Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

IE start page changing to about:blank [CLOSED]


  • This topic is locked This topic is locked

#1
blameless

blameless

    New Member

  • Member
  • Pip
  • 3 posts
My IE homepage is being repeatedly changed to about:blank. It's not redirecting to any search pages just resetting the start page. I've run Ad Aware, CW Shredder etc but nothing seems to haev found it. Any help appreciated.


Logfile of HijackThis v1.99.1
Scan saved at 16:29:02, on 14/09/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINNT\System32\CTsvcCDA.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\PGPsdkServ.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\Program Files\Network Associates\PGP for Windows 2000\PGPservice.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\spool\DRIVERS\W32X86\hpoopm07.exe
C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe
C:\WINNT\system32\CTHELPER.EXE
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\WINPAT~1.EXE
C:\Program Files\Network Associates\PGP for Windows 2000\PGPtray.exe
C:\PROGRA~1\HEWLET~1\HPOFFI~1\bin\hpoevm07.exe
C:\WINNT\system32\hpoipm07.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper\CCHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINNT\System32\spool\DRIVERS\W32X86\hpoopm07.exe
O4 - HKLM\..\Run: [HP Lamp] "C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe"
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\\NVCpl.dll,NvStartup
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [projselector] "C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [Acronis True Image Monitor] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [WinPatrol PLUS] C:\PROGRA~1\BILLPS~1\WINPAT~1\WINPAT~1.EXE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKCU\..\Run: [Mail.com] C:\Program Files\mail.com\mcalert.exe -auto
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe"
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HPAiODevice.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet G Series\bin\hpodev07.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PGPtray.lnk = C:\Program Files\Network Associates\PGP for Windows 2000\PGPtray.exe
O4 - Global Startup: Portfolio Express.lnk = C:\Program Files\Extensis\Portfolio 7\Portfolio Express.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Grab - {F5A9CAEC-6283-44F7-82EC-04757B12DB16} - C:\Program Files\Hibrosoft\SmartGrabber\HSSmartGrabber.dll
O9 - Extra 'Tools' menuitem: Grab... (SmartGrabber) - {F5A9CAEC-6283-44F7-82EC-04757B12DB16} - C:\Program Files\Hibrosoft\SmartGrabber\HSSmartGrabber.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0191ABF4-9421-435E-9FFD-CD827A2A82D8} - http://download.tibs....com/tl7000.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downlo...UTH_1025_EN.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay10...es/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comne...iveSecurity.cab
O16 - DPF: {94F5DCB7-816C-4B94-A2C1-856C6E323C5B} - http://akamai.downlo...ervice_4_EN.cab
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://217.73.66.1/m...GB/910148__.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = SOLARNET.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{66FE9CA1-802A-4377-A908-9E5945FB20D4}: NameServer = 158.43.128.1,158.43.192.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = SOLARNET.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = SOLARNET.local
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: PGPsdkService (PGPsdkServ) - Network Associates Technology, Inc. - C:\WINNT\system32\PGPsdkServ.exe
O23 - Service: PGPService - Networks Associates Technology, Inc. - C:\Program Files\Network Associates\PGP for Windows 2000\PGPservice.exe
  • 0

Advertisements


#2
didom

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
Scan again with HijackThis and check the following items:

R3 - Default URLSearchHook is missing
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)

After checking these items, close all browser windows except HijackThis and click "Fix checked".

Then reboot your computer.

Run Panda's online virus scan and perform a full system scan: Panda ActiveScan

Save the scan log and post it along with a new HijackThis Log in your next reply.
  • 0

#3
blameless

blameless

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Thanks for the help. I've done that and the new logs are below:

PANDA SCAN

Incident Status Location
Dialer:Dialer.AL No disinfected C:\Documents and Settings\mike.sinhaus\Application Data\Mozilla\Profiles\default\ld3fa8o3.slt\Mail\212.69.210.218\Inbox[movies.zip][1714.exe]
Dialer:Dialer.AL No disinfected C:\Documents and Settings\mike.sinhaus\Application Data\Mozilla\Profiles\default\ld3fa8o3.slt\Mail\212.69.210.218\Trash[movies.zip][1714.exe]
Dialer:Dialer.BAG No disinfected C:\Documents and Settings\mike.sinhaus\Local Settings\Temp\111D45.tmp

