I've read and done all in THIS LINK but still get a 017 referal to the above site. Who the [bleep] are these people ? Can't they be stopped ? If one enters that number in Google one gets pages of entries with various forums etc. but nothing I've seen so far works.
So after the above, here is my HijackThis log. I actually uninstalled the Google Toolbar but it appears to have left overs......
Logfile of HijackThis v1.99.1 Scan saved at 13:13:46, on 20.07.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT5\System32\smss.exe C:\WINNT5\system32\winlogon.exe C:\WINNT5\system32\services.exe C:\WINNT5\system32\lsass.exe C:\WINNT5\system32\svchost.exe C:\WINNT5\System32\svchost.exe C:\WINNT5\system32\spoolsv.exe E:\AVPersonal\AVGUARD.EXE E:\AVPersonal\AVWUPSRV.EXE C:\programme\ewido\security suite\ewidoctrl.exe C:\WINNT5\System32\svchost.exe C:\WINNT5\system32\ZONELABS\vsmon.exe C:\WINNT5\Explorer.EXE C:\WINNT5\System32\wbem\wmiapsrv.exe D:\ZoneAlarm\zlclient.exe E:\AVPersonal\AVGNT.EXE D:\freemem\FMEMPRO.EXE C:\WINNT5\System32\ctfmon.exe D:\TerraTec\DMX 6fire\DMX6Fire.exe E:\SpyWare\Hijackthis1_99_1.exe D:\NoteTab\NoteTab.exe C:\Programme\Internet Explorer\IEXPLORE.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINNT5\System32\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINNT5\System32\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer 6 O2 - BHO: Internet Explorer Hot Fix - {13EB9F96-22D7-44FB-89BD-BE859A74C02E} - C:\WINNT5\System32\yrjdi.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Spybot\SDHelper.dll (file missing) O4 - HKLM\..\Run: [Zone Labs Client] D:\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [ Services.dll] C:\WINNT5\msagent\system\smss.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT5\system32\NeroCheck.exe O4 - HKLM\..\Run: [AVGCtrl] "E:\AVPersonal\AVGNT.EXE" /min O4 - HKCU\..\Run: [FreeMem Pro] "D:\freemem\FMEMPRO.EXE" Startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT5\System32\ctfmon.exe O4 - Global Startup: DMX 6fire 2496 ControlPanel.lnk = D:\TerraTec\DMX 6fire\DMX6Fire.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Backward Links - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\programme\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE O17 - HKLM\System\CCS\Services\Tcpip\..\{70B6B555-C2FB-4F0B-A316-B99DFD661749}: NameServer = 69.50.184.84 195.225.176.37 O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - E:\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - E:\AVPersonal\AVWUPSRV.EXE O23 - Service: ewido security suite control - ewido networks - C:\programme\ewido\security suite\ewidoctrl.exe O23 - Service: Speed Disk service - Symantec Corporation - d:\Speed Disk\nopdb.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT5\system32\ZONELABS\vsmon.exe
Thanks for any practical advice.
BTW, I can boot into DOS 7.1 to delete stuff
cheers
maa
Edited by maa, 22 July 2005 - 02:52 AM.