Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


HJT Help

  • Please log in to reply
2 replies to this topic

#1 DarkMind


  • Members
  • 5 posts
  • Local time:11:02 PM

Posted 21 February 2005 - 07:57 AM

Logfile of HijackThis v1.99.1
Scan saved at 20:26:38, on 21/02/2005

Running processes:
C:\Program Files\Efficient Networks\SpeedStream DSL\SPDSTRM.EXE
C:\Program Files\AdTools Service\AdTools.exe
C:\Program Files\AdTools Service\AdToolsKeep.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_page.ht...count_id=155386
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_page.ht...count_id=155386
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.ht...count_id=155386
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe smsse.exe
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\PROGRA~1\ISTbar\istbar.dll (file missing)
O4 - HKLM\..\Run: [DSL Monitor] C:\Program Files\Efficient Networks\SpeedStream DSL\SPDSTRM.EXE
O4 - HKLM\..\Run: [MediaServicess] C:\anime.exe
O4 - HKLM\..\Run: [AdTools Service] C:\Program Files\AdTools Service\AdTools.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [*windows update] wkmst.exe
O4 - HKLM\..\RunServices: [Microsoft Update] Svhost.exe
O4 - HKLM\..\RunServices: [Kernal Fault Check] ntosrkl.exe
O4 - HKLM\..\RunServices: [Windows_Protect] winsystem32.exe
O4 - HKLM\..\RunServices: [MSN Messenger 6.2] czj.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Update] scvvhost.exe
O4 - HKLM\..\RunServices: [Win32 Firewall Drivers] winfirewall.exe
O4 - HKLM\..\RunServices: [System Networking] sysnet.exe
O4 - HKLM\..\RunServices: [cyg updates] cygcfg32.exe
O4 - HKLM\..\RunServices: [Starting up] wvsvc.exe
O4 - HKLM\..\RunServices: [Norton Updater] ccUpdate.exe
O4 - HKLM\..\RunServices: [Win32 NDIS ] winhelpx.exe
O4 - HKLM\..\RunServices: [*windows update] wkmst.exe
O4 - HKLM\..\RunServices: [Microsoft Update Loader] xzbief.exe
O4 - HKLM\..\RunOnce: [Kernal Fault Check] ntosrkl.exe
O4 - HKLM\..\RunOnce: [Microsoft Windows Update] scvvhost.exe
O4 - HKLM\..\RunOnce: [Win32 Firewall Drivers] winfirewall.exe
O4 - HKLM\..\RunOnce: [Win32 NDIS ] winhelpx.exe
O4 - HKLM\..\RunOnce: [cyg updates] cygcfg32.exe
O4 - HKCU\..\Run: [*windows update] wkmst.exe
O4 - HKCU\..\RunOnce: [Kernal Fault Check] ntosrkl.exe
O4 - HKCU\..\RunOnce: [Win32 Firewall Drivers] winfirewall.exe
O4 - HKCU\..\RunOnce: [Microsoft Windows Update] scvvhost.exe
O4 - HKCU\..\RunOnce: [Win32 NDIS ] winhelpx.exe
O4 - HKCU\..\RunOnce: [cyg updates] cygcfg32.exe
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Download.../bridge-c15.cab
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_adult.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E9AFECA1-4BA6-4BC8-A3FE-6A014892F4CD}: NameServer =
O23 - Service: *windows update - Unknown owner - C:\WINDOWS\System32\wkmst.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

I've tried S&D, Ad-Aware, and Norton but i still cant fix them, i need some help please!

Edited by DarkMind, 21 February 2005 - 07:57 AM.

BC AdBot (Login to Remove)


#2 DarkMind

  • Topic Starter

  • Members
  • 5 posts
  • Local time:11:02 PM

Posted 22 February 2005 - 05:49 AM

uh, not to be rude here, but i really need help with this :S

#3 Papakid


    Guru at being a Newbie

  • Malware Response Team
  • 6,649 posts
  • Gender:Male
  • Local time:10:02 PM

Posted 01 March 2005 - 12:40 AM

Hi DarkMind,
Sorry for the delay. We generally look for the oldest log with zero replies, you made one (a reply) to your own thread so it looked as if you were getting help.

You have some pretty nasty infections, so before we get started with HijackThis let's try to remove some of it this way. Please run at least two of these free online virus scans:

eTrust Antivirus Web Scanner
TrendMicro's HouseCall
Panda ActiveScan

You should try to delete any files that these scanners are unable to clean.

I've tried S&D, Ad-Aware, and Norton but i still cant fix them, i need some help please!

Be sure to update these programs and run them again in Safe Mode.

Then scan again with HijackThis and post another log. And please don't edit your next log. I need to see all of it, including all of the header at the top.

The thing about people

is they change

when they walk away.--Mipso

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users