«

My friends computer has been rendered useless by spyware and other
junk. It has gotten so bad that she can not even boot her XP machine in
normal mode. I booted it up in safe mode and ran hijack this. Can
someone look at the log file and see if you can spot anything that
should be removed. Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 7:03:03 PM, on 8/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.exe
C:\DOCUME~1\ADMINI~1.000\LOCALS~1\Temp\Temporary Directory 1 for
hijackthis.zip\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://us9.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet
Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital
Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program
Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card
Reader\shwicon2k.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility]
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 8.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH
Jukebox\mmtask.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Windows Media Player] MediaPIayer.exe
O4 - HKLM\..\Run: [2zm] C:\documents and settings\owner\local
settings\temp\2zm.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HE] C:\documents and settings\owner\local
settings\temp\HE.exe
O4 - HKLM\..\Run: [SyAL] C:\documents and settings\owner\local
settings\temp\SyAL.exe
O4 - HKLM\..\Run: [anJXbHi] C:\documents and settings\owner\local
settings\temp\anJXbHi.exe
O4 - HKLM\..\Run: [zzzHPSETUP] F:\Setup.exe \RESET
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software
Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program
Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [0nt] C:\documents and settings\owner\local
settings\temp\0nt.exe
O4 - HKLM\..\Run: [9yEl] C:\documents and settings\owner\local
settings\temp\9yEl.exe
O4 - HKLM\..\Run: [Yx] C:\documents and settings\owner\local
settings\temp\Yx.exe
O4 - HKLM\..\Run: [o0zEGl] C:\documents and settings\owner\local
settings\temp\o0zEGl.exe
O4 - HKLM\..\Run: [zUkpoi5] C:\documents and settings\owner\local
settings\temp\zUkpoi5.exe
O4 - HKLM\..\Run: [xaKi7Ry] C:\documents and settings\owner\local
settings\temp\xaKi7Ry.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common
Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program
Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitegdz32.exe
O4 - HKLM\..\Run: [exp] C:\WINDOWS\system32\exp
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE
C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe
E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [dfef79cb44d3] C:\WINDOWS\system32\cards169.exe
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka63.exe
O4 - HKLM\..\Run: [uFmV3tT] hpvntfy.exe
O4 - HKLM\..\Run: [sp2update] C:\windows\sp2update.exe
O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\system32\vidctrl\vidctrl.exe
O4 - HKLM\..\Run: [NI.UWFX5LP_0001_0803] "C:\WINDOWS\Downloaded Program
Files\UWFX5LP_0001_0803NetInstaller.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\kpksps.exe reg_run
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [System service63] C:\WINDOWS\etb\pokapoka63.exe
O4 - HKLM\..\Run: [ssjvfwu] C:\WINDOWS\system32\jmibhw.exe r
O4 - HKLM\..\RunServices: [Windows Media Player] MediaPIayer.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program
Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: AutoTBar.exe
O4 - Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe
O4 - Startup: spamsubtract.lnk = C:\Program
Files\interMute\SpamSubtract\SpamSubtract.exe
O4 - Global Startup: dadi.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program
Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates
from HP\137903\Program\BackWeb-137903.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} -
C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
{4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program
Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -
C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} -
C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) -
http://www.icannnews.com/app/ST/ActiveX.ocx
O16 - DPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} (WXcom Class) -
http://us.dl1.yimg.com/download.yaho...tr_current.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
-
http://v5.windowsupdate.microsoft.co...?1096838000857
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
-
http://update.microsoft.com/microsof...?1123255882328
O16 - DPF: {6FDB0065-2787-11D6-B1D8-0001023916FC} (CLOActiveXInstaller
Control) - http://www.igl.net/clo/install/CLOAc...allerProj1.cab
O16 - DPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} -
http://www.pacimedia.com/install/pcs_0023.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://zone.msn.com/binFramework/v10...o.cab34246.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX
Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} -
C:\Program Files\Cas\Client\casmf.dll
O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\aticap32.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation
- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation
- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. -
C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program
Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) -
Symantec Corporation - C:\Program Files\Norton Internet Security\Norton
AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA
Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton
Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec
Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

wrote:

|>My friends computer has been rendered useless by spyware and other
|>junk. It has gotten so bad that she can not even boot her XP machine in
|>normal mode. I booted it up in safe mode and ran hijack this. Can
|>someone look at the log file and see if you can spot anything that
|>should be removed. Thanks.

|>F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

Friends got nail - a bad one

If you wait a bit it's likely pcbutts1 will give detail'd instructions
for it's removal.

