• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
spyderman

Internet optimizer, traffic marketplace, et al

16 posts in this topic

Pleeeeaasssseee. Somebody help me. I can't even get to the self help link here...I get hijacked everytime. I've run Spybot, Adware, Adbuster and Trojan Hunter. They all find something but the problems persist.

 

Here is my Hijack this log.

 

Logfile of HijackThis v1.97.7

Scan saved at 10:05:21 PM, on 7/25/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe

C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE

C:\WINDOWS\System32\CTHELPER.EXE

C:\Program Files\WinFast\WFTVFM\WFWIZ.exe

C:\Program Files\Canon\MultiPASS4\monitr32.exe

C:\WINDOWS\System32\fxredir.exe

C:\PROGRA~1\Canon\MULTIP~1\mptbox.exe

C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe

C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\System32\jssovuwq.exe

C:\documents and settings\bret\local settings\temp\LTM0N3.exe

C:\documents and settings\bret\local settings\temp\5rwjV9ILk.exe

C:\documents and settings\bret\local settings\temp\B.exe

C:\WINDOWS\System32\dp-him.exe

C:\WINDOWS\System32\rundll32.exe

C:\WINDOWS\uptodate.exe

C:\WINDOWS\System32\lfw2disp.exe

C:\Program Files\AutoUpdate\AutoUpdate.exe

C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\SysAI\SysAI.exe

C:\WINDOWS\System32\hhsmeng.exe

C:\Palm\HOTSYNC.EXE

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\_28599c.exe

C:\HJT\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\SearchBar.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?hklm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by @Home Network Version 1.7

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: (no name) - SOFTWARE - (no file)

O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem219.dll

O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file)

O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Program Files\SysAI\AproposPlugin.dll

O2 - BHO: (no name) - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {2CF0B992-5EEB-4143-99C0-5297EF71F443} - C:\WINDOWS\System32\stlbdist.DLL

O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll (file missing)

O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem218.dll

O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\System32\bridge.dll

O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll

O2 - BHO: WinPage Affiliate - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Bret\Local Settings\Temp\Z.dll

O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem218.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

O3 - Toolbar: Search - {2CF0B992-5EEB-4143-99C0-5297EF71F444} - C:\WINDOWS\System32\stlbdist.DLL

O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL

O4 - HKLM\..\Run: [sBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe

O4 - HKLM\..\Run: [monitr32] C:\Program Files\Canon\MultiPASS4\monitr32.exe

O4 - HKLM\..\Run: [fxredir] C:\WINDOWS\System32\fxredir.exe

O4 - HKLM\..\Run: [MPTBox] C:\PROGRA~1\Canon\MULTIP~1\mptbox.exe

O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"

O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [adjkyhifadyk] C:\WINDOWS\System32\jssovuwq.exe

O4 - HKLM\..\Run: [LTM0N3.exe] C:\documents and settings\bret\local settings\temp\LTM0N3.exe

O4 - HKLM\..\Run: [5rwjV9ILk.exe] C:\documents and settings\bret\local settings\temp\5rwjV9ILk.exe

O4 - HKLM\..\Run: [b.exe] C:\documents and settings\bret\local settings\temp\B.exe

O4 - HKLM\..\Run: [bakra] C:\WINDOWS\System32\IEHost.exe

O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-him.exe

O4 - HKLM\..\Run: [{2CF0B992-5EEB-4143-99C0-5297EF71F444}] rundll32.exe C:\WINDOWS\System32\stlbdist.DLL,DllRunMain

O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINDOWS\uptodate.exe

O4 - HKLM\..\Run: [33oS38g] lfw2disp.exe

O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.exe"

O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load

O4 - HKLM\..\Run: [_28599c] C:\WINDOWS\System32\_28599c.exe

O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [i072RUM3V] hhsmeng.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)

O9 - Extra button: Related (HKLM)

O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/0408a894260879...ip/RdxIE601.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8045.8686111111

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {DC765522-D5BE-49C9-AF5F-8C715A44BA28} (MS Investor Ticker) - http://fdl.msn.com/public/investor/v9.5/ticker.cab

O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v13/ticker.cab

 

Any advice on avoiding this in the future would be wonderful too.

 

Thanks,

Bret

Share this post


Link to post
Share on other sites

Hi,

First thing to do is ... (print this out!)

