Options
searchxp.com & onemoresearch.net Hijacker
Hi all,
I have used Adaware and Spybot but to no avail.
Here's my Hijack log, can some body please tell me what to delete?
Any help is very much appreciated. Manythanks in advance!
Zoen
Logfile of HijackThis v1.99.0
Scan saved at 10:12:05, on 14/01/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\atlmd32.exe
C:\WINNT\system32\wfxsnt40.exe
C:\Program Files\NavNT\vptray.exe
C:\WINNT\system32\atlon32.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Spyware\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\qbuin.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\qbuin.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\system32\qbuin.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\qbuin.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\qbuin.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\qbuin.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {AF53A477-97B1-A265-0790-EF2611BC95C3} - C:\WINNT\msrp32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [atlon32.exe] C:\WINNT\system32\atlon32.exe
O4 - HKLM\..\Run: [E.tmp] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E.tmp.exe 0 28129
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .pdf&&DI=1302&IG=1c0b43d0-4d22-41ba-b7e2-26b16944e1f3&POS=1&CM=WU&CE=1: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.124.130 (HKLM)
O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int4.exe
O16 - DPF: {0876A25D-C6E2-4699-AE73-59FCF0FE2BEC} (RCBrokOrgUsers.cRCBrokOrgUsers) - https://app1.pd.uk.acturis.com/abp/cab/RCBrokOrgUsers.CAB
O16 - DPF: {0FE5874F-35F7-4425-91D5-EEC5A6CD1234} (RCGeneralConfig.cRCGeneralConfig) - https://app1.pd.uk.acturis.com/abp/cab/RCGeneralConfig.CAB
O16 - DPF: {11E503FC-CD35-46E7-868B-D05226552C18} (Acturis.InetnetView) - https://app1.pd.uk.acturis.com/abp/cab/Tree.CAB
O16 - DPF: {178FDDE1-D98D-451A-93DC-D780C25F218C} (ClientFeeItem.clsClientFeeItem) - https://app1.pd.uk.acturis.com/abp/cab/ClientFeeItem.CAB
O16 - DPF: {17D46B8F-22E2-436A-87E6-69F615EAD682} (PolicyRootItem.cPolicyRootItem) - https://app1.pd.uk.acturis.com/abp/cab/PolicyRootItem.CAB
O16 - DPF: {1A9A9BFB-8FF4-4599-BEDB-55652489474F} (FlexiAdminLedger.cFlexiAdmin) - https://app1.pd.uk.acturis.com/abp/cab/FlexiAdminLedger.CAB
O16 - DPF: {1C7C9E6D-65E5-4953-ADC5-2F007E0DF647} (TaskMngtPlugIn.cTaskMngtPlugIn) - https://app1.pd.uk.acturis.com/abp/cab/TaskMngtPlugIn.CAB
O16 - DPF: {30D0B262-219B-4DF8-81C4-143C4EBA2FB1} (PolicyRootItem.cPolicyRootItem) - https://app1.pd.uk.acturis.com/abp/cab/PolicyRootItem.CAB
O16 - DPF: {311CB753-FDC3-4FDE-AED0-CFBFC1AB118D} (FlexiGeneralLedger.cFlexiGeneral) - https://app1.pd.uk.acturis.com/abp/cab/FlexiGeneralLedger.CAB
O16 - DPF: {33BCC14D-3EC8-4D77-8649-C6AE2DB3E177} (RFQItems.RFQItem) - https://app1.pd.uk.acturis.com/abp/cab/RFQItem.CAB
O16 - DPF: {380C2B74-C543-4DC0-8EE8-78D1E13AE443} (PolicyPlugIn.cPolicy) - https://app1.pd.uk.acturis.com/abp/cab/PolicyPlugin.CAB
