Persistant bugs

Assuming you did everything please post a Hijack This log file. Please follw direction in the first bit of this thread:

http://forums.majorgeeks.com/showthread.php?t=38752

 

Re: persistant bugs HJT logfile

You should have stayed in your original thread with these posts. This is confusing the way you started.
And please post the logs as a .txt file not a .doc file .

I going to merge your threads together into one.

 

Re: persistant bugs HJT logfile

Finished merging!

You did not post your log file properly. There is nothing in the .doc file.

Run a scan and save the log to hjt.txt . Then upload it.

 

From now on remember, no browsers running when doing scans or fixing anything with HijackThis. See this:
C:\Program Files\Internet Explorer\iexplore.exe

That's a browser. Next time, exit all IE sessions (or other browsers if you use them), do your scan. And then re-run your browser to post the log.

 

Do you know what this cards.exe program is that runs at startup?

C:\WINDOWS\System32\cards.exe
O4 - HKCU\..\Run: [cards] C:\WINDOWS\System32\cards.exe


I personally would uninstall WildTangent stuff:
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain

You need to use my When all else fails - Generic Solution to HSA (Only the Best) & about:Blank hijack thread. I list below the lines of concern from the log you last posted. See if you can use this as a start to following the Generic Solution steps. Follow them exactly do not skip anything and do not stop in the middle anywhere and reboot or power down (unless told to).

Processes of concern:
C:\WINDOWS\clock.avi:fvcjo
C:\WINDOWS\apilg32.exe
C:\WINDOWS\clock.avi:fvcjo

HijackThis lines of concern (for hijackers):
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ffvkh.dll/sp.html#23999
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ffvkh.dll/sp.html#23999
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\ffvkh.dll/sp.html#23999
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ffvkh.dll/sp.html#23999
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ffvkh.dll/sp.html#23999
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ffvkh.dll/sp.html#23999
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ffvkh.dll/sp.html#23999
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {E0AC72B4-8BA8-C6A8-6319-254FCC5D9916} - C:\WINDOWS\ipmq32.dll
O4 - HKLM\..\Run: [apilg32.exe] C:\WINDOWS\apilg32.exe
O4 - HKLM\..\RunOnce: [fvcjo] C:\WINDOWS\clock.avi:fvcjo




The items below are not part of the about:blank or HSA hijacker but they need to be fix too:

O4 - HKCU\..\Run: [Nons] C:\Documents and Settings\M. Rachel Munoz\Application Data\attc.exe
O4 - HKCU\..\Run: [Gomk] C:\WINDOWS\System32\?ttrib.exe
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.scoobidoo.com
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=9eafaeb2a8e2a9518112bc6e0cedee1552dd4ecb1dd748bcf1cf4d42ced1394245b14c137e17952f3a6abadc3d36297b2b37:b70ac5aa8ec48e2e58a29296baabe1d6
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab


After fixing those lines with HijackThis you need to boot into safe mode and delete:
C:\Documents and Settings\M. Rachel Munoz\Application Data\attc.exe
C:\WINDOWS\System32\?ttrib.exe
c:\counter.cab