Dialer:Dialer.BAG No disinfected C:\Documents and Settings\mike.sinhaus\Local Settings\Temp\111D4A.tmp
Spyware:Spyware/BetterInet No disinfected C:\Documents and Settings\mike.sinhaus\Local Settings\Temp\banner.exe
Adware:adware/ipinsight No disinfected C:\Documents and Settings\mike.sinhaus\Local Settings\Temp\conscorr.cab
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\mike.sinhaus\Local Settings\Temp\conscorr.cab[conscorr.inf]
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\mike.sinhaus\Local Settings\Temp\conscorr.cab[conscorr.exe]
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\mike.sinhaus\Local Settings\Temp\conscorr.cab[conscorr.ini]
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\mike.sinhaus\Local Settings\Temp\conscorr.exe
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\mike.sinhaus\Local Settings\Temp\conscorr.inf
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\mike.sinhaus\Local Settings\Temp\conscorr.ini
Adware:Adware/nCase No disinfected C:\Documents and Settings\mike.sinhaus\Local Settings\Temp\Del12.tmp
Dialer:Dialer.TS No disinfected C:\Documents and Settings\mike.sinhaus\Local Settings\Temp\dia46A.exe
Dialer:Dialer.CTA No disinfected C:\Documents and Settings\mike.sinhaus\Local Settings\Temp\dia471.exe
Possible Virus. No disinfected C:\Documents and Settings\mike.sinhaus\Local Settings\Temp\dia49B.exe
Possible Virus. No disinfected C:\Documents and Settings\mike.sinhaus\Local Settings\Temp\dia4A2.exe
Possible Virus. No disinfected C:\Documents and Settings\mike.sinhaus\Local Settings\Temp\dia4A29.exe
Possible Virus. No disinfected C:\Documents and Settings\mike.sinhaus\Local Settings\Temp\dia4A2A.exe
Possible Virus. No disinfected C:\Documents and Settings\mike.sinhaus\Local Settings\Temp\dia4A4.exe
Possible Virus. No disinfected C:\Documents and Settings\mike.sinhaus\Local Settings\Temp\dia5FE.exe
Dialer:Dialer.CTA No disinfected C:\Documents and Settings\mike.sinhaus\Local Settings\Temp\dia65.exe
Possible Virus. No disinfected C:\Documents and Settings\mike.sinhaus\Local Settings\Temp\dia6FA.exe
Possible Virus. No disinfected C:\Documents and Settings\mike.sinhaus\Local Settings\Temp\diaCF8.exe
Possible Virus. No disinfected C:\Documents and Settings\mike.sinhaus\Local Settings\Temp\diaF10.exe
Adware:Adware/TopRebates No disinfected C:\Documents and Settings\mike.sinhaus\Local Settings\Temp\djtopr1150.exe
Dialer:Dialer.Gen No disinfected C:\Documents and Settings\mike.sinhaus\Local Settings\Temp\dload.exe023
Dialer:Dialer.Gen No disinfected C:\Documents and Settings\mike.sinhaus\Local Settings\Temp\dload.exe050
Dialer:Dialer.Gen No disinfected C:\Documents and Settings\mike.sinhaus\Local Settings\Temp\dload.exe201
Dialer:Dialer.Gen No disinfected C:\Documents and Settings\mike.sinhaus\Local Settings\Temp\dload.exe302
Dialer:Dialer.Gen No disinfected C:\Documents and Settings\mike.sinhaus\Local Settings\Temp\dload.exe354
Dialer:Dialer.Gen No disinfected C:\Documents and Settings\mike.sinhaus\Local Settings\Temp\dload.exe363
