|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
![]() |
|
Topic Tools |
#1
|
|||
|
|||
![]() ![]() Scan saved at 11:59:02 AM, on 5/14/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\essspk.exe C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe C:\Documents and Settings\feray.CANIM-WB4IPD8VN\My Documents\MsgPlus.exe C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-au\msnappau.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.ninemsn.com.au/0SEENAU/SAOS01 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com.au/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_5 _7_0.dll O2 - BHO: (no name) - {5C71BE13-D61B-3BCD-ECB7-44A78F4FEBE9} - C:\DOCUME~1\FERAY~1.CAN\APPLIC~1\SKIPAI~1\GRAM2.ex e O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-au\msntb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: ninemsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-au\msntb.dll O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_5 _7_0.dll O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Documents and Settings\feray.CANIM-WB4IPD8VN\My Documents\MsgPlus.exe" O4 - HKLM\..\Run: [BaitDebugSeekPoke] C:\Documents and Settings\All Users.WINDOWS\Application Data\tonseggsbaitdebug\inter type.exe O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-au\msnappau.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O4 - Startup: ubisoft register.lnk = C:\Program Files\Ubi Soft\Register\schedule.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4992395B-E08C-4FAC-9B01-D0B3E8A115B5}: NameServer = 203.134.24.70 203.134.26.70 O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe still lurking, can someone check my log and help me |
#2
|
||||
|
||||
fezzy, welcome to CTH.
![]() I will be helping you with your log. I will take a look at everything I see and be back as soon as possible with help for you. Please note that I am currently in training, therefore I must check with the experts before instructing you to make any changes to your log. Back soon. ![]() |
#3
|
||||
|
||||
fezzy, thank you for your patience. Follow these instructions in the order they are listed and we should have you cleaned up in no time.
![]() First, click Start > Settings > Control Panel > Add or Remove Programs, and see if Window Search is in the list. If so, click Change/Remove beside it to uninstall. You should be given a security code to enter, do so and reboot before continuing. Also, if Window Search is not in the list, click here to download the uninstaller and run it before moving on. Also, I recommend uninstalling MessengerPlus3 via Add/Remove Programs, it is a source of one of the malwares on your system which we are working to remove. See here for more info. Run HijackThis again and scan once more. Locate and check the following entries that appear in the list: R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cus...//www.yahoo.com O2 - BHO: (no name) - {5C71BE13-D61B-3BCD-ECB7-44A78F4FEBE9} - C:\DOCUME~1\FERAY~1.CAN\APPLIC~1\SKIPAI~1\GRAM2.ex e O4 - HKLM\..\Run: [BaitDebugSeekPoke] C:\Documents and Settings\All Users.WINDOWS\Application Data\tonseggsbaitdebug\inter type.exe O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...nt.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/M...pDownloader.cab then click "Fix Checked" and close HijackThis. Next, be sure you can view hidden files and folders and remove the following FILES in bold if they exist: C:\DOCUME~1\FERAY~1.CAN\APPLIC~1\SKIPAI~1\GRAM2.exe C:\Documents and Settings\All Users.WINDOWS\Application Data\tonseggsbaitdebug\inter type.exe If you cannot find the files, try typing the filenames one at a time in an Explorer search window using Start > Search > For Files or Folders... . Also, click Control+Alt+Del and once again select the Processes tab in Task Manager. Under the CPU column, are there any processes (aside from System Idle Process) that are using continuously high amounts of processing power? If so, please list them in your next post. When you are finished with these steps, run HijackThis once again and save the new log, then post it back into this thread so we can see how things are looking at this point. ![]() |
![]() |
Bookmarks |
«
Previous Topic
|
Next Topic
»
|
|
![]() |
||||
Topic | Topic Starter | Forum | Replies | Last Post |
I dont know whats going on... | Dimension5100 | Windows 7 | 8 | November 30th, 2012 07:17 AM |
I dont know whats happening | oldguy | The Anything Else Board | 2 | September 23rd, 2010 10:58 PM |
tons of popups, i dont know whats going on | Chasers12 | Malware Removal | 1 | September 26th, 2006 02:12 AM |
Dont know whats going on (May be virus) - moved by Tom | Crapcars | Hardware | 3 | September 10th, 2006 04:44 PM |
Wow i dont know whats going on | pink paint | Windows XP | 14 | December 22nd, 2005 03:34 AM |
All times are GMT +1. The time now is 06:03 PM.