Trojan Virus - windows restarts, task mgr disabled

Basically windows keeps restarting and my task mgr is disabled. I can only run in safe mode (so I can't install any virus rem. software) and every time I try opening up internet explorer it comes up with an error and restarts... it also changed my home page to http://www.1987324.com/?301 . There is a e1xplorer icon saved on my desktop and in my start menu and keeps coming back after I delete. Any help would be very much appreciated!

Thanks in advance!
Nick


Logfile of HijackThis v1.99.1
Scan saved at 11:24:26 AM, on 11/5/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\winnt\System32\smss.exe
C:\winnt\system32\winlogon.exe
C:\winnt\system32\services.exe
C:\winnt\system32\lsass.exe
C:\winnt\system32\svchost.exe
C:\winnt\System32\WBEM\WinMgmt.exe
C:\winnt\Explorer.EXE
D:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HIJ\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.1987324.com?301
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {F2096A06-D3B1-FC6F-CB3B-F8BADF604197} - C:\winnt\system32\osbidorz.dll (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINNT\system32\bcmntray
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1160093779\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Systems] C:\winnt\system32\sysmon.exe
O4 - HKLM\..\Run: [adir] C:\winnt\system32\adirss.exe
O4 - HKLM\..\Run: [UpdateService] C:\winnt\system32\wservice.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.2.3.5\InstallStub.exe -a
O4 - HKCU\..\Run: [Yahoo! Pager] D:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [License Manager] "C:\Program Files\License_Manager\license_manager.exe " /silent
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [UpdateService] C:\winnt\system32\wservice.exe
O4 - HKCU\..\Run: [taskdir] C:\winnt\system32\taskdir.exe
O4 - Global Startup: Acrobat Assistant.lnk = D:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Audible Download Manager.lnk = D:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\JavaSoft\JRE\1.3.1_10\bin\npjava131_10.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\JavaSoft\JRE\1.3.1_10\bin\npjava131_10.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\winnt\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\winnt\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop
O15 - Trusted Zone: www.1987324.com
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/latest/PlaxoInstall.cab
O16 - DPF: {1D95A7C7-3282-4DB7-9A48-7C39CE152A19} (TeamOn Import Object) - https://bis.na.blackberry.com/html/web/client_tools/TOImport.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2F003D51-39FD-4D18-9016-95CF70B92ABE} - http://download.movienetworks.com/install/US/altpmtscab.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.maricopa.gov/assessor/gis/plugin/mgaxctrl.cab
O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - https://as00.estara.com/UI/proxyhttps.php?a=downloads.estara.com./&hash=889654fb70de3e056ce09f2e7462c482&url=http%3A%2F%2Fd.69.25.47.73.downloads.estara.com.%2Fas%2FOneCCDM.php&template=37881&sessionid=1424132379_69.25.47.73_51432&=&req=1110494604687OneCC.cab
O16 - DPF: {66960E23-DE25-11CF-876F-444553540000} (RepViewCtrl Object) - http://usrealnet.com/public/realnet/rrprview.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirelessUploadControl.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://fastconnectkitsetup.cox.net/wizlet/CoxNA/static/controls/WebflowActiveX.CAB
O16 - DPF: {A0EAC162-A012-4AD8-B2E1-D5A0BBBCDA51} (PopupSh Control) - http://209.190.31.42/display/PopupSh.ocx
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {DF05D910-DC8E-403A-93B0-5C866F3200D1} (PtClickLoan Control) - https://www.clickloan.com/CAB/PtClickLoan/1,0,0,12/PtClickLoan.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://elliemae.webex.com/client/v_mywebex-elliemae/training/ieatgpc.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveca12.custhelp.com/7530-b327h/rnl/java/RntX.cab
O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpbasicdetection3.cab
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://h20179.www2.hp.com/psgna/caller/SysQuery.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = charter6440.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = charter6440.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = charter6440.com
O20 - AppInit_DLLs: ?A
??#A?CS C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O21 - SSODL: Internet Explorer - {F28A40D7-AD0E-034A-C651-5F0ED76232E6} - C:\winnt\system32\Acedmb32.dll
O21 - SSODL: kDoYxj - {F0D00A2C-5A7A-A086-AC84-B018C1FE07E8} - C:\winnt\system32\few.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\winnt\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\winnt\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\winnt\System32\wltrysvc.exe

 

Hello nowens,

First, restart in safe mode with networking to download a few programs.
Press F8 like your booting in safe mode, but choose "Safe Mode with Networking".

