I have zip zap pop ups out the wazu

please help me to get rid of these gross ads
here is my hijck this log.
Logfile of HijackThis v1.99.1
Scan saved at 8:39:01 PM, on 2/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Works\MsWorks.exe
C:\Program Files\Microsoft Works\WkDStore.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Common Files\Aol\aoltpspd.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\hijack this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.biblegateway.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://media100.fastclick.net/w/safepop.cgi?mid=37619&sid=4385&id=102258&len=0&c=27&nfcp=1&fp=2
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe "
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE "
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDACCESS_1057.dll,InstantAccess
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM (file missing)
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM (file missing)
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM (file missing)
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM (file missing)
O9 - Extra button: MP3.com Radio - {9239E4EC-C9A6-11D2-A844-00C04F68D538} - C:\Program Files\Radio Free Virgin Player\Radio Free Virgin.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {26D73573-F1B3-48C9-A989-E6CE071957A1} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1057_XP.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {55087C75-C0CB-445E-9CD7-1E754B7FA3A3} (XMRADIO.systemprofiler) - http://www.xmradio.com/xstream/registration/dell/xmprofiler.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{43CD01DB-1F88-4F03-9B49-481668905579}: NameServer = 205.188.146.145
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

 

Welcome to WindowsBBS shotgun

Scan again with HijackThis and place a check next to the following entries. Close ALL other windows and click fix.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://media100.fastclick.net/w/saf...=27&nfcp=1&fp=2
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE

Reboot. Please download the List Installed Programs script from here, run it and post it's log.

 

heres that log

I am still geting pop ups even after deleting those file on hijackthis.