 

Uninstall SysAI icon11.giffrom here

 

Next:

 

Download icon11.gifPeper Trojan Remover

Double-click to run and follow the prompts.

 

Next:

 

Update Ad-aware's Reference File: instructions icon11.gifhere

 

Required Step: icon11.gifReconfigure Ad-Aware for Full Scan

 

Note: do not run Ad-Aware yet, just update and reconfigure.

 

Next:

 

Reconfigure Windows Explorer to show Hidden Files: [required step]

Open the Windows Explorer | Tools | Folder Options - View [tab]:

 

Scroll down to the "Files and Folders" section.

Select: "Display the contents of system folders".

 

Scroll down to the "Hidden Files and Folders" section.

Select: "Show hidden files and folders", Ok the prompt

Uncheck: "Hide file extensions for known file types"

Uncheck: "Hide protected operating system files" Ok the Prompt, click Apply

 

Click the "Apply to all Folders" button. Close Windows Explorer.

 

Next:

 

Close all open programs and browsers, rescan with HijackThis

Place a check in each of the following then click "Fix checked".

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\SearchBar.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?hklm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: (no name) - SOFTWARE - (no file)

O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem219.dll

O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file)

O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Program Files\SysAI\AproposPlugin.dll

O2 - BHO: (no name) - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)

O2 - BHO: (no name) - {2CF0B992-5EEB-4143-99C0-5297EF71F443} - C:\WINDOWS\System32\stlbdist.DLL

O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll (file missing)

O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem218.dll

O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\System32\bridge.dll

O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll

O2 - BHO: WinPage Affiliate - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Bret\Local Settings\Temp\Z.dll

O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem218.dll

O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

O3 - Toolbar: Search - {2CF0B992-5EEB-4143-99C0-5297EF71F444} - C:\WINDOWS\System32\stlbdist.DLL

O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll

O4 - HKLM\..\Run: [adjkyhifadyk] C:\WINDOWS\System32\jssovuwq.exe

O4 - HKLM\..\Run: [LTM0N3.exe] C:\documents and settings\bret\local settings\temp\LTM0N3.exe

O4 - HKLM\..\Run: [5rwjV9ILk.exe] C:\documents and settings\bret\local settings\temp\5rwjV9ILk.exe

O4 - HKLM\..\Run: [b.exe] C:\documents and settings\bret\local settings\temp\B.exe

O4 - HKLM\..\Run: [bakra] C:\WINDOWS\System32\IEHost.exe

O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-him.exe

O4 - HKLM\..\Run: [{2CF0B992-5EEB-4143-99C0-5297EF71F444}] rundll32.exe C:\WINDOWS\System32\stlbdist.DLL,DllRunMain

O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINDOWS\uptodate.exe

O4 - HKLM\..\Run: [33oS38g] lfw2disp.exe

O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"

O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load

O4 - HKLM\..\Run: [_28599c] C:\WINDOWS\System32\_28599c.exe

O4 - HKCU\..\Run: [i072RUM3V] hhsmeng.exe

O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/0408a894260879...ip/RdxIE601.cab

 

Then reboot, on restart, restart in Safe Mode [required step - see "How To" below]

 

Start | Run (type) "%temp%" (no quotes)

Completely delete the entire contents of that "temp" folder.

 

Open Windows Explorer locate and delete the following:

 

C:\Program Files\AutoUpdate <--this folder

C:\Program Files\SysAI <--this folder

C:\Program Files\SEP <--this folder

C:\WINDOWS\System32\jssovuwq.exe <--this file

C:\WINDOWS\System32\dp-him.exe <--this file

C:\WINDOWS\uptodate.exe <--this file

C:\WINDOWS\System32\lfw2disp.exe <--this file

C:\WINDOWS\System32\_28599c.exe <--this file

C:\WINDOWS\System32\SearchBar.htm <--this file

C:\WINDOWS\nem219.dll <--this file

C:\WINDOWS\System32\stlbdist.DLL <--this file

C:\WINDOWS\wsem218.dll <--this file

C:\WINDOWS\System32\bridge.dll <--this file

C:\WINDOWS\nem218.dll <--this file

C:\WINDOWS\System32\IEHost.exe <--this file

hhsmeng.exe <--this file

Note: locate "hhsmeng.exe" via Start > Search > Advanced Options

 

While still in Safe Mode, run Ad-Aware and fix everything it finds.

