My HiJack Log Please Help
-
My HiJack Log Please Help
Logfile of HijackThis v1.97.7
Scan saved at 22:33:08, on 22/11/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\iexplore.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\crsrs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\ftp.exe
C:\WINDOWS\Explorer.EXE
C:\unzipped\HijackThis.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\ftp.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.co.uk/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Streams Server] localsrv.exe
O4 - HKLM\..\Run: [Win32 System Spool] spoolsvc.exe
O4 - HKLM\..\Run: [Win32 Wmls Driver] winitr32.exe
O4 - HKLM\..\Run: [SYSTRAY] C:\UNMT.EXE
O4 - HKLM\..\Run: [Win32 USB2 Driver] smsc.exe
O4 - HKLM\..\Run: [Microsoftkeysd] systemproc.exe
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\dipset.exe
O4 - HKLM\..\Run: [A2F4E2DB] C:\WINDOWS\System32\qnngjcn.exe
O4 - HKLM\..\Run: [Hyper Start] instantmsgrs.exe
O4 - HKLM\..\Run: [Win32 Configuration] videosd32.exe
O4 - HKLM\..\Run: [winimage] wvsvc.exe
O4 - HKLM\..\Run: [Windows Registry Scan] timeupdate.exe
O4 - HKLM\..\Run: [Symantec Anti Virus] symantec32.exe
O4 - HKLM\..\Run: [Microsoft MsnST] msnst32.exe
O4 - HKLM\..\Run: [msjava service] xpcd.exe
O4 - HKLM\..\Run: [Microsoft Windows Explorer] iexplorer.exe
O4 - HKLM\..\Run: [Win32 Usb Driver] svhosint32.exe
O4 - HKLM\..\Run: [Windows Network Service] winvc32.exe
O4 - HKLM\..\Run: [DNS Service] dnsresolver.exe
O4 - HKLM\..\Run: [PK Services] pksvc.exe
O4 - HKLM\..\Run: [Windows Messenger] msmsgs.exe
O4 - HKLM\..\Run: [Auto updat] crsrs.exe
O4 - HKLM\..\Run: [Norton Guard 32] ntguard32.exe
O4 - HKLM\..\Run: [system service 11] xpupdate.exe
O4 - HKLM\..\Run: [Intel system works] iis.exe
O4 - HKLM\..\Run: [Yahoo Update] Yahoo.exe
O4 - HKLM\..\Run: [msconfig.exe] C:\WINDOWS\proxy.exe
O4 - HKLM\..\Run: [nternet Explorer] iexplore.exe
O4 - HKLM\..\Run: [winlogin.exe] C:\WINDOWS\log.exe
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKLM\..\Run: [Windows Sound Manager] SndMon32.exe
O4 - HKLM\..\Run: [taskmgr.exe] C:\WINDOWS\paintms.exe
O4 - HKLM\..\RunServices: [Microsoft Update] sys32cfg.exe
O4 - HKLM\..\RunServices: [msjava service] xpcd.exe
O4 - HKLM\..\RunServices: [Windows Registry Scan] timeupdate.exe
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] smsc.exe
O4 - HKLM\..\RunServices: [Yahoo Update] Yahoo.exe
O4 - HKLM\..\RunServices: [Microsoftkeysd] systemproc.exe
O4 - HKLM\..\RunServices: [Win32 System Spool] spoolsvc.exe
O4 - HKLM\..\RunServices: [18DFEDA7] C:\WINDOWS\System32\qnngjcn.exe
O4 - HKLM\..\RunServices: [Hyper Start] instantmsgrs.exe
O4 - HKLM\..\RunServices: [Win32 Configuration] videosd32.exe
O4 - HKLM\..\RunServices: [winimage] wvsvc.exe
O4 - HKLM\..\RunServices: [Symantec Anti Virus] symantec32.exe
O4 - HKLM\..\RunServices: [Microsoft MsnST] msnst32.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Explorer] iexplorer.exe
