Unable to Delete W32.Desktophighjack

You did not say whether you actually ran SmitRem.

Download smitRem.exe and save the file to your desktop.

Double click on the file to extract it to it's own folder on the desktop.

Reboot into safe mode.

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please attach this log to your next reply.

Do you know what the below two process are for:
C:\UPDATA\UDXDDEServer.exe
C:\UPDATA\UDXSnapshotFeed.exe

Your Yahoo Companion and Norton Toolbars appear to be broken. The files show as missing. Are they missing?
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)

If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
For all OS types, make sure viewing of hidden files is enabled (per the tutorial).

Please run HijackThis and click on the "Open the Misc Tools Section" button on the open page. Then select "Open process manager" on the left-hand side. Look for the following process (or processes) and one at a time kill them by selecting it and then click "Kill process". Then click yes.
C:\WINDOWS\system32\mssearchnet.exe <--- may already be gone after running SmitRem

After killing all the above processes, click "Back".
Then please click "Scan" and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
O2 - BHO: HomepageBHO - {893fad3a-931e-4e53-b515-b1426d63799b} - C:\WINDOWS\system32\hpB301.tmp
O4 - HKCU\..\Run: [System Update] C:\WINDOWS\System\taskman.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O19 - User stylesheet: (file missing)

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\WINDOWS\system32\hpB301.tmp
C:\WINDOWS\system32\mssearchnet.exe
C:\WINDOWS\System\taskman.exe

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

Now run Ccleaner (installed while running the READ ME FIRST). Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.

Now we need to Reset Web Settings:
1) If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2) Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3) If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Now reboot in normal mode and post a new HJT log. And tell us how things are working.

 

You need to find the smitfiles.txt file. It should be in the root folder of the hard disk on which you ran it. We need to see what is in this file! Are you sure you ran it and did it complete? Did you run it in safe mode. I still see some Smitfraud related files.

The icon in your tray is not the Norton AntiVirus Toolbar.

Do you need this proxy server setting?
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080

 

If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
For all OS types, make sure viewing of hidden files is enabled (per the tutorial).

Please bring up Task Manager by hitting CTRL-ALT-DEL and click the Processes tab. Look for the below process(es) and if found, End them:

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O2 - BHO: HomepageBHO - {893fad3a-931e-4e53-b515-b1426d63799b} - C:\WINDOWS\system32\hp438D.tmp
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\WINDOWS\system32\hp438D.tmp

Now run Ccleaner (installed while running the READ ME FIRST). Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.

Now reboot in normal mode and post a new HJT log. And tell us how things are working.

 

That is not a complete log from SmitRem. You need to allow it enough time to run to completion. In most cases it can fix the wininet.dll problem itself and the last line of smitfiles.txt will inicate the status.

See message # 3 in the below thread to see what a complete log looks like:
http://forums.majorgeeks.com/showthread.php?t=73285


Run SmitRem again, make sure you are in safe mode and that you wait for it to complete.

You can delete those other three tmp files you listed.

 

Okay! That looks better and now it sounds like your SmitFraud problem is fixed. You should post a HJT log now so we can double check for problems. Perhaps there is something else on your system that is causing problems with regedit. Are you having any problems running Task Manager or msconfig.

 

The only malware related issue that I see remaining in your log is the below line which you should fix using HJT:

O2 - BHO: HomepageBHO - {893fad3a-931e-4e53-b515-b1426d63799b} - C:\WINDOWS\system32\hp4618.tmp (file missing)

The below line indicates something is broken with your installation of Norton Antivirus. You should reinstall it.
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)

The below process running is MS installer. It is not normally running unless an installation is currently in progress or perhaps an installation has failed. So it could be related to your problem with Windows Installer. This is not a malware related topic for this forum. You should discuss this in the Software Forum.
C:\WINDOWS\System32\msiexec.exe

I have know idea what application ACLUII.dll is related to. Are you sure of the spelling? Are the letters after the ACLU supposed to be lower case L or upper case i or are the the number one? Could this be part of your Acer software or part of Aladdin? Or did you really mean to just use one upper case i as in aclui.dll? This is a Windows file. You can download it here: http://www.dlldump.com/download-dll-files_new.php/dllfiles/A/aclui.dll/5.1.2600.2180/download.html

Put it in your c:\windows\system32 folder.

Are you have any malware related problems?

 

Are you still getting the same error message when trying to run regedit?
Did you put aclui.dll in the system32 folder? If so, try registering the dll by doing the below.

regsvr32 c:\windows\system32\aclui.dll

 

You're welcome.

What program are your referring to?

 

I don't know anything about that program. If you already own it, exactly what is it that you are asking me. There are dozens of free programs out there that are more than sufficient for most people. You may be able to get some feedback on the program in the Software Forum.

 

It's no bother! That's why we are here. I would suggest visiting the below link before you go:

How to Protect yourself from malware!