 

Restart normally and then ... Download icon11.gifHijackThis! 1.98

 

After the above, reboot, rescan with HijackThis and post a fresh log ...

Share this post


Link to post
Share on other sites

Thanks so much for the help.

 

I think I've done everything. There was a lot of crap on the adware. Over 300 items. Sheesh

 

Anyway, here's my updated log.

 

Logfile of HijackThis v1.98.0

Scan saved at 5:34:22 PM, on 7/26/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe

C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE

C:\WINDOWS\System32\CTHELPER.EXE

C:\Program Files\WinFast\WFTVFM\WFWIZ.exe

C:\Program Files\Canon\MultiPASS4\monitr32.exe

C:\WINDOWS\System32\fxredir.exe

C:\PROGRA~1\Canon\MULTIP~1\mptbox.exe

C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe

C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\System32\rexmapi.exe

C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\System32\tsamsp.exe

C:\Palm\HOTSYNC.EXE

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\HJT\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by @Home Network Version 1.7

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R3 - Default URLSearchHook is missing

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL

O4 - HKLM\..\Run: [sBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe

O4 - HKLM\..\Run: [monitr32] C:\Program Files\Canon\MultiPASS4\monitr32.exe

O4 - HKLM\..\Run: [fxredir] C:\WINDOWS\System32\fxredir.exe

O4 - HKLM\..\Run: [MPTBox] C:\PROGRA~1\Canon\MULTIP~1\mptbox.exe

O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"

O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.exe"

O4 - HKLM\..\Run: [33oS38g] rexmapi.exe

O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [i072RUM3V] tsamsp.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O16 - DPF: {DC765522-D5BE-49C9-AF5F-8C715A44BA28} (MS Investor Ticker) - http://fdl.msn.com/public/investor/v9.5/ticker.cab

O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v13/ticker.cab

 

 

I'll start browsing and see how she goes.

Share this post


Link to post
Share on other sites

Hi,

Close all open programs and browsers, rescan with HijackThis

Place a check in each of the following then click "Fix checked".

 

R3 - Default URLSearchHook is missing

O4 - HKLM\..\Run: [33oS38g] rexmapi.exe

O4 - HKCU\..\Run: [i072RUM3V] tsamsp.exe

 

Then reboot, on restart, restart in Safe Mode [required step - see "How To" below]

 

Start | Run (type) "%temp%" (no quotes)

Completely delete the entire contents of that "temp" folder.

 

Open Windows Explorer locate and delete the following:

 

C:\WINDOWS\System32\tsamsp.exe <--this file

C:\WINDOWS\System32\rexmapi.exe <--this file

 

After the above, reboot, rescan with HijackThis and post a fresh log ...

Share this post


Link to post
Share on other sites

O4 - HKLM\..\Run: [33oS38g] rexmapi.exe and

O4 - HKCU\..\Run: [i072RUM3V] tsamsp.exe

weren't there. the numbers in brackets were but not the files indicated.

I couldn't find them in windows explorer either.

The same thing happened last time. It's like it changes the file everytime I go in.

 

Anyway, here is my new log.

 

Thanks again for you help. My computer is already running much better.

 

 

 

 

 

Logfile of HijackThis v1.97.7

Scan saved at 8:18:38 PM, on 7/26/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe

C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE

C:\WINDOWS\System32\CTHELPER.EXE

C:\Program Files\WinFast\WFTVFM\WFWIZ.exe

C:\Program Files\Canon\MultiPASS4\monitr32.exe

C:\WINDOWS\System32\fxredir.exe

C:\PROGRA~1\Canon\MULTIP~1\mptbox.exe

C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe

C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\AutoUpdate\AutoUpdate.exe

C:\WINDOWS\System32\wsnscfg.exe

C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\System32\atlnls.exe

C:\Palm\HOTSYNC.EXE

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\SysAI\SysAI.exe

C:\Documents and Settings\Bret\Desktop\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by @Home Network Version 1.7

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Program Files\SysAI\AproposPlugin.dll