O16 - DPF: {3F3E749C-0B3A-4957-8287-4F5B83A30365} (PolicyItem.cPolicyItem) - https://app1.pd.uk.acturis.com/abp/cab/PolicyItem.CAB
O16 - DPF: {3F72040A-0055-4BCB-8179-08505590249D} (PolicyRootItem.cPolicyRootItem) - https://app1.pd.uk.acturis.com/abp/cab/PolicyRootItem.CAB
O16 - DPF: {494C460A-F3F0-4FD3-A90A-36FCA36FE6EC} (ClaimItem.cClaimItem) - https://app1.pd.uk.acturis.com/abp/cab/ClaimItem.CAB
O16 - DPF: {542052CD-0FFE-4425-A6F7-8707A81C6EF4} (ChangeBroker.cChangeBroker) - https://app1.pd.uk.acturis.com/abp/cab/ChangeBroker.CAB
O16 - DPF: {5564EA8B-A384-488C-B954-84566F3E4962} (FlexiMonthEndLedger.clsMonthEndLedger) - https://app1.pd.uk.acturis.com/abp/cab/FlexiMonthEndLedger.CAB
O16 - DPF: {5666DA60-13B6-412A-B106-8736788918CF} (RCInsAccComm.cRCInsAccComm) - https://app1.pd.uk.acturis.com/abp/cab/RCInsAccComm.CAB
O16 - DPF: {5AB3CA6D-9F54-4F44-8325-A3E2ACC3F428} (RemoteConfig.cRemoteConfig) - https://app1.pd.uk.acturis.com/abp/cab/RemoteConfig.CAB
O16 - DPF: {5B1FC139-1AEC-4BC5-BDF2-69792C32A246} (ActurisPlugIns.PlugInPackage) - https://app1.pd.uk.acturis.com/abp/cab/PlugInPackage.CAB
O16 - DPF: {6C527279-134C-4F55-AA3D-732452551AD1} (ActHelp.cHelp) - https://app1.pd.uk.acturis.com/abp/cab/ActHelp.CAB
O16 - DPF: {6E8D1671-4ECF-4205-9BF9-71C3A768F4AE} (Complaints.clsComplaints) - https://app1.pd.uk.acturis.com/abp/cab/Complaint.CAB
O16 - DPF: {80577EDF-E154-465A-B5E1-3528AFFC055E} (ContactPlugin.cContact) - https://app1.pd.uk.acturis.com/abp/cab/ContactPlugin.CAB
O16 - DPF: {805A3B63-2169-478F-8432-4EFD8924A421} (ActurisControls.ControlPackage) - https://app1.pd.uk.acturis.com/abp/cab/ActurisControls.CAB
O16 - DPF: {82C00F32-C796-41A7-92CD-3B73995A0BD4} (FlexiIntroducerLedger.cFlexiIntroducer) - https://app1.pd.uk.acturis.com/abp/cab/FlexiIntroducerLedger.CAB
O16 - DPF: {86156D1D-225B-4D15-BE1D-FC141CCD9B12} (FlexiOfficeLedger.cFlexiOffice) - https://app1.pd.uk.acturis.com/abp/cab/FlexiOfficeLedger.CAB
O16 - DPF: {8B78A361-818F-47BA-80C1-C3D1994CCDEF} (ComplaintItem.cComplaintItem) - https://app1.pd.uk.acturis.com/abp/cab/ComplaintItem.CAB
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/gamc15-gb/gbc15/games1.cab
O16 - DPF: {969FE3FF-B7D3-4EC6-8D38-577B28261603} (BatchDocs.cBatchDoc) - https://app1.pd.uk.acturis.com/abp/cab/BatchDoc.CAB
O16 - DPF: {97E96E44-68F4-4AB4-AF0A-75C83C9174EE} (TaskManagement.cTaskManagement) - https://app1.pd.uk.acturis.com/abp/cab/TaskMgt.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9AD0C0C0-97CA-4786-9918-9E10D7A056FF} (ContactItemPlugin.cContactItem) - https://app1.pd.uk.acturis.com/abp/cab/ContactItemPlugin.CAB
O16 - DPF: {9CDAE944-7191-47A0-BF0D-0E466D7944D5} (ClientFees.clsClientFees) - https://app1.pd.uk.acturis.com/abp/cab/ClientFee.CAB
O16 - DPF: {9E98E84C-79E1-49C3-82EB-798FCD552EFB} - http://advnt01.com/dialer/internazionale_ver4.CAB
O16 - DPF: {9F1E131B-E342-4480-993D-21C3B1314D7A} (Quote.cQuote) - https://app1.pd.uk.acturis.com/abp/cab/Quote.CAB
