Here is the requested screen can anybody give me a clue what i should delete. if you did not read my other post i have a hijack virus that is changing my homepage to homesearch. Thanks

Dan
Here is my hijack screen thanks for any help

Logfile of HijackThis v1.97.7
Scan saved at 12:14:39 PM, on 6/18/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss*****
C:\WINDOWS\system32\winlogon*****
C:\WINDOWS\system32\services*****
C:\WINDOWS\system32\lsass*****
C:\WINDOWS\system32\svchost*****
C:\WINDOWS\System32\svchost*****
C:\WINDOWS\Explorer*****
C:\WINDOWS\system32\LEXBCES*****
C:\WINDOWS\system32\LEXPPS*****
C:\WINDOWS\system32\spoolsv*****
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr*****
C:\WINDOWS\System32\cisvc*****
C:\Program Files\Norton AntiVirus\navapsvc*****
C:\WINDOWS\System32\nvsvc32*****
C:\WINDOWS\System32\svchost*****
C:\WINDOWS\system32\mshz32*****
C:\WINDOWS\system32\qttask*****
C:\program files\support.com\client\bin\tgcmd*****
C:\Program Files\Logitech\iTouch\iTouch*****
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd*****
C:\Program Files\BroadJump\Client Foundation\CFD*****
C:\Program Files\Common Files\Symantec Shared\ccApp*****
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd*****
C:\Program Files\HP\hpcoretech\hpcmpmgr*****
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC*****
C:\WINDOWS\System32\ndllzxy*****
C:\WINDOWS\system32\iels*****
C:\Program Files\Messenger\msmsgs*****
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf*****
C:\Program Files\Sony\VAIO Action Setup\VAServ*****
C:\Program Files\Sony Corporation\Image Transfer\SonyTray*****
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08*****
C:\Program Files\Road Runner\Medic\RRMedic*****
C:\PROGRA~1\BROADJ~1\CORREC~1\CCD*****
C:\WINDOWS\System32\HPZipm12*****
C:\WINDOWS\System32\cidaemon*****
C:\WINDOWS\System32\WISPTIS*****
C:\Program Files\Internet Explorer\iexplore*****
C:\Documents and Settings\Tina\Local Settings\Temp\Temporary Directory 4 for hijackthis.zip\HijackThis*****
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\nsjjn.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://nsjjn.dll/index.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://nsjjn.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\nsjjn.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://nsjjn.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\nsjjn.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Roadrunner
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = ;127.0.0.1;localhost
O2 - BHO: (no name) - {34486039-E905-10CA-29CC-C115092F02E3} - C:\WINDOWS\system32\crrq.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32***** NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\system32\qttask*****
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\bin\tgcmd***** /server
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch*****
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd*****
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD*****
O4 - HKLM\..\Run: [tgcmd] "c:\program files\support.com\client\bin\tgcmd*****" /server /nosystray /deaf
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp*****"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy*****"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd*****"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr*****"
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC*****
O4 - HKLM\..\Run: [stwitpwciru] C:\WINDOWS\System32\ndllzxy*****
O4 - HKLM\..\Run: [iels*****] C:\WINDOWS\system32\iels*****
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs*****" /background
O4 - HKCU\..\Run: [SureCleanProfessional] "C:\PROGRA~1\PANICW~1\SURECL~1\SRCLEAN*****"
O4 - HKLM\..\RunOnce: [ieee32*****] C:\WINDOWS\ieee32*****
O4 - HKLM\..\RunOnce: [d3ub*****] C:\WINDOWS\system32\d3ub*****
O4 - HKLM\..\RunOnce: [sysna32*****] C:\WINDOWS\system32\sysna32*****
O4 - HKLM\..\RunOnce: [winys32*****] C:\WINDOWS\system32\winys32*****
O4 - HKLM\..\RunOnce: [winbf*****] C:\WINDOWS\winbf*****
O4 - HKLM\..\RunOnce: [syspo32*****] C:\WINDOWS\system32\syspo32*****
O4 - Startup: Medic.lnk = C:\Program Files\Road Runner\Medic\RRMedic*****
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O4 - Global Startup: Adobe Gamma Loader*****.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader*****
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08*****
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf*****
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL*****/3000
O9 - Extra button: Research (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.rr.com
O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/gam...ts/y/grt5_x.cab
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.adelphia.net/sdc...ad/tgctlins.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/...director/sw.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeu...ontent/opuc.cab
O16 - DPF: {72944257-0AE0-44FD-8A51-AA21853092C8} (PhxStudent.OeSetup15) - https://mycampus.phoenix.edu/secure/PhxStudent15.CAB
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/...ash/swflash.cab
O16 - DPF: {FF054BED-D972-4215-897E-726C348DBB} (sonyctl.sonycm) - http://supportcentral4.sel.sony.com...oad/sonyctl.CAB

 

C:\WINDOWS\System32\HPZipm12*****
C:\WINDOWS\System32\cidaemon*****
C:\WINDOWS\System32\WISPTIS*****


?

 

Sorry took so long,

You have Searchpage.cc: searchpage.cc is a browser helper object changes your SearchURL, Search Bar, Search Page, Default Page URL, SearchAssistant and CustomizeSearch to nkvd.us or searchpage.cc.

Please notice that you must follow the instructions very carefully and delete everything that is mentioned. In most cases the removal will fail if one single item is not deleted. If searchpage.cc remains on your system after stepping through the removal instructions, please double-check by stepping through them again.

Click here for instructions: http://www.kephyr.com/spywarescanner...cc/index.phtml

 

Sounds to me like spyware if you're having the homepage being changed. Download spybot search & destroy and adware 6.0 from download.com and run them, should fix the problem.

 

I've already tried spybot and so forth. what it is is a hijacking virus. i'm going to try and follow the manuel removal in the morning i'll let ya'll know how it turns out tommarow.

Dan

 

Run - CWShredder - that program is just for removing browser hijacks.

Always run Adaware then Spybot then CWShredder.

Panda has a free online virus scan if you dont have Norton. Just search for Panda virus scan.

 

i have run all three of those and do have nortons however the hijack is still there from what i have found out it is a new virus. i have gotten directions on removal and have tried them but there are many variables as to locations changing and i do not have enough computer know-how to do it. they say a fix should be out by next week so i guess i'll just what a little to see if one comes out or take it to get fixed.

Dan

 

From the looks of your page nothing seems to be out of the ordinary . I would however pull up your tree and explore what the file C:\D&S\tina|localsettings\temp\temporydirectory4\e tc.etc.etc. and seewhat the properties of this are .

If this is not your culprit I would be leaning towards Mustangs opinion that your virus is a spyware cookie and not a virus at all as it does not seem to be eating up your files or OP system .

Will probably be attatched to a legitimate program so it remains undetected without a lot of effort .

If you have run all the spyware detection you have said without results you may be into searching manually through your files to find an attachment that is the hitchiker .

I attained some German **** site cookie like this one time before I was on a private server with full filter system that took me 3 days to find manually as nothing I ran would detect it .

Finally , a small square pink icon attatched to one of the thousands of DLL's
in my system . Recorded the DLL and deleted it and then reload the DLL was the only way I found to get rid of it .