Spyware Removal Please help!

Question

Hi I just got my new laptop 2 months ago and didn't have any spyware problems before...but now it seems like I can't remove it. I was wondering if an expert can help me because I can't afford the real service to call up dell help desk. So my problem is that everytime I go into my internet explorer I get this:   Detected SPYware! System error #384 __________________________________________________________________________   Your IP address is 141.149.52.197. Using this address a remote computer has gained anaccess to your computer and probably is collecting the information about the sites you've visited and the files contained in the folder Temporary Internet Files. Attention! Ask for help or install the software for deleting secret information about the sites you visited. __________________________________________________________________________ Your computer is full of evidences! ISP of transmission: VERIZON Your IP address: 141.149.52.197 They know you're using: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Your computer is: Windows XP Risk status for further investigation: VERY HIGH RISK         and when I go to properties in IE to change my home page, it won't allow me. The box it not clickable but just solid with the homepage set to C:\secure32.html. I really don't understand what is going on and if it is spyware how do I remove it? I downloaded SpywareGuard and SpywareBlaster but I don't think they removed anything. So then, I tried Hijackthis and now I don't know which browsers or programs are bad or good. I feel like I'm in a fix. Please help =(       I've installed Hijackthis but I don't know which ones to delete. This is my log below:   Logfile of HijackThis v1.99.1Scan saved at 11:55:06 PM, on 10/16/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exec:\program files\mcafee.com\agent\mcdetect.exec:\PROGRA~1\mcafee.com\vso\mcshield.exec:\PROGRA~1\mcafee.com\agent\mctskshd.exec:\PROGRA~1\mcafee.com\vso\OasClnt.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exeC:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exec:\program files\mcafee.com\vso\mcvsshld.exec:\progra~1\mcafee.com\vso\mcvsescn.exec:\program files\mcafee.com\agent\mcagent.exeC:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exeC:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\WINDOWS\system32\wdfmgr.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\wbem\wmiprvse.exeC:\WINDOWS\System32\alg.exeC:\Program Files\Apoint\Apoint.exeC:\Program Files\Intel\Wireless\Bin\ifrmewrk.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\Dell\Media Experience\PCMService.exeC:\Program Files\Dell\QuickSet\quickset.exeC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exeC:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exeC:\Program Files\Real\RealPlayer\RealPlay.exeC:\Program Files\QuickTime\qttask.exeC:\WINDOWS\system32\dla	fswctrl.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Apoint\Apntex.exeC:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exeC:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exeC:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exeC:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exeC:\Program Files\Java\jre1.5.0_04\bin\jusched.exeC:\WINDOWS\system32\polo.exeC:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exeC:\Program Files\Common Files\AOL\1126212398\ee\AOLHostManager.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Common Files\AOL\1126212398\ee\AOLServiceHost.exeC:\Program Files\Dell Support\DSAgnt.exeC:\Program Files\Messenger\msmsgs.exec:\progra~1\mcafee.com\vso\mcvsftsn.exeC:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exeC:\Program Files\Digital Line Detect\DLG.exeC:\Program Files\Dell Photo Printer 720\dlbcserv.exeC:\Program Files\Verizon Online\bin\mpbtn.exeC:\Program Files\SpywareGuard\sgbhp.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\AIM\aim.exeC:\Program Files\Common Files\AOL\1126212398\ee\AOLServiceHost.exeC:\Program Files\Internet Explorer\iexplore.exeC:\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cgi.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=6.1&bm=ho_search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.htmlR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.htmlR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.htmlR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.htmlR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/root/campaign.asp?cid=16013&affid=105-57 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon OnlineR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dllR3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dllO2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dllO2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dllO2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll (file missing)O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla	fswshx.dllO2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dllO3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dllO3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll (file missing)O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exeO4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/WirelessO4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [PCMService] 'C:\Program Files\Dell\Media Experience\PCMService.exe'O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exeO4 - HKLM\..\Run: [DVDLauncher] 'C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe'O4 - HKLM\..\Run: [MMTray] 'C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe'O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYERO4 - HKLM\..\Run: [QuickTime Task] 'C:\Program Files\QuickTime\qttask.exe' -atboottimeO4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla	fswctrl.exeO4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startupO4 - HKLM\..\Run: [ISUSScheduler] 'C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe' -startO4 - HKLM\..\Run: [VSOCheckTask] 'C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe' /checktaskO4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exeO4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exeO4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exeO4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exeO4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exeO4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exeO4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1126212398\ee\AOLHostManager.exeO4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exeO4 - HKLM\..\Run: [mmtask] 'C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe'O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exeO4 - HKLM\..\Run: [polo.exe] polo.exeO4 - HKLM\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exeO4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embeddingO4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exeO4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startupO4 - HKLM\..\RunOnce: [mcbrhlpr.dll] rundll32.exe advpack.dll,RegisterOCX c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dllO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [DellSupport] 'C:\Program Files\Dell Support\DSAgnt.exe' /startupO4 - HKCU\..\Run: [MSMSGS] 'C:\Program Files\Messenger\msmsgs.exe' /backgroundO4 - HKCU\..\Run: [MStask] C:\WINDOWS\svchost.exeO4 - HKCU\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exeO4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exeO4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exeO4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exeO4 - Global Startup: Bluetooth Manager.lnk = ?O4 - Global Startup: Digital Line Detect.lnk = ?O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exeO4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exeO4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exeO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0esources\en-US\local\search.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
pjpi150_04.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
pjpi150_04.dllO9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exeO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/products/protected/mvt/mvt.cab O16 - DPF: {9D614E8E-03AA-11D3-90FC-0040C7157029} (PDMSInstallerCtl Class) - http://www.pakdata.com/download/PDMSInstaller.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4603/mcfscan.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dllO20 - Winlogon Notify: style32 - C:\WINDOWS\O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exeO23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXEO23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exeO23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exeO23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exeO23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exeO23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exeO23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exeO23 - Service: McAfee SpamKiller Server (MskService) - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exeO23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exeO23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exeO23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exeO23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exeO23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

