help removing Win32.P2P-Worm.Alcan.a

[help]

Logfile of HijackThis v1.99.1
Scan saved at 3:09:11 PM, on 22/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Stop-the-Pop-Up\stopthepop.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MsUpdate\MsUpdate.exe
C:\windows\adtech2006a.exe
C:\Program Files\winupdates\winupdates.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\scvhost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\HJT\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://GLOBAL.ACER.COM/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [sureshotpopupkiller] "C:\Program Files\Stop-the-Pop-Up\stopthepop.exe" -minimized
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MsUpdate] C:\Program Files\MsUpdate\MsUpdate.exe /auto
O4 - HKLM\..\Run: [timessquare] C:\windows\timessquare.exe
O4 - HKLM\..\Run: [adtech2006] C:\windows\adtech2006a.exe
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\rwinksaw.exe DRCA02
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [ms-update] scvhost.exe
O4 - HKLM\..\RunServices: [ms-update] scvhost.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\rwinksaw.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7CAB4EA7-40C7-46D5-8A6C-0761C3B3498D}: NameServer = 206.47.244.61 206.47.244.103
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

[guestolo]

Can you do the following please

When I ask you too download a zip file, make sure you choose SAVE TO DISK rather than Open
Can you open "MyComputer"
Double click to open Local Disk C: drive
Right click an empty spot  and left click NEW>>Folder
A new folder will be placed in the C: folder , name it BFU
So you now have C:\BFU

Download and save p2pnetwork.zip
Then UNZIP it to the BFU Folder
So you now have p2pnetwork.bfu extracted to the BFU folder

Download and save and then UNZIP to the BFU folder
BFU.zip
So you now have BFU.exe extracted

==Download and Install
Windows Cleanup! 4.0
Don't run it yet

==Download and then Install
Ewido Security Suite

When installing, under "Additional Options" Uncheck "Install background guard" and "Install scan via context menu".

From the main ewido screen, click on Update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Close out Ewido for now, we'll need it later
If for some reason the Updater won't work can you manually download the
Updates from this link after you have Ewido installed
http://www.ewido.net/en/download/updates/

If you don't have Ad-Aware SE personal 1.06
Download and InstallAd-Aware SE Personal 1.06
Open Ad-Aware, ensure to click the  check for updates now link and Connect to download the latest updates
Don't run a scan yet

Download and save too your Desktop AimFix.exe

Please  save these instructions to a Notepad file and save it to your Desktop for reference
or Print them out!

Access your add/remove programs via control panel and remove if you can
Zeno Search Assistant removal
Enhanced Ads by Zeno removal

RESTART your Computer into SAFE MODE
You can do this by tapping the F8 key as the system is restarting, just before Windows loads
Choose Safe mode from the startup menu and hit Enter

Once in safe mode
Open the BFU folder
Double click to run BFU.exe
Use the "Open Script file" button (the folder icon next to Scriptfile to execute)
Navigate to p2pnetwork.bfu in the BFU folder
Right click p2pnetwork.bfu and choose Select
In Brute Force Uninstaller select Execute
Let it finish then Exit

Find and delete these files if found
C:\windows\timessquare.exe <-file
C:\windows\adtech2006a.exe
C:\WINDOWS\system32\rwinksaw.exe

and this folder
C:\Program Files\Zeno <-this folder, let me know if you find it

==Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):

    * Empty Recycle Bins
    * Delete Cookies
    * Delete Prefetch files
    * Cleanup! All Users

Click OK
Press the CleanUp! button to start the program.
When it's done, decline to log off or restart the computer

==Open Ewido Security Suite
Click on the Scanner button on the left menu
Select Complete System Scan
*If Ewido finds something it will prompt you with "Infected Object found"
Ensure the following are Selected
  *1. Perform Action = Remove
  *2. Create Encrypted Backup in Quarantine (Recommended)
  *3. Perform action with all infections
 
  Then click OK
When Ewido has finished it's scan click the "Save Report" button
Save the report to desktop
Exit Ewido
NOTE: When Ewido is running, don't open any other Windows

Do a "System scan only" with Hijackthis and put a check next to these entries:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)

O4 - HKLM\..\Run: [timessquare] C:\windows\timessquare.exe
O4 - HKLM\..\Run: [adtech2006] C:\windows\adtech2006a.exe
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\rwinksaw.exe DRCA02
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\rwinksaw.exe