Dialer:Dialer.Gen No disinfected C:\Documents and Settings\mike.sinhaus\Local Settings\Temp\dload.exe412
Dialer:Dialer.Gen No disinfected C:\Documents and Settings\mike.sinhaus\Local Settings\Temp\dload.exe436
Dialer:Dialer.Gen No disinfected C:\Documents and Settings\mike.sinhaus\Local Settings\Temp\dload.exe510
Dialer:Dialer.Gen No disinfected C:\Documents and Settings\mike.sinhaus\Local Settings\Temp\dload.exe600
Dialer:Dialer.Gen No disinfected C:\Documents and Settings\mike.sinhaus\Local Settings\Temp\dload.exe611
Dialer:Dialer.Gen No disinfected C:\Documents and Settings\mike.sinhaus\Local Settings\Temp\dload.exe614
Dialer:Dialer.Gen No disinfected C:\Documents and Settings\mike.sinhaus\Local Settings\Temp\dload.exe720
Dialer:Dialer.Gen No disinfected C:\Documents and Settings\mike.sinhaus\Local Settings\Temp\dload.exe736
Dialer:Dialer.Gen No disinfected C:\Documents and Settings\mike.sinhaus\Local Settings\Temp\dload.exe745
Dialer:Dialer.Gen No disinfected C:\Documents and Settings\mike.sinhaus\Local Settings\Temp\dload.exe763
Adware:adware/transponder No disinfected C:\Documents and Settings\mike.sinhaus\Local Settings\Temp\dummy.htm
Adware:adware/keenvalue No disinfected C:\Documents and Settings\mike.sinhaus\Local Settings\Temp\IncrediFindBHOLog.tmp
Spyware:Spyware/BetterInet No disinfected C:\Documents and Settings\mike.sinhaus\Local Settings\Temp\ln_reco.exe
Adware:adware/ipbill No disinfected C:\dtemp2.exe
Adware:Adware Program No disinfected C:\hijackThis\backup-20040318-115740-216.inf
Possible Virus. No disinfected C:\hijackThis\backup-20040318-115740-893.dll
Adware:Adware/Lop No disinfected C:\hijackThis\backup-20040318-115740-900.dll
Dialer:Dialer.SX No disinfected C:\HolistyDll.dll
Virus:Trj/Lowzones.AX No disinfected C:\Program Files\eMule\Incoming\done\- Nero Burning Rom 6.6.0.6 Nero Vision Express 3.0.1.18 Nero Mediaplayer 1.4.0.27 Neromix 1.4.0.27 Neronet 1.2.0.2 Varie By Superromu.rar[[KEYGEN] - Nero Burnig ROM 6.6.0.6.exe]
Adware:Adware/IPInsight No disinfected C:\Program Files\NoAdware\NoAdwareBackup\4,7,2005_11,7,24.zip[conscorr.exe]
Virus:Trj/Downloader.AIP Disinfected C:\Program Files\NoAdware\NoAdwareBackup\4,7,2005_11,7,24.zip[dload.exe]
Dialer:Dialer.CTJ No disinfected C:\Program Files\SBITPlugin\110054.dlr
Dialer:Dialer.YV No disinfected C:\Program Files\SBITPlugin\110054.exe
Dialer:Dialer.CTJ No disinfected C:\Program Files\SBITPlugin\111105.dlr
Dialer:Dialer.YV No disinfected C:\Program Files\SBITPlugin\111105.exe
Possible Virus. No disinfected C:\Program Files\SBITPlugin\111328.dlr
Dialer:Dialer.YV No disinfected C:\Program Files\SBITPlugin\111328.exe
Dialer:Dialer.BYF No disinfected C:\Program Files\SBITPlugin\111329.dlr
Dialer:Dialer.YV No disinfected C:\Program Files\SBITPlugin\111329.exe
Dialer:Dialer.CTJ No disinfected C:\Program Files\SBITPlugin\111338.dlr
Dialer:Dialer.YV No disinfected C:\Program Files\SBITPlugin\111338.exe
Possible Virus. No disinfected C:\Program Files\SBITPlugin\111351.dlr
Dialer:Dialer.YV No disinfected C:\Program Files\SBITPlugin\111351.exe
