Here's what I was able to do:
-copied all the programs over
-unzipped SpSeHjfix
-ran cleanup installer
-set up about:buster but "check for updates" did nothing (IE problem still?)
-opened cwshredder, but check for updates did nothing
-confirmed could see hidden files, etc.
-rebooted in safe, ran cwshredder, it didn't find any "CW..."'s, but it did remove 2 IE links (?) and did two other one-line items at the end
-ran hjt and checked as listed, except 1,2,4,5,6, and 8 items do not appear anymore to check. I also checked three O9 comcast items that were associated with some stuff that was removed a while ago
-ran about:buster, log attached
-ran SpSeHjfix, log attached
-ran cleanup!, rebooted (actually re-logged on first, still in safe mode, then rebooted into normal mode)
-tried activescan link again- got blank IE window again at first, then file called "redir" tried to download. I cancelled, then re-clicked on link. This time file called "activescan.html" or something tried to download, to which I said yes. Nothing more happened, so repeated, including re-boot- no change.
-ran hjt again, log attached
-in general, IE opens, but still no search bar. no longer auto-opens on boot (good). file search and control panel still not working.
Thanks again for the help,
illin
about:buster log:
AboutBuster 5.0 reference file 28
Scan started on [8/28/2005] at [11:01:24 AM]
------------------------------------------------
Removed Stream! C:\WINDOWS\dasetup.log:jtwxv
Removed Stream! C:\WINDOWS\Gone Fishing.bmp:wmzjr
Removed Stream! C:\WINDOWS\hauvd.dat:pjxwl
Removed Stream! C:\WINDOWS\hpomdl03.dat:oihwz
Removed Stream! C:\WINDOWS\Instlog.lyt:iwamnr
Removed Stream! C:\WINDOWS\KB823980.log:tbsct
Removed Stream! C:\WINDOWS\KB825119.log:lulioz
Removed Stream! C:\WINDOWS\KB835732.log:yxcrld
Removed Stream! C:\WINDOWS\KB837001.log:qoccsz
Removed Stream! C:\WINDOWS\KB840374.log:ipvimj
Removed Stream! C:\WINDOWS\KB841533.log:bqfngu
Removed Stream! C:\WINDOWS\KB873339.log:tjysiw
Removed Stream! C:\WINDOWS\KB873376.log:majtmp
Removed Stream! C:\WINDOWS\ocgen.log:avxwep
Removed Stream! C:\WINDOWS\ODBCINST.INI:svpjyz
Removed Stream! C:\WINDOWS\ozbqb.txt:yewtdr
Removed Stream! C:\WINDOWS\Q327979.log:hbkvd
Removed Stream! C:\WINDOWS\Q331958.log:uvgvi
Removed Stream! C:\WINDOWS\sessmgr.setup.log:mmmqw
Removed Stream! C:\WINDOWS\Soap Bubbles.bmp:hxrlgy
Removed Stream! C:\WINDOWS\tbsct.dat:aykqij
Removed Stream! C:\WINDOWS\tsc.ptn:sycedt
Removed Stream! C:\WINDOWS\vb.ini:lzvjfw
Removed Stream! C:\WINDOWS\vmuninst.log:suvsqz
Removed Stream! C:\WINDOWS\wiaservc.log:kmnytj
Removed Stream! C:\WINDOWS\WindowsUpdate.log:cngdnt
Removed Stream! C:\WINDOWS\_default.pif:ebvtb
Removed Stream! C:\WINDOWS\_default.pif:mekwb
Removed Stream! C:\WINDOWS\_default.pif:zxamn
------------------------------------------------
Removed File! : C:\Windows\hauvd.dat
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 11:02:00 AM
SPSeHjFix log:
(8/28/05 11:05:10 AM) SPSeHjFix started v1.1.2
(8/28/05 11:05:10 AM) OS: WinXP Service Pack 1 (5.1.2600)
(8/28/05 11:05:10 AM) Language: english
(8/28/05 11:05:10 AM) Win-Path: C:\WINDOWS
(8/28/05 11:05:10 AM) System-Path: C:\WINDOWS\System32
(8/28/05 11:05:10 AM) Temp-Path: C:\DOCUME~1\Owner\LOCALS~1\Temp\
(8/28/05 11:05:24 AM) Disinfection started
(8/28/05 11:05:24 AM) Bad-Dll(IEP): (not found)
(8/28/05 11:05:24 AM) Bad-Dll(IEP) in BHO: (not found)
(8/28/05 11:05:24 AM) UBF: 7 - UBB: 1 - UBR: 12
(8/28/05 11:05:24 AM) UBF: 7 - UBB: 1 - UBR: 12
(8/28/05 11:05:24 AM) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar:
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar:
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
(8/28/05 11:05:24 AM) Stealth-String not found
(8/28/05 11:05:24 AM) Not infected->END
HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 1:31:11 PM, on 8/28/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Keyboard Mouse Tool\mouse32a.exe
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Keyboard Mouse Tool\MMKEYBD.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z....iTunesSetup.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-12.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://66.242.36.104/app/view22RTE.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe