hi there.. thanks for your time, i tried to follow your instructions as closely as possible but i am a begginer and i kinda struggled with the system settings part of yor reccomendations.. here is the HJT log that you need followed by the other log u asked for, i struggled to find this second log so i hope it is right
Logfile of HijackThis v1.99.1
Scan saved at 16:51:27, on 17/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\BTBROA~2\Help\SMARTB~1\BTHelpNotifier.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\BT Broadband 210\Help\bin\mpbtn.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\martyn jordan\Desktop\HijackThis.exe
C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE
C:\PROGRA~1\MSNMES~1\msnmsgr.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://uk.red.clientapps.yahoo.com/cust ... _side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://uk.red.clientapps.yahoo.com/cust ... _side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://uk.red.clientapps.yahoo.com/cust ... yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tiscali
R3 - URLSearchHook: (no name) - {DC02115C-6C45-C5FF-9F0D-D7FFBDFB08F6} - _ctcp.dll (file missing)
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTBROA~2\Help\SMARTB~1\BTHelpNotifier.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [systemdll] LOPTCON.exe
O4 - HKLM\..\Run: [iesetupdll] Serviceprocess.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [WhatsNewBot] ATLIEHELPER.exe
O4 - HKCU\..\Run: [utsgmon] powerdll.exe
O4 - HKCU\..\Run: [LOPTCON] teqq32.exe
O4 - Global Startup: Broadband Desktop Help.lnk = C:\Program Files\BT Broadband 210\Help\bin\matcli.exe
O9 - Extra button: Spin Palace Poker - {3A56EF1B-B8B8-45f6-9F79-1CC1778B9091} - C:\Program Files\spinpalaceMPP\MPPoker.exe
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk
O16 - DPF: Yahoo! Literati -
http://download.games.yahoo.com/games/c ... /tt4_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) -
http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {97BB6657-DC7F-4489-9067-51FAB9D8857E} (CWebLaunchCtl Object) -
http://esupport.cf1live.com/esupport/st ... aunch2.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMe ... loader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5D5080B-D74F-45B9-802E-778CAD0F9E18}: NameServer = 85.255.114.108,85.255.112.143
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.108 85.255.112.143
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.108 85.255.112.143
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
here is the fix wareout report (i hope)
Fixwareout ver 1.003
Last edited 07/1/2006
Post this report in the forums please
Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\swen
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ogol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\eno
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\eerht
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ruof
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\evif
...
Microsoft (R) Windows Script Host Version 5.6
Random Runs removed from HKLM
"dmlxk.exe"=-
...
PLEASE NOTE, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Example ipsec6.exe is legitimate
»»»»» Search by size and names...
* csr.exe C:\WINDOWS\System32\CSKMG.EXE
»»»»» Misc files
»»»»» Checking for older varients covered by the Rem3 tool
»»»»»
Search five digit cs, dm and jb files
