Bod68 Posted December 9, 2005 Report Share Posted December 9, 2005 Hi, just logged in and looked around for similar problems and done everything I can but I'm still getting several errors which I cannot fix. Could someone help me please? I have restored my desktop from the blue infected screen and got my connection back.Also tried the usual programs but perhaps a step by step might help me Thanks in advance...-----Logfile of HijackThis v1.99.1Scan saved at 21:27:53, on 09/12/2005Platform: Windows 2000 SP4 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINNT\System32\smss.exeC:\WINNT\SYSTEM32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\spoolsv.exeC:\WINNT\appnc.exeC:\WINNT\System32\3Com_DMI\3CDMINIC.EXEC:\Program Files\Dell\OpenManage\Client\ActionAgent.exeC:\DMI\WIN32\bin\DellDmi.exeC:\Program Files\Dell\OpenManage\Client\EventAgt.exeC:\Program Files\Dell\OpenManage\Client\DLT.exeC:\WINNT\System32\svchost.exeC:\Program Files\Dell\OpenManage\Client\Iap.exeC:\WINNT\system32\MSTask.exeC:\dmi\win32\bin\Win32sl.exeC:\WINNT\system32\svchost.exeC:\WINNT\Explorer.EXEC:\WINNT\system32\syszk.exeC:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exeC:\Program Files\SpywareGuard\sgmain.exeC:\Program Files\SpywareGuard\sgbhp.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Documents and Settings\Administrator\Desktop\HJT\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\eoxzw.dll/sp.html#34154R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\eoxzw.dll/sp.html#34154R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\eoxzw.dll/sp.html#34154R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\eoxzw.dll/sp.html#34154R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\eoxzw.dll/sp.html#34154R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\eoxzw.dll/sp.html#34154R3 - Default URLSearchHook is missingO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dllO2 - BHO: Class - {CC16D1AD-6F80-3BC9-9B93-0118DF795C9A} - C:\WINNT\system32\syszk.dllO4 - HKLM\..\Run: [syszk.exe] C:\WINNT\system32\syszk.exeO4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logonO4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exeO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dllO16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.com/applet-6.4.3.36/omah...a-ob-assets.cabO16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.4.3.36/cana...a-ob-assets.cabO16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.4.3.36/chec...s-ob-assets.cabO16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-6.4.2.23/pool...l-ob-assets.cabO16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.4.3.36/jigs...w-ob-assets.cabO16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.4.3.36/lott...o-ob-assets.cabO16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.4.3.36/mahj...g-ob-assets.cabO16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.4.3.36/popf...u-ob-assets.cabO16 - DPF: PoppaZoppa by pogo - http://game1.pogo.com/applet-6.4.3.36/popp...a-ob-assets.cabO16 - DPF: Quick Quack by pogo - http://game1.pogo.com/applet-6.4.3.36/hots...k-ob-assets.cabO16 - DPF: QWERTY by pogo - http://game1.pogo.com/applet-6.4.3.36/squa...s-ob-assets.cabO16 - DPF: Ride The Tide by pogo - http://game1.pogo.com/applet-6.4.3.36/ride...e-ob-assets.cabO16 - DPF: Stellar Sweeper by pogo - http://game1.pogo.com/applet-6.4.3.36/swee...r-ob-assets.cabO16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.4.2.23/hold...m-ob-assets.cabO16 - DPF: The Sims Pinball by pogo - http://game1.pogo.com/applet-6.4.2.23/simb...l-ob-assets.cabO16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.com/applet-6.4.3.36/turb...1-ob-assets.cabO16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.4.3.36/word...2-ob-assets.cabO16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.4.2.23/worl...s-ob-assets.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1129575498628O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://us-housecall.trendmicro-europe.com/...ivex/hcImpl.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cabO23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINNT\appnc.exeO23 - Service: 3Com DMI Agent (3ComDMIService) - 3Com Corporation - C:\WINNT\System32\3Com_DMI\3CDMINIC.EXEO23 - Service: ActionAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\ActionAgent.exeO23 - Service: DellDmi - Dell Computer Corporation - C:\DMI\WIN32\bin\DellDmi.exeO23 - Service: DEventAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\EventAgt.exeO23 - Service: DLT - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\DLT.exeO23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exeO23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exeO23 - Service: Win32Sl - Intel - C:\dmi\win32\bin\Win32sl.exe Link to post Share on other sites
therock247uk Posted December 9, 2005 Report Share Posted December 9, 2005 Please download ewido security suite it is a trial version of the program.Install ewido security suiteWhen installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".Launch ewido, there should be an icon on your desktop double-click it.The program will now go to the main screenYou will need to update ewido to the latest definition files.On the left hand side of the main screen click updateThen click on Start UpdateThe update will start and a progress bar will show the updates being installed.If you are having problems with the updater, you can use this link to manually update ewido.ewido manual updatesBoot into safemode to do this keep tapping F8 on your keyboard while your PC is starting up you will get a menu select safemode.Open Ewido againClick on scannerClick on Complete System Scan and the scan will begin.While the scan is in progress you will be prompted to clean files, click OKWhen it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.Once the scan has completed, there will be a button located on the bottom of the screen named Save reportClick Save report.Save the report .txt file to your desktop.Now close ewido security suite.Reboot and Post the report Ewido made and a new Hijackthis log here in a reply. Link to post Share on other sites
Bod68 Posted December 10, 2005 Author Report Share Posted December 10, 2005 --------------------------------------------------------- ewido security suite - Scan report--------------------------------------------------------- + Created on: 01:17:40, 10/12/2005 + Report-Checksum: 9AD3AEEC + Scan result: HKLM\SOFTWARE\Classes\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10} -> Spyware.MySearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{676575DD-4D46-911D-8037-9B10D6EE8BB5} -> Spyware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE -> Spyware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW -> Spyware.CoolWebSearch : Cleaned with backup :mozilla.7:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup :mozilla.11:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup :mozilla.18:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup :mozilla.31:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup :mozilla.32:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup :mozilla.33:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.34:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup :mozilla.37:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup :mozilla.43:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup :mozilla.49:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.55:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.56:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.57:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.58:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.59:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.64:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Estat : Cleaned with backup :mozilla.69:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup :mozilla.72:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup :mozilla.73:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup :mozilla.74:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup :mozilla.80:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup :mozilla.81:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup :mozilla.82:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup :mozilla.94:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.95:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.96:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.97:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.98:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.99:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.111:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup :mozilla.112:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup :mozilla.113:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup :mozilla.114:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup :mozilla.115:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup :mozilla.116:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup :mozilla.117:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup :mozilla.126:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup :mozilla.141:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup :mozilla.144:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.145:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup :mozilla.186:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Smartadserver : Cleaned with backup :mozilla.187:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Smartadserver : Cleaned with backup :mozilla.188:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Smartadserver : Cleaned with backup :mozilla.189:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Smartadserver : Cleaned with backup :mozilla.192:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup :mozilla.193:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup :mozilla.197:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.198:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.203:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.212:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.214:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.215:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.216:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.217:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.218:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.219:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.220:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.221:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup :mozilla.222:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup :mozilla.223:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.224:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.225:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.226:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.227:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.228:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.229:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.230:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.231:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.232:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.233:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.234:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.238:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup :mozilla.241:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.242:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.243:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.244:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.245:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.246:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.247:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.254:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.255:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.256:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup :mozilla.257:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.258:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup :mozilla.259:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup :mozilla.260:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup :mozilla.263:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.265:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.267:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup :mozilla.268:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup :mozilla.269:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup :mozilla.270:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.271:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.272:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup :mozilla.273:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.274:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.281:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup :mozilla.282:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.283:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup :mozilla.284:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dhn04nuy.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.Newyorkcasino : Cleaned with backup C:\Documents and Settings\Administrator\Cookies\administrator@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Administrator\Local Settings\Temp\180sainstallernusac.exe/clientax.dll -> Spyware.180Solutions : Cleaned with backup C:\Documents and Settings\Administrator\Local Settings\Temp\180sainstallernusac.exe/clientax.dll -> Spyware.180Solutions : Cleaned with backup C:\Documents and Settings\Administrator\Local Settings\Temp\1D.tmp -> Trojan.Small : Cleaned with backup C:\Documents and Settings\Administrator\Local Settings\Temp\1E.tmp -> Trojan.Small.ga : Cleaned with backup C:\Documents and Settings\Administrator\Local Settings\Temp\2.tmp -> Trojan.Small.ga : Cleaned with backup C:\Documents and Settings\Administrator\Local Settings\Temp\3.tmp -> Trojan.Small.ga : Cleaned with backup C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup C:\Documents and Settings\Administrator\Local Settings\Temp\Del29.tmp -> Downloader.Small.asf : Cleaned with backup C:\Documents and Settings\Administrator\Local Settings\Temp\NNCLXA638.EXE -> Spyware.NewDotNet : Cleaned with backup C:\Documents and Settings\Administrator\Local Settings\Temp\res2A.tmp -> Spyware.180Solutions : Cleaned with backup C:\Documents and Settings\Administrator\Local Settings\Temp\temp.fr631B -> Trojan.Small.ga : Cleaned with backup C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFWN25S3\mm[2].js -> Spyware.Chitika : Cleaned with backup C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\CH2B09YR\mm[2].js -> Spyware.Chitika : Cleaned with backup C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\JM0BZ5S1\inst2_ax[1].cab/inst2.dll -> Downloader.WinShow.az : Cleaned with backup C:\Program Files\SpySheriff -> Spyware.SpySheriff : Cleaned with backup C:\Program Files\SpySheriff\SpySheriff.exe -> Spyware.SpySheriff : Cleaned with backup C:\Program Files\SpySheriff\Uninstall.exe -> Spyware.SpySheriff : Cleaned with backup C:\Program Files\WinFixer 2005 -> Spyware.WinFixer : Cleaned with backup C:\WINNT\Downloaded Program Files\CONFLICT.1\UWFX5V_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Agent.d : Cleaned with backup C:\WINNT\Downloaded Program Files\inst2.dll -> Downloader.WinShow.az : Cleaned with backup C:\WINNT\Downloaded Program Files\UWFX5V_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Agent.d : Cleaned with backup C:\WINNT\eoxzw.dll -> Adware.SearchPage : Cleaned with backup C:\WINNT\NDNuninstall6_38.exe -> Spyware.NewDotNet : Cleaned with backup C:\WINNT\NDNuninstall6_90.exe -> Adware.NewDotNet : Cleaned with backup C:\WINNT\NDNuninstall6_98.exe -> Adware.NewDotNet : Cleaned with backup C:\WINNT\SYSTEM32\d.exe -> Worm.Doombot.b : Cleaned with backup C:\WINNT\SYSTEM32\DRIVERS\df_kmd.sys -> Trojan.Rootkit.Agent.af : Cleaned with backup C:\WINNT\SYSTEM32\meaoi.sys -> Trojan.Rootkit.Agent.aq : Cleaned with backup C:\WINNT\SYSTEM32\niant.dll -> Adware.SearchPage : Cleaned with backup::Report End Link to post Share on other sites
Bod68 Posted December 10, 2005 Author Report Share Posted December 10, 2005 Logfile of HijackThis v1.99.1Scan saved at 01:29:05, on 10/12/2005Platform: Windows 2000 SP4 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINNT\System32\smss.exeC:\WINNT\SYSTEM32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\spoolsv.exeC:\WINNT\appnc.exeC:\WINNT\System32\3Com_DMI\3CDMINIC.EXEC:\Program Files\Dell\OpenManage\Client\ActionAgent.exeC:\DMI\WIN32\bin\DellDmi.exeC:\Program Files\Dell\OpenManage\Client\EventAgt.exeC:\Program Files\Dell\OpenManage\Client\DLT.exeC:\WINNT\System32\svchost.exeC:\Program Files\ewido\security suite\ewidoctrl.exeC:\Program Files\Dell\OpenManage\Client\Iap.exeC:\WINNT\system32\MSTask.exeC:\dmi\win32\bin\Win32sl.exeC:\WINNT\system32\svchost.exeC:\WINNT\Explorer.EXEC:\WINNT\system32\syszk.exeC:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeC:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exeC:\Program Files\SpywareGuard\sgmain.exeC:\Program Files\SpywareGuard\sgbhp.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Documents and Settings\Administrator\Desktop\HJT\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\axoyd.dll/sp.html#34154R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\axoyd.dll/sp.html#34154R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\axoyd.dll/sp.html#34154R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\axoyd.dll/sp.html#34154R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\axoyd.dll/sp.html#34154R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\axoyd.dll/sp.html#34154R3 - Default URLSearchHook is missingO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dllO2 - BHO: Class - {CC16D1AD-6F80-3BC9-9B93-0118DF795C9A} - C:\WINNT\system32\syszk.dllO4 - HKLM\..\Run: [syszk.exe] C:\WINNT\system32\syszk.exeO4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logonO4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exeO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dllO16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.com/applet-6.4.3.36/omah...a-ob-assets.cabO16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.4.3.36/cana...a-ob-assets.cabO16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.4.3.36/chec...s-ob-assets.cabO16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-6.4.2.23/pool...l-ob-assets.cabO16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.4.3.36/jigs...w-ob-assets.cabO16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.4.3.36/lott...o-ob-assets.cabO16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.4.3.36/mahj...g-ob-assets.cabO16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.4.3.36/popf...u-ob-assets.cabO16 - DPF: PoppaZoppa by pogo - http://game1.pogo.com/applet-6.4.3.36/popp...a-ob-assets.cabO16 - DPF: Quick Quack by pogo - http://game1.pogo.com/applet-6.4.3.36/hots...k-ob-assets.cabO16 - DPF: QWERTY by pogo - http://game1.pogo.com/applet-6.4.3.36/squa...s-ob-assets.cabO16 - DPF: Ride The Tide by pogo - http://game1.pogo.com/applet-6.4.3.36/ride...e-ob-assets.cabO16 - DPF: Stellar Sweeper by pogo - http://game1.pogo.com/applet-6.4.3.36/swee...r-ob-assets.cabO16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.4.2.23/hold...m-ob-assets.cabO16 - DPF: The Sims Pinball by pogo - http://game1.pogo.com/applet-6.4.2.23/simb...l-ob-assets.cabO16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.com/applet-6.4.3.36/turb...1-ob-assets.cabO16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.4.3.36/word...2-ob-assets.cabO16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.4.2.23/worl...s-ob-assets.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1129575498628O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://us-housecall.trendmicro-europe.com/...ivex/hcImpl.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cabO23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINNT\appnc.exeO23 - Service: 3Com DMI Agent (3ComDMIService) - 3Com Corporation - C:\WINNT\System32\3Com_DMI\3CDMINIC.EXEO23 - Service: ActionAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\ActionAgent.exeO23 - Service: DellDmi - Dell Computer Corporation - C:\DMI\WIN32\bin\DellDmi.exeO23 - Service: DEventAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\EventAgt.exeO23 - Service: DLT - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\DLT.exeO23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exeO23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exeO23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exeO23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exeO23 - Service: Win32Sl - Intel - C:\dmi\win32\bin\Win32sl.exe Link to post Share on other sites
therock247uk Posted December 10, 2005 Report Share Posted December 10, 2005 1. Make sure your PC is set to show all hidden files and folders go here for instructions on how to do this. http://pchowtos.co.uk/index.php?page=tutor...tion=view&id=342. Boot into safemode to do this keep tapping F8 on your keyboard while your PC is starting up you will get a menu select safemode.3. While in safemode open Hijackthis and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis.R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\axoyd.dll/sp.html#34154R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\axoyd.dll/sp.html#34154R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\axoyd.dll/sp.html#34154R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\axoyd.dll/sp.html#34154R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\axoyd.dll/sp.html#34154R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\axoyd.dll/sp.html#34154R3 - Default URLSearchHook is missingO2 - BHO: Class - {CC16D1AD-6F80-3BC9-9B93-0118DF795C9A} - C:\WINNT\system32\syszk.dllO4 - HKLM\..\Run: [syszk.exe] C:\WINNT\system32\syszk.exeO23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINNT\appnc.exe4. Delete the files. (if present)C:\WINNT\axoyd.dllC:\WINNT\system32\syszk.dllC:\WINNT\system32\syszk.exeC:\WINNT\appnc.exe5. Reboot and post a new Hijackthis log here in a reply. Link to post Share on other sites
