[troyspeer]

Here is my Hijack log.

The main problem i have is that when clicking on say My Computer folder, it sayd explrer.exe has a problem and wont let me in, i can only go into it by right button and explore.

I also have an annoying search thing above the clock that pops up.


Logfile of HijackThis v1.99.0
Scan saved at 00:11:42, on 13/01/2005
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\loadqm.exe
C:\WINNT\System32\smss32.exe
C:\WINNT\System32\secure.exe
C:\WINNT\System32\bskzfq.exe
C:\WINNT\isrvs\desktop.exe
C:\Program Files\Avntt\Uzmkab.exe
C:\Program Files\Admilli Service\AdmilliServ.exe
C:\WINNT\System32\internat.exe
C:\Program Files\Admilli Service\AdmilliKeep.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\COMMON~1\tsa\tsm2.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\PROGRA~1\COMMON~1\tsa\ts2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\MY DOCUMENTS\My Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.popupsear...sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.popupsear...sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.popupsear...sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.popupsear...sidesearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.popupsear...sidesearch.html
R3 - URLSearchHook: (no name) - _{1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINNT\localNRD.dll
O2 - BHO: ohb - {086CEFD5-A88D-4981-8915-D51F04360ED1} - C:\WINNT\System32\winhot32.dll
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-

469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL
O2 - BHO: ohb - {285B5CCD-C3F0-4EB6-9632-7D0A3C3AF824} - C:\WINNT\System32\hsrb.dll
O2 - BHO: InstaFinder - {4E7BD74F-2B8D-469E-DCF7-F96DA086B434} - C:\WINNT\DOWNLO~1\instafin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINNT\isrvs\sysupd.dll
O2 - BHO: ohb - {CB5B2BC6-F957-4D8A-BE67-83F3EC58BA01} - C:\WINNT\System32\dsktrf.dll
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: HotSearchBar.com Bar - {8B224779-3B0E-4FEA-8AE1-B66C20DD840F} - C:\WINNT\System32\winhot32.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [ihofch] C:\WINNT\ihofch.exe
O4 - HKLM\..\Run: [UsbD] C:\WINNT\System32\smss32.exe
O4 - HKLM\..\Run: [version] C:\WINNT\System32\version.exe
O4 - HKLM\..\Run: [secure] C:\WINNT\System32\secure.exe
O4 - HKLM\..\Run: [fhxygmdipipcz] C:\WINNT\System32\bskzfq.exe
O4 - HKLM\..\Run: [Desktop Search] C:\WINNT\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINNT\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [Otrfn] C:\Program Files\Avntt\Uzmkab.exe
O4 - HKLM\..\Run: [Admilli Service] C:\Program Files\Admilli Service\AdmilliServ.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Tsa2] C:\PROGRA~1\COMMON~1\tsa\tsm2.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &iSearch The Web - res://C:\WINNT\System32\toolbar.dll/SEARCH.HTML
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...Bridge-c139.cab
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - http://toolbar.isear...general/drm.cab
O16 - DPF: {99802379-7362-40E2-9D28-8A3B9AF880B7} (iiittt Class) - http://hotsearchbar....r2/winhot32.cab
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINNT\isrvs\mfiltis.dll
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

[Advertisements]

Hi troyspeer

1) You may wish to print out a copy of these instructions to follow while you complete this procedure.

2)Be sure you're able to view hidden files

3)Please download cleanup312 http://www.antispywa...up.php?type=exe
Please unzip the file but do not run it yet.

4) Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click Kill process:

AdmilliServ.exe
tsm2.exe
Uzmkab.exe
ihofch.exe
smss32.exe
version.exe
secure.exe
bskzfq.exe
desktop.exe
ffisearch.exe

5) Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.popupsear...sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.popupsear...sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.popupsear...sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.popupsear...sidesearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.popupsear...sidesearch.html

R3 - URLSearchHook: (no name) - _{1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)

R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)

R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)

O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINNT\localNRD.dll

O2 - BHO: ohb - {086CEFD5-A88D-4981-8915-D51F04360ED1} - C:\WINNT\System32\winhot32.dll

O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL

O2 - BHO: ohb - {285B5CCD-C3F0-4EB6-9632-7D0A3C3AF824} - C:\WINNT\System32\hsrb.dll

O2 - BHO: InstaFinder - {4E7BD74F-2B8D-469E-DCF7-F96DA086B434} - C:\WINNT\DOWNLO~1\instafin.dll

O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINNT\isrvs\sysupd.dll

O2 - BHO: ohb - {CB5B2BC6-F957-4D8A-BE67-83F3EC58BA01} - C:\WINNT\System32\dsktrf.dll

O3 - Toolbar: HotSearchBar.com Bar - {8B224779-3B0E-4FEA-8AE1-B66C20DD840F} - C:\WINNT\System32\winhot32.dll

O4 - HKLM\..\Run: [ihofch] C:\WINNT\ihofch.exe

O4 - HKLM\..\Run: [UsbD] C:\WINNT\System32\smss32.exe

O4 - HKLM\..\Run: [version] C:\WINNT\System32\version.exe

O4 - HKLM\..\Run: [secure] C:\WINNT\System32\secure.exe

O4 - HKLM\..\Run: [fhxygmdipipcz] C:\WINNT\System32\bskzfq.exe

O4 - HKLM\..\Run: [Desktop Search] C:\WINNT\isrvs\desktop.exe

O4 - HKLM\..\Run: [ffis] C:\WINNT\isrvs\ffisearch.exe

O4 - HKLM\..\Run: [Otrfn] C:\Program Files\Avntt\Uzmkab.exe

O4 - HKLM\..\Run: [Admilli Service] C:\Program Files\Admilli Service\AdmilliServ.exe

O4 - HKCU\..\Run: [Tsa2] C:\PROGRA~1\COMMON~1\tsa\tsm2.exe

O8 - Extra context menu item: &iSearch The Web - res://C:\WINNT\System32\toolbar.dll/SEARCH.HTML

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...Bridge-c139.cab

O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - http://toolbar.isear...general/drm.cab

O16 - DPF: {99802379-7362-40E2-9D28-8A3B9AF880B7} (iiittt Class) - http://hotsearchbar....r2/winhot32.cab

O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINNT\isrvs\mfiltis.dll


6) Please reboot into safe mode (continually tap the F8 key while your system is starting, select Safe Mode from the menu).

Please use windows explorer to find the following files and folders in bold

C:\PROGRA~1\ SEARCH~1\SEARCH~2.DLL<-Delete this folder

C:\Program Files\ Admilli Service\AdmilliServ.exe<-Delete this folder

C:\PROGRA~1\COMMON~1\ tsa\tsm2.exe<-Delete this folder

C:\Program Files\Avntt\ Uzmkab.exe<-Delete this folder

C:\WINNT\ localNRD.dll<-Delete this file

C:\WINNT\System32\winhot32.dll<-Delete this file

C:\WINNT\System32\ hsrb.dll<-Delete this file

C:\WINNT\DOWNLO~1\ instafin.dll<-Delte this file

C:\WINNT\isrvs\ sysupd.dll<-Delete this file

C:\WINNT\System32\ dsktrf.dll<-Delete this file

C:\WINNT\System32\ winhot32.dll<-Delete this file

C:\WINNT\ ihofch.exe<-Delete this file

C:\WINNT\System32\ version.exe<-Delete this file

C:\WINNT\System32\ secure.exe<-Delete this file

C:\WINNT\System32\ bskzfq.exe<-Delete this file

C:\WINNT\ isrvs\desktop.exe<-Delete this

C:\WINNT\ isrvs\ffisearch.exe<-Delete this
C:\WINNT\System32\ toolbar.dll/SEARCH.HTML<-Delete this

C:\WINNT\ isrvs\mfiltis.dll<-Delete this folder



7) Please run cleanup312 now

Reboot your PC.

8)Please run a free online virus scan here http://housecall.antivirus.com/
(tick the "Auto Clean" checkbox):


If you would please, rescan with HijackThis and post a fresh log in this same topic, and let us know how your system's working.

kc