Yet again i have another internet hijack problem...same as before, homepage changes and porn added to favourites - when i run cwshredder.exe it finds and fixes "CWS.Alfasearch", and its all fine. As soon as i try to log off, it refuses too because the program "Win Min" isnt ended. It wont let you log off until you click "End" and obviously then it logs you off without saving because you havent logged off properly - so next time i log back on, the browser hijack is all there again.
When ive ran cwshredder, my hijack this log is like this:
Logfile of HijackThis v1.97.7
Scan saved at 17:14:48, on 08/01/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe
C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe
C:\PROGRA~1\LEXMAR~2\ACMonitor_X73.exe
C:\PROGRA~1\LEXMAR~2\AcBtnMgr_X73.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\CConnect\CConnect.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Trend Micro\PC-cillin 2000\PNTIOMON.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlogon.exe
C:\Program Files\Trend Micro\PC-cillin 2000\pccntupd.exe
C:\Documents and Settings\Hayley Clarke\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.tiscali.co.uk/tiny/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
http://www.ultimate-guitar.com/forum
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext =
http://go.microsoft.com/fwlink/?LinkId=488
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe"
O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe"
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~2\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~2\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printra y.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] \WkDetect.exe
O4 - Global Startup: CorrectConnect.lnk = C:\Program Files\CConnect\CConnect.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Real-time Monitor.lnk = ?
O4 - Global Startup: winlogon.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/tiny/
O16 - DPF: DigiChat Applet -
http://www.rxxx.com/DigiChat/DigiClasses/Client_IE.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) -
http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) -
http://216.249.24.142/code/PWActiveXImgCtl.CAB
O16 - DPF: {6FDB0065-2787-11D6-B1D8-0001023916FC} (CLOActiveXInstaller Control) -
http://play.igl.net/clo/install/CLOA...allerProj1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
http://v4.windowsupdate.microsoft.co...909.4917939815
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) -
http://messenger.zone.msn.com/binary...reShowdown.cab
which i think looks pretty clean - can somebody check for me?
And i really need help with the "Win Min" error because i havent got a clue what it is, and its stopping me from solving the hijack error for anything more than temporarily.
Help would be greatly appreciated.
Edit: From another website, ive found that the winlogon process in the documentssettings/allusers/startup folder is the culprit - but it wont let me end the process, therefore wont let me delete it...how!!??
Linear Mode