Bod68 Posted December 10, 2005 Author Report Share Posted December 10, 2005 Logfile of HijackThis v1.99.1Scan saved at 01:52:12, on 10/12/2005Platform: Windows 2000 SP4 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINNT\System32\smss.exeC:\WINNT\SYSTEM32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\spoolsv.exeC:\WINNT\System32\3Com_DMI\3CDMINIC.EXEC:\Program Files\Dell\OpenManage\Client\ActionAgent.exeC:\DMI\WIN32\bin\DellDmi.exeC:\Program Files\Dell\OpenManage\Client\EventAgt.exeC:\Program Files\Dell\OpenManage\Client\DLT.exeC:\WINNT\System32\svchost.exeC:\Program Files\ewido\security suite\ewidoctrl.exeC:\Program Files\ewido\security suite\ewidoguard.exeC:\Program Files\Dell\OpenManage\Client\Iap.exeC:\WINNT\system32\MSTask.exeC:\dmi\win32\bin\Win32sl.exeC:\WINNT\system32\svchost.exeC:\WINNT\Explorer.EXEC:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeC:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exeC:\Program Files\SpywareGuard\sgmain.exeC:\Program Files\SpywareGuard\sgbhp.exeC:\Documents and Settings\Administrator\Desktop\HJT\HijackThis.exeO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dllO4 - HKLM\..\Run: [syszk.exe] C:\WINNT\system32\syszk.exeO4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logonO4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exeO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dllO16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.com/applet-6.4.3.36/omah...a-ob-assets.cabO16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.4.3.36/cana...a-ob-assets.cabO16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.4.3.36/chec...s-ob-assets.cabO16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-6.4.2.23/pool...l-ob-assets.cabO16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.4.3.36/jigs...w-ob-assets.cabO16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.4.3.36/lott...o-ob-assets.cabO16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.4.3.36/mahj...g-ob-assets.cabO16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.4.3.36/popf...u-ob-assets.cabO16 - DPF: PoppaZoppa by pogo - http://game1.pogo.com/applet-6.4.3.36/popp...a-ob-assets.cabO16 - DPF: Quick Quack by pogo - http://game1.pogo.com/applet-6.4.3.36/hots...k-ob-assets.cabO16 - DPF: QWERTY by pogo - http://game1.pogo.com/applet-6.4.3.36/squa...s-ob-assets.cabO16 - DPF: Ride The Tide by pogo - http://game1.pogo.com/applet-6.4.3.36/ride...e-ob-assets.cabO16 - DPF: Stellar Sweeper by pogo - http://game1.pogo.com/applet-6.4.3.36/swee...r-ob-assets.cabO16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.4.2.23/hold...m-ob-assets.cabO16 - DPF: The Sims Pinball by pogo - http://game1.pogo.com/applet-6.4.2.23/simb...l-ob-assets.cabO16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.com/applet-6.4.3.36/turb...1-ob-assets.cabO16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.4.3.36/word...2-ob-assets.cabO16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.4.2.23/worl...s-ob-assets.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1129575498628O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://us-housecall.trendmicro-europe.com/...ivex/hcImpl.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cabO23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINNT\appnc.exe (file missing)O23 - Service: 3Com DMI Agent (3ComDMIService) - 3Com Corporation - C:\WINNT\System32\3Com_DMI\3CDMINIC.EXEO23 - Service: ActionAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\ActionAgent.exeO23 - Service: DellDmi - Dell Computer Corporation - C:\DMI\WIN32\bin\DellDmi.exeO23 - Service: DEventAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\EventAgt.exeO23 - Service: DLT - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\DLT.exeO23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exeO23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exeO23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exeO23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exeO23 - Service: Win32Sl - Intel - C:\dmi\win32\bin\Win32sl.exeTaking an eternity to get the internet up and running now too The files just keep coming back :'( Link to post Share on other sites
therock247uk Posted December 10, 2005 Report Share Posted December 10, 2005 1.Download about:buster by RubbeRDuckY Here.Save the file somewhere you will remember like to the Desktop.Please run about:buster by RubbeRDuckY:Unzip the contents of AboutBuster.zip and an AboutBuster directory will be created.Navigate to the AboutBuster directory and double-click on AboutBuster.exe.Click "OK" at the prompt with instructions.Click "Update" and then "Check For Update" to begin the update process.If any updates exist please download them by clicking "Download Update" then click the X to close that window.Boot into safemode againOpen About:buster againClick Start and then OK to allow AboutBuster to scan for Alternate Data Streams.Click Yes to allow it to shutdown explorer.exe.It will begin to check your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.When it has finished, click Save Log. Make sure you save it as I may need a copy of it later.2. Reboot back into normal mode and download http://osc.geekstogo.com/cwsserviceremove.reg run it it will ask to merge into the registery say yes.3. Download and run http://cwshredder.net/bin/CWShredder.exe click fix. 4. Then post the about:buster log and a new Hijackthis log here in a reply. Link to post Share on other sites
Bod68 Posted December 10, 2005 Author Report Share Posted December 10, 2005 CWShredder **** Run Keys ****RUN: [syszk.exe] C:\WINNT\system32\syszk.exe RUN: [synchronization Manager] mobsync.exe /logon RUN: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM= **** Browser Helper Objects ****BHO: [AcroIEHlprObj Class] C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll BHO: [spywareGuardDLBLOCK.CBrowserHelper] C:\Program Files\SpywareGuard\dlprotect.dll **** IE Toolbars **** **** IE Extensions ****IEExt: [] IEExt: [Real.com] **** Hosts File Entries ****HOSTS: 127.0.0.1 localhost HOSTS: 127.0.0.1 localhost **** IE Settings ****Local Page: C:\WINNT\system32\blank.htm **** IE Context Menu (Right click) **** **** Layered Service Providers ****LSP: MSAFD Tcpip [TCP/IP] LSP: MSAFD Tcpip [uDP/IP] LSP: RSVP UDP Service Provider LSP: RSVP TCP Service Provider LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{88EA7AC8-6852-4E09-88A5-437B0ADCE6C7}] SEQPACKET 6 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{88EA7AC8-6852-4E09-88A5-437B0ADCE6C7}] DATAGRAM 6 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FA4ECA5F-8B3C-4E8F-AA8A-17CD9953D18B}] SEQPACKET 5 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FA4ECA5F-8B3C-4E8F-AA8A-17CD9953D18B}] DATAGRAM 5 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EA5AE7A9-520D-4C23-9E01-0456DA3747B9}] SEQPACKET 0 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EA5AE7A9-520D-4C23-9E01-0456DA3747B9}] DATAGRAM 0 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F8868156-8E81-4DE6-BC68-98E3D4E5C703}] SEQPACKET 1 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F8868156-8E81-4DE6-BC68-98E3D4E5C703}] DATAGRAM 1 