i have a pc at work that whenever you get on ebay and few other sites it redirects me to freeserialls or some search page ive done the smitfraud fix which works for a while but then if rebooted it comes back any help appreciated. Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 6:11:58 PM, on 7/25/2007 Platform: Windows 2000 SP3 (WinNT 5.00.2195) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\SYSTEM32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe C:\PROGRA~1\NavNT\DefWatch.exe C:\DMI\WIN32\bin\DellDmi.exe C:\Program Files\Dell\OpenManage\Client\EventAgt.exe C:\Program Files\Dell\OpenManage\Client\DLT.exe C:\WINNT\System32\svchost.exe C:\Program Files\FactorySuite\Common\NTServApp.exe C:\Program Files\Dell\OpenManage\Client\Iap.exe C:\WINNT\system32\NA_Service.exe C:\WINNT\system32\MODBUSDRV.exe C:\PROGRA~1\NavNT\rtvscan.exe C:\WINNT\SYSTEM32\NA_MBP.exe C:\WINNT\system32\NA_XWAY.exe C:\Program Files\Patchlink\Update Agent\GRAVITIXSERVICE.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\Program Files\FactorySuite\Common\slssvc.exe C:\WINNT\system32\UsbConnect.exe C:\dmi\win32\bin\Win32sl.exe C:\WINNT\system32\svchost.exe C:\Program Files\FactorySuite\Common\wwlogsvc.exe C:\WINNT\system32\usbconsole.exe C:\WINNT\Explorer.EXE C:\Program Files\Microsoft Hardware\Mouse\point32.exe C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe C:\WINNT\system32\SxgTkBar.exe C:\PROGRA~1\NavNT\vptray.exe C:\Program Files\Netropa\Multimedia Keyboard\mmusbkb2.exe C:\Program Files\Microsoft Office\Office\OSA.EXE C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe C:\Program Files\Netropa\Onscreen Display\OSD.exe C:\PROGRA~1\NavNT\DWHWIZRD.EXE F:\HiJackThis_v2.exe C:\WINNT\System32\WBEM\WinMgmt.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://northamerica.intranet.mars/index.cfm?sector=loc_cleveland&page=index R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.78.41.120:8080 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: ChangerBHO Class - {0edc6c20-a31c-11db-8ab9-0800200c9a66} - C:\WINNT\system32\CBAs.dll O2 - BHO: (no name) - {3AAC4C68-AFC8-11DB-80EF-8AF955D89593} - (no file) O2 - BHO: (no name) - {f015f320-ab08-11db-abbd-0800200c9a66} - (no file) O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [POINTER] point32.exe O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe O4 - HKLM\..\Run: [SxgTkBar] SxgTkBar.exe O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user') O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O15 - Trusted Zone: *.patchmfg.am.mfg.mars (HKLM) O15 - ESC Trusted Zone: *.patchmfg.am.mfg.mars (HKLM) O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} - http://static.zangocash.com/cab/See...7f73d695c54c:584e34bcf0567f47bece5b5b666353a7 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = am.mfg.mars O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = am.mfg.mars O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = am.mfg.mars,eu.mfg.mars,ap.mfg.mars,mfg.mars,clv.na.mars,na.mars,mto.na.mars,mars,mtodom01.corp.mars,corp.mars O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = am.mfg.mars O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = am.mfg.mars,eu.mfg.mars,ap.mfg.mars,mfg.mars,clv.na.mars,na.mars,mto.na.mars,mars,mtodom01.corp.mars,corp.mars O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = am.mfg.mars,eu.mfg.mars,ap.mfg.mars,mfg.mars,clv.na.mars,na.mars,mto.na.mars,mars,mtodom01.corp.mars,corp.mars O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\system32\browseui.dll O23 - Service: ActionAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\NavNT\DefWatch.exe O23 - Service: DellDmi - Dell Computer Corporation - C:\DMI\WIN32\bin\DellDmi.exe O23 - Service: DEventAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\EventAgt.exe O23 - Service: DLT - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\DLT.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: FS Service Control - Wonderware Corporation - C:\Program Files\FactorySuite\Common\NTServApp.exe O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe O23 - Service: NetAccess Service (NA_Service) - Unknown owner - C:\WINNT\system32\NA_Service.exe O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\NavNT\rtvscan.exe O23 - Service: PatchLink Update - Patchlink Corporation - C:\Program Files\Patchlink\Update Agent\GRAVITIXSERVICE.exe O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx2\PXAgent.exe (file missing) O23 - Service: Wonderware SuiteLink (slssvc) - Wonderware Corporation - C:\Program Files\FactorySuite\Common\slssvc.exe O23 - Service: Usb PLC (UsbConnect) - Schneider Automation - C:\WINNT\system32\UsbConnect.exe O23 - Service: Win32Sl - Intel - C:\dmi\win32\bin\Win32sl.exe O23 - Service: Wonderware Logger (WWLOGSVC) - Wonderware Corporation - C:\Program Files\FactorySuite\Common\wwlogsvc.exe O23 - Service: Wonderware NetDDE Helper (WWNetDDE) - Wonderware Corporation - C:\Program Files\FactorySuite\Common\wwnetdde.exe O23 - Service: WwRpcSvr - Wonderware Corporation - C:\WINNT\System32\wwinstsvc.exe -- End of file - 7150 bytes
Hi... my suggest is formatting and reinstall computer... Download and Run ComboFix *Download this file from either of the two below listed places : http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe *Then double click combofix.exe & follow the prompts. *When finished, it shall produce a log for you. Post that log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