Dialer:Dialer.BYF No disinfected C:\Program Files\SBITPlugin\111694.dlr
Dialer:Dialer.YV No disinfected C:\Program Files\SBITPlugin\111694.exe
Possible Virus. No disinfected C:\Program Files\SBITPlugin\111720.dlr
Dialer:Dialer.YV No disinfected C:\Program Files\SBITPlugin\111720.exe
Possible Virus. No disinfected C:\Program Files\SBITPlugin\111721.dlr
Dialer:Dialer.YV No disinfected C:\Program Files\SBITPlugin\111721.exe
Possible Virus. No disinfected C:\Program Files\SBITPlugin\111722.dlr
Dialer:Dialer.YV No disinfected C:\Program Files\SBITPlugin\111722.exe
Possible Virus. No disinfected C:\Program Files\SBITPlugin\111723.dlr
Dialer:Dialer.YV No disinfected C:\Program Files\SBITPlugin\111723.exe
Possible Virus. No disinfected C:\Program Files\SBITPlugin\111726.dlr
Dialer:Dialer.YV No disinfected C:\Program Files\SBITPlugin\111726.exe
Possible Virus. No disinfected C:\Program Files\SBITPlugin\111727.dlr
Dialer:Dialer.YV No disinfected C:\Program Files\SBITPlugin\111727.exe
Dialer:Dialer.CTJ No disinfected C:\Program Files\SBITPlugin\111728.dlr
Dialer:Dialer.YV No disinfected C:\Program Files\SBITPlugin\111728.exe
Possible Virus. No disinfected C:\Program Files\SBITPlugin\111729.dlr
Dialer:Dialer.YV No disinfected C:\Program Files\SBITPlugin\111729.exe
Possible Virus. No disinfected C:\Program Files\SBITPlugin\111730.dlr
Dialer:Dialer.YV No disinfected C:\Program Files\SBITPlugin\111730.exe
Possible Virus. No disinfected C:\Program Files\SBITPlugin\111743.dlr
Dialer:Dialer.YV No disinfected C:\Program Files\SBITPlugin\111743.exe
Possible Virus. No disinfected C:\Program Files\SBITPlugin\111744.dlr
Possible Virus. No disinfected C:\Program Files\SBITPlugin\111746.dlr
Dialer:Dialer.YV No disinfected C:\Program Files\SBITPlugin\111746.exe
Possible Virus. No disinfected C:\Program Files\SBITPlugin\111747.dlr
Dialer:Dialer.YV No disinfected C:\Program Files\SBITPlugin\111747.exe
Dialer:Dialer.CTJ No disinfected C:\Program Files\SBITPlugin\111838.dlr
Dialer:Dialer.YV No disinfected C:\Program Files\SBITPlugin\111838.exe
Possible Virus. No disinfected C:\Program Files\SBITPlugin\112363.dlr
Dialer:Dialer.YV No disinfected C:\Program Files\SBITPlugin\112363.exe
Possible Virus. No disinfected C:\Program Files\SBITPlugin\113567.dlr
Possible Virus. No disinfected C:\Program Files\SBITPlugin\113770.dlr
Dialer:Dialer.YV No disinfected C:\Program Files\SBITPlugin\113770.exe
Dialer:Dialer.CTJ No disinfected C:\Program Files\SBITPlugin\119254.dlr
Dialer:Dialer.YV No disinfected C:\Program Files\SBITPlugin\119254.exe
Dialer:Dialer.BYF No disinfected C:\Program Files\SBITPlugin\122533.dlr
Dialer:Dialer.YV No disinfected C:\Program Files\SBITPlugin\122533.exe
Dialer:Dialer.BYF No disinfected C:\Program Files\SBITPlugin\122948.dlr
Dialer:Dialer.YV No disinfected C:\Program Files\SBITPlugin\122948.exe
Dialer:Dialer.BYF No disinfected C:\Program Files\SBITPlugin\123063.dlr
Dialer:Dialer.YV No disinfected C:\Program Files\SBITPlugin\123063.exe
Spyware:Spyware/BargainBuddy No disinfected C:\Temp\cdt_bbi8016.exe
