ZIPZAPPROMOS!! What are the steps to remove now?

Hi again,
ZipZaps once again - Im excited to hear sOOp got thru - exactly which of all those steps should I take? I have taken the previous steps of deleting the two edg* files and removing instant access program, temp files and reg keys, turning off system restore but, no success. Upon starting IE the program reinstalls itself and pops up again.

I did find a file called setupapi.log that shows the edg program reinstalls each time delete it and I go on the net!:
[2005/02/08 20:48:03 2212.6]
#-198 Command line processed: "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
#-024 Copying file "C:\DOCUME~1\Dioni\LOCALS~1\Temp\ICD1.tmp\EGDACCESS.inf" to "C:\WINDOWS\Downloaded Program Files\EGDACCESS.inf ".
#E361 An unsigned or incorrectly signed file "C:\DOCUME~1\Dioni\LOCALS~1\Temp\ICD1.tmp\EGDACCESS.inf" will be installed (Policy=Ignore). Error 0x800b0100: No signature was present in the subject.
[2005/02/09 19:04:20 180.5]
#-198 Command line processed: "C:\Program Files\Internet Explorer\iexplore.exe"
#-024 Copying file "C:\DOCUME~1\dakid\LOCALS~1\Temp\ICD1.tmp\EGDACCESS_1057.dll" to "C:\WINDOWS\system32\EGDACCESS_1057.dll ".
#E361 An unsigned or incorrectly signed file "C:\DOCUME~1\dakid\LOCALS~1\Temp\ICD1.tmp\EGDACCESS_1057.dll" will be installed (Policy=Ignore). Error 0x800b0100: No signature was present in the subject.
[2005/02/09 19:04:22 180.6]
#-198 Command line processed: "C:\Program Files\Internet Explorer\iexplore.exe"
#-024 Copying file "C:\DOCUME~1\dakid\LOCALS~1\Temp\ICD1.tmp\EGDACCESS.inf" to "C:\WINDOWS\Downloaded Program Files\EGDACCESS.inf ".
#E361 An unsigned or incorrectly signed file "C:\DOCUME~1\dakid\LOCALS~1\Temp\ICD1.tmp\EGDACCESS.inf" will be installed (Policy=Ignore). Error 0x800b0100: No signature was present in the subject.
[2005/02/12 20:38:36 3676.5]
#-198 Command line processed: "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
#-024 Copying file "C:\DOCUME~1\Dioni\LOCALS~1\Temp\ICD1.tmp\EGDACCESS_1057.dll" to "C:\WINDOWS\system32\EGDACCESS_1057.dll ".
#E361 An unsigned or incorrectly signed file "C:\DOCUME~1\Dioni\LOCALS~1\Temp\ICD1.tmp\EGDACCESS_1057.dll" will be installed (Policy=Ignore). Error 0x800b0100: No signature was present in the subject.
[2005/02/12 20:38:37 3676.6]
#-198 Command line processed: "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
#-024 Copying file "C:\DOCUME~1\Dioni\LOCALS~1\Temp\ICD1.tmp\EGDACCESS.inf" to "C:\WINDOWS\Downloaded Program Files\EGDACCESS.inf ".
#E361 An unsigned or incorrectly signed file "C:\DOCUME~1\Dioni\LOCALS~1\Temp\ICD1.tmp\EGDACCESS.inf" will be installed (Policy=Ignore). Error 0x800b0100: No signature was present in the subject.

Please let me know which way to go now - Tks
here's HJT as of now:
Logfile of HijackThis v1.99.0
Scan saved at 9:05:33 PM, on 2/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\Program Files\Microsoft Money\System\reminder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NetWaiting\NetWaiting.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hjacked\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.copticchurch.net/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexico Toolbar - {11359F4A-B191-42d7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\lexbar.dll
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: Dictionary.com - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\lexbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe "
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe "
O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\NetWaiting.exe
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDACCESS_1057.dll,InstantAccess
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Microsoft Office Outlook 2003.lnk = ?
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm
O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {26D73573-F1B3-48C9-A989-E6CE071957A1} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1057_XP.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,7/McUpdatePortal.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1105317735748
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4343/mcfscan.cab
O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.reference.com/tools/toolbar/lexico.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{66B31125-C045-45B4-9A7B-22ACC04FCE0A}: NameServer = 66.185.33.5 66.185.33.2
O23 - Service: ASF Agent - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: AVSync Manager - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: McAfee Firewall - Network Associates, Inc. - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
O23 - Service: McShield - Unknown - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: Intel NCS NetService - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

 

Please download the List Installed Programs script from here, run it and post it's log.

