Good evening...I was turned onto this site by another messageboard. I have been experiencing some pop-up/spyware problems recently, but i usually run Ad-Aware to get rid of/supress them.

Today, i experienced an enormous amount of spyware and pop-ups and I could not get Ad-Aware to open. Also, my Add/Remove programs would not open either. I downloaded Microsoft Anti-spy and did a scan, but i rebooted and was not able to open that either. I downloaded Hijack This! and will paste the log in this post. Sorry for the long-winded post, but any help would be greatly appreciated. Thanks!

Logfile of HijackThis v1.99.1
Scan saved at 3:28:11 PM, on 8/29/2005
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\system32\tp4serv.exe
C:\WINNT\system32\RunDll32.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
C:\PROGRA~1\ThinkPad\UTILIT~1\tphkmgr.exe
C:\WINNT\system32\PRPCUI.exe
C:\WINNT\system32\HPPROPTY.EXE
C:\WINNT\VUNEDLL.EXE
C:\WINNT\osxrenc.EXE
C:\WINNT\system32\vidctrl\vidctrl.exe
C:\WINNT\etb\pokapoka63.exe
c:\winnt\system32\emgbqos.exe
C:\winnt\system32\explorer.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\CFGSAFE\AUTOCHK.EXE
C:\Program Files\Common Files\Windows\services32.exe
C:\WINNT\system32\cmd.exe
C:\Program Files\Common Files\services.exe
C:\WINNT\explorer.exe
C:\Documents and Settings\Bobby McMann\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.sitesearchcentral.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.exactsearch.net/sidesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwcprops.cpl,CrystalControlWnd
O4 - HKLM\..\Run: [tourpath] regedit /s c:\winnt\tour.reg
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
O4 - HKLM\..\Run: [TpHotkey] C:\PROGRA~1\ThinkPad\UTILIT~1\tphkmgr.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [HP LaserJet ToolBox] HPPROPTY.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [tcntzljzhzw] C:\WINNT\system32\vrnwwe.exe
O4 - HKLM\..\Run: [PaciSoft] C:\WINNT\system32\pacis.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINNT\system32\exp.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINNT\system32\wintask.exe
O4 - HKLM\..\Run: [shsjgpkv] C:\WINNT\shsjgpkv.exe
O4 - HKLM\..\Run: [SkyH2] C:\DOCUME~1\BOBBYM~1\LOCALS~1\Temp\lvykt.exe
O4 - HKLM\..\Run: [VUNEDLL] C:\WINNT\VUNEDLL.EXE
O4 - HKLM\..\Run: [VUNEENC] C:\WINNT\VUNEENC.EXE
O4 - HKLM\..\Run: [BPT] c:\Program Files\Bpt\bpt.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [PS1] C:\WINNT\system32\ps1.exe
O4 - HKLM\..\Run: [VBundleOuterDL] C:\Program Files\VBouncer\BundleOuter.EXE
O4 - HKLM\..\Run: [VBouncerDL] C:\Program Files\VBouncer\VBouncerInner.exe /S
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [C:\WINNT\VCMnet11.exe] C:\WINNT\VCMnet11.exe
O4 - HKLM\..\Run: [Uninstall_TBPS] C:\WINNT\Temp\TBuninst.exe /remove
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe
O4 - HKLM\..\Run: [o23U36T] pngtname.exe
O4 - HKLM\..\Run: [osxrenc] C:\WINNT\osxrenc.EXE
O4 - HKLM\..\Run: [vidctrl] C:\WINNT\system32\vidctrl\vidctrl.exe
O4 - HKLM\..\Run: [ABox] C:\WINNT\ABox.exe
O4 - HKLM\..\Run: [WinLogon] C:\WINNT\logon.exe
O4 - HKLM\..\Run: [winsync] C:\WINNT\system32\s4ssgg.exe reg_run
O4 - HKLM\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKLM\..\Run: [Dinst] C:\WINNT\dinst.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [U5Ca] C:\WINNT\ulwfwvuu.exe
O4 - HKLM\..\Run: [Nsv] C:\WINNT\system32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [PSof1] C:\WINNT\system32\PSof1.exe
O4 - HKLM\..\Run: [System service63] C:\WINNT\etb\pokapoka63.exe
O4 - HKLM\..\Run: [t7rrhqi8] C:\WINNT\system32\t7rrhqi8.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [aupgya] c:\winnt\system32\emgbqos.exe r
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000079.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-110-12-0000079.exe
O4 - HKCU\..\Run: [pshower] C:\WINNT\system32\pshwr.exe
O4 - Startup: Zstart.lnk = C:\WINNT\system32\zxinst12.exe
O4 - Startup: Zeno.lnk = C:\WINNT\system32\tsyswsd8.exe
O4 - Global Startup: AUTOCHK.LNK = C:\CFGSAFE\AUTOCHK.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSN2Lite\Psn2Lite.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe
O9 - Extra button: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file)
O9 - Extra 'Tools' menuitem: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} -
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://www.qoolaid.com/download/224/installer.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.y...ctl_0_0_0_1.ocx
O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} -
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} -
O16 - DPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} -
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://vegastowers.microgaming.com/vegastowers/FlashAX.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: IBM PM Service (IBMPMSVC) - IBM Corp. - C:\WINNT\System32\ibmpmsvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: NtLmScp - Unknown owner - C:\WINNT\System32\explorer.exe
O23 - Service: FireDaemon Service: ntsysvers (ntsysvers) - Unknown owner - C:\WINNT\system32\dllcache\FireDaemon.EXE (file missing)
O23 - Service: FireDaemon Service: runbatch (runbatch) - Unknown owner - C:\WINNT\system32\dllcache\FireDaemon.EXE (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: FireDaemon Service: svchost (svchost) - Unknown owner - C:\WINNT\system32\dllcache\FireDaemon.EXE (file missing)

