rice171

Hi there. Below is my hijack this log, and copy of panda ActiveScan. My main problem is windows explorer changing my homepage to google.com, and also when I try to click on links I get redirected to a different page, usually with bizconcept.info in it.
I've run all the scans, any help would be greatly appreciated.
Thanks,

ogfile of HijackThis v1.99.1
Scan saved at 4:37:42 PM, on 3/15/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\IAMAPP.EXE
C:\Program Files\Free Surfer\fs20.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISUM.EXE
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISSERV.EXE
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\SymPxSvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.ca
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.sympatico.ca/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {36645342-9475-2663-166A-466739207346} - C:\WINDOWS\System32\ipv6motp.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Microsoft Explorer - {E5D8224B-1773-7231-4880-99309543AC84} - C:\WINDOWS\system32\mmsdb32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [iamapp] C:\PROGRA~1\SYMANT~1\SYMANT~1\IAMAPP.EXE
O4 - HKLM\..\Run: [freesurfer] C:\Program Files\Free Surfer\fs20.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/game...ts/y/jt0_x.cab
O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/game...s/y/grt5_x.cab
O16 - DPF: Yahoo! NFL GameChannel StatTracker - http://aud16.sports.yahoo.com/java/y/nflgcst1008_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/game...ts/y/pt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/game...s/y/potc_x.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...4/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1142704783187
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemp...ogin-devel.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yaho...opper1_6us.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/...15/mcgdmgr.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: Symantec Client Firewall Service (NISSERV) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISSERV.EXE
O23 - Service: Symantec Client Firewall Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISUM.EXE
O23 - Service: Symantec Client Firewall Proxy Service (SymPxSvc) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\SymPxSvc.exe




