 |  |  |  |  |  |  |  |
"MiCr0s0ft.exe", "Microsoftx.exe" & "ns.exe" viruses?Please Help
 |
Hii me again unfortunately...
Well supposedly there is a new virus going around in an email titled "I'm in Love' or something, well unfortunately I do remember opening an email relating to that title.. and strangely enough these supposed "virus'" are now in my computer.... I ran Panda Scan and it detected 8 viruses, naming the ones I will name, and supposedly fixing them..but "MiCr0s0ft.exe", "Microsoftx.exe" and "ns.exe" are all running in my System, and taking up Memory and my CPU , varying from 3000 k, to 14000k....
So, naturally my computer is running very slowly, and the net is only partly working (Microsoft INternet Explorer is getting the Error Message most of the time..)
SO i was hoping that someone might know what the programs i mentioned are doing on my computer and if they're harmful..and how i can fix them! ohh and here's my Hijack Log!
Logfile of HijackThis v1.98.2
Scan saved at 8:26:42 PM, on 24/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\ns.exe
C:\WINDOWS\System32\MiCr0s0ft.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\System32\Microsoftx.exe
C:\Documents and Settings\Sarah Adams\Desktop\hijack\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R3 - Default URLSearchHook is missing
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ASTART] C:\WINDOWS\ASTART
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [MiCr0s0ft Update Machine] MiCr0s0ft.exe
O4 - HKLM\..\Run: [NS] ns.exe
O4 - HKLM\..\Run: [Microsoft Update] Microsoftx.exe
O4 - HKLM\..\Run: [Microsoft Windows Key] rpcxsys.exe
O4 - HKLM\..\RunServices: [MiCr0s0ft Update Machine] MiCr0s0ft.exe
O4 - HKLM\..\RunServices: [NS] ns.exe
O4 - HKLM\..\RunServices: [Microsoft Update] Microsoftx.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Key] rpcxsys.exe
O4 - HKCU\..\Run: [MiCr0s0ft Update Machine] MiCr0s0ft.exe
O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Image Transfer.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4AFD537E-20E5-4E9F-B9F7-1E2FF9071651}: NameServer = 203.194.56.150 203.194.27.57
It's all in there!^
Thanks!!!!
Well supposedly there is a new virus going around in an email titled "I'm in Love' or something, well unfortunately I do remember opening an email relating to that title.. and strangely enough these supposed "virus'" are now in my computer.... I ran Panda Scan and it detected 8 viruses, naming the ones I will name, and supposedly fixing them..but "MiCr0s0ft.exe", "Microsoftx.exe" and "ns.exe" are all running in my System, and taking up Memory and my CPU , varying from 3000 k, to 14000k....
So, naturally my computer is running very slowly, and the net is only partly working (Microsoft INternet Explorer is getting the Error Message most of the time..)
SO i was hoping that someone might know what the programs i mentioned are doing on my computer and if they're harmful..and how i can fix them! ohh and here's my Hijack Log!
Logfile of HijackThis v1.98.2
Scan saved at 8:26:42 PM, on 24/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\ns.exe
C:\WINDOWS\System32\MiCr0s0ft.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\System32\Microsoftx.exe
C:\Documents and Settings\Sarah Adams\Desktop\hijack\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R3 - Default URLSearchHook is missing
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ASTART] C:\WINDOWS\ASTART
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [MiCr0s0ft Update Machine] MiCr0s0ft.exe
O4 - HKLM\..\Run: [NS] ns.exe
O4 - HKLM\..\Run: [Microsoft Update] Microsoftx.exe
O4 - HKLM\..\Run: [Microsoft Windows Key] rpcxsys.exe
O4 - HKLM\..\RunServices: [MiCr0s0ft Update Machine] MiCr0s0ft.exe
O4 - HKLM\..\RunServices: [NS] ns.exe
O4 - HKLM\..\RunServices: [Microsoft Update] Microsoftx.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Key] rpcxsys.exe
O4 - HKCU\..\Run: [MiCr0s0ft Update Machine] MiCr0s0ft.exe
O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Image Transfer.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4AFD537E-20E5-4E9F-B9F7-1E2FF9071651}: NameServer = 203.194.56.150 203.194.27.57
It's all in there!^
Thanks!!!!
~Sassy~
•
•
Join Date: Feb 2004
Posts: 9,982
Reputation: 
Solved Threads: 753
Now then. What did I tell you??
Open Task Manager & end process on the following:
ns.exe
MiCr0s0ft.exe
Microsoftx.exe
Then go to C:\WINDOWS\System32 and delete them manually.
Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked':
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [MiCr0s0ft Update Machine] MiCr0s0ft.exe
O4 - HKLM\..\Run: [NS] ns.exe
O4 - HKLM\..\Run: [Microsoft Update] Microsoftx.exe
O4 - HKLM\..\Run: [Microsoft Windows Key] rpcxsys.exe
O4 - HKLM\..\RunServices: [MiCr0s0ft Update Machine] MiCr0s0ft.exe
O4 - HKLM\..\RunServices: [NS] ns.exe
O4 - HKLM\..\RunServices: [Microsoft Update] Microsoftx.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Key] rpcxsys.exe
O4 - HKCU\..\Run: [MiCr0s0ft Update Machine] MiCr0s0ft.exe
Do not open strange mail! Guess you know that now
.
Open Task Manager & end process on the following:
ns.exe
MiCr0s0ft.exe
Microsoftx.exe
Then go to C:\WINDOWS\System32 and delete them manually.
Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked':
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [MiCr0s0ft Update Machine] MiCr0s0ft.exe
O4 - HKLM\..\Run: [NS] ns.exe
O4 - HKLM\..\Run: [Microsoft Update] Microsoftx.exe
O4 - HKLM\..\Run: [Microsoft Windows Key] rpcxsys.exe
O4 - HKLM\..\RunServices: [MiCr0s0ft Update Machine] MiCr0s0ft.exe
O4 - HKLM\..\RunServices: [NS] ns.exe
O4 - HKLM\..\RunServices: [Microsoft Update] Microsoftx.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Key] rpcxsys.exe
O4 - HKCU\..\Run: [MiCr0s0ft Update Machine] MiCr0s0ft.exe
Do not open strange mail! Guess you know that now
. Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Hi again........
Unfortunately for some strange reason, altho I am system administrator, I can not close the three programs because Access is Denied.
Then, when I looked, there are no virus files in system32 at all...
Also, Hijack this loads and scans, but before I have a chance to click on anything, unless I save the long very quickly, the program shuts itself down.
I somehow have to find a way to be able to shut down the programs in Task Manager.
do you have any ideas please?
Thanks...
And i know, i tried to stay outta trouble! But its just so hard! lol...*sighs*
Unfortunately for some strange reason, altho I am system administrator, I can not close the three programs because Access is Denied.
Then, when I looked, there are no virus files in system32 at all...
Also, Hijack this loads and scans, but before I have a chance to click on anything, unless I save the long very quickly, the program shuts itself down.
I somehow have to find a way to be able to shut down the programs in Task Manager.
do you have any ideas please?
Thanks...
And i know, i tried to stay outta trouble! But its just so hard! lol...*sighs*
~Sassy~
•
•
Join Date: Feb 2004
Posts: 9,982
Reputation:
Solved Threads: 753
Download the Pocket KillBox
Unzip the file to your desktop.
Run KillBox.exe.
Select the Delete on Reboot option.
In the Full Path of File to Delete field paste this path and click the red circle with the white X in it(when it asks you to reboot, click NO.):
C:\WINDOWS\System32\ns.exe
Run KillBox again.
Select the Delete on Reboot option.
In the Full Path of File to Delete field paste this path and click the red circle with the white X in it(when it asks you to reboot, click NO.):
C:\WINDOWS\System32\MiCr0s0ft.exe
Run KillBox again.
Select the Delete on Reboot option.
In the Full Path of File to Delete field paste this path and click the red circle with the white X in it(when it asks you to reboot, click YES.):
C:\WINDOWS\System32\Microsoftx.exe
Your computer should then reboot. Killbox will check to see if the files were deleted.
See if you can get a log from HJT and post it back.
Unzip the file to your desktop.
Run KillBox.exe.
Select the Delete on Reboot option.
In the Full Path of File to Delete field paste this path and click the red circle with the white X in it(when it asks you to reboot, click NO.):
C:\WINDOWS\System32\ns.exe
Run KillBox again.
Select the Delete on Reboot option.
In the Full Path of File to Delete field paste this path and click the red circle with the white X in it(when it asks you to reboot, click NO.):
C:\WINDOWS\System32\MiCr0s0ft.exe
Run KillBox again.
Select the Delete on Reboot option.
In the Full Path of File to Delete field paste this path and click the red circle with the white X in it(when it asks you to reboot, click YES.):
C:\WINDOWS\System32\Microsoftx.exe
Your computer should then reboot. Killbox will check to see if the files were deleted.