After you have ticked the above entries, close All other open windows
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Open Ad-Aware
Click START
Click the radio button to Perform a Full system scan then click NEXT
When it's finished scanning
At this point you should either right click on the screen and and choose the "Select All" Objects option or individually put a checkmark in each objects checkbox
click on the Next button. Ad-Aware SE will now present you with a confirmation box as to whether or not you would like to remove the objects you have just selected. Press the "OK" button

RESTART your computer  back to Normal mode

Back in Windows
Can I see the following

1. Run another System scan and Save logfile with Hijackthis and post the log
2. Post the report you saved earlier with Ewidos

[help]

Logfile of HijackThis v1.99.1
Scan saved at 2:41:01 AM, on 23/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Stop-the-Pop-Up\stopthepop.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://GLOBAL.ACER.COM/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyOverride = localhost
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN

Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -

c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -

C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program

Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -

C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program

Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [sureshotpopupkiller] "C:\Program

Files\Stop-the-Pop-Up\stopthepop.exe" -minimized
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"

-atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe"

/background
O8 - Extra context menu item: &Google Search - res://c:\program

files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program

files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program

files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program

files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program

files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program

files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet

Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}

(MsnMessengerSetupDownloadControl Class) -

http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -

"C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec

Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. -

C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program

Files\ewido anti-malware\ewidoctrl.exe---------------------------------------------------------
 ewido anti-malware - Scan report
---------------------------------------------------------

 + Created on:         2:10:22 AM, 23/12/2005
 + Report-Checksum:      62100189

 + Scan result:

   HKLM\SOFTWARE\Classes\CLSID\{9F95F736-0F62-4214-A4B4-CAA6738D4C07} -> Spyware.SaveNow : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{C91E8926-D4BE-4685-99F4-0D996B96BAC0} -> Spyware.P2PNetworking : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{16097036-894C-4C00-A61F-93CA0D49A70E} -> Spyware.TOPicks : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{2ED5AF98-9258-45BA-B79B-06625C92F662} -> Spyware.TOPicks : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{700DC0DD-F409-42E0-9DE5-21EE1A2BA9FD} -> Spyware.TOPicks : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{C285D18D-43A2-4AEF-83FB-BF280E660A97} -> Spyware.SaveNow : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{C91E8926-D4BE-4685-99F4-0D996B96BAC0} -> Spyware.P2PNetworking : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{FD42F6D3-7AB1-470C-979B-7996EDC99099} -> Spyware.TOPicks : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{0494D0D9-F8E0-41ad-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTbarISTbar -> Spyware.HotBar : Cleaned with backup
   HKLM\SOFTWARE\WhenUSave -> Spyware.SaveNow : Cleaned with backup
   HKLM\SOFTWARE\WhenUSave\Partners -> Spyware.SaveNow : Cleaned with backup
   HKLM\SOFTWARE\WhenUSave\Partners\EEPE -> Spyware.SaveNow : Cleaned with backup
   [1120] C:\WINDOWS\adtech2006a.exe -> Hijacker.VB.kc : Cleaned with backup
   [1148] C:\WINDOWS\adtech2006a.exe -> Hijacker.VB.kc : Error during cleaning
   C:\WINDOWS\system32\dwdsregt.exe -> Spyware.ZenoSearch : Cleaned with backup
   C:\WINDOWS\system32\rjdsregl.exe -> Spyware.ZenoSearch : Cleaned with backup
   C:\WINDOWS\system32\P2P Networking -> Spyware.P2PNetworking : Cleaned with backup
   C:\WINDOWS\system32\P2P Networking\Cache -> Spyware.P2PNetworking : Cleaned with backup
   C:\WINDOWS\system32\P2P Networking\Cache\Database -> Spyware.P2PNetworking : Cleaned with backup
   C:\WINDOWS\system32\P2P Networking\Cache\Database\index256.dbb -> Spyware.P2PNetworking : Cleaned with backup
   C:\WINDOWS\system32\P2P Networking\Cache\Database\file-10000-0x4bf0e26d4636f40daa3c7e64bfbf94ce.sig -> Spyware.P2PNetworking : Cleaned with backup
   C:\WINDOWS\system32\P2P Networking\MARSHAL.DLL -> Spyware.P2PNetworking : Cleaned with backup
   C:\WINDOWS\system32\P2P Networking\P2P Networking.eng -> Spyware.P2PNetworking : Cleaned with backup
   C:\WINDOWS\system32\drsmartload280a.exe -> Downloader.Adload.j : Cleaned with backup
   C:\WINDOWS\adtech2006a.exe -> Hijacker.VB.kc : Cleaned with backup
   C:\Documents and Settings\Jamie Raison\drsmartload280a.exe -> Downloader.Adload.j : Cleaned with backup
   C:\Program Files\MyWay\myBar\1.bin\MYWAYPLUGINPROXY.CLASS -> Spyware.MyWay : Cleaned with backup
   C:\System Volume Information\_restore{A5D3E639-89C6-41BF-B44F-669EC8894B47}\RP1\A0000004.exe -> Backdoor.NTRootKit.122 : Cleaned with backup
   C:\System Volume Information\_restore{A5D3E639-89C6-41BF-B44F-669EC8894B47}\RP1\A0000005.exe -> Backdoor.NTRootKit.122 : Cleaned with backup
   C:\System Volume Information\_restore{A5D3E639-89C6-41BF-B44F-669EC8894B47}\RP1\A0000006.exe -> Worm.VB.an : Cleaned with backup
   C:\System Volume Information\_restore{A5D3E639-89C6-41BF-B44F-669EC8894B47}\RP1\A0000007.exe -> Worm.Wupeer.a : Cleaned with backup
   C:\System Volume Information\_restore{A5D3E639-89C6-41BF-B44F-669EC8894B47}\RP1\A0000040.exe -> Hijacker.StartPage.aw : Cleaned with backup
   C:\drsmartload1.exe -> Downloader.Adload.l : Cleaned with backup
   C:\inst_drca02.exe -> Spyware.ZenoSearch : Cleaned with backup
   C:\stub_113_4_0_4_0.exe -> Downloader.TSUpdate.o : Cleaned with backup
   C:\MTE3NDI6ODoxNg.exe -> Downloader.Small.buy : Cleaned with backup


