When I open the internet my home page has been hijacked to:-res://msaps.dll/search.html
and the message "Tss has caused an error in Tss.exe." keeps appearing

My hijack this log is as follows:
Logfile of HijackThis v1.99.1
Scan saved at 23:55:59, on 10/05/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\SOPHOS SWEEP\ICSUPP95.EXE
C:\PROGRAM FILES\HP CD-WRITER\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\HP CD-WRITER\MMENU\HPCDTRAY.EXE
C:\PROGRAM FILES\VIRGIN NET BROADBAND\DRAGDIAG.EXE
C:\PROGRAM FILES\SOPHOS\AUTOUPDATE\ALSVC.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\EPSON\EPSON SMART PANEL FOR SCANNER\ESPMAIN.EXE
C:\PROGRAM FILES\SOPHOS\AUTOUPDATE\ALMON.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OUTLOOK.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://msaps.dll/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://msaps.dll/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://msaps.dll/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://msaps.dll/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://msaps.dll/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://msaps.dll/index.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = res://msaps.dll/index.html
R3 - URLSearchHook: MailTo Class - {FDE3577A-6254-181C-4E11-339E4F746BD3} - C:\WINDOWS\SYSTEM32\WINS32T.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [WinInit] Win86.exe
O4 - HKLM\..\Run: [WinLogin] win32x.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\HPCD-W~1\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [HP CD-Writer] C:\Program Files\HP CD-Writer\Mmenu\hpcdtray.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Virgin Net Broadband\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Sophos AutoUpdate] C:\Program Files\Sophos\AutoUpdate\alsvc.exe
O4 - HKLM\..\Run: [tapisys] C:\WINDOWS\System32\tss.exe
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [Sweep95] C:\Program Files\Sophos SWEEP\ICLOAD95.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [tapisys] C:\WINDOWS\System32\tss.exe
O4 - Startup: EPSON SMART PANEL for Scanner.lnk = C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\espmain.exe
O4 - Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

Please let me know what is safe to delete etc. and how best to prevent further intrusion

Many thanks

Recommended Answers

All 8 Replies

Sorry, for professional assistance you'll need to pay a consultant.
We're only doing this as a hobby (at least while contributing to this site).

Sorry, for professional assistance you'll need to pay a consultant.
We're only doing this as a hobby (at least while contributing to this site).

Technically, I suppose that's true, because the only difference between a 'professional' and a 'hobbyist' is one gets paid and the other doesn't.

But I have to say, I trust the members here over any 'pro' I've ever paid, and nearly every online and telephone 'tech support' I've ever dealt with.

Welcome to DaniWeb, Gilly4 :D

Scan with hijackthis and have it fix the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://msaps.dll/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://msaps.dll/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://msaps.dll/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://msaps.dll/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://msaps.dll/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://msaps.dll/index.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = res://msaps.dll/index.html
R3 - URLSearchHook: MailTo Class - {FDE3577A-6254-181C-4E11-339E4F746BD3} - C:\WINDOWS\SYSTEM32\WINS32T.DLL
O4 - HKLM\..\Run: [WinInit] Win86.exe
O4 - HKLM\..\Run: [WinLogin] win32x.exe
O4 - HKLM\..\Run: [tapisys] C:\WINDOWS\System32\tss.exe
O4 - HKCU\..\Run: [tapisys] C:\WINDOWS\System32\tss.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

Be sure all windows are closed, other then hijackthis, before hitting Fix checked.

Go to the following locations and delete the highlighted files:

C:\WINDOWS\SYSTEM32\WINS32T.DLL
C:\WINDOWS\System32\tss.exe
C:\WINDOWS\web\related.htm

Do a search on your system for the following files and delete any instances found:

Win86.exe
win32x.exe

Note: If any of these files cannot be deleted, try booting into Safe Mode and try it again.

Reboot (normal mode), close any open browser windows, scan with HJT, and post a new log.