Spyware:Spyware/BetterInet No disinfected C:\Temp\lc.exe
Adware:Adware/nCase No disinfected C:\Temp\NCasePackage.exe
Dialer:Dialer.BFU No disinfected C:\WINNT\Downloaded Program Files\240402__.exe323
Dialer:Dialer.Gen No disinfected C:\WINNT\Downloaded Program Files\910024__.exe572
Dialer:Dialer.Gen No disinfected C:\WINNT\Downloaded Program Files\910116__.exe610
Dialer:Dialer.Gen No disinfected C:\WINNT\Downloaded Program Files\910145__.exe551
Dialer:Dialer.Gen No disinfected C:\WINNT\Downloaded Program Files\910147__.exe712
Dialer:Dialer.Gen No disinfected C:\WINNT\Downloaded Program Files\910148__.exe015
Possible Virus. No disinfected C:\WINNT\Downloaded Program Files\910148__.exe231
Possible Virus. No disinfected C:\WINNT\Downloaded Program Files\910148__.exe261
Possible Virus. No disinfected C:\WINNT\Downloaded Program Files\910148__.exe337
Dialer:Dialer.ANG No disinfected C:\WINNT\Downloaded Program Files\CONFLICT.1\comload.dll
Dialer:Dialer.ANG No disinfected C:\WINNT\Downloaded Program Files\CONFLICT.2\comload.dll
Dialer:dialer.b No disinfected C:\WINNT\Downloaded Program Files\EGAUTH.inf
Virus:Bck/Dumador.AR Disinfected C:\WINNT\dvpd.dll
Adware:adware/gator No disinfected C:\WINNT\FT1_02_0_402_GEPFAH.EXE
Adware:Adware/IPInsight No disinfected C:\WINNT\inf\alchem.inf
Adware:Adware/SAHAgent No disinfected C:\WINNT\inf\biH.inf
Spyware:spyware/betterinet No disinfected C:\WINNT\inf\biini.inf
Adware:Adware/IPInsight No disinfected C:\WINNT\inf\conscorr.inf
Spyware:Spyware/LocalNRD No disinfected C:\WINNT\inf\localNrd.inf
Adware:Adware/Transponder No disinfected C:\WINNT\inf\polall1r.inf
Adware:Adware/Twain-Tech No disinfected C:\WINNT\inf\twaintec.inf
Dialer:Dialer.Gen No disinfected C:\WINNT\installer[p2p-10110,de].exe
Virus:Bck/Dumador.AS Disinfected C:\WINNT\prntsvra.dll
Adware:Adware/Apropos No disinfected C:\WINNT\system32\asfffic.exe
Virus:Trj/Qhost.gen Disinfected C:\WINNT\system32\drivers\etc\hosts
Dialer:Dialer.B No disinfected C:\WINNT\system32\EGAUTH.dll
Spyware:Spyware/BargainBuddy No disinfected C:\WINNT\system32\exdl1.exe
Virus:Trj/Multidropper.AFU Disinfected C:\WINNT\system32\in10b6s.dll
Adware:Adware/404Search No disinfected C:\WINNT\system32\K404SearchSetup_MS6.exe
Dialer:Dialer.B No disinfected C:\WINNT\system32\p2esocks_1025.dll
Dialer:Dialer.IE No disinfected C:\WINNT\system32\preload2.ocx
Adware:Adware/KeenValue No disinfected C:\WINNT\system32\setup_incred_8.exe
Adware:Adware/nCase No disinfected C:\WINNT\system32\Xcite2.exe
Virus:Trj/Goldun.C Disinfected C:\WINNT\system32\zztp\ghehljik.exe
Virus:Trj/Goldun.C Disinfected C:\WINNT\system32\zztp\giledlfg.exe
Virus:Trj/Goldun.C Disinfected C:\WINNT\system32\zztp\haqlomkg.exe
Virus:Trj/Goldun.C Disinfected C:\WINNT\system32\zztp\ibkcfimf.exe
Virus:Trj/Goldun.C Disinfected C:\WINNT\system32\zztp\svchost.exe
Virus:Trj/Goldun.C Disinfected C:\WINNT\system32\_kwui.dll
Virus:Trj/Goldun.C Disinfected C:\WINNT\system32\_kwuiex.dll Virus:Bck/Dumador.T Disinfected C:\WINNT\winsms.dll

