I have read and done the steps in the "Malware removal - Hijack This Logs go Here- You must read this before posting a hijackthis log" article. That includes downloading and running AdAware, Spybot S&D and Ewido Security Suite
However, when I turn my laptop on it will try and start up bt broadband and then open Internet explorer (mmov web page).
My Hijack this log is:
Logfile of HijackThis v1.99.1
Scan saved at 12:02:43, on 28/03/2000
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\System32\TFNF5.exe
C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Documents and Settings\Administrator\My Documents\My Music\iPod\iPod Updater 2005-09-06\iTunesHelper.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\WINDOWS\gjkere.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\Program Files\ohra\mbsi.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\Documents and Settings\Administrator\My Documents\My Music\iPod\bin\iPodService.exe
C:\Program Files\BT Broadband\Help\bin\mpbtn.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
O1 - Hosts: 209.51.133.26 www.halifax-online.co.uk
O1 - Hosts: 209.51.133.26 ibank.barclays.co.uk
O1 - Hosts: 209.51.133.26 online.lloydstsb.co.uk
O1 - Hosts: 209.51.133.26 online-business.lloydstsb.co.uk
O1 - Hosts: 209.51.133.26 www.ukpersonal.hsbc.co.uk
O1 - Hosts: 209.51.133.26 www.nwolb.com
O1 - Hosts: 209.51.133.26 banesnet.banesto.es
O1 - Hosts: 209.51.133.26 extranet.banesto.es
O1 - Hosts: 209.51.133.26 ebanking.bccbrescia.it
O1 - Hosts: 209.51.133.26 www.bankofscotlandhalifax-online.co.uk
O1 - Hosts: 209.51.133.26 www.rbsdigital.com
O1 - Hosts: 209.51.133.26 oi.cajamadrid.es
O1 - Hosts: 209.51.133.26 bancae.caixapenedes.com
O1 - Hosts: 209.51.133.26 banking.postbank.de
O1 - Hosts: 209.51.133.26 meine.deutsche-bank.de
O1 - Hosts: 209.51.133.26 myonlineaccounts2.abbeynational.co.uk
O1 - Hosts: 209.51.133.26 ibank.cahoot.com
O1 - Hosts: 209.51.133.26 webbank.openplan.co.uk
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {B57B2FCF-ED5F-C7AA-7B90-BD9FD93E51E1} - C:\WINDOWS\System32\yqsqdrd.dll
O2 - BHO: (no name) - {E82A209F-EB59-CFAB-7B90-BD9FD93E51E1} - C:\WINDOWS\System32\yqsqdrd.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 20
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Documents and Settings\Administrator\My Documents\My Music\iPod\iPod Updater 2005-09-06\iTunesHelper.exe"
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Q1HxkmerA] C:\WINDOWS\gjkere.exe
O4 - HKLM\..\Run: [Windows DLL Loader] C:\WINDOWS\System32\gcph.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor
O4 - HKCU\..\Run: [Uuse] "C:\Program Files\ohra\mbsi.exe" -vt mt
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband\Help\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} (IObjSafety.DemoCtl) - http://cabs.media-mo...bs/joysaver.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangoc.../bridge-c11.cab
O23 - Service: AVSync Manager (AvSynMgr) - Networks Associates Technologies, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Documents and Settings\Administrator\My Documents\My Music\iPod\bin\iPodService.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
Sign In
Create Account