See if you can get a log from HJT and post it back.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Hiii again... ok well i did what u said; downloaded KillBox and everything, yet still after rebooting, the programs are still in my HJT log...but none of the three programs are currently running in my Task Manager, so hopefully thats a sign! Here's my Log...
Logfile of HijackThis v1.98.2
Scan saved at 3:29:27 PM, on 25/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Sarah Adams\Desktop\hijack\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R3 - Default URLSearchHook is missing
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ASTART] C:\WINDOWS\ASTART
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [MiCr0s0ft Update Machine] MiCr0s0ft.exe
O4 - HKLM\..\Run: [NS] ns.exe
O4 - HKLM\..\Run: [Microsoft Update] Microsoftx.exe
O4 - HKLM\..\Run: [Microsoft Windows Key] rpcxsys.exe
O4 - HKLM\..\RunServices: [MiCr0s0ft Update Machine] MiCr0s0ft.exe
O4 - HKLM\..\RunServices: [NS] ns.exe
O4 - HKLM\..\RunServices: [Microsoft Update] Microsoftx.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Key] rpcxsys.exe
O4 - HKCU\..\Run: [MiCr0s0ft Update Machine] MiCr0s0ft.exe
O4 - HKCU\..\Run: [Microsoft Update] Microsoftx.exe
O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Image Transfer.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
Logfile of HijackThis v1.98.2
Scan saved at 3:29:27 PM, on 25/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Sarah Adams\Desktop\hijack\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R3 - Default URLSearchHook is missing
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ASTART] C:\WINDOWS\ASTART
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [MiCr0s0ft Update Machine] MiCr0s0ft.exe
O4 - HKLM\..\Run: [NS] ns.exe
O4 - HKLM\..\Run: [Microsoft Update] Microsoftx.exe
O4 - HKLM\..\Run: [Microsoft Windows Key] rpcxsys.exe
O4 - HKLM\..\RunServices: [MiCr0s0ft Update Machine] MiCr0s0ft.exe
O4 - HKLM\..\RunServices: [NS] ns.exe
O4 - HKLM\..\RunServices: [Microsoft Update] Microsoftx.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Key] rpcxsys.exe
O4 - HKCU\..\Run: [MiCr0s0ft Update Machine] MiCr0s0ft.exe
O4 - HKCU\..\Run: [Microsoft Update] Microsoftx.exe
O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Image Transfer.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
~Sassy~
•
•
Join Date: Feb 2004
Posts: 9,982
Reputation:
Solved Threads: 753
Do you have Winamp?
Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked':
O4 - HKLM\..\Run: [MiCr0s0ft Update Machine] MiCr0s0ft.exe
O4 - HKLM\..\Run: [NS] ns.exe
O4 - HKLM\..\Run: [Microsoft Update] Microsoftx.exe
O4 - HKLM\..\Run: [Microsoft Windows Key] rpcxsys.exe
O4 - HKLM\..\RunServices: [MiCr0s0ft Update Machine] MiCr0s0ft.exe
O4 - HKLM\..\RunServices: [NS] ns.exe
O4 - HKLM\..\RunServices: [Microsoft Update] Microsoftx.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Key] rpcxsys.exe
O4 - HKCU\..\Run: [MiCr0s0ft Update Machine] MiCr0s0ft.exe
O4 - HKCU\..\Run: [Microsoft Update] Microsoftx.exe
Run a search of your computer and see if you can find any of the above. If you do, you know what to do
Hopefully that will be it.
Reboot after doing the above, rescan with hijackthis making certain that all instances of Internet Explorer are closed, then post that log here please.
Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked':
O4 - HKLM\..\Run: [MiCr0s0ft Update Machine] MiCr0s0ft.exe
O4 - HKLM\..\Run: [NS] ns.exe
O4 - HKLM\..\Run: [Microsoft Update] Microsoftx.exe
O4 - HKLM\..\Run: [Microsoft Windows Key] rpcxsys.exe
O4 - HKLM\..\RunServices: [MiCr0s0ft Update Machine] MiCr0s0ft.exe
O4 - HKLM\..\RunServices: [NS] ns.exe
O4 - HKLM\..\RunServices: [Microsoft Update] Microsoftx.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Key] rpcxsys.exe
O4 - HKCU\..\Run: [MiCr0s0ft Update Machine] MiCr0s0ft.exe
O4 - HKCU\..\Run: [Microsoft Update] Microsoftx.exe
Run a search of your computer and see if you can find any of the above. If you do, you know what to do
Hopefully that will be it
.Reboot after doing the above, rescan with hijackthis making certain that all instances of Internet Explorer are closed, then post that log here please.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Hiii again Crunchie! :mrgreen: And yes, I do have Winamp, its the media player I usually use the most...is there something wrong with it?
