Safeiepage Hijack

[burdel]

Here is my Hijackthis log. Any help would be appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 2:19:23 PM, on 10/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\Go ogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Bill Valentino\My Documents\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...suk&channel=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...suk&channel=us
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {8bf5b8fc-11cb-409f-8c91-4d4ca04a1b6d} - C:\Program Files\VideoKeyCodec\isaddon.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Protection Bar - {1a29a79a-b9c8-44a9-bedf-7fadde3cf33f} - C:\Program Files\VideoKeyCodec\iesplugin.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: ferrateen - {27321538-5739-4aa1-b84c-7d18e4383f1f} - C:\WINDOWS\system32\rrtcany.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

[roadrage]

Hello: burdel
I am reviewing your log so please be patient.
Is this HJT Log file your full log and is it from Safe Mode, if it is I will need a new one from Normal Mode.
Thank you

[roadrage]

There are a couple of thing's I need you to do first.

Download these tool's and do not run these tool's untill told to do so.

Download:
ATF Cleaner

Download KillBoxfrom here:
KillBox

Download SmitFraud by S!Ri from Here:
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.
SmitFraud

Download ewido anti-spyware and save that file to your desktop.
After the installation, a free 30-day trial version containing all the extensions of the full version will be activated. At the end of the trial, these extensions will be deactivated and the program will turn into a feature-limited freeware version.

AVG Anti-Spyware formerly EWIDO

After the download is complete.

• Double-click on the ewido install file to launch the installation process.
• Follow the prompts and be sure that Launch AVG Anti-Spyware is checked.
• Once the main program screen has opened, click on Update now.
• You will see an update progress bar, followed by an Update Succesful message when updating is complete.
• After the database is installed, Click Scanner | Settings | Recommended actions | Quarantine.
• Under the "Reports" section:
• Select Automatically generate report after every scan
  De-select Only if threats were found.
• Once updating is 100% complete close AVG Anti-Spyware.

Show hidden files by doing this:

1. Click Start.

2. Open My Computer.

3. Select the Tools menu and click Folder Options.

4. Select the View Tab.

5. Under the Hidden files and folders heading select Show hidden files and folders.

6. Uncheck the Hide protected operating system files (recommended) option.

7. Click Yes to confirm.

8. Click OK.

Now after the above is complete you will need to Boot into Safe Mode.
Reboot your computer into SafeMode by doing the following:

Restart your computer.

Immediately after restarting your computer, start tapping the F8 Key.

Instead of Windows loading as normal, Safe Mode Option's should appear (this can take several tries).

Select the first option, to run Windows in Safe Mode.

Once in Safe Mode:

• Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
• Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
• AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.

Once the scan is complete do the following:

• If you have any infections you will prompted, then select "Apply all actions".
• Next select the "Reports" icon at the top.
• Select the Save Report button in the lower left hand of the screen and Save the report to your Desktop.
• Close ewido.

Double-click ATF-Cleaner.exe to run the program.
This will remove all files from the items that are checked so if you have some cookies you'd like to save, please move them to a different directory first.
Under Main choose: Select All
Click the Empty Selected button.

While still in Safe Mode.
Open the SmitFraudFix.cmd:



http://siri.urz.free.fr/Fix/Bitmaps/Folder.png


Select option 1. - Search by typing 1 and press Enter

http://siri.urz.free.fr/Fix/Bitmaps/Fix01b.jpg

This program will scan large amounts of files on your computer for known patterns so please be patient while it works. It will create a file named: c:\rapport.txt

The tool will create a log named rapport.txt in the root of your drive, eg:
Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

Boot back to Normal Mode and open HiJackThis.
Then close all open Windows and Browser's including this one and select Do a system scan and save a log file.
now post back these.

• A new HJT Log File.
• The SmitFraud rapport.txt file.
• The AVG Anti-Spyware text file.