O4 - HKLM\..\RunServices: [Win32 Usb Driver] svhosint32.exe
O4 - HKLM\..\RunServices: [Windows Network Service] winvc32.exe
O4 - HKLM\..\RunServices: [DNS Service] dnsresolver.exe
O4 - HKLM\..\RunServices: [PK Services] pksvc.exe
O4 - HKLM\..\RunServices: [Windows Messenger] msmsgs.exe
O4 - HKLM\..\RunServices: [Auto updat] crsrs.exe
O4 - HKLM\..\RunServices: [Norton Guard 32] ntguard32.exe
O4 - HKLM\..\RunServices: [system service 11] xpupdate.exe
O4 - HKLM\..\RunServices: [Intel system works] iis.exe
O4 - HKLM\..\RunServices: [nternet Explorer] iexplore.exe
O4 - HKLM\..\RunServices: [Windows Sound Manager] SndMon32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Win32 USB2 Driver] smsc.exe
O4 - HKCU\..\Run: [Auto updat] crsrs.exe
O4 - HKCU\..\Run: [Microsoftkeysd] systemproc.exe
O4 - HKCU\..\Run: [Win32 System Spool] spoolsvc.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Win32 Configuration] videosd32.exe
O4 - HKCU\..\Run: [Symantec Anti Virus] symantec32.exe
O4 - HKCU\..\Run: [Win32 Usb Driver] svhosint32.exe
O4 - HKCU\..\Run: [Windows Messenger] msmsgs.exe
O4 - HKCU\..\Run: [PK Services] pksvc.exe
O4 - HKCU\..\Run: [msdev] msdev.exe
O4 - HKCU\..\Run: [Yahoo Update] Yahoo.exe
O4 - HKCU\..\Run: [nternet Explorer] iexplore.exe
O4 - HKCU\..\Run: [Windows Sound Manager] SndMon32.exe
O4 - HKLM\..\RunOnce: [Win32 Configuration] videosd32.exe
O4 - HKLM\..\RunOnce: [Symantec Anti Virus] symantec32.exe
O4 - HKLM\..\RunOnce: [PK Services] pksvc.exe
O4 - HKLM\..\RunOnce: [Windows Messenger] msmsgs.exe
O4 - HKLM\..\RunOnce: [Win32 System Spool] spoolsvc.exe
O4 - HKLM\..\RunOnce: [Microsoftkeysd] systemproc.exe
O4 - HKLM\..\RunOnce: [Auto updat] crsrs.exe
O4 - HKLM\..\RunOnce: [nternet Explorer] iexplore.exe
O4 - HKLM\..\RunOnce: [Windows Sound Manager] SndMon32.exe
O4 - HKCU\..\RunOnce: [Win32 System Spool] spoolsvc.exe
O4 - HKCU\..\RunOnce: [Microsoftkeysd] systemproc.exe
O4 - HKCU\..\RunOnce: [Win32 Configuration] videosd32.exe
O4 - HKCU\..\RunOnce: [Symantec Anti Virus] symantec32.exe
O4 - HKCU\..\RunOnce: [PK Services] pksvc.exe
O4 - HKCU\..\RunOnce: [Windows Messenger] msmsgs.exe
O4 - HKCU\..\RunOnce: [Auto updat] crsrs.exe
O4 - HKCU\..\RunOnce: [nternet Explorer] iexplore.exe
O4 - HKCU\..\RunOnce: [Windows Sound Manager] SndMon32.exe
O4 - Startup: Reboot.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O9 - Extra button: MP3 (HKLM)
O9 - Extra 'Tools' menuitem: &WinMp3Locator (HKLM)
O9 - Extra button: Files (HKLM)
O9 - Extra 'Tools' menuitem: &FileLocator (HKLM)
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {E2F9D054-D2B5-4CE8-9BDF-8BF3A81DB7E9} (ProductIDGatherer.WindowsGatherer) - http://download.microsoft.com/downlo...IDGatherer.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{C4328038-6760-4D34-ACE0-EDD38306D105}: NameServer = 212.67.96.129 212.67.120.148
-
Update your version of Hijack This from http://hjt.isecureit.co.uk and then post a fresh log.
