Before anyone can help you....you need to update your version of HJT and then post a new log.

Steve

Logfile of HijackThis v1.99.1
Scan saved at 5:50:25 PM, on 4/21/2005
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\drivers\trcboot.exe
C:\Program Files\AccessManager\Client\AMBroker.exe
C:\WINNT\system32\drivers\CDAC11BA.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\OpcEnum.exe
C:\Program Files\AccessManager\PMAC\sp_SWIns.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\wltrysvc.exe
C:\WINNT\system32\wm.exe
C:\WINNT\System32\bcmwltry.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\WMRUNDLL.EXE
C:\WINNT\Explorer.EXE
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINNT\system32\scmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\WINNT\system32\NALDESK.EXE
C:\Program Files\AccessManager\Client\AccessMgr.exe
C:\WINNT\system32\NWTRAY.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINNT\system32\monitorbk.exe
P:\APPS\PrintNow\Printnow.exe
C:\PROGRA~1\ROCKWE~1\RSCOMMON\RSOBSERV.EXE
C:\PROGRA~1\ROCKWE~1\RSLinx\RSLINX.EXE
C:\Program Files\Rockwell Software\RSLogix 500 English\Rs500.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\WINNT\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Siemens Dematic
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = rdcproxy01.rapistan.com:3128
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {29422B34-EBAE-B8B9-CD23-B6420F4B1744} - C:\WINNT\system32\xxakcecr.dll
O2 - BHO: (no name) - {67614A70-FDA8-EE52-AB6F-E7D4D2D99EED} - C:\WINNT\system32\jcazhxqs.dll
O2 - BHO: (no name) - {6C1C4ABC-14C0-309F-6A8A-99A4822BE5EC} - C:\WINNT\system32\dvdlrmeo.dll
O2 - BHO: (no name) - {D4A1F831-35C4-17D5-04DF-73726BEF6266} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SCMON] C:\WINNT\system32\scmon.exe
O4 - HKLM\..\Run: [CfgDownload] C:\IXOS-ARCHIVE\bin\CfgDownload.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [AccessManager] C:\Program Files\AccessManager\Client\AccessMgr.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Global Startup: Belkin PCMCIA WLAN Monitor.lnk = C:\WINNT\system32\monitorbk.exe
O4 - Global Startup: PrintNow.lnk = APPS\PrintNow\Printnow.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O12 - Plugin for .bmp: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin7.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ww110.siemens.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{8ED0DB66-7001-49DC-886D-020870C943F0}: NameServer = 209.127.202.19,216.148.227.79
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ww110.siemens.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ww110.siemens.net
O20 - Winlogon Notify: ckpNotify - C:\WINNT\SYSTEM32\ckpNotify.dll
O23 - Service: Access Manager Configuration Service (AMBroker) - Unknown owner - C:\Program Files\AccessManager\Client\AMBroker.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINNT\system32\drivers\CDAC11BA.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: dnWhoDisp - Unknown owner - C:\Program Files\Rockwell Software\RSLINX\dnwhodisp.exe
O23 - Service: Harmony - Rockwell Software Inc. - C:\PROGRA~1\ROCKWE~1\RSCOMMON\RSOBSERV.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Unknown owner - C:\WINNT\system32\NALNTSRV.EXE (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINNT\system32\OpcEnum.exe
O23 - Service: RSLinx - Rockwell Software, Inc. - C:\PROGRA~1\ROCKWE~1\RSLinx\RSLINX.EXE
O23 - Service: SP Software Installer - Smartpipes, Inc. - C:\Program Files\AccessManager\PMAC\sp_SWIns.exe
O23 - Service: Visual Insight Dial Analysis (sp_spi_da) - Smartpipes, Inc. - C:\Program Files\AccessManager\SMOC\spi_da.exe
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
O23 - Service: TrcBoot - Unknown owner - C:\WINNT\system32\drivers\trcboot.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINNT\System32\wltrysvc.exe
O23 - Service: Novell Workstation Manager (WM) - Novell, Inc. - C:\WINNT\system32\wm.exe

Hi

First of all please move your HJT program to your C:\ drive. C:\HJT is a good place.

Second is Telscape International Inc. your ISP?

Now open your HJT program and tick these entries:
ONLY TICK THIS R1 ENTRY IF YOU DON'T CONNECT THRU A PROXY SERVER
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = rdcproxy01.rapistan.com:3128
O2 - BHO: (no name) - {D4A1F831-35C4-17D5-04DF-73726BEF6266} - (no file)
O2 - BHO: (no name) - {29422B34-EBAE-B8B9-CD23-B6420F4B1744} - C:\WINNT\system32\xxakcecr.dll
O2 - BHO: (no name) - {67614A70-FDA8-EE52-AB6F-E7D4D2D99EED} - C:\WINNT\system32\jcazhxqs.dll
O2 - BHO: (no name) - {6C1C4ABC-14C0-309F-6A8A-99A4822BE5EC} - C:\WINNT\system32\dvdlrmeo.dll
ONLY TICK THESE O6 ENTRIES IF YOU HAVE NOT LOCKED YOUR HOMEPAGE AND CONTROL PANEL.
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Now with all programs closed except your HJT program, including your browsers, hit the FIX button.

Reboot and post a new log.

Steve

Message Edited by zbestwun2001 on 04-21-2005 04:41 PM

zbestwun,

Thanks for your response.

Telescape International as my ISP?  Where did you come up with that?  I am located near their corporate headquarters in Georgia.  I also travel to Mexico frequently.  That is ironic.

I your suggestion of fixes , 02 and 06.  The virus/spyware threat has been removed.  Now I just got to get my Internet Explorer back to normal.  It comes up with a window stating that it is in compatibility mode.  This mode doesn't have all the features enabled for some reason.

Anyway, thanks for your help.

Keith

I really need to see another log.

But that's up to you.

Do you connect thru a proxy?

Steve