I ran through my system ruffly, and deleted Virtual maid, or what I could find of her.
But this still didn't delete Popuper.exe. Finally I came here, and read another thread, following it's general instructions. This ( Seemingly ) deleted popuper.exe, but SHNLOG.exe remains. When attempting to close this program ( It runs permanantly), it simply starts again within seconds, and is impossible to close using task manager.
Any help you can give will help me. Thanks alot guys. Here is my hijack this logfile. Hope it helps......BAsically I think most of the recognized programs are things I want. Such as eraser...And AIM, and MSN. But startsearches.com, that isn't supposed to be there. SHNLOG.exe was bolded by me, not by "Hijack this".
Logfile of HijackThis v1.99.1
Scan saved at 5:51:00 PM, on 24/05/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\drivers\KodakCCS.exe
D:\KODAK\Kodak EasyShare software\bin\ptssvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\internat.exe
C:\Program Files\Eraser\eraser.exe
C:\WINNT\system32\intmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\shnlog.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.startsear...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.startsearches.net/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.startsear...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.startsear...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://www.startsear...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://www.startsear...earch.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
http://www.startsearches.net/
F2 - REG:system.ini: Shell=Explorer.exe, msmsgs.exe
O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} -
C:\WINNT\system32\hpF19D.tmp
O3 - Toolbar: Virtual Maid - {77B2F8DE-CB3F-4b6b-839B-807DD1ADBA1C} -
C:\PROGRA~1\VIRTUA~1\VIRTUA~1.DLL (file missing)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [MSN Messenger] C:\WINNT\system32\msmsgs.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program
Files\AIM95\aim.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zon...kr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient
Class) -
http://messenger.zon...nt.cab31267.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing)
- http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) -
http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
Class) -
http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) -
http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://messenger.zon...ro.cab32846.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{F8EFC918-D0A2-46AA-9C98-5C52533A8900}:
NameServer = 203.2.75.132 198.142.0.51
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) -
VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak
Company - C:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: ptssvc - KODAK - D:\KODAK\Kodak EasyShare
software\bin\ptssvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. -
C:\WINNT\system32\ZoneLabs\vsmon.exe