ok i just ran adaware, spybot search and destroy, and spysweeper. I get redirected to www.ads234.com and then to the page i want then a pop up.

I get pop ups when my pc is just sitting there and my PC seems to be using up my bandwidth. I also keep having to delete some "people on page" thing and "belgiandip" thing when i run spyware programs. why do they keep coming back?

I also have way to many processes running when the pc is doing nothing.

here is my hijack this log file

StartupList report, 8/4/2004, 2:53:56 PM
StartupList version: 1.52
Started from : C:\Documents and Settings\Brian\My Documents\HijackThis.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\program files\support.com\client\bin\tgcmd.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\QUICKENW\QAGENT.EXE
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe
C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe
C:\documents and settings\brian\local settings\temp\ZVg.exe
C:\documents and settings\brian\local settings\temp\J.exe
C:\documents and settings\brian\local settings\temp\83DAPDG.exe
C:\documents and settings\brian\local settings\temp\xdfb0P7.exe
C:\WINDOWS\System32\jspwdm32.exe
C:\WINDOWS\System32\mrtMngr.EXE
C:\WINDOWS\System32\console.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\erfd009p.exe
C:\WINDOWS\System32\abinetc.exe
C:\WINDOWS\System32\mloaderd.exe
C:\WINDOWS\System32\PceK.exe
C:\WINDOWS\System32\UbgrXIn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Brian\My Documents\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
VAIO Action Setup (Server).lnk = ?
Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

NvCplDaemon = RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
ZTgServerSwitch = c:\program files\support.com\client\bin\tgcmd.exe /server
LVCOMS = C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
NAV Agent = C:\PROGRA~1\NORTON~1\navapw32.exe
QAGENT = C:\Program Files\QUICKENW\QAGENT.EXE
TkBellExe = C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
Motive SmartBridge = C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
IPInSightLAN 01 = "C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe" -l
IPInSightMonitor 01 = "C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe"
ppn = C:\WINDOWS\System32\ppn.exe
ZVg = C:\documents and settings\brian\local settings\temp\ZVg.exe
4X@95ME57C5BM8 = C:\WINDOWS\System32\Uit9.exe
nbjmonc = C:\WINDOWS\System32\nbjmonc.exe
BnetlibD = C:\WINDOWS\System32\BnetlibD.exe
J = C:\documents and settings\brian\local settings\temp\J.exe
83DAPDG = C:\documents and settings\brian\local settings\temp\83DAPDG.exe
xdfb0P7 = C:\documents and settings\brian\local settings\temp\xdfb0P7.exe
o73V3tW = jspwdm32.exe
erfd009p = C:\WINDOWS\System32\erfd009p.exe
mloaderd = C:\WINDOWS\System32\mloaderd.exe
abinetc = C:\WINDOWS\System32\abinetc.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

SpyKiller =
Zws9Rja3Q = kd1sp.exe
console = C:\WINDOWS\System32\console.exe

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\sstext3d.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - (no file) - SOFTWARE
myBar BHO - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing) - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC}
(no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - (no file) - {2CF0B992-5EEB-4143-99C0-5297EF71F443}
NAV Helper - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}
WinPage Affiliate - C:\Documents and Settings\Brian\Local Settings\Temp\aWU.dll - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Registration reminder 1.job
Registration reminder 2.job
Registration reminder 3.job
Symantec NetDetect.job
Norton AntiVirus - Scan my computer.job

--------------------------------------------------

Enumerating Download Program Files:

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll
CODEBASE = http://download.macromedia.com/pub/shockwa...director/sw.cab

[{1D0D9077-3798-49BB-9058-393499174D5D}]
CODEBASE = file://C:\counter.cab

[YInstStarter Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\yinsthelper.dll
CODEBASE = http://download.yahoo.com/dl/installs/yinst0401.cab

[{41F17733-B041-4099-A042-B518BB6A408C}]
CODEBASE = http://a1540.g.akamai.net/7/1540/52/200207...meInstaller.exe

[PWMediaSendControl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\PWActiveXImgCtl.dll
CODEBASE = http://216.249.24.142/code/PWActiveXImgCtl.CAB