This WILL/CAN also list Legit Files, Submit them at Virustotal
C:\WINDOWS\SYSTEM32\CSKMG.EXE 51,285 2006-07-14
C:\WINDOWS\SYSTEM32\DMLXK.EXE 62,046 2004-08-04
Other suspects
Directory of C:\WINDOWS\system32
{5A733A3C-EAAE-4F5B-AEF9-5B84A0347620}.exe
{42D04C4C-5EE9-4CEA-8750-A4A3339297E7}.exe
{C17E30AE-4569-4BDB-971E-BF90B54B7544}.exe
{EB94FDC0-0261-49D2-BDA0-8A8E08E7033C}.exe
{F62BC8FF-E880-49DB-8BD3-B32C0E6785EB}.exe
{01F670E4-7D56-478A-B806-F061D2D58F99}.exe
{0C3D883D-7E2B-4EDC-9B94-97BE98F60030}.exe
{83161E6F-4959-4509-9BC1-077038302D5C}.exe
{16724A98-63E7-4FAE-B93A-C15250A708EA}.exe
{8700BBBD-62B4-408D-BC09-637F59C953AD}.exe
{9FC4C425-99F1-4EF8-813E-1E5337E5ECBF}.exe
{DDF0AF7E-13DF-4BA5-9E2E-DFA931A3CB28}.exe
{19E16A93-72D0-4EE0-982A-A7817F399612}.exe
{F111B741-8D72-4AAD-95BA-B2CAC3B3041D}.exe
{C0B5567F-8AB9-449E-8662-318D3ABCA974}.exe
{7B862D66-AED7-4B0F-B525-381165D07575}.exe
{480C70B2-B3FA-46B1-9564-B7DAA8963BDE}.exe
{2AAF1613-BFCF-428C-A2E0-0DA2AA82FCD6}.exe
{E5059ADB-EC94-4D73-BB8E-A571A014F883}.exe
{B61426B8-4704-4CAD-8589-1B93BA08403A}.exe
{805D69B4-477B-4881-BCD8-AC0B84F34834}.exe
{36B9BF95-CABD-4C14-B23C-F9ECFF1210F0}.exe
{29F73BFC-9426-4514-9BBD-53A6D46AA9A0}.exe
{A4780484-097C-4F36-9808-149707633C91}.exe
{3BBE8BB2-A64E-4B60-B4BA-4F515146AB6F}.exe
{BB89027A-A8D3-4D93-8D41-9AD93CDB2590}.exe
{49A95EB1-F53D-46EC-8F66-E02698F93652}.exe
{E8181D5C-03D5-4E1B-8D41-976B3CF1D3FF}.exe
{7C25D5C4-D246-4993-B253-FD9539E8ACB6}.exe
{63D29D1C-64EA-45BC-8EF8-B6D0F0C2E949}.exe
{83CDCE1B-FAAA-48C0-9932-B2AC27EEE5A1}.exe
{CBD120A3-4983-41D5-BEA3-7FF18F3A513A}.exe
{9825DD69-B446-4DA6-8980-172E37C827C5}.exe
{A2270FAE-08FA-4B70-B865-1B239BB4F37F}.exe
{B00FD8BC-67FC-4CF7-BDAB-83150D57B9D8}.exe
{5EE482D8-F790-4492-BCB8-559C61A1BCB8}.exe
{BC562097-F200-4FC7-9ED4-6F61017C85D5}.exe
{E6DE9412-4599-4075-9913-BBB72D5DAA23}.exe
{AB47D7C9-5EE1-4226-9580-3F370F5ACF94}.exe
{3530D393-4E28-433A-BDB0-EBB48FBD0EEC}.exe
{E3D922E7-B0C3-4E94-9731-9691B61AEAFA}.exe
{8F5EAE04-DB97-4126-864D-23BB3323137F}.exe
{58ACB65E-6B43-4D54-9A3A-EE715E998D43}.exe
{2ADA4354-2DE7-478A-9816-A74B4C5F414A}.exe
{89EB6A52-FB4A-4FB0-8DA1-69B7F1D71146}.exe
{92B9F41A-8372-49D5-8077-2D6485269F86}.exe
{77677CFF-320C-4410-91DE-9F4782CF3914}.exe
{BD7A035C-921E-4408-A3A5-7A34413F2818}.exe
{F73FC204-F83A-449A-B32A-B9010AE9D694}.exe
{DF367580-4E39-440D-B0E6-99E6B3948DE3}.exe
{24399E96-9DBB-4D12-83A4-488605C36FC7}.exe
{D7BB036C-7613-4A5A-8C88-524EF7596708}.exe
{90667845-AE4B-46D1-8BED-E09983535401}.exe
{061A4A35-F7E4-4AEB-8486-CB709FFFC12D}.exe
{A6E382FD-A653-416F-8415-911F736F99E6}.exe
{52DE8B08-D7D3-4061-AE01-B73F1D737943}.exe
{437673EA-07E6-4C11-B55C-331225EF3612}.exe
{1B587F9F-F44A-4B62-A413-E301E0E1D77B}.exe
{ED873742-F70B-4A6F-902A-D91507C99588}.exe
{3586053A-50B3-4036-AB28-D56B2B43C0D6}.exe
{799683D5-4D8E-446D-AACE-EEC6F34E5B24}.exe
{9ABCD2FA-0006-4B0D-B3B5-C3501B3858F7}.exe
{2ACAA079-64B5-400A-A47E-DC9E49ECCA0E}.exe
{73736D86-E02D-4EB6-BE3E-FEA7DB222199}.exe
{E9C08DDE-14C5-4973-9970-0654AD5C1B57}.exe
{3B0DDB86-F20E-4521-A4B8-09A27A7F1C61}.exe
{801A7A09-1076-4C64-8DEF-0C7FEE7970CB}.exe
{9D0D83F5-B00C-44F7-8B5B-CBA168EA6AF2}.exe
{63575CC6-BBE5-420C-A280-78D20F734CDF}.exe
{2AEE053B-81AD-4E14-A074-68EBCAC6A7C1}.exe
{E5353226-9BD0-4696-8D56-DB182644FD4B}.exe
{27019FF6-F95D-49BD-8174-967792283B0D}.exe
{02F37DE1-4B95-48AF-9945-578884F133E2}.exe
{2739344B-B2C5-4416-9031-7E1CAB11A75C}.exe
{9C9719E2-8AE8-41D6-8CE0-5E1C1D0B011E}.exe