--

http://www.albinoblacksheep.com/flash/bunny.php

Follow the instructions below, when finished post another hjt log.
Please download ewido security suite it is a free version of the program.
http://www.pcbutts1.com/downloads/ewidosetup.exe
Install ewido security suite
When installing, under "Additional Options" uncheck..
Install background guard
Install scan via context menu
Launch ewido, there should be an icon on your desktop, double-click it.
The program will now open to the main screen.
When you run ewido for the first time, you will get a warning "Database
could not be found!". Click OK. We will fix this in a moment.
You will need to update ewido to the latest definition files.
On the left hand side of the main screen click update.
Then click on Start Update.
The update will start and a progress bar will show the updates being
installed.
(the status bar at the bottom will display "Update successful")
Exit ewido. DO NOT SCAN YET.

Download CCleaner and install it, but do not run it yet.
http://www.pcbutts1.com/downloads/ccsetup122.exe

Please download this file: Revised Installer for the Nailfix Utility
http://www.pcbutts1.com/downloads/nailfix1.exe
Save it to your desktop.
DO NOT RUN IT YET.

Next configure Windows to show all files

Do one of the following:
In Windows XP, on the taskbar, click Start > My Computer.
In Windows 2000/Me/98, on the Windows desktop, double-click the My Computer
icon.
Do one of the following:
In Windows XP/2000/Me, on the Tools menu, click Folder Options.
In Windows 98, on the View menu, click Folder Options.
On the View tab, uncheck Hide file extensions for known file types.
Do one of the following:
In Windows XP/2000/Me, uncheck Hide protected operating system files. Then,
under the "Hidden files" folder, click Show hidden files and folders.
In Windows 98, in the Advanced Settings box, under the "Hidden files"
folder, click Show all files.
If you see a warning message, click Yes.
Click Apply.
Click OK.

Next, please reboot your computer in SafeMode by doing the following:
Restart your computer.After hearing your computer beep once during startup,
but before the Windows icon appears, press F8.Instead of Windows loading as
normal, a menu should appear
Select the first option, to run Windows in Safe Mode.
Once in Safe Mode, please double-click on nailfix.exe.
Click "Next" in the setup
Make sure "Run Nailfix" is checked and click "Finish".
Your desktop and icons will disappear and reappear, and a window should open
and close very quickly --- this is normal.

Now open ewido and do a scan of your system.
Click on scanner
Click on Complete System Scan and the scan will begin.
NOTE: During some scans with ewido it is finding cases of false positives.**
You will need to step through the process of cleaning files one-by-one.
If ewido detects a file you KNOW to be legitimate, select none as the
action.
DO NOT select "Perform action on all infections"
If you are unsure of any entry found select none for now as the action.
Once the scan has completed, there will be a button located on the bottom of
the screen named Save report
Click Save report.
Save the report .txt file to your desktop or a location where you can find
it easily.
**(Ewido for example has been flagging parts of AVG Anti-Virus, pcAnywhere
and the game "Risk")

Download HijackThis http://www.pcbutts1.com/downloads/HijackThis.zip
Now run HijackThis, click Scan, and place a checkmark next to each of the
following items:

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

Close all open windows except for HJT, then click the Fix Checked button.
Close HJT.

Locate and delete the following File
C:\WINDOWS\Nail.exe
For Windows NT or 2000 it would be
C:\winnt\Nail.exe

Now run CCleaner
Uncheck "Cookies" under "Internet Explorer".
If running Firefox: click on the "Applications" tab and uncheck "Cookies"
under "Firefox".
Click on Run Cleaner in the lower right-hand corner. This can take quite a
while to run.

Finally, restart your computer in normal mode and please post a new
HijackThis log, as well as the report log from the Ewido scan by using Add
Reply.

If IE is not working, the links I gave you are direct download links and
should work. If they don't then paste them into another browser or explorer
window. If you have no other browser then email me with a valid email
address and I will send you one. We will fix IE after all the spyware is
gone.



--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com



<> wrote in message
news: ups.com...
> My friends computer has been rendered useless by spyware and other
> junk. It has gotten so bad that she can not even boot her XP machine in
> normal mode. I booted it up in safe mode and ran hijack this. Can
> someone look at the log file and see if you can spot anything that
> should be removed. Thanks.
>
> Logfile of HijackThis v1.99.1
> Scan saved at 7:03:03 PM, on 8/22/2005
> Platform: Windows XP SP2 (WinNT 5.01.2600)
> MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
>

wrote:

> My friends computer has been rendered useless by spyware and other
> junk. It has gotten so bad that she can not even boot her XP machine in


You just get drawn into it deeper and deeper until you re-install.
Instead of all the hassle, try liveCDs http://www.livecdlist.com/
LiveCDs like Mepis, knoppix, DSL, Kanotix are all free and allow you
to boot up and surf without all that hard work involved in fixing
your PC which is only gonna get broken a few minutes later.
And if you start learning how it all works, then you
can install to hard disk, and then you can have dual boot.