Incident Status Location

Virus:Trj/SrchSpy.X Disinfected Operating system
Virus:w32/locksky.bu.worm Disinfected Operating system
Virus:vbs/psyme.gen Not disinfected Operating system
Potentially unwanted tool:application/myway Not disinfected c:\program files\MyWay
Potentially unwanted tool:application/altnet Not disinfected c:\windows\temp\Altnet
Spyware:spyware/searchcentrix Not disinfected Windows Registry
Virus:trj/spabot.e Disinfected Operating system
Spyware:Cookie/64.62.232 Not disinfected C:\Documents and Settings\Rahul Mehta\Cookies\rahul mehta@64.62.232[2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Rahul Mehta\Cookies\rahul mehta@adopt.hbmediapro[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Rahul Mehta\Cookies\rahul mehta@adrevolver[2].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Rahul Mehta\Cookies\rahul mehta@adultfriendfinder[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Rahul Mehta\Cookies\rahul mehta@apmebf[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Rahul Mehta\Cookies\rahul mehta@ath.belnk[1].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Rahul Mehta\Cookies\rahul mehta@banner[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Rahul Mehta\Cookies\rahul mehta@belnk[2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Rahul Mehta\Cookies\rahul mehta@cgi-bin[12].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Rahul Mehta\Cookies\rahul mehta@cgi-bin[16].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Rahul Mehta\Cookies\rahul mehta@cgi-bin[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Rahul Mehta\Cookies\rahul mehta@cgi-bin[7].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Rahul Mehta\Cookies\rahul mehta@cgi-bin[9].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Rahul Mehta\Cookies\rahul mehta@ct.360i[1].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Rahul Mehta\Cookies\rahul mehta@did-it[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Rahul Mehta\Cookies\rahul mehta@dist.belnk[1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Rahul Mehta\Cookies\rahul mehta@errorsafe[2].txt
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Rahul Mehta\Cookies\rahul mehta@fe.lea.lycos[1].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Rahul Mehta\Cookies\rahul mehta@gostats[1].txt
Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\Rahul Mehta\Cookies\rahul mehta@kinghost[1].txt
Spyware:Cookie/Lop Not disinfected C:\Documents and Settings\Rahul Mehta\Cookies\rahul mehta@mp3search[2].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Rahul Mehta\Cookies\rahul mehta@rightmedia[2].txt
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\Rahul Mehta\Cookies\rahul mehta@seeq[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Rahul Mehta\Cookies\rahul mehta@target[2].txt
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Rahul Mehta\Cookies\rahul mehta@tickle[2].txt
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Rahul Mehta\Cookies\rahul mehta@webpower[2].txt
Spyware:Cookie/Advnt Not disinfected C:\Documents and Settings\Rahul Mehta\Cookies\rahul mehta@www.advnt01[1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Rahul Mehta\Cookies\rahul mehta@www.errorsafe[1].txt
Spyware:Cookie/MyWay Not disinfected C:\Documents and Settings\Rahul Mehta\Cookies\rahul mehta@www.xzoomy[1].txt
Spyware:Cookie/Buydomains Not disinfected C:\Documents and Settings\Rahul Mehta\Cookies\rahul mehta@www47.buydomains[1].txt
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\Rahul Mehta\Cookies\rahul mehta@www48.seeq[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Rahul Mehta\Cookies\rahul mehta@xiti[1].txt
Adware:Adware/Neon Not disinfected C:\Documents and Settings\Rahul Mehta\Desktop\uninstall.exe
Virus:Trj/SrchSpy.X Disinfected C:\Documents and Settings\Rahul Mehta\Local Settings\Application Data\Microsoft\Internet Explorer\Filters\IEFilter.dll
Virus:Trj/SrchSpy.X Disinfected C:\Documents and Settings\Rahul Mehta\Local Settings\Application Data\Microsoft\Internet Explorer\Filters\MSIEHelper.dll
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Rahul Mehta\Local Settings\Temp\Cookies\rahul mehta@247realmedia[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Rahul Mehta\Local Settings\Temp\Cookies\rahul mehta@2o7[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Rahul Mehta\Local Settings\Temp\Cookies\rahul mehta@ad.yieldmanager[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Rahul Mehta\Local Settings\Temp\Cookies\rahul mehta@adrevolver[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Rahul Mehta\Local Settings\Temp\Cookies\rahul mehta@adrevolver[3].txt
Spyware:Cookie/Gorillanation Not disinfected C:\Documents and Settings\Rahul Mehta\Local Settings\Temp\Cookies\rahul mehta@ads.gorillanation[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Rahul Mehta\Local Settings\Temp\Cookies\rahul mehta@ads.pointroll[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Rahul Mehta\Local Settings\Temp\Cookies\rahul mehta@as-eu.falkag[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Rahul Mehta\Local Settings\Temp\Cookies\rahul mehta@as-us.falkag[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Rahul Mehta\Local Settings\Temp\Cookies\rahul mehta@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Rahul Mehta\Local Settings\Temp\Cookies\rahul mehta@atwola[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Rahul Mehta\Local Settings\Temp\Cookies\rahul mehta@bluestreak[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Rahul Mehta\Local Settings\Temp\Cookies\rahul mehta@casalemedia[1].txt
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Rahul Mehta\Local Settings\Temp\Cookies\rahul mehta@centrport[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Rahul Mehta\Local Settings\Temp\Cookies\rahul mehta@cgi-bin[4].txt
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Rahul Mehta\Local Settings\Temp\Cookies\rahul mehta@citi.bridgetrack[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Rahul Mehta\Local Settings\Temp\Cookies\rahul mehta@com[1].txt
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\Rahul Mehta\Local Settings\Temp\Cookies\rahul mehta@data.coremetrics[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Rahul Mehta\Local Settings\Temp\Cookies\rahul mehta@doubleclick[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Rahul Mehta\Local Settings\Temp\Cookies\rahul mehta@ehg-dig.hitbox[1].txt
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Rahul Mehta\Local Settings\Temp\Cookies\rahul mehta@fortunecity[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Rahul Mehta\Local Settings\Temp\Cookies\rahul mehta@go[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Rahul Mehta\Local Settings\Temp\Cookies\rahul mehta@hitbox[1].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Rahul Mehta\Local Settings\Temp\Cookies\rahul mehta@maxserving[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Rahul Mehta\Local Settings\Temp\Cookies\rahul mehta@mediaplex[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Rahul Mehta\Local Settings\Temp\Cookies\rahul mehta@perf.overture[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Rahul Mehta\Local Settings\Temp\Cookies\rahul mehta@questionmarket[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Rahul Mehta\Local Settings\Temp\Cookies\rahul mehta@serving-sys[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Rahul Mehta\Local Settings\Temp\Cookies\rahul mehta@statcounter[2].txt
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\Rahul Mehta\Local Settings\Temp\Cookies\rahul mehta@targetnet[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Rahul Mehta\Local Settings\Temp\Cookies\rahul mehta@tribalfusion[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Rahul Mehta\Local Settings\Temp\Cookies\rahul mehta@xiti[1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Rahul Mehta\Local Settings\Temp\Cookies\rahul mehta@z1.adserver[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Rahul Mehta\Local Settings\Temp\Cookies\rahul mehta@zedo[2].txt
Potentially unwanted tool:Application/P2PNetworking Not disinfected C:\Documents and Settings\Rahul Mehta\Local Settings\Temp\p2psetup.exe
Adware:Adware/StatBlaster Not disinfected C:\Documents and Settings\Rahul Mehta\Local Settings\Temp\StN.exe
Virus:Trj/Agent.EKN Disinfected C:\Documents and Settings\Rahul Mehta\Local Settings\Temporary Internet Files\Content.IE5\KPUJOXYF\cnte-oiduuyes[1].gif
Potentially unwanted tool:Application/MyWay Not disinfected C:\Program Files\MyWay\myBar\1.bin\NPMYWAY.DLL
Virus:Bck/Murbac.B Disinfected C:\WINDOWS\SYSTEM32\lnammctj.exe
Virus:W32/Locksky.DQ.worm Disinfected C:\WINDOWS\SYSTEM32\wrlaaaaa.exe

