make a folder for hijack this, the program makes backups and your program files folder will get very cluttered.
rescan and check the following:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O1 - Hosts: 66.159.20.52 www1.ndhosting.com
O1 - Hosts: 66.159.20.52 www3.ndhosting.com
O1 - Hosts: 66.159.20.52 www2.ndhosting.com
O1 - Hosts: 66.159.20.52 www.ndhosting.com
O1 - Hosts: 66.159.20.52 www.kinghost.com
O1 - Hosts: 66.159.20.52 kinghost.com
O1 - Hosts: 66.159.20.52 www1.kinghost.com
O1 - Hosts: 66.159.20.52 www2.kinghost.com
O1 - Hosts: 66.159.20.52 www3.kinghost.com
O1 - Hosts: 66.159.20.52 www4.kinghost.com
O1 - Hosts: 66.159.20.52 www5.kinghost.com
O1 - Hosts: 66.159.20.52 www6.kinghost.com
O1 - Hosts: 66.159.20.52 www7.kinghost.com
O1 - Hosts: 66.159.20.52 www8.kinghost.com
O1 - Hosts: 66.159.20.52 www9.kinghost.com
O1 - Hosts: 66.159.20.52 www10.kinghost.com
O1 - Hosts: 66.159.20.52 www.smutserver.com
O1 - Hosts: 66.159.20.52 smutserver.com
O1 - Hosts: 66.159.20.52 www1.smutserver.com
O1 - Hosts: 66.159.20.52 www2.smutserver.com
O1 - Hosts: 66.159.20.52 www16.smutserver.com
O1 - Hosts: 66.159.20.52 www3.smutserver.com
O1 - Hosts: 66.159.20.52 www4.smutserver.com
O1 - Hosts: 66.159.20.52 www5.smutserver.com
O1 - Hosts: 66.159.20.52 www6.smutserver.com
O1 - Hosts: 66.159.20.52 www7.smutserver.com
O1 - Hosts: 66.159.20.52 www8.smutserver.com
O1 - Hosts: 66.159.20.52 www9.smutserver.com
O1 - Hosts: 66.159.20.52 www10.smutserver.com
O1 - Hosts: 66.159.20.52 www11.smutserver.com
O1 - Hosts: 66.159.20.52 www12.smutserver
O4 - HKLM\..\Run: [windows update] iexplore.exe
O4 - HKLM\..\Run: [AAS] c:\winnt\system32\drivers\etc\check.bat
O4 - HKLM\..\Run: [csrss service] c:\winnt\system32\drivers\etc\csrss.exe
O4 - HKLM\..\Run: [secure] c:\winnt\system32\drivers\etc\secure.exe
O4 - HKLM\..\Run: [lsass service] c:\winnt\system32\drivers\etc\hidden32.exe c:\winnt\system32\drivers\etc\lsass.exe c:\winnt\system32\drivers\etc\ir.dll
O4 - HKLM\..\RunServices: [windows update] iexplore.exe
O4 - HKCU\..\Run: [windows update] iexplore.exe
this one is optional but really not needed:
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
close all browser windows and hit fix checked.
make sure hidden files are showing
Code:
http://www.xtra.co.nz/help/0,,4155-1916458,00.html
reboot into safe mode (hit f8 during startup) and delete this file:
C:\WINDOWS\System32\iexplore.exe <--- (only the one in the system32 folder)
these files are very suspicious. can you navigate to the location and see if there's any info in the properties? (version, date created, etc)
C:\winnt\system32\drivers\etc\csrss.exe
c:\winnt\system32\drivers\etc\hidden32.exe c:\winnt\system32\drivers\etc\lsass.exe c:\winnt\system32\drivers\etc\ir.dll
c:\winnt\system32\drivers\etc\check.bat
c:\winnt\system32\drivers\etc\secure.exe
reboot into normal mode and post a new log, and whatever info you could find.
Bookmarks