It appears I have the "search-daily" redirect playing havoc with my google searches. I've tried the AVG, SuperAntiSpyware and a few others to no avail. They did find other issues that needed to be resolved, but unfortunately it didn't clean up the search-daily crap that is infecting my computer.
This is my first time in quite a few years that my computer has been infected to a point that I was unable to clean it up myself with the help of AVG or similar product. I've read the instructions from the "You Must Read This Before Posting a Hijackthis log" and hope I've done all that is required before posting....here is a run down....
Used ATF Cleaner
Performed System Restore
Ran AVG
Ran SuperAntiSpyware
Panda Activescan did not work on my computer
Performed Windows Update
Performed the Reboot test
still no luck...so here is my Hijackthis log....
Logfile of Trend Micro HijackThis
v2.0.2
Scan saved at 6:45:41 PM, on 2/18/2008
Platform: Windows XP SP2 (WinNT
5.01.2600)
MSIE: Internet Explorer v6.00 SP2
(6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG
Anti-Spyware 7.5\guard.exe
C:\Program Files\Common
Files\Microsoft
Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared
files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program
Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program
Files\Creative\SBAudigy\Surround
Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\HP\HP Software
Update\HPWuSchd2.exe
C:\Program
Files\HighCriteria\TotalRecorder\TotRe
cSched.exe
C:\Program
Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ady.exe
C:\Program Files\ATI
Technologies\ATI.ACE\Core-Static\MOM.E
XE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft
ActiveSync\wcescomm.exe
C:\Program
Files\Google\GoogleToolbarNotifier\Goo
gleToolbarNotifier.exe
C:\WINDOWS\system32\msiconf.exe
C:\Program Files\HP\Digital
Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital
Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI
Technologies\ATI.ACE\Core-Static\ccc.e
xe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Internet
Explorer\iexplore.exe
C:\Program Files\Internet
Explorer\iexplore.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Trend
Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet
Explorer\Main,Start Page =
http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet
Connection Wizard,ShellNext =
http://windowsupdate.microsoft.com/
O2 - BHO: Adobe PDF Reader Link Helper
-
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
- C:\Program Files\Adobe\Acrobat
7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) -
{3480778D-B578-4DAF-9DA6-27625E7E15B2}
- c:\windows\system32\consoleq.dll
O2 - BHO: SSVHelper Class -
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
- C:\Program
Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7}
- c:\program
files\google\googletoolbar6.dll
O2 - BHO: Google Toolbar Notifier BHO
-
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
- C:\Program
Files\Google\GoogleToolbarNotifier\2.0
.1121.2472\swg.dll
O2 - BHO: (no name) -
{B6083A15-A7A6-8E7C-D97C-F8ADA9907491}
- C:\WINDOWS\system32\yunovlph.dll
(file missing)
O2 - BHO: (no name) -
{F316E1B8-4906-4FDB-9630-30A1495C7B59}
- C:\WINDOWS\system32\dbnmpntwp.dll
O3 - Toolbar: &Google -
{2318C2B1-4965-11d4-9B18-009027A5CD4F}
- c:\program
files\google\googletoolbar6.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched]
"C:\Program
Files\Java\jre1.6.0_03\bin\jusched.exe
"
O4 - HKLM\..\Run: [QuickTime Task]
"C:\Program
Files\QuickTime\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [CTSysVol]
C:\Program
Files\Creative\SBAudigy\Surround
Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32
P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg]
C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [HP Software Update]
C:\Program Files\HP\HP Software
Update\HPWuSchd2.exe
O4 - HKLM\..\Run:
[TotalRecorderScheduler] "C:\Program
Files\HighCriteria\TotalRecorder\TotRe
cSched.exe"
O4 - HKLM\..\Run: [StartCCC]
C:\Program Files\ATI
Technologies\ATI.ACE\Core-Static\CLISt
art.exe
O4 - HKLM\..\Run: [RemoteControl]
"C:\Program
Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut]
"C:\Program
Files\CyberLink\PowerDVD\Language\Lang
uage.exe"
O4 - HKLM\..\Run: [ady]
C:\WINDOWS\system32\ady.exe
O4 - HKCU\..\Run: [ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection
Agent] "C:\Program Files\Microsoft
ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program
