Hijacked and can't update Defender,no auto Windows update, no manual WIn update, abcdepage.com

Hi Folks& I need help. Im new here. Ive been working on a friends computer. If I dont include the hijackthis on this message, I will on the next. He had Avast and Defender running (as I am told). He kept getting popups or actually redirections opening up a browser window to random URLs. It seems the url is something like abcdepage.com.

I found that MS Updates would not work and the automatic update was disabled and I couldnt enable it (gave an error). Ditto Defender update.

I updated and ran Avast in the schedule boot time scan. It found numerous viruses and I had them moved to the chest. The ones that I made note of was Fabot, SmithFraud, Virtumonde and Fasec. Maybe this last one I wrote down wrong since I couldnt find anything on google. However, it said, kdusk.exe was infected and was in the /system32 directory. This one reappeared in a subsequent scan.

I then ran spybot, removed a number of spyware and then did the same in the safe mode. I then an SuperAntiSpyware, and I think it found Vundo and claimed to removed it.

I still had the same problems as far as the MS auto update wouldnt turn on; I couldnt got an error (and followed instruction to fix the error, which didnt work) when I manually went to the MS Windows update site. Same thing again with Defender, and even deleted defender and reinstalled. It would not update& and gave an error.

I dont know how important this is but it also hangs when shutting down with the file sprtcmd.exe (I really thought I disabled this at one point in msconfig startup).

I decided to install Firefox. This really puzzled me as it gets hijacked too, like IE.

Some things wont stay set in IE such as allow or dont allow all cookies. Seems to set back to allow all.

Also, it seems the desktop refreshes a lot& sometimes when I run Avast, it runs through its memory check and then instead of running I have to click on it again. I think Avast and Defender both have to run twice before the main screen comes up.

Any help would be much appreciated. Also if you could give me as much in advance as you can, it would be most helpful since my friend lives about an hour away and expects if I cant get it fixed in a couple of hours, then just reinstall windows. I would like to make some headway in the next visit so we dont go down that path of reinstalling windows (and ALL the numerous things of, gee& you mean we have to reinstall that too and the, where is my such and such game?).

Thanks for looking& here is the hijack file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:50:31 PM, on 11/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Siemens\SpeedStream Wireless USB\SSUSBCfg.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4080126
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4080126
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Tracker] C:\Program Files\MySoftware\MyInvoices\tracker.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [94de8ade] rundll32.exe "C:\WINDOWS\system32\wduvmpsr.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Siemens SpeedStream Wireless USB.lnk = C:\Program Files\Siemens\SpeedStream Wireless USB\SSUSBCfg.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{1CF7F17D-B228-4CCB-B0ED-509891BC5A72}: NameServer =, 
O17 - HKLM\System\CCS\Services\Tcpip\..\{55E53D4A-B002-4E62-9F2A-35307E927156}: NameServer =, 
O17 - HKLM\System\CS1\Services\Tcpip\..\{1CF7F17D-B228-4CCB-B0ED-509891BC5A72}: NameServer =, 
O17 - HKLM\System\CS2\Services\Tcpip\..\{1CF7F17D-B228-4CCB-B0ED-509891BC5A72}: NameServer =, 
O20 - AppInit_DLLs: znrssf.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
End of file - 7830 bytes

Open in new window

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

I analyzed the HijackThis log at the following site, and no errors were found:


One of the best free products for getting rid of malware is this:


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
AnselAdamsAuthor Commented:
Thanks for the links. I don't know what it could be. Mabye it's some of the addons. I hate to think that I will have to reinstall WIN to make this browser behave right. I would really like to know what is causing it. Of course he keeps asking me why he got the virusus when he had Avast and Defender running.
As you say:  It could be an add-on that is messing things up.  Have you tried it with Internet Explorer (No Add-ons), which you will find on your Start Menu under All Programs -> Accessories -> System Tools.  If this works, then you can troubleshoot your normal IE connections by selecting Tools menu -> Manage Add-ons -> Enable or disable Add-ons.
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

AnselAdams--With respect to Lee Tutor, the following look suspicious to me
O4 - HKLM\..\Run: [94de8ade] rundll32.exe "C:\WINDOWS\system32\wduvmpsr.dll",b
O20 - AppInit_DLLs: znrssf.dll
I cannot find information on them.  Unless others feel otherwise, I would have HJT fix them.
If that does not fix the problems,  by all means run Malwarebytes.
Specific to the problems with being hijacked, in IE click Tools|Internet Explorer|General tab.  What do you see in the Home Page line?  Unless that is yahoo.com, change it to a webpage you prefer.  Close IE.  What happens the next time you open IE?  If still a problem, I think I would delete the two R0 entries that HiJackThis has found.  Then go through the procedure to set Home Page again.
And if all that does not fix things I think you should consider a Repair Install of Windows--assuming your friend has the Windows CD.  There are still so many problems.
AnselAdamsAuthor Commented:
Good point LeeTutor! I will try that. I don't know what may be in the API, but I had the same problem with Firefox, so I was thinking it was OS related.

One thing that I am wondering is that I think I've seen this abcdepage.com before on another computer.... it takes the form of http://abcdepage.com/a-buch-of-stuff-here/andsuch
AnselAdamsAuthor Commented:
Thanks jcimarron!

The redirect doesn't happen when the browser is first loaded... it happens usually after you go to google, do a search, and then the browser opens without some of he bars at the top... and the tabs are gone.

I know that is a red flag but I concentrated on trying to get MS updates to work and it would consistantly fail... where the popups seemed very random. Also fiddled with Defender getting updates, which always failed.
AnselAdamsAuthor Commented:
I've been up all night installing a network in a commercial building so after my 8 or 10 hrs sleep, I will check back.

Thanks you guys for all your help. Once I get some sleep I'll have some questions about access points, I'll ask in another thread/topic.
For the windows update problem, a few pages to look at:



A still currently open E-E similar question.  Particularly look at  Phototropic's advice:

Cannot update Windows, Virus or Spyware Protection after removing AntiVirus 2009
AnselAdams--I know you are hoping not to have reinstall Windows.  Remember that the Repair Install should not affect personal data, though you could back that up just in case.
BTW--sprtcmd.exe is part of the Dell Support software.  If it is not being used, you can uninstall from Add/Remove.
AnselAdamsAuthor Commented:
I had my friend install and run the malwarebytes and run it. It found around 20 objects. His computer will now not boot, but I wasn't there to see what he did. I will go over tonight and reinstall or fix win. Thanks for all the help. I will put malwarebytes in my bag of tricks as it seemed to find more problems even in the fast mode than the others.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.