INSTALLED SOFTWARE (115) - D9FPR761 - 2/22/2005 9:53:27 AM

Ad-Aware SE Personal
Adobe Acrobat - Reader 6.0.2 Update Ver: 6.0.2 Installed: 12/9/2004
Adobe Reader 6.0.1 Ver: 006.000.001 Installed: 12/9/2004
Alohabob PC Relocator Ver: 06.00.1029 Installed: 1/2/2005
Alohabob PC Relocator Ver: 06.00.1029 Installed: 1/2/2005
America Online (Choose which version to remove)
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Computer Check-Up
AOL Connectivity Services
ATI Control Panel Ver: 6.14.10.5120
ATI Display Driver Ver: 8.051-040825a-017900C-Dell
CC_ccProxyMSI Ver: 2.1.1.700 Installed: 12/9/2004
CC_ccStart Ver: 2.1.1.700 Installed: 12/9/2004
ccCommon Ver: 2.1.1.700 Installed: 12/9/2004
Conexant D850 56K V.9x DFVc Modem
Creative MediaSource
Dell Digital Jukebox Driver
Dell Driver Reset Tool Ver: 1.02.0000 Installed: 12/9/2004
Dell Media Experience Ver: 3.0 Installed: 12/9/2004
Dell Media Experience Update
Dell Support 5.0.0 (630)
Dell System Restore Ver: 2.00.0000 Installed: 12/9/2004
Digital Line Detect Ver: 1.10
EarthLink setup files Ver: 2005.1.47.0 Installed: 12/9/2004
Get High Speed Internet! Ver: 1.00.0000 Installed: 12/9/2004
GMAT Diagnostic
HijackThis 1.99.1 Ver: 1.99.1
Instant Access
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections Ver: 8.00.5000 Installed: 12/9/2004
Internet Explorer Default Page Ver: 1.00.03 Installed: 12/9/2004
Jasc Paint Shop Photo Album Ver: 4.0.3 Installed: 12/9/2004
Jasc Paint Shop Pro 8 Dell Edition Ver: 8.10.0000 Installed: 12/9/2004
Java 2 Runtime Environment, SE v1.4.2_03 Ver: 1.4.2_03 Installed: 12/9/2004
Learn2 Player (Uninstall Only)
LiveReg (Symantec Corporation) Ver: 2.4.2.2295
LiveUpdate 2.5 (Symantec Corporation) Ver: 2.5.55.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Ver: 1.1.4322 Installed: 2/10/2005
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Encarta Encyclopedia Standard 2004 Ver: 2004 Installed: 12/9/2004
Microsoft Money 2004 Ver: 12.0.50 Installed: 12/9/2004
Microsoft Money 2004 System Pack Ver: 12.0.80 Installed: 12/9/2004
Microsoft Picture It! Photo Premium 9 Ver: 9.0.0.0000
Microsoft Picture It! Photo Premium 9 Ver: 9.0.0.0000 Installed: 12/9/2004
Microsoft Plus! Digital Media Edition Installer Ver: 1.1.0.3514 Installed: 12/9/2004
Microsoft Plus! Photo Story 2 LE Ver: 1.1.0.3463 Installed: 12/9/2004
Microsoft Streets and Trips 2004 Ver: 11.00.18.1900 Installed: 12/9/2004
Microsoft Word 2002 Ver: 10.0.2627.01 Installed: 12/9/2004
Microsoft Works Ver: 07.03.0719 Installed: 12/9/2004
Microsoft Works 2004 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word Ver: 7.0.0.0000 Installed: 12/9/2004
Modem Helper Ver: 2.25
MSRedist Ver: 1.0.0.0 Installed: 12/9/2004
Musicmatch for Windows Media Player Ver: 0.00.000
Musicmatch® Jukebox Ver: 9.00.2062b
My Way Search Assistant
My Way Search Assistant Ver: 1.0.256 Installed: 12/9/2004
NetWaiting Ver: 2.5.12
NetZeroInstallers Ver: 1.0.0 Installed: 12/9/2004
Norton AntiSpam Ver: 2004.1.3.5 Installed: 12/9/2004
Norton AntiSpam Ver: 2004.1.3.5 Installed: 12/9/2004
Norton AntiVirus Ver: 10.00.15 Installed: 12/9/2004
Norton Internet Security Ver: 5.2.1.207 Installed: 12/9/2004
Norton Internet Security Ver: 7.0.6.16 Installed: 12/9/2004
Norton Internet Security Ver: 7.0.6.16 Installed: 12/9/2004
Norton Internet Security Ver: 7.0.6.16 Installed: 12/9/2004
Norton Internet Security Ver: 7.0.6.16 Installed: 12/9/2004
Norton Internet Security Ver: 7.0.6.16 Installed: 12/9/2004
Norton Internet Security Ver: 7.0.6.16 Installed: 12/9/2004
Norton Internet Security Ver: 7.0.6.16 Installed: 12/9/2004
Norton Internet Security Ver: 7.0.6.16 Installed: 12/9/2004
Norton Internet Security (Symantec Corporation) Ver: 7.0.6.16
Norton Security Center Ver: 2005.1.0.111 Installed: 12/9/2004
Norton WMI Update Ver: 2005.1.0.111 Installed: 12/9/2004
Photo Click Ver: 1.0.0 Installed: 12/9/2004
PowerDVD 5.3
Qualxserve Service Agreement Ver: 1.10.0000 Installed: 12/9/2004
QuickTime
RealPlayer Basic
Shockwave
Shockwave Flash
Sonic DLA Ver: 4.95 Installed: 12/9/2004
Sonic MyDVD Ver: 5.3.0 Installed: 12/9/2004
Sonic RecordNow! Ver: 7.3 Installed: 12/9/2004
Sonic Update Manager Ver: 2.9 Installed: 12/9/2004
Sound Blaster Audigy 2 ZS
Spybot - Search & Destroy 1.3 Ver: 1.3
SpywareBlaster v3.2 Ver: 3.2.0
Symantec Network Drivers Update Ver: 5.4.3.11 Installed: 1/3/2005
Symantec Script Blocking Installer Ver: 1.0.0 Installed: 12/9/2004
Viewpoint Media Player
vpjqdc
WebFldrs XP Ver: 9.50.7523 Installed: 8/10/2004
Windows Installer Clean Up Ver: 2.05.00.0000 Installed: 1/3/2005
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 Ver: 9.00.3636 Installed: 12/9/2004
Windows XP Hotfix - KB834707 Ver: 20040929.110854
Windows XP Hotfix - KB867282 Ver: 20050127.090417
Windows XP Hotfix - KB873333 Ver: 20050114.005213
Windows XP Hotfix - KB873339 Ver: 20041117.092459
Windows XP Hotfix - KB885250 Ver: 20050118.202711
Windows XP Hotfix - KB885835 Ver: 20041027.181713
Windows XP Hotfix - KB885836 Ver: 20041028.173203
Windows XP Hotfix - KB885884 Ver: 20040924.025457
Windows XP Hotfix - KB886185 Ver: 20041021.090540
Windows XP Hotfix - KB887472 Ver: 20041014.162858
Windows XP Hotfix - KB888113 Ver: 20041116.131036
Windows XP Hotfix - KB888302 Ver: 20041207.111426
Windows XP Hotfix - KB888310 Ver: 20041027.095746
Windows XP Hotfix - KB890047 Ver: 20041221.124506
Windows XP Hotfix - KB890175 Ver: 20041201.233338
Windows XP Hotfix - KB891781 Ver: 20050110.165439