Files\Google\GoogleToolbarNotifier\Goo
gleToolbarNotifier.exe
O4 - HKCU\..\Run: [Tien]
"C:\DOCUME~1\xp\MYDOCU~1\APPATC~1\ping
.exe" -vt ndrv
O4 - HKCU\..\Run: [Vbf] "C:\Program
Files\Common
Files\A?pPatch\dexplore.exe"
O4 - HKCU\..\Run: [ady]
C:\WINDOWS\system32\ady.exe
O4 - HKCU\..\Run: [msiconf.exe]
msiconf.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware]
C:\Program
Files\SUPERAntiSpyware\SUPERAntiSpywar
e.exe
O4 - HKUS\S-1-5-18\..\Run:
[DWQueuedReporting]
"C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtr
ig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run:
[DWQueuedReporting]
"C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtr
ig20.exe" -t (User 'Default user')
O4 - Startup: Magic Holdem.lnk =
C:\Program Files\Magic
Holdem\MagicHoldem.exe
O4 - Global Startup: Adobe Reader
Speed Launch.lnk = C:\Program
Files\Adobe\Acrobat
7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital
Imaging Monitor.lnk = C:\Program
Files\HP\Digital
Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport
to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EX
CEL.EXE/3000
O9 - Extra button: (no name) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
- C:\Program
Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java
Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
- C:\Program
Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile
Favorite -
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}
- C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) -
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}
- C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create
Mobile Favorite... -
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}
- C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Bodog Poker -
{F47C1DB5-ED21-4dc1-853E-D1495792D4C5}
- C:\Program Files\Bodog
Poker\BPGame.exe
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683}
- C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows
Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683}
- C:\Program
Files\Messenger\msmsgs.exe
O16 - DPF:
{17492023-C23A-453E-A040-C7C580BBF700}
(Windows Genuine Advantage Validation
Tool) -
http://go.microsoft.com/fwlink/?linkid
=39204
O16 - DPF:
{2B323CD9-50E3-11D3-9466-00A0C9700498}
-
http://jcs.chat.dcn.yahoo.com/v45/yacs
com.cab
O16 - DPF:
{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}
(FilePlanet Download Control Class) -
http://www.fileplanet.com/fpdlmgr/cabs
/FPDC_1_0_0_44.cab
O16 - DPF:
{54823A9D-6BAE-11D5-B519-0050BA2413EB}
(ChkDVDCtl Class) -
http://www.cyberlink.com/winxp/CheckDV
D.cab
O16 - DPF:
{6414512B-B978-451D-A0D8-FCFDF33E833C}
(WUWebControl Class) -
http://v5.windowsupdate.microsoft.com/
v5consumer/V5Controls/en/x86/client/wu
web_site.cab?1102707620671
O16 - DPF:
{67DABFBF-D0AB-41FA-9C46-CC0F21721616}
(DivXBrowserPlugin Object) -
http://go.divx.com/plugin/DivXBrowserP
lugin.cab
O16 - DPF:
{7D1E9C49-BD6A-11D3-87A8-009027A35D73}
- http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF:
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}
(ActiveScan Installer Class) -
http://acs.pandasoftware.com/activesca
n/as5free/asinst.cab
O16 - DPF:
{E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD}
-
http://download.abacast.com/download/f
iles/abasetup161.cab
O20 - Winlogon Notify: !SASWinLogon -
C:\Program
Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: erilmwcz -
C:\WINDOWS\SYSTEM32\consoleq.dll
O23 - Service: Ad-Aware 2007 Service
(aawservice) - Lavasoft AB -
C:\Program Files\Lavasoft\Ad-Aware
2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI
Technologies Inc. -
C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown
owner -
C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard
- GRISOFT s.r.o. - C:\Program
Files\Grisoft\AVG Anti-Spyware
7.5\guard.exe
O23 - Service: Google Updater Service
(gusvc) - Google - C:\Program
Files\Google\Common\Google
Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP -
C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown
owner -
C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo
Service(CRVS) (RichVideo) - Unknown
owner - C:\Program
Files\CyberLink\Shared
files\RichVideo.exe
O23 - Service: TrueVector Internet
Monitor (vsmon) - Zone Labs, LLC -
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 8577 bytes
If I've missed a step or there is something else I need to do before helping, please let me know...and thank you for your time.