HIJACK THIS LOG
Logfile of HijackThis v1.99.1
Scan saved at 12:18:48, on 19/09/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINNT\System32\CTsvcCDA.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\PGPsdkServ.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\Program Files\Network Associates\PGP for Windows 2000\PGPservice.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\spool\DRIVERS\W32X86\hpoopm07.exe
C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe
C:\WINNT\system32\CTHELPER.EXE
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\WINPAT~1.EXE
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\mail.com\mcalert.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet G Series\bin\hpodev07.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Network Associates\PGP for Windows 2000\PGPtray.exe
C:\PROGRA~1\HEWLET~1\HPOFFI~1\bin\hpoevm07.exe
C:\WINNT\system32\hpoipm07.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet G Series\bin\HPOSTS07.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet G Series\bin\HPOFXM07.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper\CCHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINNT\System32\spool\DRIVERS\W32X86\hpoopm07.exe
O4 - HKLM\..\Run: [HP Lamp] "C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe"
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\\NVCpl.dll,NvStartup
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [projselector] "C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [Acronis True Image Monitor] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [WinPatrol PLUS] C:\PROGRA~1\BILLPS~1\WINPAT~1\WINPAT~1.EXE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\RunOnce: [Panda_cleaner_142269] C:\WINNT\system32\ActiveScan\pavdr.exe 142269
O4 - HKLM\..\RunOnce: [Panda_cleaner_142262] C:\WINNT\system32\ActiveScan\pavdr.exe 142262
O4 - HKLM\..\RunOnce: [Panda_cleaner_142263] C:\WINNT\system32\ActiveScan\pavdr.exe 142263
O4 - HKCU\..\Run: [Mail.com] C:\Program Files\mail.com\mcalert.exe -auto
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe"
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HPAiODevice.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet G Series\bin\hpodev07.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PGPtray.lnk = C:\Program Files\Network Associates\PGP for Windows 2000\PGPtray.exe
O4 - Global Startup: Portfolio Express.lnk = C:\Program Files\Extensis\Portfolio 7\Portfolio Express.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Grab - {F5A9CAEC-6283-44F7-82EC-04757B12DB16} - C:\Program Files\Hibrosoft\SmartGrabber\HSSmartGrabber.dll
O9 - Extra 'Tools' menuitem: Grab... (SmartGrabber) - {F5A9CAEC-6283-44F7-82EC-04757B12DB16} - C:\Program Files\Hibrosoft\SmartGrabber\HSSmartGrabber.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0191ABF4-9421-435E-9FFD-CD827A2A82D8} - http://download.tibs....com/tl7000.dll
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downlo...UTH_1025_EN.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay10...es/MsnPUpld.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comne...iveSecurity.cab
O16 - DPF: {94F5DCB7-816C-4B94-A2C1-856C6E323C5B} - http://akamai.downlo...ervice_4_EN.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = SOLARNET.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{66FE9CA1-802A-4377-A908-9E5945FB20D4}: NameServer = 158.43.128.1,158.43.192.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = SOLARNET.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = SOLARNET.local
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: PGPsdkService (PGPsdkServ) - Network Associates Technology, Inc. - C:\WINNT\system32\PGPsdkServ.exe
O23 - Service: PGPService - Networks Associates Technology, Inc. - C:\Program Files\Network Associates\PGP for Windows 2000\PGPservice.exe
  • 0

#4
didom

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
Please follow the instructions provided, you may want to print out these instructions and use them as a reference.

Please download ewido security suite it is a free version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Launch ewido, there should be an icon on your desktop, double-click it.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful")
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed do the following:

Reboot into Safe Mode, you can do this by restarting your computer, then contiunally tapping F8 until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.
Run Ewido:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
Close ewido security suite.

Reboot into normal mode.

Then, please run this online virus scan: Panda ActiveScan

Save the scan log and post it along with a new HijackThis Log and the Ewido log in your next reply.
  • 0

#5
didom

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP