http://searchpage.cc/1520/

Hi
Please do post another log

 

I just want to clarify that I didn't ask you to install eTrust to replace your current AV, but to use as a detection/cleaning utility much as you would Spybot, Ad-aware or CWShredder, and provide you with some protection until your computer is cleaned up and Norton repaired. It can be easily uninstalled if you don't wish to keep it.

 

not sure what happened with my last reply but somehow didn't get posted.

anyway sorry for the delay but I have been going round in circles since last post trying to get FW to allow IE access to the internet - some kind of conflict going on there

downloaded FW and AV from eTrust but when trying to download updates with firewall on it can't connect, with the firewall off it closes down after a couple of seconds

ran AV without updates but nothing was found

sorry tried to resolve this problem myself but I'm now in your hands

 

Run stinger then after a reboot post a fresh Hijackthis log
Network Associates Inc.Stinger: http://vil.nai.com/vil/stinger/

 

Logfile of HijackThis v1.97.7
Scan saved at 09:29:03, on 26/06/2002
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\PANICW~1\POP-UP~2\POPUPS~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\video_lnk32.exe
C:\Documents and Settings\ron\Desktop\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\devldr32.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blueyonder-broadband.co.uk/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper\CCHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CM-SmWizard] C:\WINDOWS\System\SmWizard.exe
O4 - HKLM\..\Run: [Windos Video Link] video_lnk32.exe
O4 - HKLM\..\RunServices: [Windos Video Link] video_lnk32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\PROGRA~1\PANICW~1\POP-UP~2\POPUPS~1.EXE "
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - E:\Program Files\Panicware\Pop-Up Stopper\CCHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CM-SmWizard] C:\WINDOWS\System\SmWizard.exe
O4 - HKLM\..\Run: [Windos Video Link] video_lnk32.exe
O4 - HKLM\..\RunServices: [Windos Video Link] video_lnk32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\PROGRA~1\PANICW~1\POP-UP~2\POPUPS~1.EXE "
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab27571.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/threatinfo/virusinfo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab27571.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shocxtra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab27571.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/threatinfo/virusinfo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab27571.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

 

Can you end task on video_lnk32.exe. to do so open task manage by pressing ctrl alt del at the same time then click the proccess tab select the file and end it
then open task manager and check it if stays off.
if if just comes back stop and say so ?
if it doesnt continue


Start Hijackthis and place a check next to these items
Close all browser windows and shut down all other programs(even Folders) that show in the taskbar. Then Hit fix selected

O4 - HKLM\..\Run: [Windos Video Link] video_lnk32.exe
O4 - HKLM\..\RunServices: [Windos Video Link] video_lnk32.exe

Reboot find and delete (ONLY THESE EXACT) files and folder's, If still there.
Be very carefull note the exact spelling.
You might have to have windows show hidden file's and folder's in order to see them.
How to Show hidden files and folders.
Did you run stinger if so what did it find and where ?
If you havent ran stinger do so before deleting these files.

C:\WINDOWS\winh.exe
C:\WINDOWS\Hot_Kiss.exe
C:\WINDOWS\runwin32.exe
C:\WINDOWS\Wininet32.exe
C:\WINDOWS\System32\video_lnk32.exe
C:\WINDOWS\system32\services << folder
C:\WINDOWS\alchem.exe
then do a file search and delete those if found anywhere.

ImportantNext delete the contents of all your temp folders, as in.
C:\documents and settings\(all your pc users)\local settings\temp
Clear IE's cache via control panel internet options [delete files] button and mark the popup to also delete offline content
=====
Then run cwsredder again make sure its the latest version
currently its ver 1.57
be sure to Click Fix, don't just scan.if it find anything reboot again
http://radiosplace.com/


and Post another log please