O16 - DPF: {A90394E8-3880-4016-85DA-579DC3B2883B} (Report.clsReporting) - https://app1.pd.uk.acturis.com/abp/cab/Report.CAB
O16 - DPF: {B45A6966-FBD3-4139-B54E-4C6868A3CAE3} (StandardWordings.clsStandardWordings) - https://app1.pd.uk.acturis.com/abp/cab/StandardWordings.CAB
O16 - DPF: {B8A740AE-DA86-4C78-8B67-8F22F7C426C4} (FlexiBankLedger.cFlexiBank) - https://app1.pd.uk.acturis.com/abp/cab/FlexiBankLedger.CAB
O16 - DPF: {C806D813-17E0-4D88-A152-3AA7F7FFF497} (FlexiOCX.cFlexiOCX) - https://app1.pd.uk.acturis.com/abp/cab/FlexiOCX.CAB
O16 - DPF: {CC55363E-62FF-4BEA-97C0-A6A81AD86858} (Accounts.cAccounts) - https://app1.pd.uk.acturis.com/abp/cab/Accounts.CAB
O16 - DPF: {CCFB7F2B-1180-4F58-AF31-5AE863026794} (FlexiInsurerLedger.cFlexiInsurer) - https://app1.pd.uk.acturis.com/abp/cab/FlexiInsurerLedger.CAB
O16 - DPF: {CDDCB74E-E140-4C38-9F58-15146B0EE1B1} (RCDocMan.cRCDocMan) - https://app1.pd.uk.acturis.com/abp/cab/RCDocMan.CAB
O16 - DPF: {E43D1E12-0492-4BBE-B8AC-F340296DD05B} (FlexiOCX.Main) - https://app1.pd.uk.acturis.com/acturis_v1.0/cab/FlexiOCX.CAB
O16 - DPF: {EC6A478D-5B48-4BCF-ABB2-7869A6E6529E} (FlexiTree.cFlexiTree) - https://app1.pd.uk.acturis.com/abp/cab/FlexiTree.CAB
O16 - DPF: {EDB8E8A7-762D-44DB-87BE-67A5E3584F76} (FlexiClientLedger.cFlexiClient) - https://app1.pd.uk.acturis.com/abp/cab/FlexiClientLedger.CAB
O16 - DPF: {EDBB38B4-EA8D-4D90-A806-8A02B15581C5} (ChangeBroker.cChangeBroker) - https://app1.pd.uk.acturis.com/abp/cab/ChangeBroker.CAB
O16 - DPF: {EF3E8D87-DBFB-41DA-AA24-249A2BCCD827} (Tree.ActurisMain) - https://app1.pd.uk.acturis.com/abp/cab/CBO.CAB
O16 - DPF: {F0A30645-9276-4602-8162-420340EB830B} (PolicyRootItem.cPolicyRootItem) - https://app1.pd.uk.acturis.com/abp/cab/PolicyRootItem.CAB
O16 - DPF: {F29FF8E0-A723-44D0-A9EF-0E997F80D78E} (RFQPlugIn.RFQs) - https://app1.pd.uk.acturis.com/abp/cab/RFQ.CAB
O16 - DPF: {FB9B6D81-583A-4FEB-9503-6B9D93C6538D} (Claims.cClaims) - https://app1.pd.uk.acturis.com/abp/cab/Claim.CAB
O16 - DPF: {FBAB8ABD-971D-4A4B-AE98-722803A9E55F} (TaskManagement.clsStaffware) - https://app1.pd.uk.acturis.com/acturis_v1.0/cab/WorkItems.CAB
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = at2k.adams-tingle.co.uk
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = at2k.adams-tingle.co.uk
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = at2k.adams-tingle.co.uk
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ISEXEng - Unknown - C:\WINNT\system32\angelex.exe (file missing)
O23 - Service: Norton AntiVirus Client - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: ZESOFT - Unknown - C:\WINNT\zeta.exe (file missing)
O23 - Service: Network Security Service - Unknown - C:\WINNT\system32\nethf32.exe (file missing)
I have used Adaware and Spybot but to no avail.
Here's my Hijack log, can some body please tell me what to delete?
Any help is very much appreciated. Manythanks in advance!
