i dont know why it happens, but i have my Peer Guardian enabled and whenever i try to visit any site, no matter whether it be google, afterdawn, hell even the linux homepage, peerguardian reports that the browser is connecting to appliedsemantics.com and i have noticed by searching through the ip database that this is a governemtn organisation, would somebody mind shedding some light on this, am i infected with spyware or malware or a virus, i am using firefox, i switched to mozilla and it started working fine, but then after a short while the same thing started happening, so i switched back to firefox, and now it is happening again. WTF!!! it is so annoying, i dont like the idea that everything i am doing is being passed through the gov site. here is the hijack this log: Logfile of HijackThis v1.99.1 Scan saved at 8:30:16 PM, on 6/23/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\PcBoost\PcBoost.exe C:\Program Files\PeerGuardian2\pg2.exe C:\Program Files\Dexpot\Dexpot.exe C:\Program Files\Free Download Manager\fdm.exe C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\Phantom69\My Documents\Programs\HijackThis\HijackThis.exe O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe O4 - HKLM\..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [PcBoost] "C:\Program Files\PcBoost\PcBoost.exe" /start O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe O4 - HKCU\..\Run: [Dexpot 1.3] C:\Program Files\Dexpot\Dexpot.exe O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{FC3722F7-CA85-4721-9780-C9EE05DDE2FB}: NameServer = 203.49.70.20 139.134.2.190 O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe ---END--- i personally cant find anything wrong, maybe you guys and gals can find something wrong for me, I DONT LIKE THIS ONE BIT, is anybody else having the same problem??? thanx in advance
Hi Phantom69, Yes your hijack log is fine. Lets try if Ewido finds something Please download ewido anti malware it is a free version of the program -> http://www.ewido.net/en/download/ 1. Install ewido security suite 2. When installing, under "Additional Options" uncheck.. * Install background guard * Install scan via context menu 3. Launch ewido, there should be an icon on your desktop, double-click it. 4. The program will now open to the main screen. 5. When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment. 6. You will need to update ewido to the latest definition files. * On the left hand side of the main screen click update. * Then click on Start Update. 7. The update will start and a progress bar will show the updates being installed. (the status bar at the bottom will display ("Update successful") If you are having problems with the updater, you can use this link to manually update ewido. ewido manual updates -> http://www.ewido.net/en/download/updates/ Once the updates are installed do the following: Reboot your computer in SafeMode by doing the following: 1. Restart your computer 2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8. 3. Instead of Windows loading as normal, a menu should appear 4. Select the first option, to run Windows in Safe Mode. Launch ewido: * Click on scanner * Click on Complete System Scan and the scan will begin. * You will be prompted to clean the first infection. * Select "Perform action on all infections", then proceed. * Once the scan has completed, there will be a button located on the bottom of the screen named Save report * Click Save report. * Save the report .txt file to your desktop or a location where you can find it easily. Close ewido security suite. Reboot back to normal mode Send a ewido report
