After only a few minutes online, the computer's internet stops working... just recently removed TROJ_DLOADER.F, BKDR_SDBOT.GEN, TROJ_RANKY.AN from house call AV check.
Here are the results of the HijackThis search... i thought questionable files might be NVedit.exe, SysHelp.exe, ntng.exe???
Logfile of HijackThis v1.97.7
Scan saved at 6:07:16 PM, on 08/08/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon
.exe
C:\WINNT\system32\services
.exe
C:\WINNT\system32\lsass.ex
e
C:\WINNT\system32\svchost.
exe
C:\WINNT\System32\WBEM\Win
Mgmt.exe
C:\WINNT\Explorer.EXE
C:\Documents and Settings\christine\Desktop
\Spyware & Virus Removal\Hijack This\HijackThis.exe
R1 - HKCU\Software\Microsoft\In
ternet Explorer\Main,Search Page =
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchR0 - HKLM\Software\Microsoft\In
ternet Explorer\Main,Start Page =
http://www.microsoft.com/isapi/redir.dll?prd={
SUB_PRD}&c
lcid={SUB_
CLSID}&pve
r={SUB_PVE
R}&ar=home
R1 - HKLM\Software\Microsoft\In
ternet Explorer\Main,Search Page =
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchR1 - HKLM\Software\Microsoft\In
ternet Explorer\Main,Default_Page
_URL =
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhomeR1 - HKLM\Software\Microsoft\In
ternet Explorer\Main,Default_Sear
ch_URL =
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchR1 - HKCU\Software\Microsoft\Wi
ndows\Curr
entVersion
\Internet Settings,ProxyServer = http=127.0.0.1:83
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-7
84B7D6BE0B
3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEH
elper.ocx
O2 - BHO: (no name) - {34D83701-B51B-50B3-D150-6
4550DA77A4
1} - C:\WINNT\system32\tnaoyegz
.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2
06D7942484
F} - C:\PROGRA~1\SPYBOT~1\SDHel
per.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-F
ADC6B08487
2} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
0A0C908246
7} - C:\WINNT\system32\msdxm.oc
x
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7
859DF00B1D
6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray
.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.ex
e
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.ex
e
O4 - HKLM\..\Run: [UC_Start] C:\IBMTools\Updater\ucstar
tup.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe
" -atboottime
O4 - HKLM\..\Run: [Microsoft Windows Automatic Updater] wupdate.exe
O4 - HKLM\..\Run: [WinsHelps] NVedit.exe
O4 - HKLM\..\Run: [SysHelp] SysHelp.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Automatic Updater] wupdate.exe
O4 - HKLM\..\RunServices: [WinsHelps] NVedit.exe
O4 - HKLM\..\RunServices: [SysHelp] SysHelp.exe
O4 - HKCU\..\Run: [SysHelp] SysHelp.exe
O4 - HKCU\..\Run: [Yaxakea] C:\WINNT\system32\ntng.exe
O4 - Global Startup: Dpcstart.lnk = C:\Program Files\DIRECWAY\BIN\dpcstar
t.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.
dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-0
0C04F9A3B6
1} (HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cabO16 - DPF: {74FFE28D-2378-11D5-990C-0
0609423508
4} (IBM Access Support) -
https://www.ibm.com/pc/support/access/sdccommon/download/IbmEgath.cabO16 - DPF: {9F1C11AA-197B-4942-BA54-4
7A8489BB47
F} (Update Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38047.4704166667O17 - HKLM\System\CCS\Services\T
cpip\..\{D
B37441D-C0
66-4474-88
5A-2D45483
F67B4}: Domain = direcway.com
O17 - HKLM\System\CCS\Services\T
cpip\..\{D
B37441D-C0
66-4474-88
5A-2D45483
F67B4}: NameServer = 66.82.4.8
Please help... thank you in advance,
Dean
