I have a problem with spyware on my father in laws computer.
He has coolwebsearch and 180solutions. I have run ad-aware and spy-bot in safe mode, but it keeps coming back. I have also run hijackthis and have this log:
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Programfiler\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programfiler\Messenger\msmsgs.exe
C:\Programfiler\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
C:\Programfiler\Microsoft Office\Office\OSA.EXE
C:\Programfiler\Fellesfiler\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Programfiler\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\WINDOWS\system32\mshearts.exe
C:\WINDOWS\System32\msiexec.exe
C:\Programfiler\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Lefdal\LOKALE~1\Temp\se.dll/space.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Lefdal\LOKALE~1\Temp\se.dll/space.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {F4EB1C51-1984-4C52-BF02-059B2F926BB4} - C:\WINDOWS\System32\nhjg.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\Lefdal\LOKALE~1\Temp\se.dll,DllInstall
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Programfiler\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background
O4 - Global Startup: D-Link AirPlus G+ Wireless Adapter Utility.lnk = C:\Programfiler\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
O4 - Global Startup: Office Oppstart.lnk = C:\Programfiler\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: P?minnelser for Microsoft Works Kalender.lnk = ?
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programfiler\Fellesfiler\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupda ... 0078410106
O18 - Filter: text/html - {45F4BB6E-8085-4865-96D1-F66F28D79B0E} - C:\WINDOWS\System32\nhjg.dll
O18 - Filter: text/plain - {45F4BB6E-8085-4865-96D1-F66F28D79B0E} - C:\WINDOWS\System32\nhjg.dll
O20 - Winlogon Notify: style2 - C:\WINDOWS\q179308261_disk.dll
Anyone good at this?
