I have the exact same problem as CST does http://www.daniweb.com/techtalkforums/showthread.php?t=5212 and heres my log from hijackthis, can someone plz help me I have been having this problem for over 2 weeks now. Thanks

Logfile of HijackThis v1.98.2
Scan saved at 10:12:46, on 09/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\muamgrd.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\wind32.exe
C:\WINDOWS\System32\ndis.exe
C:\WINDOWS\System32\win32usb.exe
C:\WINDOWS\System32\winssv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\System32\gsicon.exe
C:\WINDOWS\System32\dslagent.exe
C:\WINDOWS\System32\sres32.exe
C:\WINDOWS\System32\wvsvc.exe
C:\windows\system32\winrpx.exe
C:\WINDOWS\System32\ms32cfg.exe
C:\WINDOWS\System32\lssrv.exe
C:\WINDOWS\System32\winmplayer.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\ms32cfg.exe
C:\Program Files\BT Broadband\Help\bin\mpbtn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.btbroadbandstart.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [OEM32 Tools] sres32.exe
O4 - HKLM\..\Run: [Win32 USB2 Driver] wind32.exe
O4 - HKLM\..\Run: [wvsvc] wvsvc.exe
O4 - HKLM\..\Run: [NDIS Adapter] ndis.exe
O4 - HKLM\..\Run: [USB Device] win32usb.exe
O4 - HKLM\..\Run: [Printer] C:\windows\system32\winrpx.exe
O4 - HKLM\..\Run: [Microsoft Update] muamgrd.exe
O4 - HKLM\..\Run: [Microsoft Features] ms32cfg.exe
O4 - HKLM\..\Run: [Win32 SSL Driver] winssv.exe
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\fachkibx.exe
O4 - HKLM\..\Run: [Microsoft Services] lssrv.exe
O4 - HKLM\..\Run: [Microsoft media services] winmplayer.exe
O4 - HKLM\..\RunServices: [OEM32 Tools] sres32.exe
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] wind32.exe
O4 - HKLM\..\RunServices: [wvsvc] wvsvc.exe
O4 - HKLM\..\RunServices: [NDIS Adapter] ndis.exe
O4 - HKLM\..\RunServices: [USB Device] win32usb.exe
O4 - HKLM\..\RunServices: [Microsoft Update] muamgrd.exe
O4 - HKLM\..\RunServices: [Microsoft Features] ms32cfg.exe
O4 - HKLM\..\RunServices: [msconfig] wins.exe
O4 - HKLM\..\RunServices: [Win32 SSL Driver] winssv.exe
O4 - HKLM\..\RunServices: [Windows Update] winupupdate1.exe
O4 - HKLM\..\RunServices: [Microsoft Services] lssrv.exe
O4 - HKLM\..\RunServices: [Microsoft media services] winmplayer.exe
O4 - HKLM\..\RunOnce: [Win32 USB2 Driver] wind32.exe
O4 - HKLM\..\RunOnce: [NDIS Adapter] ndis.exe
O4 - HKLM\..\RunOnce: [USB Device] win32usb.exe
O4 - HKLM\..\RunOnce: [Win32 SSL Driver] winssv.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [Win32 USB2 Driver] wind32.exe
O4 - HKCU\..\Run: [NDIS Adapter] ndis.exe
O4 - HKCU\..\Run: [OEM32 Tools] sres32.exe
O4 - HKCU\..\Run: [wvsvc] wvsvc.exe
O4 - HKCU\..\Run: [USB Device] win32usb.exe
O4 - HKCU\..\Run: [Microsoft Features] ms32cfg.exe
O4 - HKCU\..\Run: [Win32 SSL Driver] winssv.exe
O4 - HKCU\..\RunOnce: [Win32 USB2 Driver] wind32.exe
O4 - HKCU\..\RunOnce: [Win32 SSL Driver] winssv.exe
O4 - HKCU\..\RunOnce: [USB Device] win32usb.exe
O4 - HKCU\..\RunOnce: [NDIS Adapter] ndis.exe
O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband\Help\bin\matcli.exe
O9 - Extra button: iOpus Internet Macros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\InternetMacros\imacros.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{00EC9413-4953-4ECC-8AE6-9EAEBB815EC0}: NameServer = 194.72.9.34 194.74.65.68
O17 - HKLM\System\CS1\Services\Tcpip\..\{00EC9413-4953-4ECC-8AE6-9EAEBB815EC0}: NameServer = 194.72.9.34 194.74.65.68

Hey aulakh, welcome to DaniWeb! :) I hate to be the one to tell you this, but there is a notice at the top of this forum requesting that all hijackthis logs be posted in the Security forum as this is where the malware guru's hang out.

Before you post a log there, HJT should not be run from your desktop, it should be in a permanent folder (like c:\hjt\hijackthis.exe). Also, close all windows before scanning with HJT (you had IE open in your last scan).

Good luck!

Moving to the Security forum now...

ok sorry abot that, I ran hijackthis again heres the log

Logfile of HijackThis v1.98.2
Scan saved at 21:10:04, on 09/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\wind32.exe
C:\WINDOWS\System32\removeme.exe
C:\WINDOWS\System32\MSPMSPSU.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\gsicon.exe
C:\WINDOWS\System32\dslagent.exe
C:\WINDOWS\System32\cfachub.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\BT Broadband\Help\bin\mpbtn.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\winssv.exe
C:\Documents and Settings\sunny\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.btbroadbandstart.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [Microsoft Update] cfachub.exe
O4 - HKLM\..\Run: [Win32 USB2 Driver] wind32.exe
O4 - HKLM\..\Run: [zonealarm] removeme.exe
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\qzcthn.exe
O4 - HKLM\..\Run: [Win32 NVIDIA Driver] MSPMSPSU.EXE
O4 - HKLM\..\Run: [Win32 SSL Driver] winssv.exe
O4 - HKLM\..\RunServices: [Microsoft Update] cfachub.exe
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] wind32.exe
O4 - HKLM\..\RunServices: [zonealarm] removeme.exe
O4 - HKLM\..\RunServices: [Win32 NVIDIA Driver] MSPMSPSU.EXE
O4 - HKLM\..\RunServices: [Win32 SSL Driver] winssv.exe
O4 - HKLM\..\RunOnce: [Win32 USB2 Driver] wind32.exe
O4 - HKLM\..\RunOnce: [zonealarm] removeme.exe
O4 - HKLM\..\RunOnce: [Win32 NVIDIA Driver] MSPMSPSU.EXE
O4 - HKLM\..\RunOnce: [Win32 SSL Driver] winssv.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Win32 USB2 Driver] wind32.exe
O4 - HKCU\..\Run: [zonealarm] removeme.exe
O4 - HKCU\..\Run: [Microsoft Update] cfachub.exe
O4 - HKCU\..\Run: [Win32 NVIDIA Driver] MSPMSPSU.EXE
O4 - HKCU\..\RunOnce: [zonealarm] removeme.exe
O4 - HKCU\..\RunOnce: [Win32 USB2 Driver] wind32.exe
O4 - HKCU\..\RunOnce: [Win32 NVIDIA Driver] MSPMSPSU.EXE
O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband\Help\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{370FCF97-A1E0-4DA2-88D1-B6796231BF42}: NameServer = 194.72.9.34 194.74.65.68

Can someone plz help me out, also I got another problem a box appears with a timer of 60 secs then it restarts the comp.

Open Task Manager & end process on the following:
wind32.exe
removeme.exe
cfachub.exe
winssv.exe

Then go to C:\WINDOWS\System32 & delete those files manually.

Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked':

O4 - HKLM\..\Run: [Microsoft Update] cfachub.exe
O4 - HKLM\..\Run: [Win32 USB2 Driver] wind32.exe
O4 - HKLM\..\Run: [zonealarm] removeme.exe
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\qzcthn.exe
O4 - HKLM\..\Run: [Win32 NVIDIA Driver] MSPMSPSU.EXE
O4 - HKLM\..\Run: [Win32 SSL Driver] winssv.exe
O4 - HKLM\..\RunServices: [Microsoft Update] cfachub.exe
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] wind32.exe
O4 - HKLM\..\RunServices: [zonealarm] removeme.exe
O4 - HKLM\..\RunServices: [Win32 NVIDIA Driver] MSPMSPSU.EXE
O4 - HKLM\..\RunServices: [Win32 SSL Driver] winssv.exe
O4 - HKLM\..\RunOnce: [Win32 USB2 Driver] wind32.exe
O4 - HKLM\..\RunOnce: [zonealarm] removeme.exe
O4 - HKLM\..\RunOnce: [Win32 NVIDIA Driver] MSPMSPSU.EXE
O4 - HKLM\..\RunOnce: [Win32 SSL Driver] winssv.exe
O4 - HKCU\..\Run: [Win32 USB2 Driver] wind32.exe
O4 - HKCU\..\Run: [zonealarm] removeme.exe
O4 - HKCU\..\Run: [Microsoft Update] cfachub.exe
O4 - HKCU\..\Run: [Win32 NVIDIA Driver] MSPMSPSU.EXE
O4 - HKCU\..\RunOnce: [zonealarm] removeme.exe
O4 - HKCU\..\RunOnce: [Win32 USB2 Driver] wind32.exe
O4 - HKCU\..\RunOnce: [Win32 NVIDIA Driver] MSPMSPSU.EXE

