Okay, think my hubby downloaded a viewer which has some really nasty stuff in it. I have a firewall, and I'm updated with Ad-aware and microsoft (just dont have SP2 yet), and since I got it, have run a everything from Spyweeper, Spybot, Yahoo's Anti-Spy, uhm and Spyware Blaster. It's in the registry and I can't rid of it. Evidently its got something somewhere that reinstalls it after its been cleaned. At this point the anti stuff is going to start fighting with each other... Which one should I keep too?

The two main ones seems to be SAHAgent and Look2begin.... Anyway here's the log...

Logfile of HijackThis v1.99.1
Scan saved at 11:14:31 AM, on 4/1/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\2Wire HomePortal Monitor\2portalmon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://hometab.bellsouth.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride =

127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} -

C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_6_0_0. dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} -

C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: ohb - {999A06FF-10EF-4A29-8640-69E99882C26B} -

C:\WINDOWS\System32\rtneg2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} -

C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program

Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program

Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -

C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

Files\Yahoo!\Companion\Installs\cpn1\ycomp5_6_0_0. dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft

Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [AtiPTA] C:\Program Files\ATI Technologies\ATI Control

Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec

Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire HomePortal Monitor\2portalmon.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe"

/starthidden /tgcmdwrapper
O4 - HKLM\..\Run: [abasa5jrp] C:\WINDOWS\System32\abasa5jrp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat

5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common

Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat

7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital

Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: RemindU - file://C:\Program

Files\topMoxie\TEMP\upromise_script0.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -

C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Point Alert - {16BF42FD-CA0A-4f48-819D-B0343254DD67} -

file://C:\Program Files\MyPointsPointAlert\System\Temp\mypoints_scri pt0.htm (file missing)

(HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.amadeus.com
O15 - Trusted Zone: http://webconfig.amadeus.com
O15 - Trusted Zone: http://*.amadeus.com (HKLM)
O15 - Trusted Zone: http://webconfig.amadeus.com (HKLM)
O16 - DPF: Aces Up! by pogo - http://game3.pogo.com/applet-6.1.0.3...-ob-assets.cab
O16 - DPF: Ali Baba Slots TM by pogo -

http://slots.pogo.com/applet-5.9.4.2...-ob-assets.cab
O16 - DPF: Backgammon by pogo -

http://gammon.pogo.com/applet-6.1.0....-ob-assets.cab
O16 - DPF: Buckaroo Blackjack TM by pogo -

http://vbjack.pogo.com/applet-6.0.0....-ob-assets.cab
O16 - DPF: Checkers by pogo -

http://checkers.pogo.com/applet-6.0....-ob-assets.cab
O16 - DPF: Dice Derby by pogo -

http://checkeredflag.pogo.com/applet...-ob-assets.cab
O16 - DPF: Dominoes by pogo -

http://domino.pogo.com/applet-6.0.0....-ob-assets.cab
O16 - DPF: Double Deuce Poker by pogo -

http://doublebonus.pogo.com/applet/v...-ob-assets.cab
O16 - DPF: First Class Solitaire by pogo -

http://game3.pogo.com/applet-6.0.3.3...-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo -

http://superbingo.pogo.com/applet-6....-ob-assets.cab
O16 - DPF: Hearts by pogo - http://hearts.pogo.com/applet-6.0.3....-ob-assets.cab
O16 - DPF: High Stakes Pool by pogo -

http://game4.pogo.com/applet-6.0.2.2...-ob-assets.cab
O16 - DPF: Jigsaw Detective by pogo -

http://game1.pogo.com/applet-6.1.1.2...-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://gin.pogo.com/applet-6.0.4.37/...-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo -

http://game4.pogo.com/applet-6.0.4.3...-ob-assets.cab
O16 - DPF: Pai Gow by pogo -

http://game3.pogo.com/applet-6.1.0.3...-ob-assets.cab
O16 - DPF: Payday FreeCell by pogo -

http://game5.pogo.com/applet-6.1.3.2...-ob-assets.cab
O16 - DPF: Perfect Pair Solitaire by pogo -

http://waterwheel.pogo.com/applet-6....-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game4.pogo.com/applet-6.1.0.3...-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://popfu.pogo.com/applet-6.0.4.3...-ob-assets.cab
O16 - DPF: Poppit TM by pogo -