Politely, your system is hosed.

I have seen very few logs as infected as yours and my inclination is to tell you to reformat, reinstall, make sure you have all MS updates installed (currently you do not) and add other protection as necessary.

If you want to gamble that the system can be recovered without reformating, then try Ewdio (instructions follow), then run HiJackTHis and post a new log in this thread.

Be warned, if Ewido cannot finish, or your system detiorates further, then a reforamt will be your only alternative.

Welcome,
Please follow the instructions provided, you may want to print out these instructions and use them as a reference.

First:
Please download ewido security suite it is a trial version of the program.

• Install ewido security suite
• When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
• Launch ewido, there should be an icon on your desktop double-click it.
• The program will now go to the main screen

You will need to update ewido to the latest definition files.

• On the left hand side of the main screen click update
• Then click on Start Update

The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed do the following:

• Click on scanner
• Click on Complete System Scan and the scan will begin.
  [
• If Ewido finds anything, it will pop up a notification. Select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.

[*]Once the scan has completed, there will be a button located on the bottom of the screen named Save report
[*]Click Save report.
[*]Save the report .txt file to your desktop.
[/list]Now close ewido security suite.



Remeber, run HiJackTHis again and post a new log in this thread.

Thanks for the reply. I ran ewido and then hijack this! again. Here are the latest hijack this! results...

