[mb848zb]

Hello,

I currently have a bad search engine hijack problem, which seems to have been covered pretty extensively in other threads. I have tried a bunch of things that have not worked. My problem, though, started as something else that doesn't seem to be an issue anymore. It seems like every case may be a bit different, so I though it was time to defer to the pros and hopefully someone can guide me in my attempts to get rid of this virus.

In the beginning (a few weeks ago), I got a nasty virus that was called Windows Pro Police and/or Security Tool. These completely took over my system and prevented me from opening any programs or getting online. I made a trip to Best Buy and got the newest version of Webroot Spy Sweeper because I was pretty sure my virus protection was outdated. Well, it wouldn't let me install the software, but I eventually found a workaround where I was able to rename the task manager to allow me terminate the running virus and let me install and run the anti virus program. Whenever I restarted my system, however, the viruses would seem to reinstall. That is when I started investigating online and downloaded Hijack This, Malwarebytes, etc. (I now probably have too many installed or running). Eventually, I got the original viruses removed, but I am left with a search engine hijacker that renders any search engine I try to use pretty much useless.

I have tried following solutions for others that have had the problem with instructions on this website and others, but have had no luck. And even though I probably shouldn't have, I have deleted some hijack this entries that I was pretty sure were virus related. At this point though, outside of the original Security Tool virus I had, I have not had much success trying to get rid of this on my own. So, if anyone can help that would be great!

That being said, here is my Hijack This! log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:24:35 PM, on 10/24/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\DMI\WIN32\bin\DellDmi.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Dell\OpenManage\Client\EventAgt.exe
C:\Program Files\Dell\OpenManage\Client\DLT.exe
C:\WINDOWS\SYSTEM32\DWRCS.EXE
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\OfficeScan\ntrtscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\OfficeScan\ofcdog.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\OfficeScan\pccntmon.exe
C:\WINDOWS\Logi_MwX.Exe
C:\WINDOWS\system32\WDBtnMgr.exe
F:\iTunes 1\iTunesHelper.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OfficeScan\tmlisten.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\dmi\win32\bin\Win32sl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\OfficeScan\pccntupd.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox 3.5 Beta 4\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O4 - HKLM\..\Run: [IgfxTray] "C:\WINDOWS\system32\igfxtray.exe"
O4 - HKLM\..\Run: [HotKeysCmds] "C:\WINDOWS\system32\hkcmd.exe"
O4 - HKLM\..\Run: [Smapp] "C:\Program Files\Analog Devices\SoundMAX\SMTray.exe"
O4 - HKLM\..\Run: [DrvLsnr] "C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe"
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\COMPAQ\SetRefresh\\SetRefresh.exe
O4 - HKLM\..\Run: [Synchronization Manager] "%SystemRoot%\system32\mobsync.exe" /logon
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\OfficeScan\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [BuildBU] "c:\dell\bldbubg.exe"
O4 - HKLM\..\Run: [Logitech Utility] "Logi_MwX.Exe"
O4 - HKLM\..\Run: [WD Button Manager] "WDBtnMgr.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] "C:\PROGRA~1\AVG\AVG8\avgtray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "F:\iTunes 1\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ActionAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DellDmi - Dell Computer Corporation - C:\DMI\WIN32\bin\DellDmi.exe
O23 - Service: DEventAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\EventAgt.exe
O23 - Service: DLT - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\DLT.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development - C:\WINDOWS\SYSTEM32\DWRCS.EXE
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\OfficeScan\ntrtscan.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Unknown owner - C:\Program Files\OfficeScan\tmlisten.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Win32Sl - Intel - C:\dmi\win32\bin\Win32sl.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe

--
End of file - 6293 bytes

Thanks!

[mb848zb]

So, while I'm waiting for help, I was reading a bunch of other posts on the same subject. I decided to get a jump on things and I downloaded combo fix. I disabled my anti virus programs and firewall, but I got a pop up that AVG was running and proceeding could compromise the scan and possibly damage my computer. So, I decided to uninstall AVG. This didn't work. So, I read another post on this and went to the AVG website and downloaded the uninstaller. I ran it, restarted my machine, and then went back to run combo fix.

The weird thing is combo fix tells me again that AVG is running. I don't see it anywhere on my machine and I am pretty sure the program did indeed uninstall. So, I didn't go any further with it.

What should I do at this point? I definitely do not want to do any damage to the machine.

Thanks for the help.

[mb848zb]

just bumping the post.....this virus is driving me nuts!