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL

O4 - HKLM\..\Run: [sBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe

O4 - HKLM\..\Run: [monitr32] C:\Program Files\Canon\MultiPASS4\monitr32.exe

O4 - HKLM\..\Run: [fxredir] C:\WINDOWS\System32\fxredir.exe

O4 - HKLM\..\Run: [MPTBox] C:\PROGRA~1\Canon\MULTIP~1\mptbox.exe

O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"

O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.exe"

O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"

O4 - HKLM\..\Run: [33oS38g] wsnscfg.exe

O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [i072RUM3V] atlnls.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8045.8686111111

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {DC765522-D5BE-49C9-AF5F-8C715A44BA28} (MS Investor Ticker) - http://fdl.msn.com/public/investor/v9.5/ticker.cab

O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v13/ticker.cab

Share this post


Link to post
Share on other sites

Hi,

Looks like you got infected again:

 

Uninstall SysAI icon11.giffrom here

 

Next:

 

Go to icon11.gifJotti's Malware Scanner

Click Browse, navigate to C:\WINDOWS\System32\wsnscfg.exe

Highlight (single-click) and click Submit

Wait for the results, if "detected\infected" copy and paste the info in your next post.

 

Repeat the steps and submit: C:\WINDOWS\System32\atlnls.exe

 

After the above ... open the Task Manager

Highlight each of the below files and End Task on each

Then delete using Windows Explorer (with "Hidden Files Enabled" - see above)

 

Then download HijackThis 1.98 (as previously requested)

Note: do not post a new log yet, just report back on the Scanner findings.

Share this post


Link to post
Share on other sites

I could not find C:\WINDOWS\System32\wsnscfg.exe

 

Here's the result for atlnls.exe:

 

Service load: 0% 100%

 

File: atlnls.exe

Status: INFECTED/MALWARE

Packers detected: None

 

AntiVir No viruses found (2.46 seconds taken)

BitDefender No viruses found (4.86 seconds taken)

ClamAV No viruses found (10.49 seconds taken)

Dr.Web Trojan.AproposAd (11.45 seconds taken)

F-Prot Antivirus No viruses found (0.84 seconds taken)

F-Secure Anti-Virus TrojanDownloader.Win32.Apropo.f (8.76 seconds taken)

Kaspersky Anti-Virus TrojanDownloader.Win32.Apropo.f (10.61 seconds taken)

McAfee VirusScan No viruses found (3.91 seconds taken)

Norman Virus Control No viruses found (16.02 seconds taken)

 

I noticed some other items in Task manager and Add/Remove programs such as

autoupdate.exe and "sep", "iehost"

 

Don't know why the last hijack was wrong version...I had downloaded 1.98 and had posted it previously. Got it now though.

 

Thanks.

Share this post


Link to post
Share on other sites

Hi,

I could not find C:\WINDOWS\System32\wsnscfg.exe
Let's make sure Hidden Files are enabled ...

 

atb_help.gifReconfigure Windows Explorer to show Hidden Files: [required step]

Open the Windows Explorer | Tools | Folder Options - View [tab]:

 

Scroll down to the "Files and Folders" section.

Select: "Display the contents of system folders".

 

Scroll down to the "Hidden Files and Folders" section.

Select: "Show hidden files and folders", Ok the prompt

Uncheck: "Hide file extensions for known file types"

Uncheck: "Hide protected operating system files" Ok the Prompt, click Apply

 

Click the "Apply to all Folders" button. Close Windows Explorer.

 

Note: that set of files may be renaming themselves on reboot?

 

I noticed some other items in Task manager and Add/Remove

For the items in Add Remove ...

 

Start | Run (type) regedit

Navigate to the following location:

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

 

Scroll down the left pane, highlight the desired entry.

Right-click and select: Delete, close Regedit.

 

For the (undesired) items in Task Manager:

Highlight each, then End Task, then delete via Windows Explorer.

 

TrojanDownloader.Win32.Apropo.f
Ad-Aware should take care of that one.

 

After the above post a fresh log and we'll see what's left ...

Share this post


Link to post
Share on other sites

Hello again,

 

Ran through the items you indicated. Hidden files were already showing.

 

Ran adaware. Got another 164 items.

 

Here's my current log.