[Yahoo! Webcam Upload Wrapper]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\yuplapp.dll
CODEBASE = http://chat.yahoo.com/cab/yuplapp.cab

[Update Class]
InProcServer32 = C:\WINDOWS\System32\iuctl.dll
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/...7861.7980902778

[YAddBook Class]
InProcServer32 = C:\PROGRA~1\YAHOO!\Common\yaddbook.dll
CODEBASE = http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

[PreQualifier Class]
InProcServer32 = C:\Program Files\Common Files\Verizon Online\SFP\MotivePrequal.dll
CODEBASE = http://www.verizon.net/getdsl/system_check/MotivePreQual.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\Macromed\Flash\Flash.ocx
CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab

[EPSImageControl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\EPScontrol.dll
CODEBASE = http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab

[MSN Chat Control 4.5]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MSNChat45.ocx
CODEBASE = http://fdl.msn.com/public/chat/msnchat45.cab

[sonyctl.sonycm]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\sonyctl.dll
CODEBASE = http://supportcentral.sel.sony.com/sdccomm...oad/sonyctl.CAB

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
End of report, 8,699 bytes
Report generated in 0.078 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

Hi annoyed,

That's just the startup list from HJT and while helpful for diagnosing some things - it isn't really needed unless asked for. What we do need is the log from running the Scan and then press *save log*. That's the one we need you to post. :)

Hi again,

When you open HijackThis you see a *Scan* button. Press that and then wait while the program scans your PC. When it is finished that Scan button will turn into *Save Log*. Press the *save log* button and that is what we need for you to copy and paste back here to look at :)

hey, this should be it.

Logfile of HijackThis v1.97.7
Scan saved at 7:00:23 PM, on 8/8/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\program files\support.com\client\bin\tgcmd.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\QUICKENW\QAGENT.EXE
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe
C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe
C:\WINDOWS\System32\mrtMngr.EXE
C:\documents and settings\brian\local settings\temp\ZVg.exe
C:\documents and settings\brian\local settings\temp\J.exe
C:\documents and settings\brian\local settings\temp\83DAPDG.exe
C:\documents and settings\brian\local settings\temp\xdfb0P7.exe
C:\WINDOWS\System32\rnrkethsvc.exe
C:\WINDOWS\System32\itsngl32.exe
C:\WINDOWS\System32\console.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
C:\WINDOWS\System32\msysm.exe
C:\WINDOWS\System32\erfi009p.exe
C:\WINDOWS\System32\mcompata.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WwvMFLvs.exe
C:\WINDOWS\System32\PceK.exe
C:\Documents and Settings\Brian\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.msn.co
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Program Files\CxtPls\CxtPls.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: WinPage Affiliate - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Brian\Local Settings\Temp\aWU.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\bin\tgcmd.exe /server
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [ppn] C:\WINDOWS\System32\ppn.exe
O4 - HKLM\..\Run: [ZVg] C:\documents and settings\brian\local settings\temp\ZVg.exe
O4 - HKLM\..\Run: [4X@95ME57C5BM8] C:\WINDOWS\System32\Zgl8.exe
O4 - HKLM\..\Run: [nbjmonc] C:\WINDOWS\System32\nbjmonc.exe
O4 - HKLM\..\Run: [BnetlibD] C:\WINDOWS\System32\BnetlibD.exe
O4 - HKLM\..\Run: [J] C:\documents and settings\brian\local settings\temp\J.exe
O4 - HKLM\..\Run: [83DAPDG] C:\documents and settings\brian\local settings\temp\83DAPDG.exe
O4 - HKLM\..\Run: [xdfb0P7] C:\documents and settings\brian\local settings\temp\xdfb0P7.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [o73V3tW] rnrkethsvc.exe
O4 - HKLM\..\Run: [mcompata] C:\WINDOWS\System32\mcompata.exe
O4 - HKLM\..\Run: [msysm] C:\WINDOWS\System32\msysm.exe
O4 - HKLM\..\Run: [erfi009p] C:\WINDOWS\System32\erfi009p.exe
O4 - HKCU\..\Run: [Zws9Rja3Q] itsngl32.exe
O4 - HKCU\..\Run: [console] C:\WINDOWS\System32\console.exe
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O9 - Extra button: Control Pad (HKLM)
O9 - Extra button: Control Pad (HKLM)
O9 - Extra 'Tools' menuitem: Control Pad (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://C:\counter.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200207...meInstaller.exe
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.142/code/PWActiveXImgCtl.CAB
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7861.7980902778
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/getdsl/system_check/MotivePreQual.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {FF054BED-D972-4215-897E-726C3488DDBB} (sonyctl.sonycm) - http://supportcentral.sel.sony.com/sdccomm...oad/sonyctl.CAB

