Scan saved at 7:06:16 PM, on 4/11/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\mcbin\av\rt\asengine.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Century\TinyTERM\NetUtils\Cenlpd.exe
C:\WINNT\system32\lexmvservice.exe
C:\WINNT\system32\lexwebservice.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\SYSTEM32\THOTKEY.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\S3tray.exe
C:\WINNT\system32\ntvdm.exe
C:\WINNT\system32\TPWRTRAY.EXE
C:\Program Files\tioga\Client\bin\tgcmd.exe
C:\WINNT\System32\Tdevdetect.exe
C:\WINNT\dslaunch.exe
C:\WINNT\System32\Tfunckey.exe
C:\WINNT\System32\Tpwricon.exe
C:\Program Files\Hewlett-Packard\hp business inkjet 1100 series\Toolbox\mpm.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINNT\system32\msvcmm32.exe
C:\WINNT\system32\winldra.exe
C:\WINNT\system32\nvdsvc32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\MOVIEL~1\MOVIEL~1\MOVIEL~2.EXE
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\D-Link\D-Link DWL-650 Control Utility\Config.exe
C:\Program Files\j2 Messenger Plus 3.3\J2GDllCmd.exe
C:\Program Files\j2 Messenger Plus 3.3\J2GTray.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cenlpdstatus.exe
C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
C:\MSSQL7\Binn\sqlmangr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Spyware Protection\HijackThis1991.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchforfree.info/browser/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchforfree.info/browser/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchforfree.info/browser/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchforfree.info/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://searchforfree.info/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchforfree.info/browser/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchforfree.info/browser/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchforfree.info/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchforfree.info/browser/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchforfree.info/browser/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://searchforfree.info/browser/
F3 - REG:win.ini: run=C:\WINNT\htmlsync.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [S3TRAY] S3tray.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TDspOff] Tdspoff.exe B
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TgAddServer] "C:\Program Files\tioga\Client\bin\tgfix.exe" /fds "http://vtsupport.ans...eam.com/global"
O4 - HKLM\..\Run: [Tgcmd] "C:\Program Files\tioga\Client\bin\tgcmd.exe" /nosystray
O4 - HKLM\..\Run: [tgsetsite] "C:\Program Files\tioga\Client\bin\tgfix.exe" /i /f "C:\Program Files\tioga\client\bin\toshibasup.dna"
O4 - HKLM\..\Run: [mgavrtclexe] C:\WINNT\MCBin\AV\Rt\mgavrtcl.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [LoadMSvcmm] C:\WINNT\system32\msvcmm32.exe
O4 - HKLM\..\Run: [isystem] C:\WINNT\system32\isystem.exe
O4 - HKLM\..\Run: [load32] C:\WINNT\system32\winldra.exe
O4 - HKLM\..\Run: [C:\WINNT\system32\nvdsvc32.exe ] C:\WINNT\system32\nvdsvc32.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [ldriver] C:\WINNT\system32\ldriver.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Configuration Utility.lnk = C:\Program Files\D-Link\D-Link DWL-650 Control Utility\Config.exe
O4 - Global Startup: j2 Live Menu 3.3.lnk = C:\Program Files\j2 Messenger Plus 3.3\J2GDllCmd.exe
O4 - Global Startup: j2 Tray Menu 3.3.lnk = C:\Program Files\j2 Messenger Plus 3.3\J2GTray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O4 - Global Startup: Cenlpdstatus.exe
O4 - Global Startup: Service Manager.lnk = C:\MSSQL7\Binn\sqlmangr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} (WebProgramManager Class) - http://isupport4.hp....SWebManager.CAB
O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://www.cinemanow...Control_3_0.CAB
O16 - DPF: {FA9740A2-5802-42E2-B509-81186EEB3C42} (WABControl Class) - https://www.linkedin...cab/wabctrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1EE9EB77-3890-42BA-B9E9-4CFAC940D44B}: NameServer = 208.57.0.11,208.57.0.10
O17 - HKLM\System\CCS\Services\Tcpip\..\{DD276B2B-1070-4B87-A94D-45C1E5AEA7D7}: NameServer = 205.214.51.16,205.214.45.10
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = solidsource.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{1EE9EB77-3890-42BA-B9E9-4CFAC940D44B}: NameServer = 208.57.0.11,208.57.0.10
O17 - HKLM\System\CS2\Services\Tcpip\..\{1EE9EB77-3890-42BA-B9E9-4CFAC940D44B}: NameServer = 208.57.0.11,208.57.0.10
O21 - SSODL: TETcqsmnI - {184214D6-B2E8-BE7C-A5C2-C38C55B70D3D} - C:\WINNT\system32\bcc.dll
O23 - Service: McAfee.com AV Engine (AsEngine) - Network Associates, Inc. - C:\WINNT\mcbin\av\rt\asengine.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: CenLPD - Unknown owner - C:\Program Files\Century\TinyTERM\NetUtils\Cenlpd.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: MarkVision Server (MvServer) - Unknown owner - C:\WINNT\system32\lexmvservice.exe
O23 - Service: MarkVision Web Server (MvWebServer) - Unknown owner - C:\WINNT\system32\lexwebservice.exe
O23 - Service: THotkey (THOTKEY) - TOSHIBA Corp. - C:\WINNT\SYSTEM32\THOTKEY.EXE
I have run all of the recommended tools (which removed a number of other malware) and have even used HijackThis to remove the files with reference to "Searchforfree", but whenever my computer reboots the homepage has been replaced by searchforfree.info and the files reappear.
Any assistance in solving this problem would be appreciated.