so far no pop ups and nothing else suspicious going on. my antivirus just hangs out without bothering me every 30 seconds. i did run a complete virus scan and it came back with 30 items and quarantined them all.
i did everything you said. all the files deleted except for byxxutr.dll.vir but it was quarantined so i deleted it and everything else that was quarantined.
i noticed that when i was still having problems, safe mode really wouldnt let me do anything, the box reminding me im in safe mode would pop up often and then disappear with the desktop, and any windows i had opened. i had to keep bringing up the task manager and selecting run and running C:\WINDOWS\ to get an error that would pull the desktop back up. now that things are working the way they used that didnt happen once when i ran it in safe mode a few minutes ago.
so heres my log.
Logfile of HijackThis v1.99.1
Scan saved at 5:58:36 PM, on 9/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2
(6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\BUFFALO\Client
Manager3\bwsvc\bwsvc.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\PopUp
Killer\bak\PopUpKiller.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program
Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Yahoo!\Search
Protection\SearchProtection.exe
C:\Program
Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program
Files\Google\GoogleToolbarNotifier\GoogleToolba
rNotifier.exe
C:\Program Files\BUFFALO\Client
Manager3\cm3_tray.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\MsgSys.EXE
E:\PROGRA~2\Yahoo!\MESSEN~1\ymsgr_tray.e
xe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\NavNT\bak\vptray.exe
c:\program files\internet explorer\iexplore.exe
C:\Program Files\analyse\analyse.exe
R0 - HKCU\Software\Microsoft\Internet
Explorer\Main,Start Page =
http://firstdatajobs.com/R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Bar =
http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search
.html
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet
Explorer\Main,Start Page =
http://www.yahoo.com/O2 - BHO: AcroIEHlprObj Class -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
- C:\Program Files\Adobe\Acrobat
6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) -
{53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button -
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
- C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class -
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
- C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO -
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
- C:\Program
Files\Google\GoogleToolbarNotifier\2.0.301.7164\
swg.dll
O3 - Toolbar: &Google -
{2318C2B1-4965-11d4-9B18-009027A5CD4F} -
c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI
Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [vptray] C:\Program
Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [PopUpKiller] C:\Program
Files\PopUp Killer\bak\PopUpKiller.EXE
O4 - HKLM\..\Run: [Logitech Utility]
Logi_MwX.Exe
O4 - HKLM\..\Run: [ezShieldProtector for Px]
C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program
Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon]
RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter]
RUNDLL32.EXE
C:\WINDOWS\system32\NvMcTray.dll,NvTaskba
rInit
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program
Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task]
"E:\Program Files\QuickTime\bak\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [SMSTray] C:\Program
Files\Samsung\Samsung Media Studio
5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program
Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [YSearchProtection]
"C:\Program Files\Yahoo!\Search
Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched]
"C:\Program
Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [SsAAD.exe]
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [Yahoo! Pager]
"E:\PROGRA~2\Yahoo!\MESSEN~1\YAHOOM~1
.EXE" -quiet
O4 - HKCU\..\Run: [YSearchProtection]
C:\Program Files\Yahoo!\Search
Protection\SearchProtection.exe
O4 - HKCU\..\Run: [swg] C:\Program
Files\Google\GoogleToolbarNotifier\GoogleToolba
rNotifier.exe
O4 - Global Startup: ClientManager3.lnk =
C:\Program Files\BUFFALO\Client
Manager3\cm3_tray.exe
O9 - Extra button: (no name) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services -
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
- C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows
Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.whataboutarabit.com
O16 - DPF:
{00B71CFB-6864-4346-A978-C0A14556272C}
(Checkers Class) -
http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF:
{01FE8D0A-51AD-459B-B62B-85E135128B32}
(DD_v4.DDv4) -
http://www.drivershq.com/DD_v4.CABO16 - DPF:
{2917297F-F02B-4B9D-81DF-494B6333150B}
(Minesweeper Flags Class) -
http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF:
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}
(Installation Support) - C:\Program
Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF:
{4F1E5B1A-2A80-42CA-8532-2D05CB959537}
(MSN Photo Upload Tool) -
http://by122fd.bay122.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF:
{6414512B-B978-451D-A0D8-FCFDF33E833C}
(WUWebControl Class) -
http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?11
90263651562
O16 - DPF:
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
(MUWebControl Class) -
http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1
190263605609
O16 - DPF:
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D}
(MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF:
{A90A5822-F108-45AD-8482-9BC8B12DD539}
(Crucial cpcScan) -
http://www.crucial.com/controls/cpcScanner.cabO16 - DPF:
{B8BE5E93-A60C-4D26-A2DC-220313175592}
(ZoneIntro Class) -
http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O18 - Protocol: livecall -
{828030A1-22C1-4009-854F-8E305202313F} -
C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim -
{828030A1-22C1-4009-854F-8E305202313F} -
C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon -
C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon -
C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj -
{AAA288BA-9A4C-45B0-95D7-94D524869DB5} -
C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown
owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner -
C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bwsvc - BUFFALO INC. -
C:\Program Files\BUFFALO\Client
Manager3\bwsvc\bwsvc.exe
O23 - Service: DefWatch - Symantec
Corporation - C:\Program
Files\NavNT\defwatch.exe
O23 - Service: Google Updater Service (gusvc) -
Google - C:\Program
Files\Google\Common\Google
Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager
(IDriverT) - Macrovision Corporation - C:\Program
Files\Common Files\InstallShield\Driver\1150\Intel
32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation
- C:\Program Files\Common Files\Sony
Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Client (Norton
AntiVirus Server) - Symantec Corporation -
C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service
(NVSvc) - NVIDIA Corporation -
C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation
- C:\Program Files\Common Files\Sony
Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) -
Sony Corporation - C:\Program Files\Common
Files\Sony Shared\AVLib\SPTISRV.exe