Can Somebody please help with my Hijack this Log ??? (Resolved)

  1. 23-10-2004  #1
    ViperGirl
    ViperGirl is offline Newbie

    Can Somebody please help with my Hijack this Log ??? (Resolved)

    Logfile of HijackThis v1.98.2
    Scan saved at 9:39:13, on 23-10-2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\AVPersonal\AVGUARD.EXE
    C:\Program Files\AVPersonal\AVWUPSRV.EXE
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\pctspk.exe
    C:\Program Files\Creative\ShareDLL\CtNotify.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\WINDOWS\system32\crsss.exe
    C:\WINDOWS\system32\winmplayer.exe
    C:\WINDOWS\system32\msnmesengers.exe
    C:\WINDOWS\system32\crsss64.exe
    C:\Program Files\Creative\ShareDLL\MediaDet.Exe
    C:\Program Files\AVPersonal\AVGNT.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Documents and Settings\martin Hage\Mijn documenten\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.nl/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
    O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE /run
    O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
    O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [423DF92C] C:\WINDOWS\System32\uoqucn.exe
    O4 - HKLM\..\Run: [MS Sound Config 16bit] sndcfg16.exe
    O4 - HKLM\..\Run: [WindowsRegKey update] winupdatexx.exe
    O4 - HKLM\..\Run: [System Uptime Server] sysentry32.exe
    O4 - HKLM\..\Run: [update service] winu32.exe
    O4 - HKLM\..\Run: [msupdates] msupdt.exe
    O4 - HKLM\..\Run: [Windows media service] crsss.exe
    O4 - HKLM\..\Run: [Microsoft media services] winmplayer.exe
    O4 - HKLM\..\Run: [MSN] msnmesengers.exe
    O4 - HKLM\..\Run: [CRC Value Verifier] crsss64.exe
    O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
    O4 - HKLM\..\RunServices: [ADE16EDD] C:\WINDOWS\System32\uoqucn.exe
    O4 - HKLM\..\RunServices: [MS Sound Config 16bit] sndcfg16.exe
    O4 - HKLM\..\RunServices: [WindowsRegKey update] winupdatexx.exe
    O4 - HKLM\..\RunServices: [System Uptime Server] sysentry32.exe
    O4 - HKLM\..\RunServices: [update service] winu32.exe
    O4 - HKLM\..\RunServices: [msupdates] msupdt.exe
    O4 - HKLM\..\RunServices: [Windows media service] crsss.exe
    O4 - HKLM\..\RunServices: [Microsoft media services] winmplayer.exe
    O4 - HKLM\..\RunServices: [MSN] msnmesengers.exe
    O4 - HKLM\..\RunServices: [CRC Value Verifier] crsss64.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [wglet.exe] C:\WINDOWS\System32\dfshf.exe
    O4 - HKCU\..\Run: [MS Sound Config 16bit] sndcfg16.exe
    O4 - HKCU\..\Run: [WindowsRegKey update] winupdatexx.exe
    O4 - HKCU\..\Run: [MSN] msnmesengers.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\RunServices: [MSN] msnmesengers.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.msn.nl/
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_fi...ce39e343d9492c
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1098436393945
    O16 - DPF: {8F497A54-06E8-4F43-B5C8-56C713784909} (MigrateMain Control) - http://kitcentral.wanadoo.nl/downloa...te/migrate.ocx



    Thanks up front for helping out !!
  2. 23-10-2004  #2
    Bear
    Bear is offline D-A-L Elite Member
    Please follow all of Owen's instructions HERE once you have completed that post a fresh log
  3. 23-10-2004  #3
    ViperGirl
    ViperGirl is offline Newbie
    Have followed the intructions on that page and after that I have post this log ?? So I really don't know what to do else anymore ??
  4. 23-10-2004  #4
    D-A-L
    D-A-L is offline D-A-L Administrator
    Somone will help you shortly ViperGirl
  5. 23-10-2004  #5
    ViperGirl
    ViperGirl is offline Newbie
    That would be very nice Thank you up front !!!

