Next Pass.....
Before attacking an adware/spyware problem with hijackthis make sure you have already run the following tools. Download and update the databases on each program before running.
Also make sure you are using the the latest version (1.99.1) of
HijackThis and it's installed in it's own folder on the root drive.
(C:\HJT)
Download
KillBox http://www.bleepingcomputer.com/file...re/KillBox.zip
Run the Cleanup utility again using the same instructions and reboot into safe mode.
Run hijackthis and do a scan. Check and fix the following in HijackThis if they still exist (make sure you do not miss an entry)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?T...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?T...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?T...lion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?T...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?T...lion&pf=desktop
O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\system32\jkhhh.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O20 - Winlogon Notify: jkhhh - C:\WINDOWS\SYSTEM32\jkhhh.dll
Run KILL box. Paste the following locations into KILL BOX one at a time. Checkmark the box that says
"Delete on Reboot" and checkmark the box
"Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion…say
YES and when the next box opens prompting you to reboot now...click
NO...and proceed with the next file. Once you get to the last one click
YES and it will reboot.
C:\WINDOWS\SYSTEM32\jkhhh.dll
C:\WINDOWS\system32\awtqn.dll
C:\WINDOWS\system32\ssqrr.dll
Once you reboot...run another Panda scan and post it's log along with a new hijackthis log.