Hi annoyed,

Thanks for being so patient. I've been unable to get back here for a while.

1. Go to your Control panel and remove:

POP! (If found)

2. You've got the peper trojan from Memory Watcher that needs a special tool to remove it

Download Newuninst.exe
http://downloads.subratam.org/Newuninst.exe

Double click on 'uninst.exe' and press *Uninstall*. Let it and terminate. You must be online to have this work and do not block any attempts for the program to connect to internet if your firewall requests access.
....................................
Just to be sure it got it all, run this free tool as well.

Download the PeperFix tool, save it to your desktop, doubleclick on it, click 'Find and Fix' and reboot your PC.

http://downloads.subratam.org/PeperFix.exe

3. Next, please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an x in the boxes next to these items, then press *fix checked* If some of the are not found, they may have been removed in one of the prior cleaning/removal steps.

O2 - BHO: (no name) - SOFTWARE - (no file)

O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Program Files\CxtPls\CxtPls.dll

O2 - BHO: WinPage Affiliate - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Brian\Local Settings\Temp\aWU.dll

O4 - HKLM\..\Run: [nbjmonc] C:\WINDOWS\System32\nbjmonc.exe

O4 - HKLM\..\Run: [BnetlibD] C:\WINDOWS\System32\BnetlibD.exe

O4 - HKLM\..\Run: [J] C:\documents and settings\brian\local settings\temp\J.exe

O4 - HKLM\..\Run: [83DAPDG] C:\documents and settings\brian\local settings\temp\83DAPDG.exe

O4 - HKLM\..\Run: [xdfb0P7] C:\documents and settings\brian\local settings\temp\xdfb0P7.exe

O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"

O4 - HKLM\..\Run: [o73V3tW] rnrkethsvc.exe

O4 - HKLM\..\Run: [mcompata] C:\WINDOWS\System32\mcompata.exe

O4 - HKLM\..\Run: [msysm] C:\WINDOWS\System32\msysm.exe

O4 - HKLM\..\Run: [erfi009p] C:\WINDOWS\System32\erfi009p.exe

O4 - HKCU\..\Run: [Zws9Rja3Q] itsngl32.exe

O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://C:\counter.cab
..........................
4. Make a copy of these instructions so you have them handy as the next steps need to be done in safe mode with IE closed.

5. Make sure your PC is configured to show hidden files

Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders"
Click "Apply" then "OK"

6. Reboot your PC into SAFE MODE

How to start the computer in Safe mode
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

7. Delete the following files and/or folders named in bold

C:\Program Files\CxtPls (folder)

C:\Documents and Settings\Brian\Local Settings\Temp\aWU.dll

C:\WINDOWS\System32\nbjmonc.exe

C:\WINDOWS\System32\BnetlibD.exe

C:\documents and settings\brian\local settings\temp\J.exe

C:\documents and settings\brian\local settings\temp\83DAPDG.exe

C:\documents and settings\brian\local settings\temp\xdfb0P7.exe

C:\Program Files\AutoUpdate\AutoUpdate.exe

rnrkethsvc.exe

C:\WINDOWS\System32\mcompata.exe

C:\WINDOWS\System32\erfi009p.exe

itsngl32.exe
.....................................
8. Stay in safe mode and go to Start>run and type in the box: cleanmgr Let windows scan for files to remove. Make sure at least these 3 are checked and press OK to delete the files:

Temporary
Temporary Internet Files
Recycle Bin

9. Reboot back into normal mode

Question:
C:\WINDOWS\System32\msysm.exe <---Do you know what this file is?

10. Update your HijackThis tool. Open HijackThis.exe and press *config* {bottom right corner} and then press *Misc. Tools* at the top. Next press *check for online update* and you should see version 1.98.2 available. Download that.

P.S. If you have any problems getting the update. Simply delete your old version of HijackThis and download the new version from this link.
http://computercops.biz/zx/Merijn/hijackthis.zip

or here:
http://www.majorgeeks.com/download3155.html

Scan once more with the new version of HijackThis and post a new log please

thanks, going to do that tomm and will be back to let you know what happens?

Ok, yes -post your results back here when you are done.

More to do.....Adaware has a new edition out that you need to get. Uninstall your current version of Adaware. Download and install the new version:

http://majorgeeks.com/download.php?det=506

Upon install, it will update and scan for you. Post your AAW log results back here along with the new HijackThis log :)

I may or may not be online tomorrow, depending on what Tropical Storm Charley does - we are directly in the expected path. If so, I will be back when I am able.

alright, did all that, here is the new log file

Logfile of HijackThis v1.98.2
Scan saved at 1:25:58 PM, on 8/11/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\program files\support.com\client\bin\tgcmd.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\QUICKENW\QAGENT.EXE
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe
C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe
C:\documents and settings\brian\local settings\temp\ZVg.exe
C:\WINDOWS\System32\mrtMngr.EXE
C:\WINDOWS\System32\rnrkethsvc.exe
C:\WINDOWS\System32\console.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
C:\WINDOWS\System32\_874c.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\cmuii.exe
C:\WINDOWS\System32\pnetd.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Brian\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.msn.co
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\bin\tgcmd.exe /server
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [ppn] C:\WINDOWS\System32\ppn.exe
O4 - HKLM\..\Run: [ZVg] C:\documents and settings\brian\local settings\temp\ZVg.exe
O4 - HKLM\..\Run: [o73V3tW] rnrkethsvc.exe
O4 - HKLM\..\Run: [ZVg.exe] C:\documents and settings\brian\local settings\temp\ZVg.exe
O4 - HKLM\..\Run: [_874c] C:\WINDOWS\System32\_874c.exe
O4 - HKLM\..\Run: [cmuii] C:\WINDOWS\System32\cmuii.exe
O4 - HKLM\..\Run: [pnetd] C:\WINDOWS\System32\pnetd.exe
O4 - HKCU\..\Run: [console] C:\WINDOWS\System32\console.exe
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O9 - Extra button: Control Pad - {28D44DAC-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\ControlPad\Misc\a_menu.exe (file missing)
O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200207...meInstaller.exe
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.142/code/PWActiveXImgCtl.CAB
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/getdsl/system_check/MotivePreQual.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {FF054BED-D972-4215-897E-726C3488DDBB} (sonyctl.sonycm) - http://supportcentral.sel.sony.com/sdccomm...oad/sonyctl.CAB

Ok - either you missed a few or we are not getting it all and it is regenerating itself. That's why I need the Adaware log too (this will give me more info). Can you post that please?

sorry went away for 2 weeks on business. I think i am going to post a new thread on here, your right things are regenerating, even that ads234.com redirect thing.

im gonna pull my hair out soon

Hi annoyed...sorry you are so discouraged :(

Go ahead and post new Adaware and HijackThis logs right here in this thread. It is better to keep it all in one place.

We should be able to get this one for you. Have had quite a few on this forum now.

running all the stuff right now and going to post it

ok this is going to pretty long but I dunno how else to do it. THis is what I did. I restarted my PC and then ran hijack this. then I ran adaware, saved the log (i think) then ran SPysweeper, then ran spybot search and destroy. The Spysweeper program found a adware program called APROPOS. Then I did another hijack this and saved that log as well. I will post the before and after logs in 2 seperate threads.

ok here is the pre adaware and spysweeper hijack this log.

Oh and I am sill getting the ads234.com redirect as we speak.

Logfile of HijackThis v1.98.2
Scan saved at 3:03:21 PM, on 9/6/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\program files\support.com\client\bin\tgcmd.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\QUICKENW\QAGENT.EXE
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe
C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe
C:\documents and settings\brian\local settings\temp\ZVg.exe
C:\documents and settings\brian\local settings\temp\ZVg.exe
C:\documents and settings\brian\local settings\temp\CXD.exe
C:\WINDOWS\System32\mrtMngr.EXE
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\WINDOWS\System32\udhaemon.exe
C:\WINDOWS\System32\mmfpsp.exe
C:\WINDOWS\System32\usrdtea.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\CxtPls\CxtPls.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Brian\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.msn.co
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Program Files\CxtPls\CxtPls.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Brian\Local Settings\Temp\qTBCeRJws.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\bin\tgcmd.exe /server
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [ppn] C:\WINDOWS\System32\ppn.exe
O4 - HKLM\..\Run: [ZVg] C:\documents and settings\brian\local settings\temp\ZVg.exe
O4 - HKLM\..\Run: [ZVg.exe] C:\documents and settings\brian\local settings\temp\ZVg.exe
O4 - HKLM\..\Run: [CXD.exe] C:\documents and settings\brian\local settings\temp\CXD.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [o73V3tW] udhaemon.exe
O4 - HKCU\..\Run: [console] C:\WINDOWS\System32\console.exe
O4 - HKCU\..\Run: [Zws9Rja3Q] mmfpsp.exe
O4 - HKCU\..\Run: [usrdtea] C:\WINDOWS\System32\usrdtea.exe
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O9 - Extra button: Control Pad - {28D44DAC-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\ControlPad\Misc\a_menu.exe (file missing)
O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200207...meInstaller.exe
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.142/code/PWActiveXImgCtl.CAB
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/getdsl/system_check/MotivePreQual.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {FF054BED-D972-4215-897E-726C3488DDBB} (sonyctl.sonycm) - http://supportcentral.sel.sony.com/sdccomm...oad/sonyctl.CAB

here is the adaware log, I hope I did it the right way.

ArchiveData(auto-quarantine- 2004-09-06 15-17-28.bckp)
Referencefile : SE1R7 06.09.2004
======================================================

STATBLASTER
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[0]=Process : C:\documents and settings\brian\local settings\temp\ZVg.exe
obj[1]=Process : C:\documents and settings\brian\local settings\temp\ZVg.exe

PEOPLEONPAGE
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[2]=Process : C:\Program Files\AutoUpdate\AutoUpdate.exe
obj[5]=Process : C:\Program Files\CxtPls\ace.dll
obj[6]=Process : C:\Program Files\CxtPls\libexpat.dll
obj[7]=Regkey : apropos.client
obj[8]=Regkey : apropos.client.1.1
obj[9]=Regkey : clsid\{a4a58a2c-b039-432b-8bc1-dca7ac0757dc}
obj[10]=Regkey : clsid\{01c5bf6c-e699-4cd7-bea1-786fa05c83ab}
obj[11]=Regkey : S-1-5-21-329068152-926492609-725345543-1004\software\apropos
obj[12]=Regkey : software\apropos
obj[13]=Regkey : software\envolo
obj[14]=Regkey : software\microsoft\windows\currentversion\uninstall\autoupdate
obj[16]=RegValue : Software\Microsoft\Windows\CurrentVersion\Run
obj[37]=Regkey : clsid\{a2872b10-39f2-42df-9335-7dd38cf75255}
obj[38]=Regkey : interface\{a1558b18-f76c-40fe-b358-9e47449f3cfe}
obj[39]=Regkey : interface\{a2872b10-39f2-42df-9335-7dd38cf75255}
obj[40]=Regkey : interface\{a7d0472e-c1fc-4d8f-aba1-98a7692561bf}
obj[41]=Regkey : software\autoloader
obj[42]=Regkey : software\microsoft\windows\currentversion\explorer\browser helper objects\{01c5bf6c-e699-4cd7-bea1-786fa05c83ab}
obj[43]=Folder : C:\Program Files\AutoUpdate
obj[44]=Folder : C:\DOCUME~1\Brian\LOCALS~1\Temp\AutoUpdate0
obj[45]=Folder : C:\DOCUME~1\Brian\LOCALS~1\Temp\Atf
obj[48]=File : C:\Documents and Settings\Brian\Local Settings\Temp\AutoUpdate0\auto_update_install.exe
obj[49]=File : C:\Program Files\AutoUpdate\libexpat.dll
obj[50]=File : C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP868\A0035298.DLL
obj[51]=File : C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP868\A0035302.DLL
obj[54]=File : C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP843\A0032648.EXE
obj[55]=File : C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP843\A0032671.exe
obj[56]=File : C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP847\A0032752.EXE
obj[57]=File : C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP863\A0035215.dll
obj[58]=File : C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP863\A0035218.dll
obj[59]=File : C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP865\A0035237.exe
obj[60]=File : C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP865\A0035238.dll
obj[61]=File : C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP866\A0035249.dll
obj[62]=File : C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP866\A0035253.dll
obj[68]=File : C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP867\A0035295.exe
obj[69]=File : C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP867\A0035296.dll
obj[71]=File : C:\WINDOWS\System32\auto_update_uninstall.exe
obj[72]=File : C:\WINDOWS\System32\auto_update_uninstall.log
obj[73]=File : C:\DOCUME~1\Brian\LOCALS~1\Temp\autoupdate0\auto_update_install.exe
obj[74]=File : C:\DOCUME~1\Brian\LOCALS~1\Temp\autoupdate0\setup.inf

WIN32.ADVERTS.TROJANDOWNLOADER
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[3]=Process : C:\WINDOWS\System32\udhaemon.exe
obj[4]=Process : C:\WINDOWS\System32\mmfpsp.exe
obj[15]=RegValue : Software\Microsoft\Windows\CurrentVersion\Run
obj[46]=File : C:\WINDOWS\system32\6todmin.exe
obj[47]=File : C:\WINDOWS\system32\itsngl32.exe
obj[52]=File : C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP868\A0036276.exe
obj[53]=File : C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP868\A0036277.exe
obj[63]=File : C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP866\A0035260.exe
obj[64]=File : C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP866\A0035261.exe
obj[65]=File : C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP866\A0035262.exe
obj[66]=File : C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP866\A0035263.exe
obj[67]=File : C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP866\A0035264.exe
obj[70]=File : C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP859\A0035060.exe

TRACKING COOKIE
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[17]=IECache Entry : Cookie:brian@trafficmp.com/
obj[18]=IECache Entry : Cookie:brian@casalemedia.com/
obj[19]=IECache Entry : C:\Documents and Settings\Brian\Local Settings\Temp\Cookies\brian@atdmt[2].txt
obj[20]=IECache Entry : C:\Documents and Settings\Brian\Local Settings\Temp\Cookies\brian@gator[1].txt
obj[21]=IECache Entry : C:\Documents and Settings\Brian\Local Settings\Temp\Cookies\brian@edge.ru4[1].txt
obj[22]=IECache Entry : C:\Documents and Settings\Brian\Local Settings\Temp\Cookies\brian@clickagents[2].txt
obj[23]=IECache Entry : C:\Documents and Settings\Brian\Local Settings\Temp\Cookies\brian@-- The nicest hobby on Earth ;) --list[1].txt
obj[24]=IECache Entry : C:\Documents and Settings\Brian\Local Settings\Temp\Cookies\brian@casalemedia[1].txt
obj[25]=IECache Entry : C:\Documents and Settings\Brian\Local Settings\Temp\Cookies\brian@z1.adserver[1].txt
obj[26]=IECache Entry : C:\Documents and Settings\Brian\Local Settings\Temp\Cookies\brian@doubleclick[1].txt
obj[27]=IECache Entry : C:\Documents and Settings\Brian\Local Settings\Temp\Cookies\brian@paycounter[1].txt
obj[28]=IECache Entry : C:\Documents and Settings\Brian\Local Settings\Temp\Cookies\brian@ads.pointroll[2].txt
obj[29]=IECache Entry : C:\Documents and Settings\Brian\Local Settings\Temp\Cookies\brian@advertising[1].txt
obj[30]=IECache Entry : C:\Documents and Settings\Brian\Local Settings\Temp\Cookies\brian@-- The nicest hobby on Earth ;) --tracker[2].txt
obj[31]=IECache Entry : C:\Documents and Settings\Brian\Local Settings\Temp\Cookies\brian@0[2].txt
obj[32]=IECache Entry : C:\Documents and Settings\Brian\Local Settings\Temp\Cookies\brian@trafficmp[1].txt
obj[33]=IECache Entry : C:\Documents and Settings\Brian\Local Settings\Temp\Cookies\brian@counter15.-- The nicest hobby on Earth ;) --tracker[1].txt
obj[34]=IECache Entry : C:\Documents and Settings\Brian\Local Settings\Temp\Cookies\brian@servedby.advertising[1].txt
obj[35]=IECache Entry : C:\Documents and Settings\Brian\Local Settings\Temp\Cookies\brian@serving-sys[2].txt
obj[36]=IECache Entry : C:\Documents and Settings\Brian\Local Settings\Temp\Cookies\brian@~~local~~[1].txt