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FEB09276-2684-45ED-BD81-E1198F37685C}] SEQPACKET 2 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FEB09276-2684-45ED-BD81-E1198F37685C}] DATAGRAM 2 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F45FBEDD-1FC0-4627-8BE0-C32E05D3677A}] SEQPACKET 3 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F45FBEDD-1FC0-4627-8BE0-C32E05D3677A}] DATAGRAM 3 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{781458C0-FA5E-43B7-9706-AAB8CD174C51}] SEQPACKET 4 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{781458C0-FA5E-43B7-9706-AAB8CD174C51}] DATAGRAM 4 **** Blocked Control Panel Items ****BLOCKED: [ncpa.cpl] No BLOCKED: [odbccp32.cpl] No **** Downloaded Program Files ****6th Street Omaha Poker by pogo [http://game1.pogo.com/applet-6.4.3.36/omaha/omaha-ob-assets.cab] Canasta by pogo [http://game1.pogo.com/applet-6.4.3.36/canasta/canasta-ob-assets.cab] Checkers by pogo [http://game1.pogo.com/applet-6.4.3.36/checkers2/checkers-ob-assets.cab] DirectAnimation Java Classes [file://C:\WINNT\Java\classes\dajava.cab] High Stakes Pool by pogo [http://game1.pogo.com/applet-6.4.2.23/pool2/pool-ob-assets.cab] Jigsaw Detective by pogo [http://game1.pogo.com/applet-6.4.3.36/jigsaw/jigsaw-ob-assets.cab] Lottso by pogo [http://game1.pogo.com/applet-6.4.3.36/lottso/lottso-ob-assets.cab] Mah Jong Garden by pogo [http://game1.pogo.com/applet-6.4.3.36/mahjong/mahjong-ob-assets.cab] Microsoft XML Parser for Java [file://C:\WINNT\Java\classes\xmldso.cab] Pop Fu by pogo [http://game1.pogo.com/applet-6.4.3.36/popfu/popfu-ob-assets.cab] PoppaZoppa by pogo [http://game1.pogo.com/applet-6.4.3.36/poppazoppa/poppazoppa-ob-assets.cab] Quick Quack by pogo [http://game1.pogo.com/applet-6.4.3.36/hotstreak/hotstreak-ob-assets.cab] QWERTY by pogo [http://game1.pogo.com/applet-6.4.3.36/squares/squares-ob-assets.cab] Ride The Tide by pogo [http://game1.pogo.com/applet-6.4.3.36/ride/ride-ob-assets.cab] Stellar Sweeper by pogo [http://game1.pogo.com/applet-6.4.3.36/sweeper/sweeper-ob-assets.cab] Texas Hold'em Poker by pogo [http://game1.pogo.com/applet-6.4.2.23/holdem/holdem-ob-assets.cab] The Sims Pinball by pogo [http://game1.pogo.com/applet-6.4.2.23/simball/simball-ob-assets.cab] Turbo 21 TM by pogo [http://game1.pogo.com/applet-6.4.3.36/turbo21/turbo21-ob-assets.cab] Word Whomp by pogo [http://game1.pogo.com/applet-6.4.3.36/wordwhomp2/whomp2-ob-assets.cab] World Class Solitaire by pogo [http://game1.pogo.com/applet-6.4.2.23/worldclass/worldclass-ob-assets.cab] {6414512B-B978-451D-A0D8-FCFDF33E833C} [http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129575498628] C:\WINNT\system32\wuweb.dll {6E5A37BF-FD42-463A-877C-4EB7002E68AE} [http://us-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab] C:\WINNT\system32\mfc42.dll C:\WINNT\system32\olepro32.dll C:\WINNT\Downloaded Program Files\Housecall_ActiveX.dll {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} [http://messenger.msn.com/download/msnmessengersetupdownloader.cab] **** Windows Services ****[3ComDMIService] C:\WINNT\System32\3Com_DMI\3CDMINIC.EXE [ActionAgent] C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe [Alerter] %SystemRoot%\System32\services.exe [AppMgmt] %SystemRoot%\system32\services.exe [bITS] %SystemRoot%\System32\svchost.exe -k BITSgroup [browser] %SystemRoot%\System32\services.exe [cisvc] C:\WINNT\System32\cisvc.exe [ClipSrv] %SystemRoot%\system32\clipsrv.exe [DellDmi] C:\DMI\WIN32\bin\DellDmi.exe [DEventAgent] C:\Program Files\Dell\OpenManage\Client\EventAgt.exe [Dhcp] %SystemRoot%\System32\services.exe [DLT] C:\Program Files\Dell\OpenManage\Client\DLT.exe [dmadmin] %SystemRoot%\System32\dmadmin.exe /com [dmserver] %SystemRoot%\System32\services.exe [Dnscache] %SystemRoot%\System32\services.exe [Eventlog] %SystemRoot%\system32\services.exe [EventSystem] C:\WINNT\System32\svchost.exe -k netsvcs [ewido security suite control] C:\Program Files\ewido\security suite\ewidoctrl.exe [ewido security suite guard] C:\Program Files\ewido\security suite\ewidoguard.exe [Fax] %systemroot%\system32\faxsvc.exe [iap] C:\Program Files\Dell\OpenManage\Client\Iap.exe [lanmanserver] %SystemRoot%\System32\services.exe [lanmanworkstation] %SystemRoot%\System32\services.exe [LmHosts] %SystemRoot%\System32\services.exe [Messenger] %SystemRoot%\System32\services.exe [mnmsrvc] C:\WINNT\System32\mnmsrvc.exe [MSDTC] C:\WINNT\system32\msdtc.exe [MSIServer] C:\WINNT\system32\msiexec.exe /V [NetDDE] %SystemRoot%\system32\netdde.exe [NetDDEdsdm] %SystemRoot%\system32\netdde.exe [Netlogon] %SystemRoot%\System32\lsass.exe [Netman] %SystemRoot%\System32\svchost.exe -k netsvcs [NtLmSsp] %SystemRoot%\System32\lsass.exe [NtmsSvc] %SystemRoot%\System32\svchost.exe -k netsvcs [ose] "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [PlugPlay] %SystemRoot%\system32\services.exe [PolicyAgent] %SystemRoot%\System32\lsass.exe [ProtectedStorage] %SystemRoot%\system32\services.exe [RasAuto] %SystemRoot%\System32\svchost.exe -k netsvcs [RasMan] %SystemRoot%\System32\svchost.exe -k netsvcs [RemoteAccess] %SystemRoot%\System32\svchost.exe -k netsvcs [RemoteRegistry] %SystemRoot%\system32\regsvc.exe [RpcLocator] %SystemRoot%\System32\locator.exe [RpcSs] %SystemRoot%\system32\svchost -k rpcss [RSVP] %SystemRoot%\System32\rsvp.exe -s [samSs] %SystemRoot%\system32\lsass.exe [sCardDrv] %SystemRoot%\System32\SCardSvr.exe [sCardSvr] %SystemRoot%\System32\SCardSvr.exe [schedule] %SystemRoot%\system32\MSTask.exe [seclogon] %SystemRoot%\system32\services.exe [sENS] %SystemRoot%\system32\svchost.exe -k netsvcs [sharedAccess] %SystemRoot%\System32\svchost.exe -k netsvcs [spooler] %SystemRoot%\system32\spoolsv.exe [sysmonLog] %SystemRoot%\system32\smlogsvc.exe [TapiSrv] %SystemRoot%\System32\svchost.exe -k netsvcs [TlntSvr] %SystemRoot%\system32\tlntsvr.exe [TrkWks] %SystemRoot%\system32\services.exe [uPS] %SystemRoot%\System32\ups.exe [utilMan] %SystemRoot%\System32\UtilMan.exe [W32Time] %SystemRoot%\System32\services.exe [Win32Sl] C:\dmi\win32\bin\Win32sl.exe [WinMgmt] %SystemRoot%\System32\WBEM\WinMgmt.exe [WmdmPmSN] %SystemRoot%\System32\svchost.exe -k netsvcs [Wmi] %SystemRoot%\system32\Services.exe [wuauserv] %systemroot%\system32\svchost.exe -k wugroup [WZCSVC] %SystemRoot%\System32\svchost.exe -k netsvcs **** Custom IE Search Items ****SEARCH: [searchAssistant] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm SEARCH: [CustomizeSearch] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm **** Complete IE Options ****IEOPT: [NoUpdateCheck] IEOPT: [NoJITSetup] IEOPT: [show_ChannelBand] No IEOPT: [Anchor Underline] yes IEOPT: [Cache_Update_Frequency] Once_Per_Session IEOPT: [Display Inline Images] yes IEOPT: [Do404Search] IEOPT: [Local Page] C:\WINNT\system32\blank.htm IEOPT: [save_Session_History_On_Exit] no IEOPT: [show_FullURL] no IEOPT: [show_StatusBar] yes IEOPT: [show_ToolBar] yes IEOPT: [show_URLinStatusBar] yes IEOPT: [show_URLToolBar] yes IEOPT: [use_DlgBox_Colors] yes IEOPT: [Q261272] yes IEOPT: [Error Dlg Displayed On Every Error] no IEOPT: [Error Dlg Details Pane Open] no IEOPT: [Disable Script Debugger] yes IEOPT: [FullScreen] no IEOPT: [Window_Placement] , IEOPT: [NotifyDownloadComplete] no IEOPT: [use FormSuggest] no IEOPT: [AddToFavoritesExpanded] IEOPT: [FormSuggest PW Ask] no IEOPT: [Expand Alt Text] no IEOPT: [Move System Caret] no IEOPT: [NscSingleExpand] IEOPT: [NoWebJITSetup] IEOPT: [Page_Transitions] IEOPT: [FavIntelliMenus] no