Browser Hijack - Feel like I've tried everything!

[Smell the Glove]

Hello,

I'm new to all these forums but I'm needing help.

My homepage browser goes straight to this: res://C:\WINDOWS\System32\shdoclc.dll/navcancl.htm (aka www.warningmessage.com)

I have seen other threads about this whilst searching the net but nothing I try has got rid of it.

I've rebooted in safe mode and run:
Spybot
McAfee Security Suite
Avast
Sywareblaster
Microsoft Antspyware
Smartkiller
Aboutbuster
AVG Free
Adaware

And still I can't stop it!

I really need help but I'm not very PC friendly so I need advice in simple terms.

Hope you can help.

 

[RealBlackStuff]

Aren't you overdoing it a bit? Avast, AVG, McAfee.
Sooner rather than later they get into each other's hair, and your protection is worth diddly squat!
UNinstall Avast, it's not running correctly anyway!

C:\Documents and Settings\Matthew Salmon\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
put HijackThis in e.g C:\Program Files\HJT and NOT in Temp or on the Desktop!.

First Read: Only use these HJT-instructions when asked!
/P/ Process needs to be stopped
/R/ unRegister the xxx.DLL in that line
The text between the dotted lines underneath goes between the dotted lines of that post.
Make sure to follow ALL instructions, and in HJT tick/fix ALL lines!
...................................................................................................
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freeserve.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.com/
/R/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\MATTHE~1\LOCALS~1\Temp\sp.dll/sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
/P/ O2 - BHO: HomepageBHO - {3bf1f86f-b1a8-489b-8d8b-43781d51411f} - C:\WINDOWS\System32\hpA17B.tmp
/P/ O4 - HKLM\..\Run: [STDSB] C:\WINDOWS\system32\drivers\STDSB.exe
/P/ O4 - HKLM\..\Run: [Icon] C:\WINDOWS\system32\drivers\Icon.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab
O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
Unless these IP-numbers are from your ISP, fix this O17
O17 - HKLM\System\CCS\Services\Tcpip\..\{B957393B-24EE-4298-8BF8-C6D10234850E}: NameServer = 80.225.252.178 80.225.252.186
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - C:\WINDOWS\System32\vbsys2.dll (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
...................................................................................................

 

[Smell the Glove]

Thanks a lot mate, everything seems to working just fine now.

I would just like to say thank you. I don't want to sound like a brown noser but its good to know there are good people on the net besides the *****s creating viruses and trojans etc.

I owe you a large number of pints of the black stuff! :grinthumb

PS. I've uninstalled Avast. I was thinking of getting rid of AVG and a few others. What is worth keeping out of this list?

AVG
Spybot
Adaware
ewido
Spywareblaster
Aboutbuster
CWShredder

Once again, thanks dude.

 

[RealBlackStuff]

Keep them all, but for permanently running, you only need AVG and the Spybot immuniser.
The other programs will come in handy for a next infection! As long as they don't run, they don't use up memory.
Make sure you always use the latest versions/definitions before you run them.
Advisable is a full scan once every week or fortnight, depending on how 'clean' your habits are.