forhockey

Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to Subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription.

Please be patient with me during this time.

forhockey

Please save these instructions to Notepad as the internet will not be available to you at certain points of the removal process.
Please ensure that there aren't any opened browsers when you are carrying out the procedures below.
Make sure to work through all the Steps in the exact order in which they are listed below.
If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

---------------------------------------------------------------------------------------------

The cleaning process is not instant. Please follow through to the end until I tell you your machine is clear.
The absence of symptoms does not mean that everything is clean.

Please make every effort to reply to my posts in a timely manner. Malware spreads quickly, and the longer an infection remains on a system, increases the llikelihood of any additional infections coming into your computer.

---------------------------------------------------------------------------------------------

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

DO NOT run SDFix yet. We will shortly

---------------------------------------------------------------------------------------------

Update AVG Anti-Spyware

I see you have AVG Anti-Spyware already. Please update it's definitions, and run a scan where I have placed it in this fix.

Run AVG Anti-Spyware

• From the main screen, click on update, then click the Start
  update button.
• After the update finishes (the status bar at the bottom will display "Update
  successful")
• select the "Settings" tab.
• Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
• Under "Reports"
• Select "Automatically generate report after every scan"
• Un-Select "Only if threats were found"
• Exit AVG Anti-Spyware. DO NOT scan yet.

---------------------------------------------------------------------------------------------

Enter Safe Mode

1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8
3. Instead of Windows loading as normal, a menu should appear
4. Use the up arrow key to highlight Safe Mode and press Enter.
5. Login with your usual account

Note: Some systems, this may be the F5 key, so try that if F8 doesn't work.

---------------------------------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries (If they still exist, make sure you do not miss any)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.ca
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemp...ogin-devel.cab

Please remember to close all other windows, including browsers then click Fix checked.

---------------------------------------------------------------------------------------------

Run AVG Anti-Spyware

Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)

• Click Scanner
• Click on the Scan tab
• Click Complete System Scan to begin scanning.
  Once the scan is complete do the following:
• If you have any infections you will prompted, then select "Apply all actions"
• Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).

---------------------------------------------------------------------------------------------

Run SDFix

• Open the extracted SDFix folder and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
• Paste the contents of the Report.txt back on the forum

---------------------------------------------------------------------------------------------

Restart your computer in Normal Mode

---------------------------------------------------------------------------------------------

Change Your Home Page

1. Go to the Web page you want to make your home page.
2. On the Internet Explorer 6 Tools menu, click Internet Options.
3. In the Internet Options box, on the General tab, click the Use Current button.
   
   
4. Click OK.

---------------------------------------------------------------------------------------------

Download ComboScan to your Desktop.Note: You must be logged onto an account with administrator privileges.

1. Close all applications and windows.
2. Double-click on comboscan.exe to run it, and follow the prompts.
3. When the scan is complete, two text files will open - ComboScan.txt <- this one will be maximized and Supplementary.txt <-this one will be minimized
4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of ComboScan.txt in your thread in the HijackThis Log Help Forum.
5. Please attach Supplementary.txt to your post.

To attach a file to a new post, simply

1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
2. copy and paste the following into the "Upload File from your Computer" box:

   C:\ComboScan\Supplementary.txt
   

3. Click Upload.

What ComboScan will do:

• create a new System Restore point in Windows XP and Vista.
• clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
• check some important areas of your system and produce a report for your analyst to review. ComboScan automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

---------------------------------------------------------------------------------------------

Please include the following in your next reply:

AVG Anti-Spyware Results
C:\SDFix\Report.txt
C:\ComboScan\ComboScan.txt
C:\ComboScan\Supplementary.txt - Please attach