IEOPT: [Enable Browser Extensions] yes IEOPT: [Force Offscreen Composition] IEOPT: [AllowWindowReuse] IEOPT: [Friendly http errors] yes IEOPT: [showGoButton] yes IEOPT: [smoothScroll] IEOPT: [Enable AutoImageResize] yes IEOPT: [Enable_MyPics_Hoverbar] yes IEOPT: [Play_Animations] yes IEOPT: [Play_Background_Sounds] yes IEOPT: [Display Inline Videos] yes IEOPT: [show image placeholders] IEOPT: [Print_Background] no IEOPT: [Check_Associations] no IEOPT: [LastCheckedHi] IEOPT: [AutoSearch] IEOPT: [start Page] about:blank IEOPT: [use Search Asst] no IEOPT: [Enable_Disk_Cache] yes IEOPT: [Cache_Percent_of_Disk] IEOPT: [Delete_Temp_Files_On_Exit] yes IEOPT: [Local Page] %SystemRoot%\system32\blank.htm IEOPT: [Anchor_Visitation_Horizon] IEOPT: [use_Async_DNS] yes IEOPT: [Placeholder_Width] IEOPT: [Placeholder_Height] IEOPT: [start Page] about:blank IEOPT: [CompanyName] Microsoft Corporation IEOPT: [Custom_Key] MICROSO IEOPT: [Wizard_Version] 6.00.2800.1106 IEOPT: [FullScreen] no IEOPT: [Check_Associations] yes IEOPT: [use Search Asst] no AB LogfileAboutBuster 5.1, reference file 33Scan started on [10/12/2005] at [06:54:16]------------------------------------------------No Ads Found!------------------------------------------------No Files Found!------------------------------------------------Scan was COMPLETED SUCCESSFULLY at 06:55:03 Link to post Share on other sites
Bod68 Posted December 10, 2005 Author Report Share Posted December 10, 2005 Logfile of HijackThis v1.99.1Scan saved at 07:02:47, on 10/12/2005Platform: Windows 2000 SP4 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINNT\System32\smss.exeC:\WINNT\SYSTEM32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\spoolsv.exeC:\WINNT\System32\3Com_DMI\3CDMINIC.EXEC:\Program Files\Dell\OpenManage\Client\ActionAgent.exeC:\DMI\WIN32\bin\DellDmi.exeC:\Program Files\Dell\OpenManage\Client\EventAgt.exeC:\Program Files\Dell\OpenManage\Client\DLT.exeC:\WINNT\System32\svchost.exeC:\Program Files\ewido\security suite\ewidoctrl.exeC:\Program Files\ewido\security suite\ewidoguard.exeC:\Program Files\Dell\OpenManage\Client\Iap.exeC:\WINNT\system32\MSTask.exeC:\dmi\win32\bin\Win32sl.exeC:\WINNT\system32\svchost.exeC:\WINNT\Explorer.EXEC:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exeC:\Program Files\SpywareGuard\sgmain.exeC:\Program Files\SpywareGuard\sgbhp.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Documents and Settings\Administrator\Desktop\HJT\HijackThis.exeO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dllO4 - HKLM\..\Run: [syszk.exe] C:\WINNT\system32\syszk.exeO4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logonO4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exeO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dllO16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.com/applet-6.4.3.36/omah...a-ob-assets.cabO16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.4.3.36/cana...a-ob-assets.cabO16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.4.3.36/chec...s-ob-assets.cabO16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-6.4.2.23/pool...l-ob-assets.cabO16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.4.3.36/jigs...w-ob-assets.cabO16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.4.3.36/lott...o-ob-assets.cabO16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.4.3.36/mahj...g-ob-assets.cabO16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.4.3.36/popf...u-ob-assets.cabO16 - DPF: PoppaZoppa by pogo - http://game1.pogo.com/applet-6.4.3.36/popp...a-ob-assets.cabO16 - DPF: Quick Quack by pogo - http://game1.pogo.com/applet-6.4.3.36/hots...k-ob-assets.cabO16 - DPF: QWERTY by pogo - http://game1.pogo.com/applet-6.4.3.36/squa...s-ob-assets.cabO16 - DPF: Ride The Tide by pogo - http://game1.pogo.com/applet-6.4.3.36/ride...e-ob-assets.cabO16 - DPF: Stellar Sweeper by pogo - http://game1.pogo.com/applet-6.4.3.36/swee...r-ob-assets.cabO16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.4.2.23/hold...m-ob-assets.cabO16 - DPF: The Sims Pinball by pogo - http://game1.pogo.com/applet-6.4.2.23/simb...l-ob-assets.cabO16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.com/applet-6.4.3.36/turb...1-ob-assets.cabO16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.4.3.36/word...2-ob-assets.cabO16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.4.2.23/worl...s-ob-assets.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1129575498628O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://us-housecall.trendmicro-europe.com/...ivex/hcImpl.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cabO23 - Service: 3Com DMI Agent (3ComDMIService) - 3Com Corporation - C:\WINNT\System32\3Com_DMI\3CDMINIC.EXEO23 - Service: ActionAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\ActionAgent.exeO23 - Service: DellDmi - Dell Computer Corporation - C:\DMI\WIN32\bin\DellDmi.exeO23 - Service: DEventAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\EventAgt.exeO23 - Service: DLT - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\DLT.exeO23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exeO23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exeO23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exeO23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exeO23 - Service: Win32Sl - Intel - C:\dmi\win32\bin\Win32sl.exe Link to post Share on other sites
therock247uk Posted December 10, 2005 Report Share Posted December 10, 2005 1. Make sure your PC is set to show all hidden files and folders go here for instructions on how to do this. http://pchowtos.co.uk/index.php?page=tutor...tion=view&id=342. Boot into safemode to do this keep tapping F8 on your keyboard while your PC is starting up you will get a menu select safemode.3. While in safemode open Hijackthis and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis.O4 - HKLM\..\Run: [syszk.exe] C:\WINNT\system32\syszk.exe4. Delete the files. (if present)C:\WINNT\system32\syszk.exe5. Reboot and post a new Hijackthis log here in a reply. Link to post Share on other sites
Bod68 Posted December 10, 2005 Author Report Share Posted December 10, 2005 Logfile of HijackThis v1.99.1Scan saved at 16:41:04, on 10/12/2005Platform: Windows 2000 SP4 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINNT\System32\smss.exeC:\WINNT\SYSTEM32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\spoolsv.exeC:\WINNT\System32\3Com_DMI\3CDMINIC.EXEC:\Program Files\Dell\OpenManage\Client\ActionAgent.exeC:\DMI\WIN32\bin\DellDmi.exeC:\Program Files\Dell\OpenManage\Client\EventAgt.exeC:\Program Files\Dell\OpenManage\Client\DLT.exeC:\WINNT\System32\svchost.exeC:\Program Files\ewido\security suite\ewidoctrl.exeC:\Program Files\ewido\security suite\ewidoguard.exeC:\Program Files\Dell\OpenManage\Client\Iap.exeC:\WINNT\system32\MSTask.exeC:\dmi\win32\bin\Win32sl.exeC:\WINNT\system32\svchost.exeC:\WINNT\Explorer.EXEC:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeC:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exeC:\Program Files\SpywareGuard\sgmain.exeC:\Program Files\SpywareGuard\sgbhp.exeC:\Documents and