TechSpot

Having serious Internet Connection Problems.

By Amaru
May 31, 2005
  1. Ive recently attracted a virus by the name of "Trojan Horse Start Page 19.J" and i just cant get shut of it. I tried AVG which gets rid of it for a few minutes and then it treturns, ive turned off system restore and ran all kinds of programs (Stinger, APT, Ad Aware, Spybot, TDS) but nothing has moved it.

    Im posting my "Hijack This" Log in total desperation....can somebody please help me???

    Thanks in Advance.
     
  2. Amaru

    Amaru TS Rookie Topic Starter

    Its so big i cant fit it on one post so its in 2 parts.

    Logfile of HijackThis v1.99.1
    Scan saved at 10:43:54, on 31/05/2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\UAService7.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\INTEL\DSLSetup\ProDsl.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\Program Files\NetLimiter\NetLimiter.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\WINDOWS\System32\cmd32.exe
    C:\WINDOWS\isrvs\desktop.exe
    C:\WINDOWS\System32\msxct.exe
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
    C:\Program Files\SAMSUNG\Samsung Internet Keyboard\MMKbd.exe
    C:\WINDOWS\hh.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\John 1\Desktop\desktop 2\New Folder\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\JOHN1~1\LOCALS~1\Temp\se.dll/spage.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\JOHN1~1\LOCALS~1\Temp\se.dll/spage.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll (file missing)
    F2 - REG:system.ini: UserInit=userinit.exe,
    O1 - Hosts: .whenu.com
    O1 - Hosts: .whenu.com
    O1 - Hosts: c.whenu.com
    O1 - Hosts: c.whenu.com
    O1 - Hosts: nc.whenu.com
    O1 - Hosts: nc.whenu.com
    O1 - Hosts: inc.whenu.com
    O1 - Hosts: inc.whenu.com
    O1 - Hosts: m
    O1 - Hosts: m
    O1 - Hosts: m
    O1 - Hosts: m
    O1 - Hosts: om
    O1 - Hosts: om
    O1 - Hosts: com
    O1 - Hosts: com
    O1 - Hosts: com
    O1 - Hosts: com
    O1 - Hosts: .com
    O1 - Hosts: .com
    O1 - Hosts: d.com
    O1 - Hosts: d.com
    O1 - Hosts: d.com
    O1 - Hosts: d.com
    O1 - Hosts: nd.com
    O1 - Hosts: nd.com
    O1 - Hosts: nd.com
    O1 - Hosts: find.com
    O1 - Hosts: find.com
    O1 - Hosts: yfind.com
    O1 - Hosts: yfind.com
    O1 - Hosts: tyfind.com
    O1 - Hosts: tyfind.com
    O1 - Hosts: styfind.com
    O1 - Hosts: styfind.com
    O1 - Hosts: estyfind.com
    O1 - Hosts: estyfind.com
    O1 - Hosts: .zestyfind.com
    O1 - Hosts: .zestyfind.com
    O1 - Hosts: w.zestyfind.com
    O1 - Hosts: w.zestyfind.com
     
  3. Amaru

    Amaru TS Rookie Topic Starter

    Part 2!

    O1 - Hosts: 12
    O1 - Hosts: 0.1 websecurealert.com
    O1 - Hosts: 64.91.255.87 www.dcsresearch.com
    O2 - BHO: MSEvents Object - {44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44} - C:\WINDOWS\Config\logdos.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {7B09E2A1-0A21-4B1E-8807-9366F1FAA950} - C:\WINDOWS\System32\bmeo.dll
    O4 - HKLM\..\Run: [DSL Connection Manager] C:\Program Files\INTEL\DSLSetup\ProDsl.exe
    O4 - HKLM\..\Run: [SoundMan] soundman.exe
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [Ulead Memory Card Detector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
    O4 - HKLM\..\Run: [EPSON Stylus C44 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C44 Series" /O6 "USB002" /M "Stylus C44"
    O4 - HKLM\..\Run: [SpyBlocker] C:\Documents and Settings\John Waller\Desktop\General\SpyBlocker Software\spyblocker.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
    O4 - HKLM\..\Run: [satmat] C:\WINDOWS\satmat.exe
    O4 - HKLM\..\Run: [Nero] C:\WINDOWS\qtsks.exe /i
    O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [svcmon] C:\WINDOWS\System32\PIN\svcmon.exe
    O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\System32\cmd32.exe internat.dll,LoadKeyboardProfile
    O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
    O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
    O4 - HKLM\..\Run: [msxct] msxct.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
    O4 - HKCU\..\Run: [Shareaza] "D:\Shareaza\Shareaza.exe" -tray
    O4 - HKCU\..\Run: [180ClientStubInstall] "C:\DOCUME~1\JOHN1~1\LOCALS~1\Temp\nsbE1.tmp"
    O4 - HKCU\..\Run: [Intel system tool] C:\WINDOWS\System32\winnook.exe
    O4 - HKCU\..\Run: [Sost] C:\Documents and Settings\John 1\Application Data\cepa.exe
    O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Global Startup: Internet Keyboard.lnk = ?
    O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Microsoft® JavaScript® Console - {D28E2515-49C1-4AEA-B713-62A1FA4B47E9} - C:\WINDOWS\System32\comdlg32.ocx
    O9 - Extra 'Tools' menuitem: JavaScript Console - {D28E2515-49C1-4AEA-B713-62A1FA4B47E9} - C:\WINDOWS\System32\comdlg32.ocx
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
    O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
    O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c11.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {4C2C81B4-91DA-494D-8DBF-A7846BA07073} - http://www.ask.co.uk/toolbar/download/MiniJv-inst.cab
    O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.napster.co.uk/client/setup.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
    O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
    O16 - DPF: {9B1489B1-58D3-11BD-B52D-0000E839A1CB} (activeWEBnewszine.WEBnewszine) - http://www.webnewszine.co.uk/remotemedia/WEBnewszine/WEBnewszine.CAB
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab30149.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - https://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab30149.cab
    O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6F517B5C-0B12-452A-A6FC-DC236D48427A}: NameServer = 80.225.252.178 80.225.252.186
    O17 - HKLM\System\CS2\Services\Tcpip\..\{6F517B5C-0B12-452A-A6FC-DC236D48427A}: NameServer = 80.225.252.178 80.225.252.186
    O18 - Filter: text/html - {48E11CA8-EEB8-46DD-A638-2FFD356987CD} - C:\WINDOWS\System32\bmeo.dll
    O18 - Filter: text/plain - {48E11CA8-EEB8-46DD-A638-2FFD356987CD} - C:\WINDOWS\System32\bmeo.dll
    O20 - Winlogon Notify: asdrv - C:\WINDOWS\msagent\intl\asdrv.dll (file missing)
    O20 - Winlogon Notify: logdos - C:\WINDOWS\Config\logdos.dll (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe
     
  4. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 8,165

Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.