Go here to download the trial version of [bold]AVG Anti-spyware[/bold].
Go here and download [bold]Spybot Search and Destroy[/bold].

Install and open AVGAS.
Click "[bold]Update[/bold]" then click "[bold]Start update[/bold]".
After updating, close AVGAS.

Install and open [bold]Spybot[/bold].
Click "[bold]Check for Updates[/bold]".
Click "[bold]Search for Updates[/bold]".
Check all and click "[bold]Download Updates[/bold]".
After updating, close Spybot.

Restart in safe mode.

Run a scan only with HijackThis, place a check beside these:

[bold]R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.1987324.com?301
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3...ilion&pf=laptop
O2 - BHO: (no name) - {F2096A06-D3B1-FC6F-CB3B-F8BADF604197} - C:\winnt\system32\osbidorz.dll (file missing)
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Systems] C:\winnt\system32\sysmon.exe
O4 - HKLM\..\Run: [adir] C:\winnt\system32\adirss.exe
O4 - HKLM\..\Run: [UpdateService] C:\winnt\system32\wservice.exe
O4 - HKCU\..\Run: [License Manager] "C:\Program Files\License_Manager\license_manager.exe " /silent
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [UpdateService] C:\winnt\system32\wservice.exe
O4 - HKCU\..\Run: [taskdir] C:\winnt\system32\taskdir.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\winnt\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\winnt\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop
O15 - Trusted Zone: www.1987324.com
O21 - SSODL: Internet Explorer - {F28A40D7-AD0E-034A-C651-5F0ED76232E6} - C:\winnt\system32\Acedmb32.dll
O21 - SSODL: kDoYxj - {F0D00A2C-5A7A-A086-AC84-B018C1FE07E8} - C:\winnt\system32\few.dll [/bold]

Close all windows except HijackThis, then click "Fix checked".

Go to Add/Remove Programs and uninstall:
[bold]Viewpoint Manager
License Manager[/bold]

Show all files and folders.
Open My Computer > Tools > Folder Options > View tab > check "Show hidden files and folders".
Click Apply then OK.

Find and delete the following files and folders(if there):
C:\winnt\system32\[bold]sysmon.exe[/bold] <--file
C:\winnt\system32\[bold]adirss.exe[/bold] <--file
C:\winnt\system32\[bold]wservice.exe[/bold] <--file
C:\[bold]winstall.exe[/bold] <--file
C:\winnt\system32\[bold]wservice.exe[/bold] <--file
C:\winnt\system32\[bold]taskdir.exe[/bold] <--file
C:\winnt\system32\[bold]Acedmb32.dll[/bold] <--file
C:\winnt\system32\[bold]few.dll[/bold] <--file
C:\Program Files\[bold]Viewpoint[/bold] <--folder
C:\Program Files\[bold]License_Manager[/bold] <--folder
Please tell me which files, if any, were not there or if access is denied.

Empty the Recycle Bin.
Open AVGAS and click "[bold]Scanner[/bold]".
Click "[bold]Complete System Scan[/bold]".
When it finishes scanning, set all items to "[bold]Quarantine[/bold]".
Click "[bold]Apply All Actions[/bold]".
Click "[bold]Save Report[/bold]" and save it to the desktop.
Close AVGAS.

Open [bold]Spybot[/bold].
Click "[bold]Check for Problems[/bold]".
When it finishes, click "[bold]Fix selected problems[/bold]".
Right click inside the window and select "[bold]Copy results[/bold]". (not full report)
Paste them into Notepad and save them.

Attempt to boot in normal mode and get a HijackThis log.
Please post back with the AVGAS report, the Spybot log and a new HijackThis log(from normal mode, if possible).