Anyone good with comps in here, who can help me?

[Killa_DSM]

Help me!!!!! I think i have a Trojan in my comp. It changes my home page to http://www.windowws.cc/hp.htm?id=9 and i dont know how to get it out. Well here is my Hijack this log.
Hope someone can help.

Logfile of HijackThis v1.98.2
Scan saved at 3:02:48 PM, on 8/25/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\lexbces.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Windows\Compaq\Ereg\Remind32.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\--------\Desktop\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\System32\jax3onl28lxtmv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: My &Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [My Search Bar Eq] "C:\Program Files\MySearch\bar\s4bareq.exe" /r
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [searchassistant] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [romahere] C:\WINDOWS\System32\matrixhere.exe
O4 - HKLM\..\Run: [pnpsvc_lock] C:\WINDOWS\System32\933372.exe
O4 - HKCU\..\Run: [FileFreedom_Plugin] C:\Program Files\FileFreedom\wtm.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [romahere] C:\WINDOWS\System32\matrixhere.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Reminder-cpq40601.lnk = C:\WINDOWS\Compaq\Ereg\Remind32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.greg-search.com
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4AAE311E-88F5-4840-8A9C-B22AD86FB55A}: NameServer = 63.93.96.20 63.93.96.21

[vladlos]

first of all, download something like "Spybot - Search and Destroy" to get rid of any spyware on your computer. Go to www.euyulio.org and download a good trojan horse remover. I'm kind of thinking its more of spyware/adware problem you've got there and not a trojan/hacker problem.

[-Jayson-]

no you want adware, thats the best in my opinion.

www.lavasoft.com and download adware 6.0 its free and works wonders.

[Shortbus]

Looks like you have a variation of cool web search running in your registry. Get CWS shredder and run that, also boot up in safe mode and run Ad-aware it is by far the best removal tool spyware. You may also be able to remove "mysearchbar" fromthe add remove programs in the CP.

[Spyke^]

If you want to post your Hijack This log, you really should go to http://www.security-forums.com/forum/index.php

You might have to register to get to their Hijack This section, I can't remember, I'm a member so it will load for me..
Anyway, for any sort of computer problem they are the ones to get ahold of.
Excellent bunch of guys/gals.
Very impressive knowledge base.
Anything from Trojans, Firewalls, data encryption etc..
One thing though, they would be considered White Hats so don't even bother asking for advice on how to "Hack" or anything along that line.

Hope this helps..

[Killa_DSM]

Ok thats everyone for your help. I got winpatrol and i think i got it out.

[SSBigBlock]

If all else fails but your fails you don't want to lose in a back up file, make sure they arn't currupt. Then reformat your pc.