I've tried Adaware + Spybot to try and get rid of this hijack but it's not detected.
Hijackthis pointed out 3 reg entries for a cab file that appeared from nowhere but I had already taken care of it so that it wouldn't get accessed.
I've totally wiped the pagefile to 0mb hoping that would do the trick but it hasn't.

When I start IE up, 1 window opens as normal then another opens up going to filost.comor a variant of this. It then loads one of a few different adult sites.

I still have the cab file and have managed to stop the original page loading and have saved this for examining.

Can I send these to someone for looking at.

hi,

if you need some help, see this link about downloading/installing HJT. copy paste the hjt log in next reply.

http://forums.spybot.info/showthread.php?t=288

Hope this helps

Logfile of HijackThis v1.99.1
Scan saved at 16:48:21, on 29/01/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\WINNT\Explorer.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\MemTurbo30\MemTurbo.exe
C:\Program Files\Common Files\AOL\1138536750\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1138536750\ee\AOLServiceHost.exe
C:\program files\common files\aol\1138536750\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.aol.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aol.co.uk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1138536750\ee\AOLHostManager.exe
O4 - Startup: MemTurbo.lnk = C:\Program Files\MemTurbo30\MemTurbo.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.co.uk/
O16 - DPF: {33331111-1111-1111-1111-611111193458} -
O16 - DPF: {33331111-1111-1111-1111-622221193458} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1138534966178
O16 - DPF: {64311111-1111-1121-1111-111191113457} -
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F69972A4-FE0E-4977-8BF6-EBF52EE8EFA6}: NameServer = 205.188.146.145
O20 - AppInit_DLLs: C:\WINNT\system32\wmfhotfix.dll
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - C:\WINNT\system32\vbsys2.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe

hi LookeeLookee,

scan with HJT, put a checkmark beside the items below, close all windows and click fix checked.

O16 - DPF: {33331111-1111-1111-1111-611111193458} -
O16 - DPF: {33331111-1111-1111-1111-622221193458} -
O16 - DPF: {64311111-1111-1121-1111-111191113457} -
-----------------------------------
start>settings>Control Panel> click the Internet options icon

Next:

Click on Delete Cookies.

Click on Delete Files, Make sure Delete all offline content is checked and then click on OK

Then click on Settings, then click on View Files if there is anything in there, delete it.

Then at the top in the address bar, at the end where it says:

\Temporary Internet Files

change it to read: \Temp then hit enter and delete whats in there
----------------------------------
shelf life

Didn't work:(

I'm going to try a ramdisk and move all the files there.
So when I shutdown, index.dat etc will get wiped.
I don't think this will work either but here's hoping.

The ramdisk didn't work either:(

IE is getting hooked by something somewhere.
It's not anything Java based as I've just checked all the applets etc via the java control panel.

O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - C:\WINNT\system32\vbsys2.dll

Hah got it
:bigthumb:

Apparently this is a trojan/hijack named "free6" that uses vbsys2.dll to hook IE and load the adult webpages.
Here is a link telling how to remove it.
http://www.bullguard.com/forum/9/Please-help-Trojan-Horse-vbsys_24372.html

hi LookeeLookee;



Hah got it

looks like you did.

As the problem appears to be resolved this topic will be archived.
If you need it re-opened please send me a pm.

Regards.