Please Help! Hjk Log Provided

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

kate2

Thread Starter
Joined
Feb 5, 2005
Messages
6
Hi all,

I have problems sustaining an internet connection and i fear that i have got a virus or something of similar effect.

I have pasted a hijack this log below, if somebody could please look at it and see if there are any problems that need fixing, i would really appreciate it.

K
:)

Logfile of HijackThis v1.99.0
Scan saved at 22:17:41, on 05/02/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\System32\TFNF5.exe
C:\WINDOWS\System32\ati2vid.exe
C:\WINDOWS\System32\IEXPLORE.EXE
C:\WINDOWS\System32\ntsysmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TextBridge Classic\Bin\TBMenu.exe
C:\WINDOWS\twain_32\A4CIS\WATCH.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\blueyonder IST\bin\mpbtn.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.btinternet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.btinternet.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://broadband.blueyonder.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BTinternet
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 20
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [ATI VIDEO REGKEY] ati2vid.exe
O4 - HKLM\..\Run: [$WindowsRegKey%update] IEXPLORE.EXE
O4 - HKLM\..\Run: [Microsoft System Checkup] ntsysmgr.exe
O4 - HKLM\..\Run: [NT Logging Service] syslog32.exe
O4 - HKLM\..\RunServices: [ATI VIDEO REGKEY] ati2vid.exe
O4 - HKLM\..\RunServices: [$WindowsRegKey%update] IEXPLORE.EXE
O4 - HKLM\..\RunServices: [Microsoft System Checkup] ntsysmgr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ATI VIDEO REGKEY] ati2vid.exe
O4 - HKCU\..\Run: [$WindowsRegKey%update] IEXPLORE.EXE
O4 - Startup: Watch.lnk = C:\WINDOWS\twain_32\A4CIS\WATCH.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: TextBridge Instant Access OCR.lnk = C:\Program Files\TextBridge Classic\Bin\TBMenu.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\matcli.exe
O8 - Extra context menu item: Send Image to Photo Library - file://C:\Program Files\MGI\MGI PhotoSuite II\Temp\MGI00000.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.btinternet.com
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
 
Joined
Sep 7, 2004
Messages
49,014
Print this and boot to safe mode
Fix these with HJT

O4 - HKLM\..\Run: [$WindowsRegKey%update] IEXPLORE.EXE

O4 - HKLM\..\Run: [Microsoft System Checkup] ntsysmgr.exe

O4 - HKLM\..\Run: [NT Logging Service] syslog32.exe

O4 - HKLM\..\RunServices: [ATI VIDEO REGKEY] ati2vid.exe

O4 - HKLM\..\RunServices: [$WindowsRegKey%update] IEXPLORE.EXE

O4 - HKLM\..\RunServices: [Microsoft System Checkup] ntsysmgr.exe

O4 - HKCU\..\Run: [ATI VIDEO REGKEY] ati2vid.exe

O4 - HKCU\..\Run: [$WindowsRegKey%update] IEXPLORE.EXE



View Hidden Files
Open Windows Explorer. Go to Tools, Folder Options and click on the View tab.
Make sure that "Show hidden files and folders" is checked.
Also uncheck "Hide protected operating system files".
Now click "Apply to all folders", Click "Apply" then "OK"

Delete these files – make SURE they are at that location as they are valid files in a different location


C:\WINDOWS\System32\ati2vid.exe
C:\WINDOWS\System32\IEXPLORE.EXE
C:\WINDOWS\System32\ntsysmgr.exe


START – RUN – key in %temp% - Edit – Select all – File – Delete
Empty the recycle bin
Boot and post a new log
 

kate2

Thread Starter
Joined
Feb 5, 2005
Messages
6
Hi,

Thanks for the help. I have done what you said and here is the new log:

Logfile of HijackThis v1.99.0
Scan saved at 23:35:36, on 05/02/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\System32\TFNF5.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TextBridge Classic\Bin\TBMenu.exe
C:\WINDOWS\twain_32\A4CIS\WATCH.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\blueyonder IST\bin\mpbtn.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.btinternet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.btinternet.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://broadband.blueyonder.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BTinternet
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 20
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [ATI VIDEO REGKEY] ati2vid.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Watch.lnk = C:\WINDOWS\twain_32\A4CIS\WATCH.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: TextBridge Instant Access OCR.lnk = C:\Program Files\TextBridge Classic\Bin\TBMenu.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\matcli.exe
O8 - Extra context menu item: Send Image to Photo Library - file://C:\Program Files\MGI\MGI PhotoSuite II\Temp\MGI00000.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.btinternet.com
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
 
Joined
Sep 7, 2004
Messages
49,014
Fix - O4 - HKLM\..\Run: [ATI VIDEO REGKEY] ati2vid.exe

Delete C:\WINDOWS\System32\ati2vid.exe
 

kate2

Thread Starter
Joined
Feb 5, 2005
Messages
6
Hi, did what you said. Here's the new log...



Logfile of HijackThis v1.99.0
Scan saved at 00:17:04, on 06/02/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\System32\TFNF5.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TextBridge Classic\Bin\TBMenu.exe
C:\WINDOWS\twain_32\A4CIS\WATCH.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\blueyonder IST\bin\mpbtn.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.btinternet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.btinternet.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://broadband.blueyonder.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BTinternet
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 20
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Watch.lnk = C:\WINDOWS\twain_32\A4CIS\WATCH.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: TextBridge Instant Access OCR.lnk = C:\Program Files\TextBridge Classic\Bin\TBMenu.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\matcli.exe
O8 - Extra context menu item: Send Image to Photo Library - file://C:\Program Files\MGI\MGI PhotoSuite II\Temp\MGI00000.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.btinternet.com
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
 
Joined
Sep 7, 2004
Messages
49,014
kate2 said:
Does this look ok now?
Patience! But yes, the key is how are things for u???

If you feel it is solved, use thread tools above to mark it solved
 

kate2

Thread Starter
Joined
Feb 5, 2005
Messages
6
well its not turned itself off yet (which has normally happened by now), so fingers crossed! thanks alot for your help! :)
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top