Reboot into safe mode following the instructions here & navigate to & delete the following if found:

C:\WINDOWS\System32\qzcthn.exe-file

Reboot normally after doing the above, rescan with hijackthis making certain that all instances of Internet Explorer are closed, then post that log here please.

Logfile of HijackThis v1.98.2
Scan saved at 15:38:50, on 10/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchosting.exe
C:\WINDOWS\System32\crsrs.exe
C:\WINDOWS\System32\msmsgs.exe
C:\WINDOWS\System32\MSPMSPSU.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\gsicon.exe
C:\WINDOWS\System32\dslagent.exe
C:\WINDOWS\System32\sres32.exe
C:\WINDOWS\System32\tres32.exe
C:\WINDOWS\System32\wvsvc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\BT Broadband\Help\bin\mpbtn.exe
C:\Documents and Settings\sunny\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchmiracle.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.btbroadbandstart.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 53.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 53.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [Win32 USB2 Driver] svchosting.exe
O4 - HKLM\..\Run: [Win32 NVIDIA Driver] MSPMSPSU.EXE
O4 - HKLM\..\Run: [OEM32 Tools] sres32.exe
O4 - HKLM\..\Run: [Auto updat] crsrs.exe
O4 - HKLM\..\Run: [OEM Tools 32] tres32.exe
O4 - HKLM\..\Run: [Windows Messenger] msmsgs.exe
O4 - HKLM\..\Run: [wvsvc] wvsvc.exe
O4 - HKLM\..\Run: [Winad Client] C:\Program Files\Winad Client\Winad.exe
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] svchosting.exe
O4 - HKLM\..\RunServices: [OEM32 Tools] sres32.exe
O4 - HKLM\..\RunServices: [Auto updat] crsrs.exe
O4 - HKLM\..\RunServices: [wvsvc] wvsvc.exe
O4 - HKLM\..\RunServices: [OEM Tools 32] tres32.exe
O4 - HKLM\..\RunServices: [Windows Messenger] msmsgs.exe
O4 - HKLM\..\RunServices: [Win32 NVIDIA Driver] MSPMSPSU.EXE
O4 - HKLM\..\RunOnce: [Win32 USB2 Driver] svchosting.exe
O4 - HKLM\..\RunOnce: [Auto updat] crsrs.exe
O4 - HKLM\..\RunOnce: [Windows Messenger] msmsgs.exe
O4 - HKLM\..\RunOnce: [Win32 NVIDIA Driver] MSPMSPSU.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Win32 USB2 Driver] svchosting.exe
O4 - HKCU\..\Run: [zonealarm] removeme.exe
O4 - HKCU\..\Run: [Auto updat] crsrs.exe
O4 - HKCU\..\Run: [OEM32 Tools] sres32.exe
O4 - HKCU\..\Run: [wvsvc] wvsvc.exe
O4 - HKCU\..\Run: [OEM Tools 32] tres32.exe
O4 - HKCU\..\Run: [Windows Messenger] msmsgs.exe
O4 - HKCU\..\Run: [Win32 NVIDIA Driver] MSPMSPSU.EXE
O4 - HKCU\..\RunOnce: [Win32 NVIDIA Driver] MSPMSPSU.EXE
O4 - HKCU\..\RunOnce: [Win32 USB2 Driver] svchosting.exe
O4 - HKCU\..\RunOnce: [Auto updat] crsrs.exe
O4 - HKCU\..\RunOnce: [Windows Messenger] msmsgs.exe
O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband\Help\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

The HJT entries which crunchie asked you to fix (and which seem to have reappeared) indicate that you are infected with a couple of different worms. HJT alone isn't going to be able to remove them for you.

Your HJT log also indicates that you have no anti-virus program running, which means you're just asking for trouble. If you can't immediately purchase and install a good anti-virus program like Norton or McAfee, use the links that caperjack posted and get a free online scan at those sites.