 

A couple of more steps and we'll stop the popups.

Download RegSearch.zip and extract the contents of the zip file to it's own folder.
Open and double-click the icon for RegSearch.exe to launch the program.
Enter Instant Access in the top window, vpjqdc on the next line and click OK. After completion Notepad will be opened with all the found instances. Please post that log.

 

heres that log

REGEDIT4

; Registry Search by Bobbi Flekman
; Version: 1.0.1.0

; Results at 2/23/2005 8:50:03 AM for strings:
; 'instant access'
; 'vpjqdc'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Instant Access]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\vpjqdc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vpjqdc "= "c:\\windows\\system32\\vpjqdc.exe -start "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Instant Access]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Instant Access]
"DisplayName "= "Instant Access "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vpjqdc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vpjqdc]
"UninstallString "= "c:\\windows\\system32\\vpjqdc.exe -uninstall "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vpjqdc]
"DisplayName "= "vpjqdc "

[HKEY_USERS\S-1-5-21-3692371877-646140967-2057433357-1008\Software\Microsoft\Search Assistant\ACMru\5603]
"003 "= "instant access "

[HKEY_USERS\S-1-5-21-3692371877-646140967-2057433357-1008\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\windows\\system32\\vpjqdc.exe "= "vpjqdc "

 

Download Pocket Killbox from here: http://www.downloads.subratam.org/KillBox.zip

Unzip the files to a folder, then open and double-click on Killbox.exe to run it. In the "Paste Full Path of File to Delete" box, copy and paste the following:

C:\WINDOWS\System32\vpjqdc.exe

Check the box to delete on reboot and click the red X to the right. Click OK, then NO to reboot now. Copy the next filepath and paste it in the box, and repeat the above steps. When all of the below filepaths are done, close the Killbox.

C:\WINDOWS\Downlo~1\EGDACCESS.inf
C:\WINDOWS\system32\EGDACCESS_1057.dll



Download and install Reglite. Open and copy/paste the following string in the address window then click go.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
The forum format puts a space in the word current that you will need to edit out before clicking Go.

Right click the "vpjqdc "= "c:\\windows\\system32\\vpjqdc.exe -start" value in the right pane and delete. Then copy/paste the following.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\vpjqdc

Right click the bvydqakmc key in the left pane and delete.

Do the same for;

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\Instant Access


Exit Reglite when done.



Scan again with HijackThis and place a check next to the following entries. Close ALL other windows and click fix.

O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDACCESS_1057.dll,InstantAccess
O16 - DPF: {26D73573-F1B3-48C9-A989-E6CE071957A1} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1057_XP.cab


Reboot and post a new HJT log. Let us know if the popups stop.

 

help

ko i copy and past this to reglite HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run
but there is no fale by this name "vpjqdc "= "c:\\windows\\system32\\vpjqdc.exe -start "maybe I am looking in the wrong place for the file or it is not there.

 

Make sure you edit the space out of the word current before hitting go as noted above, then you should see the value in the right pane. You will see the run key highlighted purple in the left pane. Click the attachment in this post to see a picture of what it should look like. If the value still isn't present, skip the RegLite part until you are in safe mode.