To help prevent further intrusion:

Keep Windows and IE updated
Keep your antivirus program updated
Use an alternative browser for the majority of your browsing (such as Firefox or Opera)
Use a firewall
Get SpywareBlaster and keep it updated (remember to Enable all protection after each update)
Be cautious of the websites you visit

Gilly4, please keep all replies in the forum; not only is it one of the site rules, but you can also get more advice... and, it may help others who have similar problems :D

Welcome to DaniWeb, Gilly4 :D

Scan with hijackthis and have it fix the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://msaps.dll/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://msaps.dll/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://msaps.dll/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://msaps.dll/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://msaps.dll/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://msaps.dll/index.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = res://msaps.dll/index.html
R3 - URLSearchHook: MailTo Class - {FDE3577A-6254-181C-4E11-339E4F746BD3} - C:\WINDOWS\SYSTEM32\WINS32T.DLL
O4 - HKLM\..\Run: [WinInit] Win86.exe
O4 - HKLM\..\Run: [WinLogin] win32x.exe
O4 - HKLM\..\Run: [tapisys] C:\WINDOWS\System32\tss.exe
O4 - HKCU\..\Run: [tapisys] C:\WINDOWS\System32\tss.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

Be sure all windows are closed, other then hijackthis, before hitting Fix checked.

Go to the following locations and delete the highlighted files:

C:\WINDOWS\SYSTEM32\WINS32T.DLL
C:\WINDOWS\System32\tss.exe
C:\WINDOWS\web\related.htm

Do a search on your system for the following files and delete any instances found:

Win86.exe
win32x.exe

Note: If any of these files cannot be deleted, try booting into Safe Mode and try it again.

Reboot (normal mode), close any open browser windows, scan with HJT, and post a new log.

To help prevent further intrusion:

Keep Windows and IE updated
Keep your antivirus program updated
Use an alternative browser for the majority of your browsing (such as Firefox or Opera)
Use a firewall
Get SpywareBlaster and keep it updated (remember to Enable all protection after each update)
Be cautious of the websites you visit

Thanks a milliom for your excellent help.
All was running brilliantly till I decided unwisely to be tempted to download Spamblocker Utility. Stupidly I did not realise that it was a con. Cannot clean it from system.Please have a look at my HT log and let me know 1 how to remove Spam Blocker and 2. Does anything else need sorting out on my logfile?

Many thanks


Logfile of HijackThis v1.99.1
Scan saved at 03:32:04, on 24/05/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\SOPHOS SWEEP\ICSUPP95.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\HP CD-WRITER\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\HP CD-WRITER\MMENU\HPCDTRAY.EXE
C:\PROGRAM FILES\VIRGIN NET BROADBAND\DRAGDIAG.EXE
C:\PROGRAM FILES\SOPHOS\AUTOUPDATE\ALSVC.EXE
C:\PROGRAM FILES\SPAMBLOCKERUTILITY\BIN\4.6.1.0\SBOEADDON.EXE
C:\PROGRAM FILES\SPAMBLOCKERUTILITY\BIN\4.6.1.0\SBINST.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\PROGRAM FILES\EPSON\EPSON SMART PANEL FOR SCANNER\ESPMAIN.EXE
C:\PROGRAM FILES\SOPHOS\AUTOUPDATE\ALMON.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\SPAMBLOCKERUTILITY\BIN\4.6.1.0\SBSRV.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: SpamBlockerUtility - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\PROGRAM FILES\SPAMBLOCKERUTILITY\BIN\4.6.1.0\SBHOSTIE.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: SpamBlockerUtility - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\PROGRAM FILES\SPAMBLOCKERUTILITY\BIN\4.6.1.0\SBHOSTIE.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\HPCD-W~1\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [HP CD-Writer] C:\Program Files\HP CD-Writer\Mmenu\hpcdtray.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Virgin Net Broadband\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Sophos AutoUpdate] C:\Program Files\Sophos\AutoUpdate\alsvc.exe
O4 - HKLM\..\Run: [SpamBlocker] C:\Program Files\SpamBlockerUtility\Bin\4.6.1.0\SbOEAddOn.exe
O4 - HKLM\..\Run: [Spam Blocker for Outlook Express] C:\PROGRA~1\SPAMBL~1\BIN\461~1.0\SBInst.exe
O4 - HKLM\..\Run: [cdiyoots] C:\WINDOWS\SYSTEM\cfunvhmm.exe
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [Sweep95] C:\Program Files\Sophos SWEEP\ICLOAD95.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - Startup: EPSON SMART PANEL for Scanner.lnk = C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\espmain.exe
O4 - Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} (SbInstObj) - http://installs.spamblockerutility.com/ins...ckerutility.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