Zoen
Logfile of HijackThis v1.99.0
Scan saved at 10:12:05, on 14/01/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\atlmd32.exe
C:\WINNT\system32\wfxsnt40.exe
C:\Program Files\NavNT\vptray.exe
C:\WINNT\system32\atlon32.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Spyware\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\qbuin.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\qbuin.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\system32\qbuin.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\qbuin.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\qbuin.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\qbuin.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {AF53A477-97B1-A265-0790-EF2611BC95C3} - C:\WINNT\msrp32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [atlon32.exe] C:\WINNT\system32\atlon32.exe
O4 - HKLM\..\Run: [E.tmp] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E.tmp.exe 0 28129
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .pdf&&DI=1302&IG=1c0b43d0-4d22-41ba-b7e2-26b16944e1f3&POS=1&CM=WU&CE=1: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.124.130 (HKLM)
O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int4.exe
O16 - DPF: {0876A25D-C6E2-4699-AE73-59FCF0FE2BEC} (RCBrokOrgUsers.cRCBrokOrgUsers) - https://app1.pd.uk.acturis.com/abp/cab/RCBrokOrgUsers.CAB
O16 - DPF: {0FE5874F-35F7-4425-91D5-EEC5A6CD1234} (RCGeneralConfig.cRCGeneralConfig) - https://app1.pd.uk.acturis.com/abp/cab/RCGeneralConfig.CAB
O16 - DPF: {11E503FC-CD35-46E7-868B-D05226552C18} (Acturis.InetnetView) - https://app1.pd.uk.acturis.com/abp/cab/Tree.CAB
O16 - DPF: {178FDDE1-D98D-451A-93DC-D780C25F218C} (ClientFeeItem.clsClientFeeItem) - https://app1.pd.uk.acturis.com/abp/cab/ClientFeeItem.CAB
O16 - DPF: {17D46B8F-22E2-436A-87E6-69F615EAD682} (PolicyRootItem.cPolicyRootItem) - https://app1.pd.uk.acturis.com/abp/cab/PolicyRootItem.CAB
O16 - DPF: {1A9A9BFB-8FF4-4599-BEDB-55652489474F} (FlexiAdminLedger.cFlexiAdmin) - https://app1.pd.uk.acturis.com/abp/cab/FlexiAdminLedger.CAB
O16 - DPF: {1C7C9E6D-65E5-4953-ADC5-2F007E0DF647} (TaskMngtPlugIn.cTaskMngtPlugIn) - https://app1.pd.uk.acturis.com/abp/cab/TaskMngtPlugIn.CAB
O16 - DPF: {30D0B262-219B-4DF8-81C4-143C4EBA2FB1} (PolicyRootItem.cPolicyRootItem) - https://app1.pd.uk.acturis.com/abp/cab/PolicyRootItem.CAB
O16 - DPF: {311CB753-FDC3-4FDE-AED0-CFBFC1AB118D} (FlexiGeneralLedger.cFlexiGeneral) - https://app1.pd.uk.acturis.com/abp/cab/FlexiGeneralLedger.CAB
O16 - DPF: {33BCC14D-3EC8-4D77-8649-C6AE2DB3E177} (RFQItems.RFQItem) - https://app1.pd.uk.acturis.com/abp/cab/RFQItem.CAB
O16 - DPF: {380C2B74-C543-4DC0-8EE8-78D1E13AE443} (PolicyPlugIn.cPolicy) - https://app1.pd.uk.acturis.com/abp/cab/PolicyPlugin.CAB
O16 - DPF: {3F3E749C-0B3A-4957-8287-4F5B83A30365} (PolicyItem.cPolicyItem) - https://app1.pd.uk.acturis.com/abp/cab/PolicyItem.CAB
O16 - DPF: {3F72040A-0055-4BCB-8179-08505590249D} (PolicyRootItem.cPolicyRootItem) - https://app1.pd.uk.acturis.com/abp/cab/PolicyRootItem.CAB
