EDIT : Iam getting alot of pop ups and Mis directs to differnet sites. I did manage to get rid of the Black screen, and active X controls on desktop, but am still having problems with SPGuard.
My current Hijack log file included, I have updated Adaware, Spybot, Cleanup, and have SmitRem now to boot. After i get this a done deal Iam going to swap to firefox, Mozilla, somthing safer. Can ya help ?
Edit: updated Hijack file.
Logfile of HijackThis v1.99.1
Scan saved at 8:58:09 PM, on 8/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ieie32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ekasb.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ekasb.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\ekasb.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ekasb.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ekasb.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ekasb.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 12.242.16.8:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 12.242.16.8
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {BD56529E-6F6C-5962-2404-C183F261B848} - C:\WINDOWS\system32\sdkyq32.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: Class - {E5D9D755-2D91-6CBE-9628-DE15E878CAF8} - C:\WINDOWS\nthf32.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [sysbd.exe] C:\WINDOWS\system32\sysbd.exe
O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe
O4 - HKLM\..\Run: [ieie32.exe] C:\WINDOWS\system32\ieie32.exe
O4 - HKLM\..\RunOnce: [javarh32.exe] C:\WINDOWS\javarh32.exe
O4 - HKLM\..\RunOnce: [netcy.exe] C:\WINDOWS\system32\netcy.exe
O4 - HKLM\..\RunOnce: [apifa32.exe] C:\WINDOWS\apifa32.exe
O4 - HKLM\..\RunOnce: [ipwr32.exe] C:\WINDOWS\ipwr32.exe
O4 - HKLM\..\RunOnce: [d3gk32.exe] C:\WINDOWS\d3gk32.exe
O4 - HKLM\..\RunOnce: [d3li32.exe] C:\WINDOWS\system32\d3li32.exe
O4 - HKLM\..\RunOnce: [iewc.exe] C:\WINDOWS\system32\iewc.exe
O4 - HKLM\..\RunOnce: [sdkhu32.exe] C:\WINDOWS\sdkhu32.exe
O4 - HKLM\..\RunOnce: [javaag.exe] C:\WINDOWS\system32\javaag.exe
O4 - HKLM\..\RunOnce: [ieek.exe] C:\WINDOWS\system32\ieek.exe
O4 - HKLM\..\RunOnce: [apppk32.exe] C:\WINDOWS\system32\apppk32.exe
O4 - HKLM\..\RunOnce: [javajw.exe] C:\WINDOWS\system32\javajw.exe
O4 - HKLM\..\RunOnce: [nthr.exe] C:\WINDOWS\system32\nthr.exe
O4 - HKLM\..\RunOnce: [sdkmg32.exe] C:\WINDOWS\sdkmg32.exe
O4 - HKLM\..\RunOnce: [ntbc32.exe] C:\WINDOWS\system32\ntbc32.exe
O4 - HKLM\..\RunOnce: [appgh32.exe] C:\WINDOWS\system32\appgh32.exe
O4 - HKLM\..\RunOnce: [sdkbs.exe] C:\WINDOWS\sdkbs.exe
O4 - HKLM\..\RunOnce: [apifw32.exe] C:\WINDOWS\apifw32.exe
O4 - HKLM\..\RunOnce: [addvm.exe] C:\WINDOWS\system32\addvm.exe
O4 - HKLM\..\RunOnce: [d3uc32.exe] C:\WINDOWS\system32\d3uc32.exe
O4 - HKLM\..\RunOnce: [ntsr32.exe] C:\WINDOWS\ntsr32.exe
O4 - HKLM\..\RunOnce: [sdksz.exe] C:\WINDOWS\sdksz.exe
O4 - HKLM\..\RunOnce: [ipbz.exe] C:\WINDOWS\ipbz.exe
O4 - HKLM\..\RunOnce: [msqo32.exe] C:\WINDOWS\system32\msqo32.exe
O4 - HKLM\..\RunOnce: [addge32.exe] C:\WINDOWS\addge32.exe
O4 - HKLM\..\RunOnce: [ieji.exe] C:\WINDOWS\ieji.exe
O4 - HKLM\..\RunOnce: [sdkix32.exe] C:\WINDOWS\sdkix32.exe
O4 - HKLM\..\RunOnce: [mstw32.exe] C:\WINDOWS\mstw32.exe
O4 - HKLM\..\RunOnce: [winrd.exe] C:\WINDOWS\winrd.exe
O4 - HKLM\..\RunOnce: [mfcnh32.exe] C:\WINDOWS\mfcnh32.exe
O4 - HKLM\..\RunOnce: [appxi.exe] C:\WINDOWS\appxi.exe
O4 - HKLM\..\RunOnce: [apprt32.exe] C:\WINDOWS\system32\apprt32.exe
O4 - HKLM\..\RunOnce: [d3wy32.exe] C:\WINDOWS\d3wy32.exe
O4 - HKLM\..\RunOnce: [d3iv32.exe] C:\WINDOWS\d3iv32.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\javarh32.exe" /s (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Edited by Choo, 16 August 2005 - 10:05 PM.