http://game5.pogo.com/applet-6.1.1.2...-ob-assets.cab
O16 - DPF: Spades by pogo -

http://spades.pogo.com/applet-5.9.5....-ob-assets.cab
O16 - DPF: Spider Solitaire by pogo -

http://game4.pogo.com/applet-6.0.4.3...-ob-assets.cab
O16 - DPF: Squelchies by pogo -

http://game1.pogo.com/applet-6.1.3.2...-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo -

http://sweettooth.pogo.com/applet-5....-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo -

http://game4.pogo.com/applet-6.0.4.3...-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo -

http://game4.pogo.com/applet-6.0.4.3...-ob-assets.cab
O16 - DPF: Tumble Bees by pogo -

http://jumbee.pogo.com/applet-6.0.2....-ob-assets.cab
O16 - DPF: Turbo 21 TM by pogo -

http://game5.pogo.com/applet-5.9.5.3...-ob-assets.cab
O16 - DPF: Video Poker by pogo -

http://vpoker.pogo.com/applet-6.0.3....-ob-assets.cab
O16 - DPF: Word Whomp by pogo -

http://game5.pogo.com/applet-6.0.4.3...-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo -

http://whackdown.pogo.com/applet-6.0...-ob-assets.cab
O16 - DPF: WordJong by pogo -

http://game5.pogo.com/applet-6.0.4.3...-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo -

http://game4.pogo.com/applet-5.9.5.3...-ob-assets.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups.yahoo.com/ocx/u...lorer1_8us.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage

Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -

http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {469C92F9-CA8E-4C3E-9AD4-F74EEF097BCA} (Amadeus DS Diagnostic Class) -

http://webconfig.amadeus.com/diagnos...Diagnostic.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control

(redist)) - http://harkins.cc/tsweb/msrdp.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) -

http://www.live365.com/players/play365.cab
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. -

C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common

Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation -

C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -

C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program

Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation -

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Winktg - Unknown owner - C:\WINDOWS\System32\Winktg.exe (file missing)

welcome to dal the onli9ne computer help forum under my down loads there is a link called owen help please follow the instruction in there

also could you please install sp2 aswell

Okay Part two... got SP2 installed. lol of course now my Outlook doesn't want to work...

But anyhow, everything had been done. Spybot, Adaware, as well as a few others, Spydoctor, Yahoo's. etc. Also cleaned out the pogo stuff in IE, just so its easy to read.

Logfile of HijackThis v1.99.1
Scan saved at 1:10:55 AM, on 4/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://hometab.bellsouth.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride =

127.0.0.1
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} -

C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_6_0_0. dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} -

C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: ohb - {999A06FF-10EF-4A29-8640-69E99882C26B} -

C:\WINDOWS\System32\nsjCD5.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} -

C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program

Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program

Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

Files\Yahoo!\Companion\Installs\cpn1\ycomp5_6_0_0. dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft

Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [AtiPTA] C:\Program Files\ATI Technologies\ATI Control

Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire HomePortal Monitor\2portalmon.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe"

/starthidden /tgcmdwrapper
O4 - HKLM\..\Run: [abasa5jrp] C:\WINDOWS\System32\abasa5jrp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat

5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common

Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat

7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital

Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: RemindU - file://C:\Program

Files\topMoxie\TEMP\upromise_script0.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -

C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Point Alert - {16BF42FD-CA0A-4f48-819D-B0343254DD67} -

file://C:\Program Files\MyPointsPointAlert\System\Temp\mypoints_scri pt0.htm (file missing)

(HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.amadeus.com
O15 - Trusted Zone: http://webconfig.amadeus.com
O15 - Trusted Zone: http://*.amadeus.com (HKLM)
O15 - Trusted Zone: http://webconfig.amadeus.com (HKLM)
O16 - DPF: Word Whomp by pogo -

http://game5.pogo.com/applet-6.0.4.3...-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo -

http://whackdown.pogo.com/applet-6.0...-ob-assets.cab
O16 - DPF: WordJong by pogo -

http://game5.pogo.com/applet-6.0.4.3...-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo -

http://game4.pogo.com/applet-5.9.5.3...-ob-assets.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups.yahoo.com/ocx/u...lorer1_8us.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage

Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -

http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {469C92F9-CA8E-4C3E-9AD4-F74EEF097BCA} (Amadeus DS Diagnostic Class) -

http://webconfig.amadeus.com/diagnos...Diagnostic.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control

(redist)) - http://harkins.cc/tsweb/msrdp.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) -

http://www.live365.com/players/play365.cab
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. -

C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common

Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation -

C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -

C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program

Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation -

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Winktg - Unknown owner - C:\WINDOWS\System32\Winktg.exe (file missing)

Have you tried checking the scheduled Tasks?
Click start-All programs- accessories-system tools-scheduled Tasks
Then post the things in there you find
Thanks

ok did that... only have Symantic NetDetect, and FRU task #Hewlett-Packard#hp psc 2170 series ....

that's it.... am constantly running the other various spy software and still no stopping this.

Im sure when owens on he will fix it np

Hiya Goblinmoon,
Sorry about the delay in me helping you out. Could you please post a new Hijack This log if you still require my help.

Thanks cause yes I still need it, am running ad aware and spybot and several others regularly but they keep reinstalling themselves.

Here's the newest log...

Logfile of HijackThis v1.99.1
Scan saved at 10:49:47 PM, on 4/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\2Wire HomePortal Monitor\2portalmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://hometab.bellsouth.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride =

127.0.0.1
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} -

C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_6_0_0. dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} -

C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: ohb - {999A06FF-10EF-4A29-8640-69E99882C26B} -

C:\WINDOWS\System32\nsjCD5.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} -

C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program

Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program

Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

Files\Yahoo!\Companion\Installs\cpn1\ycomp5_6_0_0. dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft

Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [AtiPTA] C:\Program Files\ATI Technologies\ATI Control

Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire HomePortal Monitor\2portalmon.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe"

/starthidden /tgcmdwrapper
O4 - HKLM\..\Run: [abasa5jrp] C:\WINDOWS\system32\abasa5jrp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat

5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common

Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat

7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital

Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: RemindU - file://C:\Program

Files\topMoxie\TEMP\upromise_script0.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -

C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Point Alert - {16BF42FD-CA0A-4f48-819D-B0343254DD67} -

file://C:\Program Files\MyPointsPointAlert\System\Temp\mypoints_scri pt0.htm (file missing)

(HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.amadeus.com
O15 - Trusted Zone: http://webconfig.amadeus.com
O15 - Trusted Zone: http://*.amadeus.com (HKLM)
O15 - Trusted Zone: http://webconfig.amadeus.com (HKLM)
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups.yahoo.com/ocx/u...lorer1_8us.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage

Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -

http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {469C92F9-CA8E-4C3E-9AD4-F74EEF097BCA} (Amadeus DS Diagnostic Class) -

http://webconfig.amadeus.com/diagnos...Diagnostic.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control

(redist)) - http://harkins.cc/tsweb/msrdp.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) -

http://www.live365.com/players/play365.cab
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. -

C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common

Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation -

C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -

C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program

Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation -

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Winktg - Unknown owner - C:\WINDOWS\System32\Winktg.exe (file missing)

Close all browser windows, restart Hijack This and put a checkmark next to the following entries:

O2 - BHO: ohb - {999A06FF-10EF-4A29-8640-69E99882C26B} - C:\WINDOWS\System32\nsjCD5.dll
O4 - HKLM\..\Run: [abasa5jrp] C:\WINDOWS\system32\abasa5jrp.exe
O8 - Extra context menu item: RemindU - file://C:\Program Files\topMoxie\TEMP\upromise_script0.htm
O9 - Extra button: Point Alert - {16BF42FD-CA0A-4f48-819D-B0343254DD67} - file://C:\Program Files\MyPointsPointAlert\System\Temp\mypoints_scri pt0.htm (file missing) (HKCU)
O23 - Service: Winktg - Unknown owner - C:\WINDOWS\System32\Winktg.exe (file missing)

Click Fix Checked

Then boot into Safe Mode and ensure that you are showing Hidden Files and Folders.

Delete the following files and folders:
C:\WINDOWS\System32\nsjCD5.dll
C:\WINDOWS\system32\abasa5jrp.exe
C:\Program Files\topMoxie
C:\Program Files\MyPointsPointAlert
C:\WINDOWS\System32\Winktg.exe

Reboot and post a fresh log