system32\bndmod.exe”. The program cannot delete or heal this file.

Below are my HJT log and ewido scan files. I do hope you can help! Thank you!

Logfile of HijackThis v1.99.1
Scan saved at 10:26:24 AM, on 11/22/2005
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Progra~1\NavNT\defwatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\PROGRA~1\Compaq\COMPAQ~1\hibserv.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\Promon.exe
C:\WINNT\System32\Atiptaxx.exe
C:\WINNT\System32\tp4serv.exe
C:\Progra~1\NavNT\vptray.exe
C:\Program Files\Belkin Mouse 1.0\MOUSE32A.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Compaq\11Mbps Wireless LAN\Config.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\WINNT\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\Program Files\HJT\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [vptray] C:\Progra~1\NavNT\vptray.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Belkin Mouse 1.0\MOUSE32A.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: CK32UPGD.LNK = C:\WINNT\system32\atiiprxx.exe
O4 - Global Startup: Configuration Utility.lnk = C:\Compaq\11Mbps Wireless LAN\Config.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O15 - Trusted Zone: http://ie.config.asia.compaq.com
O15 - Trusted Zone: http://ie.config.eur.compaq.com
O15 - Trusted Zone: http://ie.config.im.hou.compaq.com
O15 - Trusted Zone: http://ie.config.jp.compaq.com
O15 - Trusted Zone: http://ie.config.ecom.dec.com
O15 - Trusted Zone: http://ie.config.tandem.com
O15 - Trusted Zone: http://ie.config.asia.compaq.com (HKLM)
O15 - Trusted Zone: http://ie.config.eur.compaq.com (HKLM)
O15 - Trusted Zone: http://ie.config.im.hou.compaq.com (HKLM)
O15 - Trusted Zone: http://ie.config.jp.compaq.com (HKLM)
O15 - Trusted Zone: http://ie.config.ecom.dec.com (HKLM)
O15 - Trusted Zone: http://ie.config.tandem.com (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1131873330106
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = americas.cpqcorp.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = americas.cpqcorp.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = AMERICAS.cpqcorp.net,AMERICAS.hpqcorp.net,hpqcorp.net,cpqcorp.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = americas.cpqcorp.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = AMERICAS.cpqcorp.net,AMERICAS.hpqcorp.net,hpqcorp.net,cpqcorp.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = AMERICAS.cpqcorp.net,AMERICAS.hpqcorp.net,hpqcorp.net,cpqcorp.net
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Progra~1\NavNT\defwatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Hibernation - Unknown owner - C:\PROGRA~1\Compaq\COMPAQ~1\hibserv.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Progra~1\NavNT\rtvscan.exe
O23 - Service: OracleOraHome81ClientCache - Unknown owner - C:\oracle\ora81\BIN\ONRSD.EXE

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 8:49:01 PM, 11/21/2005
+ Report-Checksum: CBF638E6

+ Scan result:

[188] VM_00B40000 -> TrojanDownloader.Agent.uj : Error during cleaning
[184] VM_009B0000 -> TrojanDownloader.Agent.uj : Error during cleaning
[416] VM_00B60000 -> TrojanDownloader.Agent.uj : Error during cleaning
[588] VM_009D0000 -> TrojanDownloader.Agent.uj : Error during cleaning
[256] VM_00830000 -> TrojanDownloader.Agent.uj : Error during cleaning
[1240] VM_007C0000 -> TrojanDownloader.Agent.uj : Error during cleaning
[1252] VM_007E0000 -> TrojanDownloader.Agent.uj : Error during cleaning
[1300] VM_007D0000 -> TrojanDownloader.Agent.uj : Error during cleaning
[1308] VM_007D0000 -> TrojanDownloader.Agent.uj : Error during cleaning
[1328] VM_00D40000 -> TrojanDownloader.Agent.uj : Error during cleaning
[1344] VM_00CB0000 -> TrojanDownloader.Agent.uj : Error during cleaning
[792] VM_00860000 -> TrojanDownloader.Agent.uj : Error during cleaning
[548] VM_00CC0000 -> TrojanDownloader.Agent.uj : Error during cleaning
C:\WINNT\system32\favme.exe -> Trojan.Favadd.an : Cleaned with backup
C:\WINNT\system32\hlmicro.exe -> Spyware.Msnagent : Cleaned with backup
C:\WINNT\system32\hwiper.exe -> Trojan.Qhost.df : Cleaned with backup


::Report End

Edited by domeyboy, 22 November 2005 - 11:49 AM.