Have a computer infected with multiple malware. I have used spybot, ad-aware, Mcafee, trojan hunter, ewido Anti-Malware. Still having issues. The one that is noticable is search engine hook. Here is the Hijack this log and ewido Anti Malware log.
Logfile of HijackThis v1.99.1
Scan saved at 1:00:54 PM, on 9/28/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\WINNT\system32\basfipm.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINNT\ICSVRNT.EXE
C:\WINNT\system32\LxrSII1s.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\MK Net Work\ZipMail LN\zmailLN.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\wuauclt.exe
C:\Documents and Settings\alstom\Desktop\Hijack\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: (no name) - {54FD6BB0-B2CB-ED8B-04A5-811619278DB7} - DCC_send.dll (file missing)
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ZipMail LN System Tray add-on] "C:\Program Files\MK Net Work\ZipMail LN\zmailLN.exe" 001
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - Startup: Microsoft Find Fast.lnk.disabled
O4 - Startup: Office Startup.lnk.disabled
O4 - Global Startup: Digital Line Detect.lnk.disabled
O4 - Global Startup: Exif Launcher.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://10.19.65.251/iNotes6W.cab
O16 - DPF: {5BDBA960-6534-11D3-97C7-00500422B550} (LotusDRSControl Class) - https://10.19.65.251.../dolcontrol.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://download.game...ameLauncher.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{262251C4-5671-463E-BF71-D3EDAB26051F}: NameServer = 85.255.116.40,85.255.112.115
O17 - HKLM\System\CCS\Services\Tcpip\..\{B233F255-0714-4E3B-B7D0-753CFB710F4A}: NameServer = 85.255.116.40,85.255.112.115
O17 - HKLM\System\CCS\Services\Tcpip\..\{E7935460-D6FF-4F93-BFCC-CC06BDF061E8}: NameServer = 85.255.116.40,85.255.112.115
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.40 85.255.112.115
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.40 85.255.112.115
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.40 85.255.112.115
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINNT\system32\basfipm.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InterCom Server (InterCom) - CNS International - C:\WINNT\ICSVRNT.EXE
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINNT\SYSTEM32\LxrSII1s.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
here is ewido log
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 12:29:35 PM 9/28/2006
+ Scan result:
[180] VM_00B40000 -> Downloader.Agent.uj : Error during cleaning.
[200] VM_009B0000 -> Downloader.Agent.uj : Error during cleaning.
[436] VM_006B0000 -> Downloader.Agent.uj : Error during cleaning.
[444] VM_00840000 -> Downloader.Agent.uj : Error during cleaning.
::Report end
any suggestions is greatly appreciated