Go to Add/Remove Programs in your Control Panel and remove SpamBlockerUtility.

Scan with hijackthis and have it fix the following entries:

O2 - BHO: SpamBlockerUtility - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\PROGRAM FILES\SPAMBLOCKERUTILITY\BIN\4.6.1.0\SBHOSTIE.DLL
O3 - Toolbar: SpamBlockerUtility - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\PROGRAM FILES\SPAMBLOCKERUTILITY\BIN\4.6.1.0\SBHOSTIE.DLL
O4 - HKLM\..\Run: [SpamBlocker] C:\Program Files\SpamBlockerUtility\Bin\4.6.1.0\SbOEAddOn.exe
O4 - HKLM\..\Run: [Spam Blocker for Outlook Express] C:\PROGRA~1\SPAMBL~1\BIN\461~1.0\SBInst.exe
O4 - HKLM\..\Run: [cdiyoots] C:\WINDOWS\SYSTEM\cfunvhmm.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?lin...467&clcid=0x409
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/...n/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/...bin/AvSniff.cab
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} (SbInstObj) - http://installs.spamblockerutility....ckerutility.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

Remember to close all windows, other then hijackthis, before hitting Fix checked.

Go to the following locations and delete the highlighted files and folders:

C:\PROGRAM FILES\SPAMBLOCKERUTILITY
C:\WINDOWS\SYSTEM\cfunvhmm.exe

Reboot, close any open browser windows, scan with hijackthis, and post a new log please -- and let us know if it's gone.

Many thanks once again for your help. Below is the updated HJT log. Computer seems to be running OK now,. What does it look like? I have just done a "Tweak This" registry scan and it detected 10 items of concern "unable to determine the status of the items". I am cautious about deleting them.

They are as follows:-

5 items from Fonts section (myriad.tff)
3 items from Device drivers
1 item from Shared dlls (%Javadir%\QTJava.zip)
1 item from ActiveX/com section

Should I worry about them or is it safe to delete them?

All the best

Gilly4


Logfile of HijackThis v1.99.1
Scan saved at 23:49:51, on 24/05/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\HP CD-WRITER\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\HP CD-WRITER\MMENU\HPCDTRAY.EXE
C:\PROGRAM FILES\VIRGIN NET BROADBAND\DRAGDIAG.EXE
C:\PROGRAM FILES\SOPHOS\AUTOUPDATE\ALSVC.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\PROGRAM FILES\EPSON\EPSON SMART PANEL FOR SCANNER\ESPMAIN.EXE
C:\PROGRAM FILES\SOPHOS\AUTOUPDATE\ALMON.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\SOPHOS SWEEP\ICSUPP95.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OUTLOOK.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\HPCD-W~1\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [HP CD-Writer] C:\Program Files\HP CD-Writer\Mmenu\hpcdtray.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Virgin Net Broadband\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Sophos AutoUpdate] C:\Program Files\Sophos\AutoUpdate\alsvc.exe
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [Sweep95] C:\Program Files\Sophos SWEEP\ICLOAD95.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - Startup: EPSON SMART PANEL for Scanner.lnk = C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\espmain.exe
O4 - Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll

Your log looks okay to me, but I'm afraid I can't help with that registry scan. Hopefully someone else here can :)

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.