180SOLUTIONS
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[75]=File : C:\WINDOWS\prefetch\AUTO_UPDATE_INSTALL.EXE-05BFEB1C.pf
obj[76]=File : C:\WINDOWS\prefetch\AUTO_UPDATE_INSTALL.EXE-05BFEB1C.pf

ok this is the hijack this log after I did all those steps. I really am at wits end and I think if this doesn't work I am considering formatting my hard drive, so you might see me on these boards asking how to do that..lol. As far as I am concerned this software they install should be illegal and I have no idea why it isn't. Thanks for the help in advance. I appreciate it.

Logfile of HijackThis v1.98.2
Scan saved at 3:47:06 PM, on 9/6/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\program files\support.com\client\bin\tgcmd.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\QUICKENW\QAGENT.EXE
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe
C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe
C:\documents and settings\brian\local settings\temp\CXD.exe
C:\WINDOWS\System32\mrtMngr.EXE
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\usrdtea.exe
C:\Documents and Settings\Brian\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.msn.co
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Brian\Local Settings\Temp\qTBCeRJws.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\bin\tgcmd.exe /server
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [ppn] C:\WINDOWS\System32\ppn.exe
O4 - HKLM\..\Run: [ZVg] C:\documents and settings\brian\local settings\temp\ZVg.exe
O4 - HKLM\..\Run: [ZVg.exe] C:\documents and settings\brian\local settings\temp\ZVg.exe
O4 - HKLM\..\Run: [CXD.exe] C:\documents and settings\brian\local settings\temp\CXD.exe
O4 - HKLM\..\Run: [o73V3tW] udhaemon.exe
O4 - HKCU\..\Run: [console] C:\WINDOWS\System32\console.exe
O4 - HKCU\..\Run: [usrdtea] C:\WINDOWS\System32\usrdtea.exe
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O9 - Extra button: Control Pad - {28D44DAC-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\ControlPad\Misc\a_menu.exe (file missing)
O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200207...meInstaller.exe
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.142/code/PWActiveXImgCtl.CAB
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/getdsl/system_check/MotivePreQual.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {FF054BED-D972-4215-897E-726C3488DDBB} (sonyctl.sonycm) - http://supportcentral.sel.sony.com/sdccomm...oad/sonyctl.CAB

annoyed,

Adaware is finding all of the infected files. Try booting your PC into safe mode, then scan with Adaware and checkmark all of the *bad* items found - let Adaware remove them.

How to start the computer in Safe mode
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

Then, reboot back into normal mode. Scan again with HijackThis and let's see a new log in case more remains to be done.

Use these configuration settings:

Click the gear icon at the top. These are the recommended settings:

AAW SE settings


General Button
Safety:
Check (Green) all three.

Advanced Button
Logfile Detail Level:
All options under this should be checked (Green).

Tweak Button
Check (Green) the following:
Log Files
Include basic Ad-Aware settings in logfile:
Include additional Ad-Aware settings in logfile:
Please do not check (Green): Include Module list in logfile:

On your first scan, using the Full Scan (Perform full system scan) mode.

ok so here is my latest update and news. I do not get the pop ups like I did, but I still get the ads234.com redirect. Sometimes it even takes me to a ad234.com page directly then I can either click thru to get where I want to go or wait and see the ad for 20 seconds.

