tell wat to do hijacklog

**vicky_4949** · 16-07-2005

i want a solution for my problem as automaticly the windows opens search pages and that sort of things

Logfile of HijackThis v1.99.1
Scan saved at 3:58:49 AM, on 7/16/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\srv32.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\mouse.exe
D:\WINDOWS\System32\pctspk.exe
D:\WINDOWS\System32\PV92Tray.exe
D:\WINDOWS\System32\igfxtray.exe
D:\WINDOWS\System32\hkcmd.exe
D:\Program Files\ISTsvc\istsvc.exe
D:\WINDOWS\rsrbkkk.exe
D:\Program Files\Internet Optimizer\optimize.exe
D:\Program Files\Common Files\soft602\pdfSaver.exe
D:\Program Files\Messenger\msmsgs.exe
C:\Program Files\PDF\pdfSaver\pdfSaver3.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\cmd.exe
D:\Program Files\BullsEye Network\bin\bargains.exe
D:\WINDOWS\System32\wuauclt.exe
D:\WINDOWS\System32\mssetup32.exe
D:\Program Files\HijackThis.exe

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - D:\WINDOWS\nem220.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - D:\Program Files\GetRight\xx2gr.dll
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - D:\Program Files\SideFind\sfbho.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - D:\WINDOWS\System32\msbe.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ISTbar - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - D:\Program Files\ISTbar\istbarcm.dll
O4 - HKLM\..\Run: [mouse] mouse.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [PV92TRAY] PV92Tray.exe
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [IST Service] D:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [tQIdT0f8] D:\WINDOWS\rsrbkkk.exe
O4 - HKLM\..\Run: [Internet Optimizer] "D:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [BullsEye Network] D:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [Power Scan] D:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [602PC SUITE PDF Saver] "D:\Program Files\Common Files\soft602\pdfSaver.exe"
O4 - HKLM\..\Run: [Microsoft Update 32] mssetup32.exe
O4 - HKLM\..\RunServices: [mouse] mouse.exe
O4 - HKLM\..\RunServices: [Microsoft Update 32] mssetup32.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [pdfSaver3] "c:\Program Files\PDF\pdfSaver\pdfSaver3.exe"
O8 - Extra context menu item: Download with GetRight - D:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - D:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - D:\Program Files\SideFind\sidefind.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_cracks.cab
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {CDCBE0F1-D13A-4F86-A963-3A272D3ABA7E} (VacPro.internazionale_ver15) - http://advnt01.com/dialer/internazionale_ver15.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{EC60FDF0-735C-4EA3-84EC-A5F0D53A45E7}: NameServer = 202.138.97.193 202.138.96.2
O20 - Winlogon Notify: igfxcui - D:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Srv32 - Unknown owner - D:\WINDOWS\system32\srv32.exe
O23 - Service: SuperProServer - Unknown owner - C:\Tally631\spnsrvnt.exe (file missing)

sir plz reply

**HJThis** · 16-07-2005

Hello,vicky_4949 & Welcome

Press control-alt-delete to get into the task manager and end the follow processes if they exist:
srv32.exe
mouse.exe
istsvc.exe
rsrbkkk.exe
optimize.exe
bargains.exe
powerscan.exe
mssetup32.exe

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. if it is uncheck it and try again.

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:
IST Service
Internet Optimizer
BullsEye Network
Power Scan
SideFind

Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - D:\WINDOWS\nem220.dll
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - D:\Program Files\SideFind\sfbho.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - D:\WINDOWS\System32\msbe.dll
O3 - Toolbar: ISTbar - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - D:\Program Files\ISTbar\istbarcm.dll

O4 - HKLM\..\Run: [mouse] mouse.exe
O4 - HKLM\..\Run: [IST Service] D:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [tQIdT0f8] D:\WINDOWS\rsrbkkk.exe
O4 - HKLM\..\Run: [Internet Optimizer] "D:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [BullsEye Network] D:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [Power Scan] D:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [Microsoft Update 32] mssetup32.exe
O4 - HKLM\..\RunServices: [mouse] mouse.exe
O4 - HKLM\..\RunServices: [Microsoft Update 32] mssetup32.exe

O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - D:\Program Files\SideFind\sidefind.dll

O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)

O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_cracks.cab
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolbar.com/ist/softwa...06_regular.cab
O16 - DPF: {CDCBE0F1-D13A-4F86-A963-3A272D3ABA7E} (VacPro.internazionale_ver15) - http://advnt01.com/dialer/internazionale_ver15.CAB

O23 - Service: Srv32 - Unknown owner - D:\WINDOWS\system32\srv32.exe

Make sure you can view hidden and system files: Instructions here

Then Boot to safe mode: Instructions here

Delete the following files\folders IF still present:
D:\WINDOWS\nem220.dll<--This file
D:\Program Files\SideFind\<--This folder
D:\WINDOWS\System32\msbe.dll<--This file
D:\Program Files\ISTbar\<--This folder
D:\Program Files\ISTsvc\<--This folder
D:\Program Files\Internet Optimizer\<--This folder
D:\Program Files\BullsEye Network\<--This folder
D:\Program Files\Power Scan\<--This folder
D:\WINDOWS\system32\srv32.exe<--This file

Still in Safe Mode do a file Search for these here if found delete them
mouse.exe
mssetup32.exe

Then do a reboot till us how it is & show new logfile.

HGD

tell wat to do hijacklog

tell wat to do hijacklog

Similar Threads

[Resolved] Hijacklog

Plz check this hijacklog thanks

Can look at my HiJackLog

help here's my copy of hijacklog

I think I have a virus can you look at my hijacklog