O16 - DPF: {494C460A-F3F0-4FD3-A90A-36FCA36FE6EC} (ClaimItem.cClaimItem) - https://app1.pd.uk.acturis.com/abp/cab/ClaimItem.CAB
O16 - DPF: {542052CD-0FFE-4425-A6F7-8707A81C6EF4} (ChangeBroker.cChangeBroker) - https://app1.pd.uk.acturis.com/abp/cab/ChangeBroker.CAB
O16 - DPF: {5564EA8B-A384-488C-B954-84566F3E4962} (FlexiMonthEndLedger.clsMonthEndLedger) - https://app1.pd.uk.acturis.com/abp/cab/FlexiMonthEndLedger.CAB
O16 - DPF: {5666DA60-13B6-412A-B106-8736788918CF} (RCInsAccComm.cRCInsAccComm) - https://app1.pd.uk.acturis.com/abp/cab/RCInsAccComm.CAB
O16 - DPF: {5AB3CA6D-9F54-4F44-8325-A3E2ACC3F428} (RemoteConfig.cRemoteConfig) - https://app1.pd.uk.acturis.com/abp/cab/RemoteConfig.CAB
O16 - DPF: {5B1FC139-1AEC-4BC5-BDF2-69792C32A246} (ActurisPlugIns.PlugInPackage) - https://app1.pd.uk.acturis.com/abp/cab/PlugInPackage.CAB
O16 - DPF: {6C527279-134C-4F55-AA3D-732452551AD1} (ActHelp.cHelp) - https://app1.pd.uk.acturis.com/abp/cab/ActHelp.CAB
O16 - DPF: {6E8D1671-4ECF-4205-9BF9-71C3A768F4AE} (Complaints.clsComplaints) - https://app1.pd.uk.acturis.com/abp/cab/Complaint.CAB
O16 - DPF: {80577EDF-E154-465A-B5E1-3528AFFC055E} (ContactPlugin.cContact) - https://app1.pd.uk.acturis.com/abp/cab/ContactPlugin.CAB
O16 - DPF: {805A3B63-2169-478F-8432-4EFD8924A421} (ActurisControls.ControlPackage) - https://app1.pd.uk.acturis.com/abp/cab/ActurisControls.CAB
O16 - DPF: {82C00F32-C796-41A7-92CD-3B73995A0BD4} (FlexiIntroducerLedger.cFlexiIntroducer) - https://app1.pd.uk.acturis.com/abp/cab/FlexiIntroducerLedger.CAB
O16 - DPF: {86156D1D-225B-4D15-BE1D-FC141CCD9B12} (FlexiOfficeLedger.cFlexiOffice) - https://app1.pd.uk.acturis.com/abp/cab/FlexiOfficeLedger.CAB
O16 - DPF: {8B78A361-818F-47BA-80C1-C3D1994CCDEF} (ComplaintItem.cComplaintItem) - https://app1.pd.uk.acturis.com/abp/cab/ComplaintItem.CAB
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/gamc15-gb/gbc15/games1.cab
O16 - DPF: {969FE3FF-B7D3-4EC6-8D38-577B28261603} (BatchDocs.cBatchDoc) - https://app1.pd.uk.acturis.com/abp/cab/BatchDoc.CAB
O16 - DPF: {97E96E44-68F4-4AB4-AF0A-75C83C9174EE} (TaskManagement.cTaskManagement) - https://app1.pd.uk.acturis.com/abp/cab/TaskMgt.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9AD0C0C0-97CA-4786-9918-9E10D7A056FF} (ContactItemPlugin.cContactItem) - https://app1.pd.uk.acturis.com/abp/cab/ContactItemPlugin.CAB
O16 - DPF: {9CDAE944-7191-47A0-BF0D-0E466D7944D5} (ClientFees.clsClientFees) - https://app1.pd.uk.acturis.com/abp/cab/ClientFee.CAB
O16 - DPF: {9E98E84C-79E1-49C3-82EB-798FCD552EFB} - http://advnt01.com/dialer/internazionale_ver4.CAB
O16 - DPF: {9F1E131B-E342-4480-993D-21C3B1314D7A} (Quote.cQuote) - https://app1.pd.uk.acturis.com/abp/cab/Quote.CAB
O16 - DPF: {A90394E8-3880-4016-85DA-579DC3B2883B} (Report.clsReporting) - https://app1.pd.uk.acturis.com/abp/cab/Report.CAB
O16 - DPF: {B45A6966-FBD3-4139-B54E-4C6868A3CAE3} (StandardWordings.clsStandardWordings) - https://app1.pd.uk.acturis.com/abp/cab/StandardWordings.CAB
