i've spent today wrestling with a trojan, which isn't nearly as exciting as it sounds. google throws up the relevant geekstogo threads when one googles for 'csrss trojan' so i've taken steps to cleaning my system, but to no avail. i thought i'd post a hijack this log and see if there's anything obvious i'm missing. time and again i've removed a lot of stuff - the main offenders, files like mservice, iau, msqdevl seem to keep popping up. my display has reverted to 'classic style' windows in the last hour or two and my internet's slowed down. i can keep going into safe mode all day long but it doesn't seem to do much. anyway, here's my probably quite compact hijack this log. any help gratefully appreciated; i'm moving house on thursday and am stressed enough without this ... if i get it fixed i might start a celebratory sub-topic about where i can find the person responsible for creating this ..!!
i'm also having problems with 'spysheriff' and my keyboard, but to get internet and desktop sorted first would be a good start. various fixes and restores have disabled/re-enabled programs like ie and windows file search, so i'm still trying to get the balance right. as a possible final solution, would a windows reinstall resolve these problems?
thanks a lot folks ... mark.
Logfile of HijackThis v1.99.1
Scan saved at 13:27:02, on 29/06/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\Program Files\Sitecom\IFR_Share.exe
C:\WINDOWS\System32\dhcpclient.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\msmsngr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\osk.exe
C:\WINDOWS\system32\MSSWCHX.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\My Downloads\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://127.0.0.1:80
O2 - BHO: RedirectPage Class - {DC8240DF-E60D-4193-B984-5111847DC7E6} - C:\PROGRA~1\WEBLOO~1\WEBLOO~1.DLL (file missing)
O4 - HKLM\..\Run: [atiptext] C:\WINDOWS\System32\atiptext.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSN Messenger] C:\WINDOWS\System32\msmsgs.exe
O4 - HKLM\..\Run: [msmsngr] C:\WINDOWS\System32\msmsngr.exe
O4 - HKLM\..\Run: [FastStart] C:\WINDOWS\system32\svcnut32.exe home
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{E01D5986-8E07-4280-AD5F-19FEC0E66C79}: NameServer = 62.241.162.200 158.43.240.3
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: C2Share - Unknown owner - C:\Program Files\Sitecom\IFR_Share.exe
O23 - Service: Handling the DHCP requests (DHCP Client) - Unknown owner - C:\WINDOWS\System32\dhcpclient.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)