xxxxx.dll/index.html#xxxxx hijacking me!

Discussion in 'adware, spyware & hijack cleaning' started by arpo, Jul 16, 2004.

Thread Status:
Not open for further replies.
  1. arpo

    arpo Registered Member

    Joined:
    Jul 16, 2004
    Posts:
    1
    Help, Help, Help!!!

    I have run Ad-Aware and Spybot S&D and my hijackThis log is below. My Internet Explorer homepage keeps going to "res://kobvv.dll/index.html#37794" no matter what I do. I'm getting all sorts of pop-ups in previously secure places and, if I manually set my Opening webpage to where I want it to go, and conduct a search, I get parallel search windows behind my front page from which I have to exit from each to leave IE. Hassle, Hassle, Hassle....The log follows:

    Logfile of HijackThis v1.97.7
    Scan saved at 2:37:50 PM, on 7/16/2004
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Norton AntiVirus\DefWatch.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Norton AntiVirus\Rtvscan.exe
    C:\WINDOWS\system32\regsvc.exe
    C:\WINDOWS\system32\MSTask.exe
    C:\WINDOWS\System32\WBEM\WinMgmt.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\sysxy.exe
    C:\WINDOWS\system32\MsgSys.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\hkcmd.exe
    C:\PROGRA~1\NORTON~1\vptray.exe
    C:\WINDOWS\system32\qttask.exe
    C:\WINDOWS\system32\iejb32.exe
    C:\Program Files\Microsoft Office\Office\Osa.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\roger\Desktop\Virus scanners\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\kobvv.dll/sp.html#37794
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://kobvv.dll/index.html#37794
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://kobvv.dll/index.html#37794
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\kobvv.dll/sp.html#37794
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://kobvv.dll/index.html#37794
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\kobvv.dll/sp.html#37794
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
    O2 - BHO: (no name) - {0791E7B0-E5F1-AF1A-94EF-3B83C99653C4} - C:\WINDOWS\system32\mfcip32.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NORTON~1\vptray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iejb32.exe] C:\WINDOWS\system32\iejb32.exe
    O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3844A370-B8D2-487F-9620-222F1EE90158}: Domain = qwest.net
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3844A370-B8D2-487F-9620-222F1EE90158}: NameServer = 206.196.128.1,204.147.80.5
    O17 - HKLM\System\CS1\Services\Tcpip\..\{3844A370-B8D2-487F-9620-222F1EE90158}: Domain = qwest.net
    O17 - HKLM\System\CS1\Services\Tcpip\..\{3844A370-B8D2-487F-9620-222F1EE90158}: NameServer = 206.196.128.1,204.147.80.5
    O17 - HKLM\System\CS2\Services\Tcpip\..\{3844A370-B8D2-487F-9620-222F1EE90158}: Domain = qwest.net
    O17 - HKLM\System\CS2\Services\Tcpip\..\{3844A370-B8D2-487F-9620-222F1EE90158}: NameServer = 206.196.128.1,204.147.80.5

    My productivity here at work is really suffering with all this and I'm just not smart enough to solve the problem. I need the "big guns"!

    Arpo
     
Thread Status:
Not open for further replies.