Logfile of HijackThis v1.99.1
Scan saved at 9:33:50 PM, on 8/29/2005
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\Explorer.exe
c:\winnt\system32\qsswtkl.exe
C:\WINNT\system32\tp4serv.exe
C:\WINNT\system32\RunDll32.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
C:\PROGRA~1\ThinkPad\UTILIT~1\tphkmgr.exe
C:\WINNT\system32\PRPCUI.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\system32\HPPROPTY.EXE
C:\WINNT\VUNEDLL.EXE
C:\Program Files\AIM95\aim.exe
C:\CFGSAFE\AUTOCHK.EXE
C:\Program Files\Common Files\Windows\services32.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe
C:\WINNT\system32\tsysws2r.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Bobby McMann\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.sitesearchcentral.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=Explorer.exe C:\WINNT\Nail.exe
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINNT\dsr.dll (file missing)
O2 - BHO: PicShow Class - {4487598C-2EC7-43A2-870E-6D8D720FDD9F} - C:\WINNT\system32\pkshwouf.dll
O2 - BHO: Internet Explorer Web Content Catcher - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Program Files\DNS\Catcher.dll
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwcprops.cpl,CrystalControlWnd
O4 - HKLM\..\Run: [tourpath] regedit /s c:\winnt\tour.reg
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
O4 - HKLM\..\Run: [TpHotkey] C:\PROGRA~1\ThinkPad\UTILIT~1\tphkmgr.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [HP LaserJet ToolBox] HPPROPTY.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [tcntzljzhzw] C:\WINNT\system32\vrnwwe.exe
O4 - HKLM\..\Run: [PaciSoft] C:\WINNT\system32\pacis.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINNT\system32\exp.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINNT\system32\wintask.exe
O4 - HKLM\..\Run: [shsjgpkv] C:\WINNT\shsjgpkv.exe
O4 - HKLM\..\Run: [SkyH2] C:\DOCUME~1\BOBBYM~1\LOCALS~1\Temp\lvykt.exe
O4 - HKLM\..\Run: [VUNEDLL] C:\WINNT\VUNEDLL.EXE
O4 - HKLM\..\Run: [VUNEENC] C:\WINNT\VUNEENC.EXE
O4 - HKLM\..\Run: [BPT] c:\Program Files\Bpt\bpt.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [PS1] C:\WINNT\system32\ps1.exe
O4 - HKLM\..\Run: [VBundleOuterDL] C:\Program Files\VBouncer\BundleOuter.EXE
O4 - HKLM\..\Run: [VBouncerDL] C:\Program Files\VBouncer\VBouncerInner.exe /S
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [C:\WINNT\VCMnet11.exe] C:\WINNT\VCMnet11.exe
O4 - HKLM\..\Run: [Uninstall_TBPS] C:\WINNT\Temp\TBuninst.exe /remove
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe
O4 - HKLM\..\Run: [o23U36T] pngtname.exe
O4 - HKLM\..\Run: [ABox] C:\WINNT\ABox.exe
O4 - HKLM\..\Run: [WinLogon] C:\WINNT\logon.exe
O4 - HKLM\..\Run: [winsync] C:\WINNT\system32\s4ssgg.exe reg_run
O4 - HKLM\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [U5Ca] C:\WINNT\ulwfwvuu.exe
O4 - HKLM\..\Run: [Nsv] C:\WINNT\system32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [PSof1] C:\WINNT\system32\PSof1.exe
O4 - HKLM\..\Run: [System service63] C:\WINNT\etb\pokapoka63.exe
O4 - HKLM\..\Run: [t7rrhqi8] C:\WINNT\system32\t7rrhqi8.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [horrkz] c:\winnt\system32\qsswtkl.exe r
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000079.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-110-12-0000079.exe
O4 - HKCU\..\Run: [pshower] C:\WINNT\system32\pshwr.exe
O4 - Startup: Zstart.lnk = C:\WINNT\system32\zxinst12.exe
O4 - Startup: Zeno.lnk = C:\WINNT\system32\tsysws2r.exe
O4 - Global Startup: AUTOCHK.LNK = C:\CFGSAFE\AUTOCHK.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSN2Lite\Psn2Lite.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe
O9 - Extra button: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file)
O9 - Extra 'Tools' menuitem: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.y...ctl_0_0_0_1.ocx
O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} -
O16 - DPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} -
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://vegastowers.microgaming.com/vegastowers/FlashAX.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: IBM PM Service (IBMPMSVC) - IBM Corp. - C:\WINNT\System32\ibmpmsvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: NtLmScp - Unknown owner - C:\WINNT\System32\explorer.exe (file missing)
O23 - Service: FireDaemon Service: ntsysvers (ntsysvers) - Unknown owner - C:\WINNT\system32\dllcache\FireDaemon.EXE (file missing)
O23 - Service: FireDaemon Service: runbatch (runbatch) - Unknown owner - C:\WINNT\system32\dllcache\FireDaemon.EXE (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: FireDaemon Service: svchost (svchost) - Unknown owner - C:\WINNT\system32\dllcache\FireDaemon.EXE (file missing)
O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\winnt\SvcProc.exe

I just checked your last log again and you have new infections not previoulsy there.

I am sorry, but this will be losing battle since you have to get on the internet to post here. Each time you do, you will infect, re-infect, etc.

Make sure you have backed up all important files. Be certain you have all the programs you need to re-install, inlcuding AV, AntiSpyware, Firewall, etc, on CD.

Disconnect from the internet. Reformat, reinstall Windows, your AV, Firewall and other protections BEFORE you reconnect. Then update WIndowsd with all Critical updates.

Thanks again for your help....

I did have a question, though - I am not sure if this makes a difference, but I have two log ins. One is administrator, which i had not used until yesterday (computer on loan from a roommate) to install ewido and the other is my log in.

I ran Ewido on the administrator log in, but Hijack this under my log in. Would this make a difference in the results? If so, could I delete and recreate my log in (obviously infected) without affecting the administrator log in?

It may make a difference as to what HiJackThis reports. Any exploits specific to a logon would only appear in that log, while exploits at the computer level would show in all.

Simply put, your computer is severely infected. You can delete logons but it still not restore your computer. It has been compromised to the point where reformatting and re-installing is the best and quickest means to clean system.

I appreciate your advice. Thanks again...