I did what you said, and had to manually delete MiCr0s0ft.exe but that was ok...the other two viruses, i actually "fixed" in the HiJack This log last night when i got frustrated, and they didnt reappear, but I searched for them anyways and I deleted the files of them too..so it all looks good so far, actually I'll leave that conclusion to you Doc...
Logfile of HijackThis v1.98.2
Scan saved at 2:31:26 PM, on 26/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Documents and Settings\Sarah Adams\Desktop\hijack\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R3 - Default URLSearchHook is missing
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ASTART] C:\WINDOWS\ASTART
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Image Transfer.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
I did what you said, and had to manually delete MiCr0s0ft.exe but that was ok...the other two viruses, i actually "fixed" in the HiJack This log last night when i got frustrated, and they didnt reappear, but I searched for them anyways and I deleted the files of them too..so it all looks good so far, actually I'll leave that conclusion to you Doc...
Logfile of HijackThis v1.98.2
Scan saved at 2:31:26 PM, on 26/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Documents and Settings\Sarah Adams\Desktop\hijack\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R3 - Default URLSearchHook is missing
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ASTART] C:\WINDOWS\ASTART
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Image Transfer.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
~Sassy~
oooh me again...ok welllll Suddenly MiCr0s0ft is back! 
darn it.. :eek:
so again I've searched my computer and its in the C:\WINDOWS\Prefetch... file name "MICR0S0FT.EXE-2BF729A4.pf"...
does that help anything? lol...should i rescan again? :rolleyes:
darn it.. :eek: so again I've searched my computer and its in the C:\WINDOWS\Prefetch... file name "MICR0S0FT.EXE-2BF729A4.pf"...
does that help anything? lol...should i rescan again? :rolleyes:
~Sassy~
•
•
Join Date: Feb 2004
Posts: 9,982
Reputation:
Solved Threads: 753
Can you delete it from the prefetch folder, then download sysclean (free) from Trend Micro, allow it to clean up any bad files it finds. It may take a while, so have a cuppa whilst it's running .
http://www.trendmicro.com/download/dcs.asp
Be sure to download and install the latest pattern file. There's a link to it at the lower left-hand colum of the page. It will not run without the pattern file.
From Trend:
Note that for the Trend Micro Sysclean Package to be effective, you must download and place the latest pattern file in the same folder as the Trend Micro Sysclean Package.
.http://www.trendmicro.com/download/dcs.asp
Be sure to download and install the latest pattern file. There's a link to it at the lower left-hand colum of the page. It will not run without the pattern file.
From Trend:
Note that for the Trend Micro Sysclean Package to be effective, you must download and place the latest pattern file in the same folder as the Trend Micro Sysclean Package.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Hiii again..okies well I downloaded and ran the scanner you told me to do, but it didnt totally delete the file...except it no longer ran as a System Process, so it was closeable in Task Manager...I then ran KillBox again, and deleted it from the Hijack This log, then rescanned with HJT and posted it here...
Logfile of HijackThis v1.98.2
Scan saved at 6:15:19 PM, on 27/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Sarah Adams\Desktop\hijack\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R3 - Default URLSearchHook is missing
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ASTART] C:\WINDOWS\ASTART
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Image Transfer.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4AFD537E-20E5-4E9F-B9F7-1E2FF9071651}: NameServer = 203.194.56.150 203.194.27.57
So it does look clean now! I just hope its gonna be gone for good! Does it all look good to you?
Logfile of HijackThis v1.98.2
Scan saved at 6:15:19 PM, on 27/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Sarah Adams\Desktop\hijack\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R3 - Default URLSearchHook is missing
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ASTART] C:\WINDOWS\ASTART
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Image Transfer.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4AFD537E-20E5-4E9F-B9F7-1E2FF9071651}: NameServer = 203.194.56.150 203.194.27.57
So it does look clean now! I just hope its gonna be gone for good! Does it all look good to you?
~Sassy~
|
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: Wheres my problem
- Next Thread: Hijack This Log - IE problems accessing websites
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus attack audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia education email europe exam exploit facebook fake fancheckvirus gaming gumblar halloween hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus samhain sans scareware school search security seopoisoning software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system trojan unwanted update usa virus viruses vista war warning windows worm yahoo zeroday