7, do you want gay sex again?


--

"Instead of trying to bash me you should try to learn from me and
archive my posts so you can better help people in the future. If you don't
understand something I post then ask me my email is valid."

- pcbutts1.@thisoldtreehouse.com
- pcbutts1.@seedsv.com




7 wrote:
> wrote:
>
>> My friends computer has been rendered useless by spyware and other
>> junk. It has gotten so bad that she can not even boot her XP machine
>> in
>
>
> You just get drawn into it deeper and deeper until you re-install.
> Instead of all the hassle, try liveCDs http://www.livecdlist.com/
> LiveCDs like Mepis, knoppix, DSL, Kanotix are all free and allow you
> to boot up and surf without all that hard work involved in fixing
> your PC which is only gonna get broken a few minutes later.
> And if you start learning how it all works, then you
> can install to hard disk, and then you can have dual boot.

--

wrote:
> wrote:
>
>>> My friends computer has been rendered useless by spyware and other
>>> junk. It has gotten so bad that she can not even boot her XP
>>> machine in normal mode. I booted it up in safe mode and ran hijack
>>> this. Can someone look at the log file and see if you can spot
>>> anything that should be removed. Thanks.
>
>>> F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
>
> Friends got nail - a bad one

http://netrn.net/spywareblog/archive...urora-nailexe/

>
> If you wait a bit it's likely pcbutts1 will give detail'd instructions
> for it's removal.

**** the butthead, do it yourself.

--

You posted a link to a site that uses my fix instructions thank you very
much Rebitcha.

--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com



"Rebecca" <> wrote in message
news:...
> wrote:
>> wrote:
>>
>>>> My friends computer has been rendered useless by spyware and other
>>>> junk. It has gotten so bad that she can not even boot her XP
>>>> machine in normal mode. I booted it up in safe mode and ran hijack
>>>> this. Can someone look at the log file and see if you can spot
>>>> anything that should be removed. Thanks.
>>
>>>> F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
>>
>> Friends got nail - a bad one
>
> http://netrn.net/spywareblog/archive...urora-nailexe/
>
>>
>> If you wait a bit it's likely pcbutts1 will give detail'd instructions
>> for it's removal.
>
> **** the butthead, do it yourself.
>
> --
>
>

<> wrote in message
news: ups.com...
> My friends computer has been rendered useless by spyware and other
> junk. It has gotten so bad that she can not even boot her XP machine in
> normal mode. I booted it up in safe mode and ran hijack this. Can
> someone look at the log file and see if you can spot anything that
> should be removed. Thanks.
>
big snip
>


PCbutts1 has given you some excellent advice to counter the 'spyware'
affecting your friends PC.

However may I suggest the alternative option of using the recovery disk and
starting afresh.
(it is an HP isn't it?)

Reasoning is:
1 If the PC is that badly affected it is going to take a lot of work to get
it right, meaning hours and possibly days.
2 Even if you do 'clean it out' the PC is still likely to be 'tender' (think
of a rebuilt car after a bad smash)
3 Restoring from the recovery disks is usually under an hour and fairly
automated.
4 You are able to boot to Safe mode to rescue any data.

I would suggest trying PCbutts1 techniques for (say) half an hour, if you
haven't 'nailed it' (pun intended) in that time you are heading for a long
session.

Cheers
Paul.

PCBUTTS,
I tried your solutions and this is where we are. See below:

Hi Mike,

Where to begin...

Okay, so I ran Lavasoft which really didn't find anything. Then I ran
Spybot which found and 'fixed' 2 more, "CallingHome.biz" and
Adware.zioCom.B".

Then I rebooted the machine normally and the desktop icons actually
appeared!!!, and then a bunch of errors:

3 RUNDLL errors in loading programs:

E6F18738.DLL
c:\windows\cfgmgr52.dll
AUNPS2.DLL

Then the following programs had errors and needed to close:

cards169.exe
winlogon.exe
Internet Explorer

In the meanitme, Ewido found 4 more problems and "blocked" them.

Then I got a message about the System Configuration Utility which said
I made changes to the way windows starts. Currently in Diagnostic or
Selective Startup. Choose normal start up to undo changes in the
system configuration utility. Should I do that?

