Trojans I can't get rid or & error 1304

I actually have two problems, but thought I should start with the trojan problem and get rid of them first. This PC is connected to a LAN, has WinXP SP2, 40GB hard drive, 256MB Ram, 2.4 Athlon processor. I have gone through all the "Read me First" instructions that you have posted and eliminated as much malware as possible, I believe. I then ran the hijackthis log and am posting here. There seem to be trojans that I can not get to to clean. The other problem is that I am getting a "Error 1304. error writing to file..." when I try to install the Symantec client on this computer. Initially, Symantec was on this unit. Some trojans were eliminated, but the chevron in the bottom tray showed a yellow exclamation mark. After looking at the Symantec knowledge base, the suggestion was to un-install and re-install the software. I got the un-install done, but when I try to re-install I get the above error message and the installation rolls back out. Thanks in advance of your help and I hope I am doing this all correctly since this is my first post.

 

I also need the logs from both online scans.

Please see the below thread on how to install and run Spy Sweeper.

Running Spy Sweeper...

 

I have attached the two online scans. I have also run Spy Sweeper, at your suggestion. Thanks.

 

Please attach the log from Spy Sweeper, then follow the below...

See the below thread on how to install and run Ewido Security Suite.

• Running Ewido Security Suite ...

 

I am attaching the Spy Sweeper log and the Ewido log. Thank you.

 

From normal mode, please attach a fresh HJT log.

 

Here's a new hijackthis.log, at your request.

 

Download Pocket KillBox

• Save it to your desktop or a place easy to find.
• Do not run it yet

Please look in Add or Remove Programs for the following and Uninstall them if found:

Ewido

Spy Sweeper

Weather Check

SpySpotter

Now scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:80

O4 - HKLM\..\Run: [DNHelper32] C:\WINNT\system32\DNHlp32.exe
O4 - HKLM\..\Run: [X10Weax] C:\PROGRA~1\WEATHE~1\wthrtray.exe
O4 - HKLM\..\Run: [edzwkhH.exe] C:\Documents and Settings\HEIFNERL\Desktop\edzwkhH.exe
O4 - HKLM\..\Run: [nlflbq] c:\winnt\system32\nlflbq.exe
O4 - HKLM\..\Run: [SpySpotter] C:\PROGRA~1\SPYSPO~1\SpySpotter.exe
O4 - HKLM\..\Run: [auto__hloader__key] C:\WINNT\system32\hloader_exe.exe
O4 - HKLM\..\Run: [key2] C:\WINNT\system32\winlog.exe
O4 - HKCU\..\Run: [auto__hloader__key] C:\WINNT\system32\hloader_exe.exe
O4 - HKCU\..\Run: [anti_troj] C:\WINNT\system32\anti_troj.exe
O4 - HKCU\..\Run: [key2] C:\WINNT\system32\winlog.exe

O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://64.124.45.181/downloads/ccpm_0237.cab
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspotter/SpSp29952.22opt/SpySpotterInstall.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = aptooling.com
O17 - HKLM\Software\..\Telephony: DomainName = aptooling.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = aptooling.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = aptooling.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = aptooling.com
(Keep these if you know them)

Again, make sure ALL browser windows are closed when you click FIX.

Now, Please boot into Safe Mode, be sure you have the Viewing of Hidden Files & Folders Enabled per the tutorial. Now, navigate to and DELETE the following if they should remain:

C:\Program Files\Weather Check ← Delete this whole folder if it exist!

C:\Program Files\SpySpotter ← Delete this whole folder if it exist!

Next, run CCleaner to clean up cookies and temp files.

Run full scans with Ad-Aware SE & Spybot S&D and have both programs fix what they find.
Note: Remember to get all updates before doing the scans.

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:

• Temporary Files
• Temporary Internet Files
• Recycle Bin

And Click OK.


Locate PocketKillbox
(Procede with this step even if they do not show in blue)

Next, you will be entering items into Pocket KillBox. Please select the “Delete on Reboot” Option. Copy&Paste each of the file names listed below into the box one by one, making sure Delete on Reboot is Checked for each entry. Click the Red X for each entry, but DO NOT Allow your machine to be rebooted until the last item has been entered:

** Note: For any of the .dll files, check the Unregister .dll Before Deleting box as well. If this option is not enabled, don't worry about it.

• If you get an error message about Pending Operations, just reboot your computer manually.

After you complete the above, attach a fresh HJT log.

 

I've done all of your instructions and then I've attached my newest HJT file. Thanks!

 

I believe that you've healed it all. I tried running the Symantec installation again after I finished up your removal instructions and it installed just fine and is scanning and updating properly. Thanks for all your time and help with this!

 

Your HJT log is clean, are you having any further problems?

 

So far, so good. All seems to be working well now. Thanks for all your effort and patience.

 

Your Welcome!

You should see this article on How to Protect yourself from malware!

Surf Safely!