-
follow the middle links under my signature and update your hoghjack this then post a new log then it can be looked at
-
Sorry About That,here the Updated version :
Logfile of HijackThis v1.98.2
Scan saved at 22:49:25, on 22/11/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\iexplore.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\WINDOWS\System32\crsrs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\unzipped\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.co.uk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Streams Server] localsrv.exe
O4 - HKLM\..\Run: [Win32 System Spool] spoolsvc.exe
O4 - HKLM\..\Run: [Win32 Wmls Driver] winitr32.exe
O4 - HKLM\..\Run: [SYSTRAY] C:\UNMT.EXE
O4 - HKLM\..\Run: [Win32 USB2 Driver] smsc.exe
O4 - HKLM\..\Run: [Microsoftkeysd] systemproc.exe
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\dipset.exe
O4 - HKLM\..\Run: [A2F4E2DB] C:\WINDOWS\System32\qnngjcn.exe
O4 - HKLM\..\Run: [Hyper Start] instantmsgrs.exe
O4 - HKLM\..\Run: [Win32 Configuration] videosd32.exe
O4 - HKLM\..\Run: [winimage] wvsvc.exe
O4 - HKLM\..\Run: [Windows Registry Scan] timeupdate.exe
O4 - HKLM\..\Run: [Symantec Anti Virus] symantec32.exe
O4 - HKLM\..\Run: [Microsoft MsnST] msnst32.exe
O4 - HKLM\..\Run: [msjava service] xpcd.exe
O4 - HKLM\..\Run: [Microsoft Windows Explorer] iexplorer.exe
O4 - HKLM\..\Run: [Win32 Usb Driver] svhosint32.exe
O4 - HKLM\..\Run: [Windows Network Service] winvc32.exe
O4 - HKLM\..\Run: [DNS Service] dnsresolver.exe
O4 - HKLM\..\Run: [PK Services] pksvc.exe
O4 - HKLM\..\Run: [Windows Messenger] msmsgs.exe
O4 - HKLM\..\Run: [Auto updat] crsrs.exe
O4 - HKLM\..\Run: [Norton Guard 32] ntguard32.exe
O4 - HKLM\..\Run: [system service 11] xpupdate.exe
O4 - HKLM\..\Run: [Intel system works] iis.exe
O4 - HKLM\..\Run: [Yahoo Update] Yahoo.exe
O4 - HKLM\..\Run: [msconfig.exe] C:\WINDOWS\proxy.exe
O4 - HKLM\..\Run: [nternet Explorer] iexplore.exe
O4 - HKLM\..\Run: [winlogin.exe] C:\WINDOWS\log.exe
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKLM\..\Run: [Windows Sound Manager] SndMon32.exe
O4 - HKLM\..\Run: [taskmgr.exe] C:\WINDOWS\paintms.exe
O4 - HKLM\..\RunServices: [Microsoft Update] sys32cfg.exe
O4 - HKLM\..\RunServices: [msjava service] xpcd.exe
O4 - HKLM\..\RunServices: [Windows Registry Scan] timeupdate.exe
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] smsc.exe
O4 - HKLM\..\RunServices: [Yahoo Update] Yahoo.exe
O4 - HKLM\..\RunServices: [Microsoftkeysd] systemproc.exe
O4 - HKLM\..\RunServices: [Win32 System Spool] spoolsvc.exe
O4 - HKLM\..\RunServices: [18DFEDA7] C:\WINDOWS\System32\qnngjcn.exe
O4 - HKLM\..\RunServices: [Hyper Start] instantmsgrs.exe