RKinner · Answer

Download the Hoster from:

www.funkytoad.com/

Unpack to your desktop and run it. Select Restore Original Hosts.

Get DelDomain.inf from:

http://www.mvps.org/winhelp2002/DelDomains.inf and then right click on it and Install.

Download the killbox:
http://www.atribune.org/downloads/KillBox.exe
or
http://www.bleepingcomputer.com/files/killbox.php
and save it to your desktop.

Also download and install ccleaner.exe from http://www.ccleaner.com. Don't let
it clean anything yet.

Reboot into Safe Mode by tapping the F8 key when you see the PC
maker's logo.
Keep tapping until it tells you it is going to Safe Mode or you see the Safe
Mode menu. Select the top option. Log in with your usual login.

Run HijackThis and just do a Scan only. Check then Fix
Checked the following:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O4 - HKLM\..\Run: [polo.exe] polo.exe
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
O4 - HKCU\..\Run: [MStask] C:\WINDOWS\svchost.exe
O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {9D614E8E-03AA-11D3-90FC-0040C7157029} (PDMSInstallerCtl Class) - http://www.pakdata.com/download/PDMSInstaller.cab
O20 - Winlogon Notify: style32 - C:\WINDOWS\

(Also check anything that was not in your last scan. These things tend to change names every reboot.)

Now run ccleaner.exe. On the first page, uncheck everything but the two lines
that have the word Temporary in them then Run Cleaner.

Run Killbox.
Where it says Full Path of File to Delete you need to type
or copy (Hightlight and Ctrl + c) and Paste (move to the killbox and
place the cursor in the box and Ctrl + V):

c:\secure32.html

Then check Delete on Reboot option then press the red button.

Agree you want to delete the file but do not let it reboot.
Repeat for:

C:\WINDOWS\System32\polo.exe
C:\WINDOWS\system32\paytime.exe
C:\WINDOWS\svchost.exe

(It may not find any of these last three. Just go on to the next.)

Run your antivirus while still in Safe Mode and let it do a full scan.

Reboot into normal mode and run another HijackThis log and post it as a reply. Let's
see how we did.

Ron

Keltik · Answer

Hi - I have the same problem with secure32.html I followed all your instructions, and rescanned with HiJackThis! Here are the results - Help! Logfile of HijackThis v1.97.7 Scan saved at 8:52:29 PM, on 11/13/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\CISCOS~1\VPNCLI~1\cvpnd.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\bmw\command.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\RealVNC\VNC4\WinVNC4.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\carpserv.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\Program Files\Yahoo!\Messenger\ypager.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe C:\WINDOWS\system32\sysvcs.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\Documents and Settings\acalhoun\Desktop\hijackthis\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ccApp] 'C:\Program Files\Common Files\Symantec Shared\ccApp.exe' O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [AdaptecDirectCD] 'C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe' O4 - HKLM\..\Run: [Acrobat Assistant 7.0] 'C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe' O4 - HKLM\..\Run: [Adobe Photo Downloader] 'C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe' O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe O4 - HKLM\..\Run: [iTunesHelper] 'C:\Program Files\iTunes\iTunesHelper.exe' O4 - HKLM\..\Run: [QuickTime Task] 'C:\Program Files\QuickTime\qttask.exe' -atboottime O4 - HKLM\..\Run: [TkBellExe] 'C:\Program Files\Common Files\Real\Update_OB\realsched.exe' -osboot O4 - HKLM\..\Run: [gcasServ] 'C:\Program Files\Microsoft AntiSpyware\gcasServ.exe' O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] 'C:\Program Files\Yahoo!\Messenger\ypager.exe' -quiet O4 - HKCU\..\Run: [Shell] 'C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe' O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe O4 - HKCU\..\Run: [aupd] C:\WINDOWS\system32\sysvcs.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = ? O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O4 - Global Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O9 - Extra button: Research (HKLM) O9 - Extra button: Yahoo! Messenger (HKLM) O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O9 - Extra button: Start WebEx One-Click Meeting (HKCU) O9 - Extra 'Tools' menuitem: Start WebEx One-Click Meeting (HKCU) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc3.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://netlearning.webex.com/client/v_mywebex-t20/webex/ieatgpc.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Idom1.NLRoot.Local O17 - HKLM\Software\..\Telephony: DomainName = Idom1.NLRoot.Local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Idom1.NLRoot.Local

RKinner · Answer

Keltik,   Normally I would tell you to start your own thread but it appears that dell is pulling the plug on the HijackThis forum and not accepting new posts so send me your log directly:  rkinner 'AT' att 'DOT' net.  Put Hijack in Subject Name.   Ron

Virus & Spyware

Was this post helpful?