Settings\Administrator\Desktop\HJT\HijackThis.exeO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dllO4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logonO4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exeO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dllO16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.com/applet-6.4.3.36/omah...a-ob-assets.cabO16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.4.3.36/cana...a-ob-assets.cabO16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.4.3.36/chec...s-ob-assets.cabO16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-6.4.2.23/pool...l-ob-assets.cabO16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.4.3.36/jigs...w-ob-assets.cabO16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.4.3.36/lott...o-ob-assets.cabO16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.4.3.36/mahj...g-ob-assets.cabO16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.4.3.36/popf...u-ob-assets.cabO16 - DPF: PoppaZoppa by pogo - http://game1.pogo.com/applet-6.4.3.36/popp...a-ob-assets.cabO16 - DPF: Quick Quack by pogo - http://game1.pogo.com/applet-6.4.3.36/hots...k-ob-assets.cabO16 - DPF: QWERTY by pogo - http://game1.pogo.com/applet-6.4.3.36/squa...s-ob-assets.cabO16 - DPF: Ride The Tide by pogo - http://game1.pogo.com/applet-6.4.3.36/ride...e-ob-assets.cabO16 - DPF: Stellar Sweeper by pogo - http://game1.pogo.com/applet-6.4.3.36/swee...r-ob-assets.cabO16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.4.2.23/hold...m-ob-assets.cabO16 - DPF: The Sims Pinball by pogo - http://game1.pogo.com/applet-6.4.2.23/simb...l-ob-assets.cabO16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.com/applet-6.4.3.36/turb...1-ob-assets.cabO16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.4.3.36/word...2-ob-assets.cabO16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.4.2.23/worl...s-ob-assets.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1129575498628O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://us-housecall.trendmicro-europe.com/...ivex/hcImpl.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cabO23 - Service: 3Com DMI Agent (3ComDMIService) - 3Com Corporation - C:\WINNT\System32\3Com_DMI\3CDMINIC.EXEO23 - Service: ActionAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\ActionAgent.exeO23 - Service: DellDmi - Dell Computer Corporation - C:\DMI\WIN32\bin\DellDmi.exeO23 - Service: DEventAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\EventAgt.exeO23 - Service: DLT - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\DLT.exeO23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exeO23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exeO23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exeO23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exeO23 - Service: Win32Sl - Intel - C:\dmi\win32\bin\Win32sl.exe Link to post Share on other sites
therock247uk Posted December 10, 2005 Report Share Posted December 10, 2005 Your log is clean Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:Spywareblaster <= SpywareBlaster will prevent spyware from being installed.Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.To protect yourself further: IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computerGoogle Toolbar <= Get the free google toolbar to help stop pop up windows.I also suggest that you delete any files from "temp", "tmp" folders. In Internet Explorer, click on "Tools" => "Internet Options" => "Delete Files" and select the box that says "Delete All Offline Content" and click on "OK" twice. Also, empty the recycle bin by right clicking on it and selecting "Empty Recycle Bin". These steps should be done on a regular basis. Link to post Share on other sites
Bod68 Posted December 10, 2005 Author Report Share Posted December 10, 2005 Yes it seems fine now thanks for all your help One thing my Homepage is still set to about:blank and I noticed in Hijack This there isn't a O3 file...Any ideas? Is there a fix for this, sure there is but just checking.Thanks Again m8 for your speedy work! Link to post Share on other sites
Bod68 Posted December 10, 2005 Author Report Share Posted December 10, 2005 Also get this on STARTUP too...BROWSER HIJACK ALERT - BROWSER PAGE CHANGEDOn 01:26:49 12/10/2005 a browser page change was detected.Registry Location: HKCU\Software\Microsoft\Internet Explorer\Main\Value Name: Search BarOld Value: res://C:\WINNT\eoxzw.dll/sp.html#34154New Value: res://C:\WINNT\axoyd.dll/sp.html#34154User Action Taken: KEEP NEW VALUE Link to post Share on other sites
therock247uk Posted December 10, 2005 Report Share Posted December 10, 2005 about:blank is ok..Post a new Hijackthis lgo here in a reply Link to post Share on other sites
Bod68 Posted December 10, 2005 Author Report Share Posted December 10, 2005 Logfile of HijackThis v1.99.1Scan saved at 22:07:34, on 10/12/2005Platform: Windows 2000 SP4 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINNT\System32\smss.exeC:\WINNT\SYSTEM32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\spoolsv.exeC:\WINNT\System32\3Com_DMI\3CDMINIC.EXEC:\Program Files\Dell\OpenManage\Client\ActionAgent.exeC:\DMI\WIN32\bin\DellDmi.exeC:\Program Files\Dell\OpenManage\Client\EventAgt.exeC:\Program Files\Dell\OpenManage\Client\DLT.exeC:\WINNT\System32\svchost.exeC:\Program Files\ewido\security suite\ewidoctrl.exeC:\Program Files\ewido\security suite\ewidoguard.exeC:\Program Files\Dell\OpenManage\Client\Iap.exeC:\WINNT\system32\MSTask.exeC:\dmi\win32\bin\Win32sl.exeC:\WINNT\system32\svchost.exeC:\WINNT\Explorer.EXEC:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeC:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exeC:\Program Files\SpywareGuard\sgmain.exeC:\Program Files\SpywareGuard\sgbhp.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Documents and Settings\Administrator\Desktop\HJT\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dllO4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logonO4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exeO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dllO16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.com/applet-6.4.3.36/omah...a-ob-assets.cabO16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.4.3.36/cana...a-ob-assets.cabO16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.4.3.36/chec...s-ob-assets.cabO16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-6.4.2.23/pool...l-ob-assets.cabO16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.4.3.36/jigs...w-ob-assets.cabO16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.4.3.36/lott...o-ob-assets.cabO16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.4.3.36/mahj...g-ob-assets.cabO16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.4.3.36/popf...u-ob-assets.cabO16 - DPF: PoppaZoppa by pogo - http://game1.pogo.com/applet-6.4.3.36/popp...a-ob-assets.cabO16 - DPF: Quick Quack by pogo - http://game1.pogo.com/applet-6.4.3.36/hots...k-ob-assets.cabO16 - DPF: QWERTY by pogo - http://game1.pogo.com/applet-6.4.3.36/squa...s-ob-assets.cabO16 - DPF: Ride The Tide by pogo - http://game1.pogo.com/applet-6.4.3.36/ride...e-ob-assets.cabO16 - DPF: Stellar Sweeper by pogo - http://game1.pogo.com/applet-6.4.3.36/swee...r-ob-assets.cabO16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.4.2.23/hold...m-ob-assets.cabO16 - DPF: The Sims Pinball by pogo - http://game1.pogo.com/applet-6.4.2.23/simb...l-ob-assets.cabO16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.com/applet-6.4.3.36/turb...1-ob-assets.cabO16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.4.3.36/word...2-ob-assets.cabO16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.4.2.23/worl...s-ob-assets.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1129575498628O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://us-housecall.trendmicro-europe.com/...ivex/hcImpl.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cabO23 - Service: 3Com DMI Agent (3ComDMIService) - 3Com Corporation - C:\WINNT\System32\3Com_DMI\3CDMINIC.EXEO23 - Service: ActionAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\ActionAgent.exeO23 - Service: DellDmi - Dell Computer Corporation - C:\DMI\WIN32\bin\DellDmi.exeO23 - Service: DEventAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\EventAgt.exeO23 - Service: DLT - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\DLT.exeO23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exeO23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exeO23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exeO23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exeO23 - Service: Win32Sl - Intel - C:\dmi\win32\bin\Win32sl.exe Link to post Share on other sites