O16 - DPF: {B8A740AE-DA86-4C78-8B67-8F22F7C426C4} (FlexiBankLedger.cFlexiBank) - https://app1.pd.uk.acturis.com/abp/cab/FlexiBankLedger.CAB
O16 - DPF: {C806D813-17E0-4D88-A152-3AA7F7FFF497} (FlexiOCX.cFlexiOCX) - https://app1.pd.uk.acturis.com/abp/cab/FlexiOCX.CAB
O16 - DPF: {CC55363E-62FF-4BEA-97C0-A6A81AD86858} (Accounts.cAccounts) - https://app1.pd.uk.acturis.com/abp/cab/Accounts.CAB
O16 - DPF: {CCFB7F2B-1180-4F58-AF31-5AE863026794} (FlexiInsurerLedger.cFlexiInsurer) - https://app1.pd.uk.acturis.com/abp/cab/FlexiInsurerLedger.CAB
O16 - DPF: {CDDCB74E-E140-4C38-9F58-15146B0EE1B1} (RCDocMan.cRCDocMan) - https://app1.pd.uk.acturis.com/abp/cab/RCDocMan.CAB
O16 - DPF: {E43D1E12-0492-4BBE-B8AC-F340296DD05B} (FlexiOCX.Main) - https://app1.pd.uk.acturis.com/acturis_v1.0/cab/FlexiOCX.CAB
O16 - DPF: {EC6A478D-5B48-4BCF-ABB2-7869A6E6529E} (FlexiTree.cFlexiTree) - https://app1.pd.uk.acturis.com/abp/cab/FlexiTree.CAB
O16 - DPF: {EDB8E8A7-762D-44DB-87BE-67A5E3584F76} (FlexiClientLedger.cFlexiClient) - https://app1.pd.uk.acturis.com/abp/cab/FlexiClientLedger.CAB
O16 - DPF: {EDBB38B4-EA8D-4D90-A806-8A02B15581C5} (ChangeBroker.cChangeBroker) - https://app1.pd.uk.acturis.com/abp/cab/ChangeBroker.CAB
O16 - DPF: {EF3E8D87-DBFB-41DA-AA24-249A2BCCD827} (Tree.ActurisMain) - https://app1.pd.uk.acturis.com/abp/cab/CBO.CAB
O16 - DPF: {F0A30645-9276-4602-8162-420340EB830B} (PolicyRootItem.cPolicyRootItem) - https://app1.pd.uk.acturis.com/abp/cab/PolicyRootItem.CAB
O16 - DPF: {F29FF8E0-A723-44D0-A9EF-0E997F80D78E} (RFQPlugIn.RFQs) - https://app1.pd.uk.acturis.com/abp/cab/RFQ.CAB
O16 - DPF: {FB9B6D81-583A-4FEB-9503-6B9D93C6538D} (Claims.cClaims) - https://app1.pd.uk.acturis.com/abp/cab/Claim.CAB
O16 - DPF: {FBAB8ABD-971D-4A4B-AE98-722803A9E55F} (TaskManagement.clsStaffware) - https://app1.pd.uk.acturis.com/acturis_v1.0/cab/WorkItems.CAB
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = at2k.adams-tingle.co.uk
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = at2k.adams-tingle.co.uk
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = at2k.adams-tingle.co.uk
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ISEXEng - Unknown - C:\WINNT\system32\angelex.exe (file missing)
O23 - Service: Norton AntiVirus Client - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: ZESOFT - Unknown - C:\WINNT\zeta.exe (file missing)
O23 - Service: Network Security Service - Unknown - C:\WINNT\system32\nethf32.exe (file missing)
0
Comments
http://mvps.org/winhelp2002/DelDomains.inf
To use: Close all open browsers
Right-click DelDomains.inf and select: Install
Note: this will remove all entries in the Trusted Zone and Restricted Zone.
The filenames tend to change frequently with this type of infection so please post a new hijackthis log.
FYS - Thank you for the suggestion, I found topic and followed instructions and it removed HSA.
Buckeye_Sam - Cheers for link, I will download and install. Good thing you replied because I couldnt understand how to get rid of the 015 entries but now I do.
Many thanks to the both of ya's! No doubt we will meet again!