TechSpot

IE Browser Hijack 3721

By jreiter
Mar 20, 2005
Topic Status:
Not open for further replies.
  1. Does anyone know how to get rid of the Chinese characters? I've been able to get rid of most of 3721 / CnsMin, but am left with the characters.

    Hijck log is below.

    Logfile of HijackThis v1.99.1
    Scan saved at 3:29:30 PM, on 3/20/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
    D:\AVG7\avgamsvr.exe
    D:\AVG7\avgupsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    D:\AVG7\avgcc.exe
    D:\AVG7\avgemc.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    D:\Webroot\Webroot\Washer\wwDisp.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\ctfmon.exe
    D:\MSOFFI~1\Office10\OUTLOOK.EXE
    C:\WINDOWS\system32\wuauclt.exe
    D:\MS Office XP\Office10\WINWORD.EXE
    C:\WINDOWS\system32\wuauclt.exe
    D:\HIJACK\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/nwshp?hl=en&gl=us
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Adobe\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
    O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AVG7_CC] D:\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] D:\AVG7\avgemc.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKCU\..\Run: [Window Washer] D:\Webroot\Webroot\Washer\wwDisp.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: APC UPS Status.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = D:\MS Office XP\Office10\OSA.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O11 - Options group: [!CNS] Chinese keywords
    O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\AVG7\avgupsvc.exe
    O23 - Service: CA License Client (CA_LIC_CLNT) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe (file missing)
    O23 - Service: CPUCooLServer Service (CPUCooLServer) - Unknown owner - D:\CPUCool\CooLSrv.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe (file missing)
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
  2. dopefisher

    dopefisher TS Rookie Posts: 540

    you can right click on a page and select encoding. click on western european (windows.) i dont know if this applies to what you're talking about but o well.
  3. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 8,165

    Boot in safe mode and run HJT on its own, and let it 'fix':

    O4 - Global Startup: APC UPS Status.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O11 - Options group: [!CNS] Chinese keywords
    O23 - Service: CA License Client (CA_LIC_CLNT) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe (file missing)
    O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe (file missing)

    That should do it.
  4. jreiter

    jreiter TS Rookie Topic Starter

    IE "O11 - Options group: [!CNS] Chinese keywords"

    In even save mode, Hijack can't rid my system of the Chinese translations in the "Address" Window.

    I was able to clean out all of the "3721" program (runs the CPU usage up to 50%) but I'm still missing something. Maybe in the registry?

    Thanks.
  5. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 8,165

  6. jreiter

    jreiter TS Rookie Topic Starter

    Finally got it

    Thanks. Following the steps on that website finally rid my browser of Chinese characters and "3721".
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.