Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Saturday 6.9.2025 / 14:20
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > help with work pc (hijack this log inc.)
Show topics
 
Forums
Forums
help with work pc (hijack this log inc.)
  Jump to:
 
Posted Message
groomjac
Newbie
_ 		30. July 2007 @ 04:34 _ Link to this message    Send private message to this user   
i have a pc at work that whenever you get on ebay and few other sites it redirects me to freeserialls or some search page ive done the smitfraud fix which works for a while but then if rebooted it comes back any help appreciated.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 6:11:58 PM, on 7/25/2007
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe
C:\PROGRA~1\NavNT\DefWatch.exe
C:\DMI\WIN32\bin\DellDmi.exe
C:\Program Files\Dell\OpenManage\Client\EventAgt.exe
C:\Program Files\Dell\OpenManage\Client\DLT.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\FactorySuite\Common\NTServApp.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\WINNT\system32\NA_Service.exe
C:\WINNT\system32\MODBUSDRV.exe
C:\PROGRA~1\NavNT\rtvscan.exe
C:\WINNT\SYSTEM32\NA_MBP.exe
C:\WINNT\system32\NA_XWAY.exe
C:\Program Files\Patchlink\Update Agent\GRAVITIXSERVICE.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\FactorySuite\Common\slssvc.exe
C:\WINNT\system32\UsbConnect.exe
C:\dmi\win32\bin\Win32sl.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\FactorySuite\Common\wwlogsvc.exe
C:\WINNT\system32\usbconsole.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\WINNT\system32\SxgTkBar.exe
C:\PROGRA~1\NavNT\vptray.exe
C:\Program Files\Netropa\Multimedia Keyboard\mmusbkb2.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\PROGRA~1\NavNT\DWHWIZRD.EXE
F:\HiJackThis_v2.exe
C:\WINNT\System32\WBEM\WinMgmt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://northamerica.intranet.mars/index....land&page=index
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.78.41.120:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ChangerBHO Class - {0edc6c20-a31c-11db-8ab9-0800200c9a66} - C:\WINNT\system32\CBAs.dll
O2 - BHO: (no name) - {3AAC4C68-AFC8-11DB-80EF-8AF955D89593} - (no file)
O2 - BHO: (no name) - {f015f320-ab08-11db-abbd-0800200c9a66} - (no file)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [SxgTkBar] SxgTkBar.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.patchmfg.am.mfg.mars (HKLM)
O15 - ESC Trusted Zone: *.patchmfg.am.mfg.mars (HKLM)
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} - http://static.zangocash.com/cab/Seekmo/i...ece5b5b666353a7
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = am.mfg.mars
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = am.mfg.mars
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = am.mfg.mars,eu.mfg.mars,ap.mfg.mars,mfg.mars,clv.na.mars,na.mars,mto.na.mars,mars,mtodom01.corp.mars,corp.mars
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = am.mfg.mars
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = am.mfg.mars,eu.mfg.mars,ap.mfg.mars,mfg.mars,clv.na.mars,na.mars,mto.na.mars,mars,mtodom01.corp.mars,corp.mars
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = am.mfg.mars,eu.mfg.mars,ap.mfg.mars,mfg.mars,clv.na.mars,na.mars,mto.na.mars,mars,mtodom01.corp.mars,corp.mars
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\system32\browseui.dll
O23 - Service: ActionAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\NavNT\DefWatch.exe
O23 - Service: DellDmi - Dell Computer Corporation - C:\DMI\WIN32\bin\DellDmi.exe
O23 - Service: DEventAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\EventAgt.exe
O23 - Service: DLT - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\DLT.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: FS Service Control - Wonderware Corporation - C:\Program Files\FactorySuite\Common\NTServApp.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: NetAccess Service (NA_Service) - Unknown owner - C:\WINNT\system32\NA_Service.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\NavNT\rtvscan.exe
O23 - Service: PatchLink Update - Patchlink Corporation - C:\Program Files\Patchlink\Update Agent\GRAVITIXSERVICE.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx2\PXAgent.exe (file missing)
O23 - Service: Wonderware SuiteLink (slssvc) - Wonderware Corporation - C:\Program Files\FactorySuite\Common\slssvc.exe
O23 - Service: Usb PLC (UsbConnect) - Schneider Automation - C:\WINNT\system32\UsbConnect.exe
O23 - Service: Win32Sl - Intel - C:\dmi\win32\bin\Win32sl.exe
O23 - Service: Wonderware Logger (WWLOGSVC) - Wonderware Corporation - C:\Program Files\FactorySuite\Common\wwlogsvc.exe
O23 - Service: Wonderware NetDDE Helper (WWNetDDE) - Wonderware Corporation - C:\Program Files\FactorySuite\Common\wwnetdde.exe
O23 - Service: WwRpcSvr - Wonderware Corporation - C:\WINNT\System32\wwinstsvc.exe

--
End of file - 7150 bytes
[ + quote]
Auttaja
Suspended permanently
_ 		3. August 2007 @ 00:28 _ Link to this message    Send private message to this user   
Hi... my suggest is formatting and reinstall computer...

Download and Run ComboFix
*Download this file from either of the two below listed places :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe

*Then double click combofix.exe & follow the prompts.
*When finished, it shall produce a log for you. Post that log in your next reply
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
[ + quote]
Don´t send your HijackThis log to another user topic. Remember to describe what kind of problems you have. (In my opinion afterdawn has very unsupportive attitude against malware fighters)
How to send HijackThis log (step 3-5)Hijackthis login lähettämisohjeet (Finland)
My profile "Therefore I say to you, do not worry about your life, what you will eat or what you will drink; nor about your body, what you will put on."
My home forum (Finland) Geeks To Go - Another place
List of rogue programs. (Finland) For exampe MSG+ is there. Another list
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > help with work pc (hijack this log inc.)
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2025 by AfterDawn Ltd.

  IDG TechNetwork