    Hugss ViperGirl
  6. 23-10-2004  #6
    owen
    owen is offline D-A-L Team Member (UK)
    You were asked to follow the instructions again because a lot of people don't follow them and you didn't tell us what you had done and checked.

    Close all browser windows, restart Hijack This and put a checkmark next to the following entries:

    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [423DF92C] C:\WINDOWS\System32\uoqucn.exe
    O4 - HKLM\..\Run: [MS Sound Config 16bit] sndcfg16.exe
    O4 - HKLM\..\Run: [WindowsRegKey update] winupdatexx.exe
    O4 - HKLM\..\Run: [System Uptime Server] sysentry32.exe
    O4 - HKLM\..\Run: [update service] winu32.exe
    O4 - HKLM\..\Run: [msupdates] msupdt.exe
    O4 - HKLM\..\Run: [Windows media service] crsss.exe
    O4 - HKLM\..\Run: [Microsoft media services] winmplayer.exe
    O4 - HKLM\..\Run: [MSN] msnmesengers.exe
    O4 - HKLM\..\Run: [CRC Value Verifier] crsss64.exe
    O4 - HKLM\..\RunServices: [ADE16EDD] C:\WINDOWS\System32\uoqucn.exe
    O4 - HKLM\..\RunServices: [MS Sound Config 16bit] sndcfg16.exe
    O4 - HKLM\..\RunServices: [WindowsRegKey update] winupdatexx.exe
    O4 - HKLM\..\RunServices: [System Uptime Server] sysentry32.exe
    O4 - HKLM\..\RunServices: [update service] winu32.exe
    O4 - HKLM\..\RunServices: [msupdates] msupdt.exe
    O4 - HKLM\..\RunServices: [Windows media service] crsss.exe
    O4 - HKLM\..\RunServices: [Microsoft media services] winmplayer.exe
    O4 - HKLM\..\RunServices: [MSN] msnmesengers.exe
    O4 - HKLM\..\RunServices: [CRC Value Verifier] crsss64.exe
    O4 - HKCU\..\Run: [wglet.exe] C:\WINDOWS\System32\dfshf.exe
    O4 - HKCU\..\Run: [MS Sound Config 16bit] sndcfg16.exe
    O4 - HKCU\..\Run: [WindowsRegKey update] winupdatexx.exe
    O4 - HKCU\..\Run: [MSN] msnmesengers.exe
    O4 - HKCU\..\RunServices: [MSN] msnmesengers.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...3ce39e343d9492c

    Click Fix Checked

    Then boot into Safe Mode and ensure that you are showing Hidden Files and Folders.

    Delete the following files:
    C:\WINDOWS\System32\uoqucn.exe
    C:\WINDOWS\system32\crsss.exe
    C:\WINDOWS\system32\winmplayer.exe
    C:\WINDOWS\system32\msnmesengers.exe
    C:\WINDOWS\system32\crsss64.exe
    C:\WINDOWS\System32\dfshf.exe

    Go to Start> Search and search for Files and Folders. Ensure you include Hidden Files in your search. Search for and delete the following files and folders:

    sndcfg16.exe
    winupdatexx.exe
    sysentry32.exe
    winu32.exe
    msupdt.exe

    Reboot and post a fresh log
  7. 24-10-2004  #7
    ViperGirl
    ViperGirl is offline Newbie
    Sorry about the fact I didn't tell what I had done. My English is a bit rusty so I was glad to write the first line

    Thank you very much for the work you have done for me. I will try it later today and let you see my fresh Hijack Log

    Hugss ViperGirl
  8. 24-10-2004  #8
    ViperGirl
    ViperGirl is offline Newbie
    OK dear readers and helpers.

    I have done the things above. This is my new hijack Log

    Logfile of HijackThis v1.98.2
    Scan saved at 11:25:20, on 24-10-2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\AVPersonal\AVGUARD.EXE
    C:\Program Files\AVPersonal\AVWUPSRV.EXE
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\pctspk.exe
    C:\Program Files\Creative\ShareDLL\CtNotify.exe
    C:\Program Files\AVPersonal\AVGNT.EXE
    C:\WINDOWS\system32\msnmesengers.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Creative\ShareDLL\MediaDet.Exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\martin Hage\Mijn documenten\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.nl/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
    O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE /run
    O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
    O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
    O4 - HKLM\..\Run: [MSN] msnmesengers.exe
    O4 - HKLM\..\RunServices: [MSN] msnmesengers.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [MSN] msnmesengers.exe
    O4 - HKCU\..\RunServices: [MSN] msnmesengers.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.msn.nl/
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1098436393945
    O16 - DPF: {8F497A54-06E8-4F43-B5C8-56C713784909} (MigrateMain Control) - http://kitcentral.wanadoo.nl/downloa...te/migrate.ocx



    I didn't Delete the following files:
    C:\WINDOWS\System32\uoqucn.exe
    C:\WINDOWS\system32\crsss.exe
    C:\WINDOWS\system32\winmplayer.exe
    C:\WINDOWS\system32\msnmesengers.exe
    C:\WINDOWS\system32\crsss64.exe
    C:\WINDOWS\System32\dfshf.exe

    Go to Start> Search and search for Files and Folders. Ensure you include Hidden Files in your search. Search for and delete the following files and folders:

    sndcfg16.exe
    winupdatexx.exe
    sysentry32.exe
    winu32.exe
    msupdt.exe

    Because I couldn't find them. I have did that thing with hidden files / folders so I don't know if that's good or not ?

    I hope to hear from you again Till then thanks for everything !!

    Hugs ViperGirl
  9. 24-10-2004  #9
    owen
    owen is offline D-A-L Team Member (UK)
    From the Netherlands I guess? Its not always easy to tell which language people speak.

    Close all browser windows, restart Hijack This and put a checkmark next to the following entries:

    O4 - HKLM\..\Run: [MSN] msnmesengers.exe
    O4 - HKLM\..\RunServices: [MSN] msnmesengers.exe
    O4 - HKCU\..\Run: [MSN] msnmesengers.exe
    O4 - HKCU\..\RunServices: [MSN] msnmesengers.exe

    Click Fix Checked

    Reboot and post a fresh log
  10. 24-10-2004  #10
    ViperGirl
    ViperGirl is offline Newbie
    Save 20% on AVG Internet Security 2012 Suite!
    Yes Indeed I'm from the Netherlands Good guess And I'm a woman too, so not that smart hihih Oh and before I forget, blonde too !!! Well you should have a lot of patience to help me out here ??

    Well did and done the thing you said, so here is my fresh log again :

    Logfile of HijackThis v1.98.2
    Scan saved at 11:49:26, on 24-10-2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AVPersonal\AVGUARD.EXE
    C:\Program Files\AVPersonal\AVWUPSRV.EXE
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\pctspk.exe
    C:\Program Files\Creative\ShareDLL\CtNotify.exe
    C:\Program Files\AVPersonal\AVGNT.EXE
    C:\WINDOWS\system32\msnmesengers.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\msnmesengers.exe
    C:\Program Files\Creative\ShareDLL\MediaDet.Exe
    C:\Documents and Settings\martin Hage\Mijn documenten\hijackthis\HijackThis.exe
    C:\WINDOWS\system32\wuauclt.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.nl/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
    O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE /run
    O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
    O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
    O4 - HKLM\..\Run: [MSN] msnmesengers.exe
    O4 - HKLM\..\RunServices: [MSN] msnmesengers.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [MSN] msnmesengers.exe
    O4 - HKCU\..\RunServices: [MSN] msnmesengers.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.msn.nl/
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1098436393945
    O16 - DPF: {8F497A54-06E8-4F43-B5C8-56C713784909} (MigrateMain Control) - http://kitcentral.wanadoo.nl/downloa...te/migrate.ocx



    Is it any good ???

    Thanks again

    Hugss ViperGirl
Closed Thread
Page 1 of 2 1 2 LastLast
« even more about:blank (Resolved) | xabot (Resolved) »