The other problem seems to be that since I did all that deleting of stuff in safe mode that when IE is open and I type in something to search it doesn't search correctly. I have to go to google.com to search. Other then that it seems that most of my problems are gone. Here is a new hijack this after I did an adaware in safe mode. Nothign found with adaware at all by the way.

Logfile of HijackThis v1.98.2
Scan saved at 12:45:04 PM, on 9/17/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\program files\support.com\client\bin\tgcmd.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\QUICKENW\QAGENT.EXE
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe
C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe
C:\documents and settings\brian\local settings\temp\CXD.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\WINDOWS\System32\mrtMngr.EXE
C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\usrdtea.exe
C:\Documents and Settings\Brian\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.msn.co
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Brian\Local Settings\Temp\qTBCeRJws.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\bin\tgcmd.exe /server
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [ppn] C:\WINDOWS\System32\ppn.exe
O4 - HKLM\..\Run: [ZVg] C:\documents and settings\brian\local settings\temp\ZVg.exe
O4 - HKLM\..\Run: [ZVg.exe] C:\documents and settings\brian\local settings\temp\ZVg.exe
O4 - HKLM\..\Run: [CXD.exe] C:\documents and settings\brian\local settings\temp\CXD.exe
O4 - HKLM\..\Run: [o73V3tW] udhaemon.exe
O4 - HKCU\..\Run: [console] C:\WINDOWS\System32\console.exe
O4 - HKCU\..\Run: [usrdtea] C:\WINDOWS\System32\usrdtea.exe
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O9 - Extra button: Control Pad - {28D44DAC-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\ControlPad\Misc\a_menu.exe (file missing)
O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200207...meInstaller.exe
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.142/code/PWActiveXImgCtl.CAB
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/getdsl/system_check/MotivePreQual.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {FF054BED-D972-4215-897E-726C3488DDBB} (sonyctl.sonycm) - http://supportcentral.sel.sony.com/sdccomm...oad/sonyctl.CAB

also should I wait till I get rid of the ads234 thing before I install windows service pack 2

Yes, we need to get rid of all the spyware first before going to SP2

Please make a new folder to put your HijackThis.exe into. Anywhere on your hard drive is fine other than your Desktop or the Temp folder. We suggest you use C:\Program Files\HijackThis but feel free to use any name or folder you like. Unzip HijackThis again and save the contents (Hijackthis.exe) to the new folder you made. Then navigate to it and run HijackThis from there. This is to ensure it makes the necessary backups for recovery if needed.

Make a copy of these instructions so you have them handy as the next steps need to be done with IE closed.

Make sure your PC is configured to show hidden files

Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders"

Next, please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an x in the boxes next to these items, then press *fix checked*

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.msn.co

R3 - Default URLSearchHook is missing

O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Brian\Local Settings\Temp\qTBCeRJws.dll

O4 - HKLM\..\Run: [ppn] C:\WINDOWS\System32\ppn.exe

O4 - HKLM\..\Run: [ZVg] C:\documents and settings\brian\local settings\temp\ZVg.exe

O4 - HKLM\..\Run: [ZVg.exe] C:\documents and settings\brian\local settings\temp\ZVg.exe

O4 - HKLM\..\Run: [CXD.exe] C:\documents and settings\brian\local settings\temp\CXD.exe

O4 - HKLM\..\Run: [o73V3tW] udhaemon.exe

O4 - HKCU\..\Run: [console] C:\WINDOWS\System32\console.exe

O4 - HKCU\..\Run: [usrdtea] C:\WINDOWS\System32\usrdtea.exe
.......................
Reboot your PC

Delete the following:

C:\documents and settings\brian\local settings\temp\ZVg.exe

C:\documents and settings\brian\local settings\temp\CXD.exe

udhaemon.exe

O4 - HKCU\..\Run: [console] C:\WINDOWS\System32\console.exe
........................................
Question: Have you any idea what these two are? Right click on the file named and see if there is any information under Properties. Let me know.

C:\WINDOWS\System32\ppn.exe
C:\WINDOWS\System32\usrdtea.exe