O4 - HKLM\..\RunServices: [Win32 Configuration] videosd32.exe
O4 - HKLM\..\RunServices: [winimage] wvsvc.exe
O4 - HKLM\..\RunServices: [Symantec Anti Virus] symantec32.exe
O4 - HKLM\..\RunServices: [Microsoft MsnST] msnst32.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Explorer] iexplorer.exe
O4 - HKLM\..\RunServices: [Win32 Usb Driver] svhosint32.exe
O4 - HKLM\..\RunServices: [Windows Network Service] winvc32.exe
O4 - HKLM\..\RunServices: [DNS Service] dnsresolver.exe
O4 - HKLM\..\RunServices: [PK Services] pksvc.exe
O4 - HKLM\..\RunServices: [Windows Messenger] msmsgs.exe
O4 - HKLM\..\RunServices: [Auto updat] crsrs.exe
O4 - HKLM\..\RunServices: [Norton Guard 32] ntguard32.exe
O4 - HKLM\..\RunServices: [system service 11] xpupdate.exe
O4 - HKLM\..\RunServices: [Intel system works] iis.exe
O4 - HKLM\..\RunServices: [nternet Explorer] iexplore.exe
O4 - HKLM\..\RunServices: [Windows Sound Manager] SndMon32.exe
O4 - HKLM\..\RunOnce: [Win32 Configuration] videosd32.exe
O4 - HKLM\..\RunOnce: [Symantec Anti Virus] symantec32.exe
O4 - HKLM\..\RunOnce: [PK Services] pksvc.exe
O4 - HKLM\..\RunOnce: [Windows Messenger] msmsgs.exe
O4 - HKLM\..\RunOnce: [Win32 System Spool] spoolsvc.exe
O4 - HKLM\..\RunOnce: [Microsoftkeysd] systemproc.exe
O4 - HKLM\..\RunOnce: [Auto updat] crsrs.exe
O4 - HKLM\..\RunOnce: [nternet Explorer] iexplore.exe
O4 - HKLM\..\RunOnce: [Windows Sound Manager] SndMon32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Win32 USB2 Driver] smsc.exe
O4 - HKCU\..\Run: [Auto updat] crsrs.exe
O4 - HKCU\..\Run: [Microsoftkeysd] systemproc.exe
O4 - HKCU\..\Run: [Win32 System Spool] spoolsvc.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Win32 Configuration] videosd32.exe
O4 - HKCU\..\Run: [Symantec Anti Virus] symantec32.exe
O4 - HKCU\..\Run: [Win32 Usb Driver] svhosint32.exe
O4 - HKCU\..\Run: [Windows Messenger] msmsgs.exe
O4 - HKCU\..\Run: [PK Services] pksvc.exe
O4 - HKCU\..\Run: [msdev] msdev.exe
O4 - HKCU\..\Run: [Yahoo Update] Yahoo.exe
O4 - HKCU\..\Run: [nternet Explorer] iexplore.exe
O4 - HKCU\..\Run: [Windows Sound Manager] SndMon32.exe
O4 - HKCU\..\RunOnce: [Win32 System Spool] spoolsvc.exe
O4 - HKCU\..\RunOnce: [Microsoftkeysd] systemproc.exe
O4 - HKCU\..\RunOnce: [Win32 Configuration] videosd32.exe
O4 - HKCU\..\RunOnce: [Symantec Anti Virus] symantec32.exe
O4 - HKCU\..\RunOnce: [PK Services] pksvc.exe
O4 - HKCU\..\RunOnce: [Windows Messenger] msmsgs.exe
O4 - HKCU\..\RunOnce: [Auto updat] crsrs.exe
O4 - HKCU\..\RunOnce: [nternet Explorer] iexplore.exe
O4 - HKCU\..\RunOnce: [Windows Sound Manager] SndMon32.exe
O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe
O4 - Startup: Reboot.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O9 - Extra button: MP3 - {1537E842-0000-11D2-8059-111111111111} - (no file)
O9 - Extra 'Tools' menuitem: &WinMp3Locator - {1537E842-0000-11D2-8059-111111111111} - (no file)
O9 - Extra button: Files - {1537E842-0001-11D2-8059-111111111111} - (no file)
O9 - Extra 'Tools' menuitem: &FileLocator - {1537E842-0001-11D2-8059-111111111111} - (no file)
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{C4328038-6760-4D34-ACE0-EDD38306D105}: NameServer = 212.67.96.129 212.67.120.148
-
Close all browser windows, restart Hijack This and put a checkmark next to the following entries:
O4 - HKLM\..\Run: [Win32 System Spool] spoolsvc.exe
O4 - HKLM\..\Run: [Win32 Wmls Driver] winitr32.exe
O4 - HKLM\..\Run: [SYSTRAY] C:\UNMT.EXE
O4 - HKLM\..\Run: [Win32 USB2 Driver] smsc.exe
O4 - HKLM\..\Run: [Microsoftkeysd] systemproc.exe
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\dipset.exe
O4 - HKLM\..\Run: [A2F4E2DB] C:\WINDOWS\System32\qnngjcn.exe
O4 - HKLM\..\Run: [Hyper Start] instantmsgrs.exe
O4 - HKLM\..\Run: [Win32 Configuration] videosd32.exe
O4 - HKLM\..\Run: [winimage] wvsvc.exe
O4 - HKLM\..\Run: [Windows Registry Scan] timeupdate.exe
O4 - HKLM\..\Run: [Symantec Anti Virus] symantec32.exe
O4 - HKLM\..\Run: [Microsoft MsnST] msnst32.exe
O4 - HKLM\..\Run: [msjava service] xpcd.exe
O4 - HKLM\..\Run: [Microsoft Windows Explorer] iexplorer.exe
O4 - HKLM\..\Run: [Win32 Usb Driver] svhosint32.exe
O4 - HKLM\..\Run: [Windows Network Service] winvc32.exe
O4 - HKLM\..\Run: [DNS Service] dnsresolver.exe
O4 - HKLM\..\Run: [PK Services] pksvc.exe
O4 - HKLM\..\Run: [Windows Messenger] msmsgs.exe
O4 - HKLM\..\Run: [Auto updat] crsrs.exe
O4 - HKLM\..\Run: [Norton Guard 32] ntguard32.exe
O4 - HKLM\..\Run: [system service 11] xpupdate.exe
O4 - HKLM\..\Run: [Intel system works] iis.exe
O4 - HKLM\..\Run: [Yahoo Update] Yahoo.exe
O4 - HKLM\..\Run: [msconfig.exe] C:\WINDOWS\proxy.exe
O4 - HKLM\..\Run: [nternet Explorer] iexplore.exe
O4 - HKLM\..\Run: [winlogin.exe] C:\WINDOWS\log.exe
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKLM\..\Run: [Windows Sound Manager] SndMon32.exe
O4 - HKLM\..\Run: [taskmgr.exe] C:\WINDOWS\paintms.exe
O4 - HKLM\..\RunServices: [Microsoft Update] sys32cfg.exe
O4 - HKLM\..\RunServices: [msjava service] xpcd.exe
O4 - HKLM\..\RunServices: [Windows Registry Scan] timeupdate.exe
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] smsc.exe
O4 - HKLM\..\RunServices: [Yahoo Update] Yahoo.exe
O4 - HKLM\..\RunServices: [Microsoftkeysd] systemproc.exe
O4 - HKLM\..\RunServices: [Win32 System Spool] spoolsvc.exe
O4 - HKLM\..\RunServices: [18DFEDA7] C:\WINDOWS\System32\qnngjcn.exe
O4 - HKLM\..\RunServices: [Hyper Start] instantmsgrs.exe
O4 - HKLM\..\RunServices: [Win32 Configuration] videosd32.exe
O4 - HKLM\..\RunServices: [winimage] wvsvc.exe
O4 - HKLM\..\RunServices: [Symantec Anti Virus] symantec32.exe
O4 - HKLM\..\RunServices: [Microsoft MsnST] msnst32.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Explorer] iexplorer.exe
O4 - HKLM\..\RunServices: [Win32 Usb Driver] svhosint32.exe
O4 - HKLM\..\RunServices: [Windows Network Service] winvc32.exe
O4 - HKLM\..\RunServices: [DNS Service] dnsresolver.exe
O4 - HKLM\..\RunServices: [PK Services] pksvc.exe
O4 - HKLM\..\RunServices: [Windows Messenger] msmsgs.exe
O4 - HKLM\..\RunServices: [Auto updat] crsrs.exe
O4 - HKLM\..\RunServices: [Norton Guard 32] ntguard32.exe
O4 - HKLM\..\RunServices: [system service 11] xpupdate.exe
O4 - HKLM\..\RunServices: [Intel system works] iis.exe
O4 - HKLM\..\RunServices: [nternet Explorer] iexplore.exe
O4 - HKLM\..\RunServices: [Windows Sound Manager] SndMon32.exe
O4 - HKLM\..\RunOnce: [Win32 Configuration] videosd32.exe
O4 - HKLM\..\RunOnce: [Symantec Anti Virus] symantec32.exe
O4 - HKLM\..\RunOnce: [PK Services] pksvc.exe
O4 - HKLM\..\RunOnce: [Windows Messenger] msmsgs.exe
O4 - HKLM\..\RunOnce: [Win32 System Spool] spoolsvc.exe
O4 - HKLM\..\RunOnce: [Microsoftkeysd] systemproc.exe
O4 - HKLM\..\RunOnce: [Auto updat] crsrs.exe
O4 - HKLM\..\RunOnce: [nternet Explorer] iexplore.exe
O4 - HKLM\..\RunOnce: [Windows Sound Manager] SndMon32.exe
O4 - HKCU\..\Run: [Win32 USB2 Driver] smsc.exe
O4 - HKCU\..\Run: [Auto updat] crsrs.exe
O4 - HKCU\..\Run: [Microsoftkeysd] systemproc.exe
O4 - HKCU\..\Run: [Win32 System Spool] spoolsvc.exe
O4 - HKCU\..\Run: [Win32 Configuration] videosd32.exe
O4 - HKCU\..\Run: [Symantec Anti Virus] symantec32.exe
O4 - HKCU\..\Run: [Win32 Usb Driver] svhosint32.exe
O4 - HKCU\..\Run: [Windows Messenger] msmsgs.exe
O4 - HKCU\..\Run: [PK Services] pksvc.exe
O4 - HKCU\..\Run: [msdev] msdev.exe
O4 - HKCU\..\Run: [Yahoo Update] Yahoo.exe
O4 - HKCU\..\Run: [nternet Explorer] iexplore.exe
O4 - HKCU\..\Run: [Windows Sound Manager] SndMon32.exe
O4 - HKCU\..\RunOnce: [Win32 System Spool] spoolsvc.exe
O4 - HKCU\..\RunOnce: [Microsoftkeysd] systemproc.exe
O4 - HKCU\..\RunOnce: [Win32 Configuration] videosd32.exe
O4 - HKCU\..\RunOnce: [Symantec Anti Virus] symantec32.exe
O4 - HKCU\..\RunOnce: [PK Services] pksvc.exe
O4 - HKCU\..\RunOnce: [Windows Messenger] msmsgs.exe
O4 - HKCU\..\RunOnce: [Auto updat] crsrs.exe
O4 - HKCU\..\RunOnce: [nternet Explorer] iexplore.exe
O4 - HKCU\..\RunOnce: [Windows Sound Manager] SndMon32.exe
Click Fix Checked
Then boot into Safe Mode and ensure that you are showing Hidden Files and Folders.
Delete the following files and folders. The files which don't reveal the extension will either be in the C:\Windows folder or C:\Windows\System32. Please only delete the files as stated, don't delete similar files. Be careful, they are made to look like legitimate system files:
spoolsvc.exe
winitr32.exe
C:\UNMT.EXE
smsc.exe
systemproc.exe
C:\WINDOWS\dipset.exe
C:\WINDOWS\System32\qnngjcn.exe
instantmsgrs.exe
videosd32.exe
wvsvc.exe
timeupdate.exe
symantec32.exe
msnst32.exe
xpcd.exe
iexplorer.exe
svhosint32.exe
winvc32.exe
dnsresolver.exe
pksvc.exe
msmsgs.exe
crsrs.exe
ntguard32.exe
xpupdate.exe
iis.exe
Yahoo.exe
C:\WINDOWS\proxy.exe
iexplore.exe
C:\WINDOWS\log.exe
c:\program files\180solutions
SndMon32.exe
C:\WINDOWS\paintms.exe
sys32cfg.exe
Reboot and post a fresh log
-
Deleted as instructed,except : winitr32.exe
C:\UNMT.EXE,could not find these ones anywhere.
New log file below
Logfile of HijackThis v1.98.2
Scan saved at 22:40:26, on 23/11/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\dllmanager.exe
C:\WINDOWS\sysconfig.exe
C:\WINDOWS\System32\SystemStat.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\WINDOWS\Explorer.EXE
C:\unzipped\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.co.uk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Streams Server] localsrv.exe
O4 - HKLM\..\Run: [dlite] dllmanager.exe
O4 - HKLM\..\Run: [Adobe] C:\WINDOWS\sysconfig.exe
O4 - HKLM\..\Run: [System Stats] SystemStat.exe
O4 - HKLM\..\RunServices: [dlite] dllmanager.exe
O4 - HKLM\..\RunServices: [System Stats] SystemStat.exe
O4 - HKLM\..\RunOnce: [dlite] dllmanager.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [dlite] dllmanager.exe
O4 - HKCU\..\Run: [System Stats] SystemStat.exe
O4 - HKCU\..\RunOnce: [dlite] dllmanager.exe
O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe
O4 - Startup: Reboot.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O9 - Extra button: MP3 - {1537E842-0000-11D2-8059-111111111111} - (no file)
O9 - Extra 'Tools' menuitem: &WinMp3Locator - {1537E842-0000-11D2-8059-111111111111} - (no file)
O9 - Extra button: Files - {1537E842-0001-11D2-8059-111111111111} - (no file)
O9 - Extra 'Tools' menuitem: &FileLocator - {1537E842-0001-11D2-8059-111111111111} - (no file)
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
-
Hi again,
Close all browser windows, restart Hijack This and put a checkmark next to the following entries:
O4 - HKLM\..\Run: [Windows Streams Server] localsrv.exe
O4 - HKLM\..\Run: [dlite] dllmanager.exe
O4 - HKLM\..\Run: [Adobe] C:\WINDOWS\sysconfig.exe
O4 - HKLM\..\Run: [System Stats] SystemStat.exe
O4 - HKLM\..\RunServices: [dlite] dllmanager.exe
O4 - HKLM\..\RunServices: [System Stats] SystemStat.exe
O4 - HKLM\..\RunOnce: [dlite] dllmanager.exe
O4 - HKCU\..\Run: [dlite] dllmanager.exe
O4 - HKCU\..\Run: [System Stats] SystemStat.exe
O4 - HKCU\..\RunOnce: [dlite] dllmanager.exe
O9 - Extra button: MP3 - {1537E842-0000-11D2-8059-111111111111} - (no file)
O9 - Extra 'Tools' menuitem: &WinMp3Locator - {1537E842-0000-11D2-8059-111111111111} - (no file)
O9 - Extra button: Files - {1537E842-0001-11D2-8059-111111111111} - (no file)
O9 - Extra 'Tools' menuitem: &FileLocator - {1537E842-0001-11D2-8059-111111111111} - (no file)
Click Fix Checked
Then boot into Safe Mode and ensure that you are showing Hidden Files and Folders.
