Hi and thanx for help.
I did all you said, i still have a big problem my desktop is set to
Active Desktop and i can not change it, the web tab missing from display and when i change it in the folder propertis it goes back.
My screen are flickering and from time to time i get some kind of msg on the desktop that my comp is infected and there is a link they want me to
to click on.
here i the log files
From H.J
Logfile of HijackThis v1.99.1
Scan saved at 22:08:11, on 2005-07-22
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\system32\internat.exe
C:\Documents and Settings\Dennis1\My Documents\Hijack\HijackThis.exe
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) -
http://www.fileplanet.com/fpdlmgr/cabs/ ... 0_0_44.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
From Jotti scan
Service load: 0% 100%
File: internat.exe
Status: OK
MD5 f4206fca3b1d2feab50738ec2485d5f3
Packers detected: -
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VBA32 Found nothing
From Mwav scan
Object "isearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKCR\CLSID\{04F3168F-5AFC-4531-B3B4-16CA93720415}" refers to invalid object "C:\Program Files\PSGuard\AVECore.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{187A8428-BD94-470D-A178-A2347F940519}" refers to invalid object "C:\Program Files\PSGuard\AVECore.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2865930B-4588-4FF3-8227-6D4F66C92C7A}" refers to invalid object "C:\Program Files\PSGuard\AVECore.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2FE2EDC0-9E62-4F34-8A73-BC66DAE48EF3}" refers to invalid object "C:\Program Files\PSGuard\AVECore.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3A3A8C24-8FF0-4140-9731-54D9483EA70B}" refers to invalid object "C:\Program Files\PSGuard\AVECore.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3A906593-B4BD-48ED-84B0-3249BED65EF9}" refers to invalid object "C:\Program Files\PSGuard\AVECore.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{49B72A72-01F5-4AE8-BBD7-DAA67F1E303B}" refers to invalid object "C:\Program Files\PSGuard\AVECore.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{53707962-6F74-2D53-2644-206D7942484F}" refers to invalid object "C:\PROGRA~1\SPYBOT~1\SDHelper.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6AE3ACA6-1BE3-4443-98DD-EFFCFA793D35}" refers to invalid object "C:\Program Files\PSGuard\AVECore.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{787DEC39-69D0-40B3-B173-E0411C59B300}" refers to invalid object "C:\Program Files\PSGuard\WndLayer.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{79DDF2EF-D881-464B-B2AF-5AF8816A3964}" refers to invalid object "C:\Program Files\PSGuard\AVECore.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{813C8E86-4C90-4617-B59E-E130CC068140}" refers to invalid object "C:\Program Files\PSGuard\AVECore.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{89133BCE-57D0-4D2B-AFAF-A97B74AD704E}" refers to invalid object "C:\Program Files\PSGuard\WndLayer.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8F40CC34-FE77-4618-AA3D-BD2EFACAA8DC}" refers to invalid object "C:\Program Files\PSGuard\AVECore.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9F89E240-06A6-4E1C-BA84-F267DE7DB391}" refers to invalid object "C:\Program Files\PSGuard\WndLayer.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A4845882-333F-11D0-B724-00AA0062CBB7}" refers to invalid object "C:\WINNT\System32\WBEM\WBEMSTUB.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B0693766-5278-4ec6-B9E1-3CE40560EF5A}" refers to invalid object "CaPlgin.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B60A0E56-548D-40AE-9383-D752531F653F}" refers to invalid object "C:\Program Files\PSGuard\AVECore.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B67B0756-2528-4996-B4BD-C993614CC0B6}" refers to invalid object "C:\Program Files\PSGuard\AVECore.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BCC51EA9-6340-4EBE-8736-13A752ECB0BE}" refers to invalid object "C:\Program Files\PSGuard\AVECore.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E07D3492-32B5-11D0-B724-00AA0062CBB7}" refers to invalid object "C:\WINNT\System32\WBEM\WBEMSTUB.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E9719D38-EC55-4C8B-9DF0-080ADE95A9FA}" refers to invalid object "C:\Program Files\PSGuard\AVECore.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F4B3E25A-33B4-4647-9A78-B627DDE211A6}" refers to invalid object "C:\Program Files\PSGuard\AVECore.dll". Action Taken: No Action Taken.
From Hunter scan
Registry scan
No suspicious entries found
Inifile scan
No suspicious entries found
Port scan
No suspicious open ports found
Memory scan
No trojans found in memory
File scan
Found possible trojan file: C:\WINNT\system32\intell32.exe (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
1 possible trojan files found
i hope you can help me.
And onesagain sorry for spelling in from Sweden