 

Inst Programs list here

Here is the installed programs list. Just before your log I ran spybot and it immunized over 648 entries. I had also deleted the two egd* files again on this connection and adware found dso exploit, magic control and another.

thanks for looking!

INSTALLED SOFTWARE (73) - SAMMY - 2/12/2005 9:44:28 PM

2001 TurboTax for Windows
Ad-Aware SE Personal
Adobe Acrobat - Reader 6.0.2 Update Ver: 6.0.2 Installed: 6/27/2004
Adobe Download Manager 1.2 (Remove Only)
Adobe Reader 6.0.1 Ver: 006.000.001 Installed: 1/19/2004
An Altar To The Lord
Bible Companion Series
cmdani
Conexant SmartHSFi V92 56K DF PCI Modem
Dell Solution Center Ver: 1.00.0000 Installed: 1/7/2004
Digital Line Detect Ver: 1.06.2
DVDSentry Ver: 1.00.0001 Installed: 1/7/2004
Easy CD Creator 5 Basic Ver: 5.3.4.21 Installed: 1/7/2004
Google Toolbar for Internet Explorer
Help and Support Customization Ver: 1.00.0000 Installed: 1/7/2004
HijackThis 1.99.0 Ver: 1.99.0
hp instant support Ver: 4.03.03
HP Photo and Imaging 1.0 - HP PSC - HP OfficeJet
HP Photo and Imaging 1.0 - HP PSC - HP OfficeJet Ver: 1.00.0000 Installed: 2/17/2004
HP Photo and Imaging 1.0 - HP PSC - HP OfficeJet Drivers Ver: 1.00.0000 Installed: 2/17/2004
hp psc 2100 series
Instant Access
Intel (R) Pro Alerting Agent Ver: 4.2.0 Installed: 1/7/2004
Intel(R) Extreme Graphics Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet Ver: 6.05.2001 Installed: 1/7/2004
ItsDeductible Express Ver: 1.00.0000 Installed: 2/7/2005
Java 2 Runtime Environment, SE v1.4.2 Ver: 1.4.2 Installed: 1/7/2004
McAfee Firewall Ver: 4.00.5000 Installed: 5/19/2004
McAfee VirusScan Home Edition Ver: 7.00.5000 Installed: 5/19/2004
Membership Plus 6.0 for Windows
Microsoft .NET Framework 1.1 Ver: 1.1.4322 Installed: 1/7/2004
Microsoft Money 99
Microsoft Office Small Business Edition 2003 Ver: 11.0.5614.0 Installed: 2/2/2005
Microsoft Works Setup Launcher
Modem Helper
MSN Messenger 6.2 Ver: 6.2.0137 Installed: 1/15/2005
MSN Toolbar
NetWaiting Ver: 2.5.4
OLYMPUS CAMEDIA Master 4.1
OMCI Ver: 7.00.0316 Installed: 1/7/2004
PowerDVD
QuickBooks Pro 2002
QuickBooks Pro Edition 2004
QuickTime
Readiris 7.5
RealArcade
RealPlayer
SafeCast Shared Components
Shockwave
Shockwave Flash
Sony ACID 4.0f Ver: 4.0.446 Installed: 7/17/2004
SoulSeek Client 155
Spybot - Search & Destroy 1.3 Ver: 1.3
The Holy Bible & Pope Shenouda III Writings
TurboTax Basic 2002
TurboTax Premier 2004
TurboTax Premier Home & Business 2003
WebFldrs XP Ver: 9.50.6513 Installed: 9/3/2002
WexTech AnswerWorks Ver: 1.00.000
Windows XP Hotfix - KB834707 Ver: 20040929.110854
Windows XP Hotfix - KB873339 Ver: 20041117.092459
Windows XP Hotfix - KB885835 Ver: 20041027.181713
Windows XP Hotfix - KB885836 Ver: 20041028.173203
Windows XP Hotfix - KB886185 Ver: 20041021.090540
Windows XP Hotfix - KB890175 Ver: 20041201.233338
Windows XP Service Pack 2 Ver: 20040803.231319
Yahoo! Address AutoComplete
Yahoo! extras
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Messenger Explorer Bar
Yahoo! Toolbar