Delete the following files and folders:
C:\WINDOWS\System32\dllmanager.exe
C:\WINDOWS\sysconfig.exe
C:\WINDOWS\System32\SystemStat.exe
Reboot and post a fresh log
-
Owen,
Latest Log :
Logfile of HijackThis v1.98.2
Scan saved at 17:27:22, on 24/11/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\iexplore.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\WINDOWS\iexplorer.exe
C:\WINDOWS\secure.exe
C:\WINDOWS\System32\regscan.exe
C:\WINDOWS\System32\msnmsgrr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\Program Files\Internet Optimizer\actalert.exe
C:\WINDOWS\Explorer.EXE
C:\unzipped\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_p...ount_id=153341
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_p...ount_id=153341
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_p...ount_id=153341
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.co.uk/
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem302.dll
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Program Files\ISTbar\istbar.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [notepad.exe] C:\WINDOWS\iexplorer.exe
O4 - HKLM\..\Run: [taskmgr.exe] C:\WINDOWS\secure.exe
O4 - HKLM\..\Run: [Windows Registry Scan] regscan.exe
O4 - HKLM\..\Run: [blah service] msnmsgrr.exe
O4 - HKLM\..\Run: [nternet Explorer] iexplore.exe
O4 - HKLM\..\RunServices: [Windows Registry Scan] regscan.exe
O4 - HKLM\..\RunServices: [blah service] msnmsgrr.exe
O4 - HKLM\..\RunServices: [nternet Explorer] iexplore.exe
O4 - HKLM\..\RunOnce: [nternet Explorer] iexplore.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [nternet Explorer] iexplore.exe
O4 - HKCU\..\RunOnce: [nternet Explorer] iexplore.exe
O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe
O4 - Startup: Reboot.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwa...06_regular.cab
THX Steve
-
Close all browser windows, restart Hijack This and put a checkmark next to the following entries:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_...count_id=153341
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_...count_id=153341
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_...count_id=153341
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem302.dll
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Program Files\ISTbar\istbar.dll
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [notepad.exe] C:\WINDOWS\iexplorer.exe
O4 - HKLM\..\Run: [taskmgr.exe] C:\WINDOWS\secure.exe
O4 - HKLM\..\Run: [Windows Registry Scan] regscan.exe
O4 - HKLM\..\Run: [blah service] msnmsgrr.exe
O4 - HKLM\..\Run: [nternet Explorer] iexplore.exe
O4 - HKLM\..\RunServices: [Windows Registry Scan] regscan.exe
O4 - HKLM\..\RunServices: [blah service] msnmsgrr.exe
O4 - HKLM\..\RunServices: [nternet Explorer] iexplore.exe
O4 - HKLM\..\RunOnce: [nternet Explorer] iexplore.exe
O4 - HKCU\..\Run: [nternet Explorer] iexplore.exe
O4 - HKCU\..\RunOnce: [nternet Explorer] iexplore.exe
O4 - Startup: Reboot.exe
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softw...006_regular.cab
Click Fix Checked
Then boot into Safe Mode and ensure that you are showing Hidden Files and Folders.
Delete the following files and folders:
C:\Program Files\ISTbar
C:\Program Files\ISTsvc
C:\WINDOWS\iexplorer.exe
C:\WINDOWS\secure.exe
C:\WINDOWS\System32\regscan.exe
C:\WINDOWS\System32\msnmsgrr.exe
C:\WINDOWS\System32\iexplore.exe
C:\Program Files\SideFind
Go to Start> All Programs and look for something called Startup. Hover your mouse over Startup and if there is a file called Reboot there, right click it and select Delete.
Reboot and post a fresh log
-
Latest Log:
Logfile of HijackThis v1.98.2
Scan saved at 13:14:46, on 25/11/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\SystemStats.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\SystemStats.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\WINDOWS\Explorer.EXE
C:\unzipped\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.co.uk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [winlogin.exe] C:\WINDOWS\paino.exe
O4 - HKLM\..\Run: [System Stats] SystemStats.exe
O4 - HKLM\..\RunServices: [System Stats] SystemStats.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [System Stats] SystemStats.exe
O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