Now, new windows keeping popping up and freezing the machine.

Just re-ran Spybot and it found 8 problems including AbetterInternet
and Tango.

Hmm...

Here are the log files:

Logfile of HijackThis v1.99.1
Scan saved at 11:28:42 AM, on 8/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\DOCUME~1\ADMINI~1.000\LOCALS~1\Temp\Temporary Directory 1 for
hijackthis.zip\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://us9.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet
Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital
Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program
Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card
Reader\shwicon2k.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility]
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 8.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH
Jukebox\mmtask.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Windows Media Player] MediaPIayer.exe
O4 - HKLM\..\Run: [2zm] C:\documents and settings\owner\local
settings\temp\2zm.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HE] C:\documents and settings\owner\local
settings\temp\HE.exe
O4 - HKLM\..\Run: [SyAL] C:\documents and settings\owner\local
settings\temp\SyAL.exe
O4 - HKLM\..\Run: [anJXbHi] C:\documents and settings\owner\local
settings\temp\anJXbHi.exe
O4 - HKLM\..\Run: [zzzHPSETUP] F:\Setup.exe \RESET
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software
Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program
Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [0nt] C:\documents and settings\owner\local
settings\temp\0nt.exe
O4 - HKLM\..\Run: [9yEl] C:\documents and settings\owner\local
settings\temp\9yEl.exe
O4 - HKLM\..\Run: [Yx] C:\documents and settings\owner\local
settings\temp\Yx.exe
O4 - HKLM\..\Run: [o0zEGl] C:\documents and settings\owner\local
settings\temp\o0zEGl.exe
O4 - HKLM\..\Run: [zUkpoi5] C:\documents and settings\owner\local
settings\temp\zUkpoi5.exe
O4 - HKLM\..\Run: [xaKi7Ry] C:\documents and settings\owner\local
settings\temp\xaKi7Ry.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common
Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program
Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitegdz32.exe
O4 - HKLM\..\Run: [exp] C:\WINDOWS\system32\exp
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE
C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe
E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [dfef79cb44d3] C:\WINDOWS\system32\cards169.exe
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka63.exe
O4 - HKLM\..\Run: [uFmV3tT] hpvntfy.exe
O4 - HKLM\..\Run: [sp2update] C:\windows\sp2update.exe
O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\system32\vidctrl\vidctrl.exe
O4 - HKLM\..\Run: [NI.UWFX5LP_0001_0803] "C:\WINDOWS\Downloaded Program
Files\UWFX5LP_0001_0803NetInstaller.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\kpksps.exe reg_run
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [System service63] C:\WINDOWS\etb\pokapoka63.exe
O4 - HKLM\..\Run: [ssjvfwu] C:\WINDOWS\system32\jmibhw.exe r
O4 - HKLM\..\Run: [MSConfig]
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [wmgmin] C:\WINDOWS\system32\w130713.Stub.EXE
O4 - HKLM\..\RunServices: [Windows Media Player] MediaPIayer.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: AutoTBar.exe
O4 - Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe
O4 - Startup: spamsubtract.lnk = C:\Program
Files\interMute\SpamSubtract\SpamSubtract.exe
O4 - Global Startup: dadi.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates
from HP\137903\Program\BackWeb-137903.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} -
C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
{4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program
Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -
C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} -
C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) -
http://www.icannnews.com/app/ST/ActiveX.ocx
O16 - DPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} (WXcom Class) -
http://us.dl1.yimg.com/download.yaho...tr_current.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
-
http://v5.windowsupdate.microsoft.co...?1096838000857
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
-
http://update.microsoft.com/microsof...?1123255882328
O16 - DPF: {6FDB0065-2787-11D6-B1D8-0001023916FC} (CLOActiveXInstaller
Control) - http://www.igl.net/clo/install/CLOAc...allerProj1.cab
O16 - DPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} -
http://www.pacimedia.com/install/pcs_0023.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://zone.msn.com/binFramework/v10...o.cab34246.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX
Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} -
C:\Program Files\Cas\Client\casmf.dll
O20 - Winlogon Notify: StillImage - C:\WINDOWS\system32\aticap32.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation
- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation
- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks -
C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program
Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. -
C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program
Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) -
Symantec Corporation - C:\Program Files\Norton Internet Security\Norton
AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA
Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton
Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec
Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

I am trying to get a copy of the ewido logs and will post when I get
it. Please advise thanks.

I have also tried to run the A better Internet fix from Symantec. It
said that it did not find anything.