 

Download RegSearch.zip and extract the contents of the zip file to it's own folder.
Open and double-click the icon for RegSearch.exe to launch the program.
Enter cmdani in the top window and Instant Access directly under that, and click "OK ".
After completion Notepad will be opened with all the found instances. Please post that log.

 

Unreal! It found lots!

Amazing..

Here is the regsearch findings:
REGEDIT4

; Registry Search by Bobbi Flekman
; Version: 1.0.1.0

; Results at 2/12/2005 10:04:46 PM for strings:
; 'cmdani'
; 'instant access'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Instant Access]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cmdani "= "c:\\windows\\system32\\cmdani.exe -start "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cmdani]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cmdani]
"UninstallString "= "c:\\windows\\system32\\cmdani.exe -uninstall "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cmdani]
"DisplayName "= "cmdani "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Instant Access]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Instant Access]
"DisplayName "= "Instant Access "

 

Download and install Reglite. Open and copy/paste the following string in the address window then click Go.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
The forum format puts a space in the word current that you will need to edit out before clicking Go.

Right click the "cmdani "= "c:\\windows\\system32\\cmdani.exe -start " value in the right pane and delete. Then copy/paste the following.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cmdani

Right click the cmdani key in the left pane and delete. Do the same for;

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Instant Access

Exit Reglite when done.

Scan again with HijackThis and place a check next to the following entries. Close ALL other windows and click fix.

O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDACCESS_1057.dll,InstantAccess
O16 - DPF: {26D73573-F1B3-48C9-A989-E6CE071957A1} - http://akamai.downloadv3.com/binari...ESS_1057_XP.cab

Open C:\Windows\Prefetch, select all and delete.

Download Pocket Killbox from here: http://www.downloads.subratam.org/KillBox.zip

Unzip the files to a folder, then open and double-click on Killbox.exe to run it. In the "Paste Full Path of File to Delete" box, copy and paste the following:

C:\WINDOWS\System32\cmdani.exe

Check the box to delete on reboot and click the red X to the right. Click OK, then no to reboot now. Copy the next filepath and paste it in the box, and repeat the above steps. When all of the below filepaths are done, allow it to reboot.

C:\WINDOWS\Downlo~1\EGDACCESS.inf
C:\WINDOWS\system32\EGDACCESS_1057.dll

Reboot again, this time to safe mode and empty all temp folders, especially C:\Documents and Settings\Dioni\Local Settings\temp.
Empty recycle bin and reboot back into Windows.

If you haven't done so already, open Spybot and click mode on the toolbar, then advanced mode. Click immunize in the left pane, then immunize again, this time from above with the green + beside it. Click the link below that for SpywareBlaster, download, install, enable all protection and update. Check for updates regularly. Then, still in Spybot, click tools button, then IE tweaks and at least lock the HOSTS file.
Then download and install IESpyad.

That will give you some added layers of protection against unwanted parasites.

 

Hi Dion,

Results??

 

Zip Zaps Are Gone!! Thank U Thnk U Thnk U!!

The programs were removed fm Regedit and they did not recreate themselves, so it has been few days with out nasty popups, although I havent been on long.. They came back once but after marking the key in regedit (key is ON REBOOT!) and removing the programs it worked!!
Does this happen to IE only? Again, thks much for this great help!! Which others the same grace I got!!

 

That's great news. Thanks for the update.

 

oops, wrong thread