 

Thanks again,

 

 

Logfile of HijackThis v1.98.0

Scan saved at 8:14:06 AM, on 7/28/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe

C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE

C:\WINDOWS\System32\CTHELPER.EXE

C:\Program Files\WinFast\WFTVFM\WFWIZ.exe

C:\Program Files\Canon\MultiPASS4\monitr32.exe

C:\WINDOWS\System32\fxredir.exe

C:\PROGRA~1\Canon\MULTIP~1\mptbox.exe

C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe

C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE

C:\Program Files\Messenger\msmsgs.exe

C:\Palm\HOTSYNC.EXE

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\HJT\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by @Home Network Version 1.7

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R3 - Default URLSearchHook is missing

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL

O4 - HKLM\..\Run: [sBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe

O4 - HKLM\..\Run: [monitr32] C:\Program Files\Canon\MultiPASS4\monitr32.exe

O4 - HKLM\..\Run: [fxredir] C:\WINDOWS\System32\fxredir.exe

O4 - HKLM\..\Run: [MPTBox] C:\PROGRA~1\Canon\MULTIP~1\mptbox.exe

O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"

O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.exe"

O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [i072RUM3V] atlnls.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O16 - DPF: {DC765522-D5BE-49C9-AF5F-8C715A44BA28} (MS Investor Ticker) - http://fdl.msn.com/public/investor/v9.5/ticker.cab

O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v13/ticker.cab

Share this post


Link to post
Share on other sites

Hi,

Close all open programs and browsers, rescan with HijackThis

Place a check in each of the following then click "Fix checked".

 

R3 - Default URLSearchHook is missing

O4 - HKCU\..\Run: [i072RUM3V] atlnls.exe

 

Then reboot, on restart, restart in Safe Mode [required step - see "How To" below]

 

Start | Run (type) "%temp%" (no quotes)

Completely delete the entire contents of that "temp" folder.

 

Open Windows Explorer locate and delete the following:

 

atlnls.exe <--this file

Locate via Start > Search > Advanced Options

 

While still in Safe Mode, run Ad-Aware and fix everything it finds.

 

After the above, reboot, rescan with HijackThis and post a fresh log ...

Share this post


Link to post
Share on other sites

Hello,

 

Okay, here she goes again.

 

 

Thanks much.

 

Logfile of HijackThis v1.98.0

Scan saved at 4:31:34 PM, on 7/28/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe

C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE

C:\WINDOWS\System32\CTHELPER.EXE

C:\Program Files\WinFast\WFTVFM\WFWIZ.exe

C:\Program Files\Canon\MultiPASS4\monitr32.exe

C:\WINDOWS\System32\fxredir.exe

C:\PROGRA~1\Canon\MULTIP~1\mptbox.exe

C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe

C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE

C:\Program Files\Messenger\msmsgs.exe

C:\Palm\HOTSYNC.EXE

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\msagent\AgentSvr.exe

C:\HJT\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by @Home Network Version 1.7

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL

O4 - HKLM\..\Run: [sBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe

O4 - HKLM\..\Run: [monitr32] C:\Program Files\Canon\MultiPASS4\monitr32.exe

O4 - HKLM\..\Run: [fxredir] C:\WINDOWS\System32\fxredir.exe

O4 - HKLM\..\Run: [MPTBox] C:\PROGRA~1\Canon\MULTIP~1\mptbox.exe

O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"

O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.exe"

O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O16 - DPF: {DC765522-D5BE-49C9-AF5F-8C715A44BA28} (MS Investor Ticker) - http://fdl.msn.com/public/investor/v9.5/ticker.cab

O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v13/ticker.cab

Share this post


Link to post
Share on other sites

Hi,

Your log looks clean now ... good job!

 

Last Step:

 

1) Empty the Recycle Bin

2) 2) "Flush System Restore" (see "How To" below)

Basically turn off System Restore, reboot, run a full Antivirus scan, reboot and turn System Restore back on and create a new Restore Point.

 

You do not seem to have any Antivirus running? (bad idea)

Download icon11.gifAVG 6.0 Anti Virus [freeware]

 

I would suggest adding some "Defense" to your system ...

atb_help.gifHow To: Prevent this from happening again? :wave:

Share this post


Link to post
Share on other sites

Glad we could help. :)

 

If you need this topic reopened, please request this by sending the moderating team an email with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0