Bod68 Posted December 10, 2005 Author Report Share Posted December 10, 2005 As I said I'm still getting this keeps popping up... Not sure what it is?!?BROWSER HIJACK ALERT - BROWSER PAGE CHANGEDOn 01:26:49 12/10/2005 a browser page change was detected.Registry Location: HKCU\Software\Microsoft\Internet Explorer\Main\Value Name: Search BarOld Value: res://C:\WINNT\eoxzw.dll/sp.html#34154New Value: res://C:\WINNT\axoyd.dll/sp.html#34154User Action Taken: KEEP NEW VALUE Link to post Share on other sites
therock247uk Posted December 10, 2005 Report Share Posted December 10, 2005 Boot into safemode to do this keep tapping F8 on your keyboard while your PC is starting up you will get a menu select safemode.Open Ewido againClick on scannerClick on Complete System Scan and the scan will begin.While the scan is in progress you will be prompted to clean files, click OKWhen it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.Once the scan has completed, there will be a button located on the bottom of the screen named Save reportClick Save report.Save the report .txt file to your desktop.Now close ewido security suite.Reboot and Post the report Ewido made and a new Hijackthis log here in a reply. Link to post Share on other sites
Bod68 Posted December 11, 2005 Author Report Share Posted December 11, 2005 --------------------------------------------------------- ewido security suite - Scan report--------------------------------------------------------- + Created on: 09:43:29, 11/12/2005 + Report-Checksum: F8F31A62 + Scan result: C:\WINNT\desktop.html -> Hijacker.Generic : Cleaned with backup C:\WINNT\DirectX.log:mvglm -> Downloader.Agent.td : Cleaned with backup C:\WINNT\mfchn.exe -> Downloader.Agent.td : Cleaned with backup C:\WINNT\qfjsd.dll -> Adware.SearchPage : Cleaned with backup C:\WINNT\Rhododendron.bmp:hvwyv -> Downloader.Agent.td : Cleaned with backup::Report End---------Logfile of HijackThis v1.99.1Scan saved at 09:47:36, on 11/12/2005Platform: Windows 2000 SP4 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINNT\System32\smss.exeC:\WINNT\SYSTEM32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\spoolsv.exeC:\WINNT\System32\3Com_DMI\3CDMINIC.EXEC:\Program Files\Dell\OpenManage\Client\ActionAgent.exeC:\DMI\WIN32\bin\DellDmi.exeC:\Program Files\Dell\OpenManage\Client\EventAgt.exeC:\Program Files\Dell\OpenManage\Client\DLT.exeC:\WINNT\System32\svchost.exeC:\Program Files\ewido\security suite\ewidoctrl.exeC:\Program Files\ewido\security suite\ewidoguard.exeC:\Program Files\Dell\OpenManage\Client\Iap.exeC:\WINNT\system32\MSTask.exeC:\dmi\win32\bin\Win32sl.exeC:\WINNT\system32\svchost.exeC:\WINNT\Explorer.EXEC:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeC:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exeC:\Program Files\SpywareGuard\sgmain.exeC:\Program Files\SpywareGuard\sgbhp.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Documents and Settings\Administrator\Desktop\HJT\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dllO4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logonO4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exeO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dllO16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.com/applet-6.4.3.36/omah...a-ob-assets.cabO16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.4.3.36/cana...a-ob-assets.cabO16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.4.3.36/chec...s-ob-assets.cabO16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-6.4.2.23/pool...l-ob-assets.cabO16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.4.3.36/jigs...w-ob-assets.cabO16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.4.3.36/lott...o-ob-assets.cabO16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.4.3.36/mahj...g-ob-assets.cabO16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.4.3.36/popf...u-ob-assets.cabO16 - DPF: PoppaZoppa by pogo - http://game1.pogo.com/applet-6.4.3.36/popp...a-ob-assets.cabO16 - DPF: Quick Quack by pogo - http://game1.pogo.com/applet-6.4.3.36/hots...k-ob-assets.cabO16 - DPF: QWERTY by pogo - http://game1.pogo.com/applet-6.4.3.36/squa...s-ob-assets.cabO16 - DPF: Ride The Tide by pogo - http://game1.pogo.com/applet-6.4.3.36/ride...e-ob-assets.cabO16 - DPF: Stellar Sweeper by pogo - http://game1.pogo.com/applet-6.4.3.36/swee...r-ob-assets.cabO16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.4.2.23/hold...m-ob-assets.cabO16 - DPF: The Sims Pinball by pogo - http://game1.pogo.com/applet-6.4.2.23/simb...l-ob-assets.cabO16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.com/applet-6.4.3.36/turb...1-ob-assets.cabO16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.4.3.36/word...2-ob-assets.cabO16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.4.2.23/worl...s-ob-assets.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1129575498628O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://us-housecall.trendmicro-europe.com/...ivex/hcImpl.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cabO23 - Service: 3Com DMI Agent (3ComDMIService) - 3Com Corporation - C:\WINNT\System32\3Com_DMI\3CDMINIC.EXEO23 - Service: ActionAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\ActionAgent.exeO23 - Service: DellDmi - Dell Computer Corporation - C:\DMI\WIN32\bin\DellDmi.exeO23 - Service: DEventAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\EventAgt.exeO23 - Service: DLT - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\DLT.exeO23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exeO23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exeO23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exeO23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exeO23 - Service: Win32Sl - Intel - C:\dmi\win32\bin\Win32sl.exe Link to post Share on other sites
therock247uk Posted December 11, 2005 Report Share Posted December 11, 2005 Still getting popups about BROWSER HIJACK ALERT - BROWSER PAGE CHANGED? Link to post Share on other sites
Bod68 Posted December 11, 2005 Author Report Share Posted December 11, 2005 I was but I was running ewido on startup so uninstalled that now and it seems fine ty Link to post Share on other sites
therock247uk Posted December 12, 2005 Report Share Posted December 12, 2005 Good please follow my prevention post i posted earlyer.Closing and moving topic. Link to post Share on other sites
Recommended Posts