::Report End

Here are the scan reports you requsted.  Thanks alot for the help, I really appreciate it !
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec

Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -

C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

[guestolo]

Can you do me a favor please

Save another log with Hijackthis
Before you save it, click on Format>>Word Wrap

I'm trying to eliminate the extra spaces in your log

Post a new log without all the spaces

additionally, Aimfix should of saved a log to your desktop called Aimfix.log
Can you post the contents please

Let me know how everythings running!

[help]

i will get you another hjt scan this afternoon. I didn't run the aimfix.exe because i didn't know when to run it (ie.run in safe mode or after returning to normal mode.) I didn't see that part in your instructions.  let me know and I will get you both logs.   Thanks again.

[help]

Here is the new hjt log . Let me know when to run the aimfix.exe and I will get you that log as well.
  Thanks.
Logfile of HijackThis v1.99.1
Scan saved at 11:22:52 PM, on 24/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Stop-the-Pop-Up\stopthepop.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\HJT\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://GLOBAL.ACER.COM/
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [sureshotpopupkiller] "C:\Program Files\Stop-the-Pop-Up\stopthepop.exe" -minimized
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

[guestolo]

Sorry for the delay, all Xmas stuff and everything keeping me away from the forums

Sorry about the Aimfix
I asked you too download it, but actually you never needed it.
I copied and pasted that from another fix I had going to another user
Never realized I posted it to you too, so I was expecting to see a log from you that you didn't need to run
My bad  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/rolleyes.gif\' class=\'bbc_emoticon\' alt=\':rolleyes:\' />
You can go ahead and delete AimFix
P.S. It wouldn't of mattered if you ran it, but it's not needed

Final cleanup
If everything is running better, please do the following
You should disable system restore>>Reboot your computer>>and then reenable it
This will clear all your restore points and ensure you don't restore any nasties
How to Disable and Re-enable System Restore feature
Make sure you reenable system restore feature

Afterwards, For added protections
You should install this free tool
SpywareBlaster 3.4 by JavaCool
*Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer
After installation, Check for updates and then click the "Enable all protection"

Check for updates every couple of weeks
after every update just simply click the "enable protection on all unprotected items"

Merry Xmas and stay safe  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'\' />

[help]

Thanks dude! You rock!  Everything is running much better now,  i'll do the restore thing and grab
the spywareblaster right now.   Thanks again , and happy holidays!

[guestolo]

Your welcome
I'll lock this topic as your problems are resolved

Take care and happy holidays  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'\' />