Welcome to CTH bevkoof_no_1, you have some nasties onboard. Go
here and download CWShredder but do not run it yet.
Close Internet Explorer and all open windows and run Hijack This again. Check the below entries and click on Fix Checked.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://g.msn.co.in/0SEENIN/SAOS01
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.searchwww.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://red.clientapps.yahoo.com/cus...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about
:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.searchwww.com/bar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
O4 - HKCU\..\Run: [Dbwl] C:\Documents and Settings\Administrator\Application Data\rrrt.exe
O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht!
http://TryToImproveSecurity.com/fa/x.chm::/load.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -
http://public.windupdates.com/get_f...a0 351cafa03db
O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} (eAssist NetAgent Customer ActiveX Control version 3) -
http://liverep.esignal.com/netagent...s/custappx3.CAB
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {23B7A816-3647-49D2-9756-6F41CE8F9201} (ddm_download.ddm_control) -
http://download.rfwnad.com/cab/crack.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
http://software-dl.real.com/23ea10f...ip/RdxIE601.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} -
http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} -
http://cabs.media-motor.net/cabs/downplain.cab
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) -
http://216.65.38.226/crack.CAB
Run CWShredder now. Click on Fix and reboot afterwards. Post a new Hijack This log.
I dont know what the below BHO does so lets just disable it for now.
O2 - BHO: IEEventTrapper Class - {47D5A45E-6B1A-11D7-BA96-000021F32E38} - C:\WINDOWS\Sify\COMPON~1\IEINTE~1.DLL
Go
here, download and install BHO Demon and use it to disable that BHO only. Could you please navigate to C:\WINDOWS\Sify\COMPON~1 and copy IEINTE~1.DLL, zip it up and send it to me please. My email address is
anniefriday@boomspeed.com. Thanks. Also post back a new Hijack This log.
Transferring to the Cyber Safety Forum.