Highjacked Computer

Hi All
Can someone have a look at this HJT log for me and walk me through any fix's
Thanks
Stich

Logfile of HijackThis v1.98.0
Scan saved at 14:19:35, on 03/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\WINDOWS\mfcth32.exe
C:\WINDOWS\TPPALDR.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Documents and Settings\Robert\Desktop\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\lqegz.dll/sp.html#35759
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://lqegz.dll/index.html#35759
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://lqegz.dll/index.html#35759
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\lqegz.dll/sp.html#35759
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\lqegz.dll/sp.html#35759
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://lqegz.dll/index.html#35759
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {AF7C2B05-CA54-9CC5-461A-50E8D24EB543} - C:\WINDOWS\atlnn.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [mfcth32.exe] C:\WINDOWS\mfcth32.exe
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for ¸Ã¦Ã‚§: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{24E455AF-50B1-4404-ABF9-92C40ED45A2F}: NameServer = 212.74.112.66 212.74.112.67
O17 - HKLM\System\CS1\Services\Tcpip\..\{24E455AF-50B1-4404-ABF9-92C40ED45A2F}: NameServer = 212.74.112.66 212.74.112.67

 

Run HijackThis again and place a check beside each of the following items. Once done click the fix checked button.

O2 - BHO: (no name) - {AF7C2B05-CA54-9CC5-461A-50E8D24EB543} - C:\WINDOWS\atlnn.dll
O4 - HKLM\..\Run: [mfcth32.exe] C:\WINDOWS\mfcth32.exe



Download About:Buster from either of the following locations.

http://www.atribune.org/downloads/AboutBuster.zip
or
http://tools.zerosrealm.com/AboutBuster.zip

Close ALL Internet Explorer windows. This is a very important step!!

Unzip to it's own folder. Open and double click AboutBuster.exe. Click ok, then start, then OK. Wait for it to finish, then copy the report to notepad and save.

Reboot and run another HijackThis scan. Post the log along with the report from About:Buster.

 

Hi Stitch

Dam Dave beet me again


PS have all browsers closed before fixing what dave suggests.

 

Hi Dave and Lonny
I have resorted to my own computer to reply as my husbands will not let me connect at moment to down load Buster. When i say connect i mean i can can get onto the internet but it keeps coming up with the box that says this page will have to close send error report. I have run AVG Spybot Adware and tried the trend online scan but again it closed the IE on me. I will download buster on this one then take it to my husbands comp. and will get back to you. By the way AVG couldnt get rid of the trogens that kept popping up all the time even though it was all up to date.
Thanks will keep you updated
Stitch
PS Idiot Husband forgot to put fire wall back on after playing one of his games which is why he was online unprotected.

 

Update
Sorry I cant post the log file from HJT or Buster, My husband put his XP disk in last night and decided to install windows again in the hope that it would fix the problem. He couldn't wait for me to get back to him with your help and suggestions. I have now had to go and reformat the computer and am in the process of re-installing all the other programs and drivers he needs.
Tell you if we hadn't already split i would have left him on the grounds of shear stupidity.
Thanks anyway
Stitch

 

Thanks for posting back stitch.