Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log: Please Help Diagnose


  • Please log in to reply
2 replies to this topic

#1 creg

creg

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:08 AM

Posted 15 January 2006 - 12:29 PM

Operating system: XP Home - all latest service packs and security patches installed from Windows Updates. My PC is a dual boot system and the E: drive is my XP Home partition. I am using Norton Antivirus 8.1 with Virus defs from 1/11/06.

Over the past two weeks or so, my home page is forced to be www.msnbc.com. I change it back to another page in Internet Options, but when I restart the browser, MSNBC.com is back! I have run Adaware SE and Spybot but neither program fixed the problem. Here is the Hijack This! log. Thanks for your help:
:thumbsup: :flowers: :huh: :huh:

Logfile of HijackThis v1.99.1
Scan saved at 11:24:27 AM, on 1/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\brsvc01a.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\brss01a.exe
E:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
E:\WINDOWS\System32\cisvc.exe
E:\PROGRA~1\NavNT\DefWatch.exe
E:\Program Files\Executive Software\Diskeeper Home Edition\DKService.exe
E:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
E:\PROGRA~1\Iomega\System32\AppServices.exe
E:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
E:\Program Files\Netscape Internet Service\ncupdatesvc.exe
E:\PROGRA~1\NavNT\Rtvscan.exe
E:\WINDOWS\system32\RioMSC.exe
E:\PROGRA~1\symantec\LIVEUP~1\savroam.exe
E:\WINDOWS\system32\TSKMAN.exe
E:\PROGRA~1\TrayMan\ntstart.exe
E:\PROGRA~1\TrayMan\trayman.exe
E:\WINDOWS\system32\ZoneLabs\vsmon.exe
E:\WINDOWS\wanmpsvc.exe
E:\WINDOWS\system32\cidaemon.exe
E:\PROGRA~1\NavNT\vptray.exe
E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
E:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe
E:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\MSN Messenger\MsnMsgr.Exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\AWS\WeatherBug\Weather.exe
E:\Program Files\Logitech\SetPoint\SetPoint.exe
E:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
E:\Program Files\Kine\Runner.EXE
E:\Program Files\Say the Time\SayTime.exe
E:\Program Files\Say the Time\SayTime.exe
E:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
E:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
E:\WINDOWS\explorer.exe
E:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
E:\Program Files\America Online 7.0\waol.exe
E:\Program Files\instant messenger\aim.exe
E:\PROGRA~1\Webshots\WebshotsTray.exe
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R3 - Default URLSearchHook is missing
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - E:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: ZIBho Class - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - E:\Program Files\Kontiki\bin\bh309190.dll
O2 - BHO: WnBrowserHelperObj Class - {058FC709-D5CD-4A95-92DB-59E6488ECDA4} - blank (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - E:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - E:\PROGRA~1\NETSCA~1\NETSCA~1\pbhelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar2.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - E:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - E:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [DSKEY] E:\WINDOWS\system32\DsKey.exe
O4 - HKLM\..\Run: [vptray] E:\PROGRA~1\NavNT\vptray.exe
O4 - HKLM\..\Run: [Iomega Automatic Backup 1.0.1] E:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - HKLM\..\Run: [Zone Labs Client] "E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AWMON] "E:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe"
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATTBroadbandClient] C:\Program Files\AT&T\BBClient\Programs\RegCon.exe
O4 - HKCU\..\Run: [AWMON] "E:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Weather] E:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [CursorXP] E:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [Iomega Automatic Backup] E:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: Runner.LNK = E:\Program Files\Kine\Runner.EXE
O4 - Startup: Say the Time.lnk = E:\Program Files\Say the Time\SayTime.exe
O4 - Startup: Webshots.lnk = E:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = E:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SnagIt 7.lnk = E:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://e:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://e:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://e:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://e:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Get It With Kontiki - res://E:\Program Files\Kontiki\bin\bh309190.dll/201
O8 - Extra context menu item: Similar Pages - res://e:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://e:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\instant messenger\aim.exe
O9 - Extra button: (no name) - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O9 - Extra button: Support - {10F041B6-A877-4030-B7B9-0140A2159C0D} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {92FC534F-64E5-4783-AAB1-B670A59CC61E} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Help - {B8E673E2-D204-4A18-915A-10E806A103B9} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O10 - Broken Internet access because of LSP provider 'ao2lsp.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - http://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4056/ftp...02/cpbrkpie.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{E233775B-C365-4FD1-85AB-076884A5F22E}: NameServer = 205.188.146.145
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = verizon.com,vssi.com,bell-atl.com,bellatlantic.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = verizon.com,vssi.com,bell-atl.com,bellatlantic.com
O18 - Protocol: relatedlinks - {CD8D1CAA-FE4A-45DF-A06C-028AAF1821DE} - (no file)
O18 - Protocol: x-excid - {9D6CC632-1337-4A33-9214-2DA092E776F4} - E:\WINDOWS\Downloaded Program Files\mimectl.dll
O20 - Winlogon Notify: NavLogon - E:\WINDOWS\System32\NavLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - E:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - E:\WINDOWS\system32\brsvc01a.exe
O23 - Service: DefWatch - Symantec Corporation - E:\PROGRA~1\NavNT\DefWatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - E:\Program Files\Executive Software\Diskeeper Home Edition\DKService.exe
O23 - Service: GhostStartService - Symantec Corporation - E:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - E:\WINDOWS\System32\ImapiRox.exe
O23 - Service: Iomega App Services - Iomega Corporation - E:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Castanet Tuner 4.6 (Marimba) - Marimba, Inc. - C:\Marimba\CASTAN~1\Tuner.exe
O23 - Service: Netscape Update Service (NCUpdateSvc) - Netscape Communications Corporation - E:\Program Files\Netscape Internet Service\ncupdatesvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - E:\PROGRA~1\NavNT\Rtvscan.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - E:\WINDOWS\system32\RioMSC.exe
O23 - Service: SAVRoam - symantec - E:\PROGRA~1\symantec\LIVEUP~1\savroam.exe
O23 - Service: Task Manager Lite - BRIGADOON SOFTWARE INC. - E:\WINDOWS\system32\TSKMAN.exe
O23 - Service: TrayMan - Unknown owner - E:\PROGRA~1\TrayMan\ntstart.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - E:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - E:\WINDOWS\wanmpsvc.exe




:huh: :huh:

BC AdBot (Login to Remove)

 


#2 creg

creg
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:08 AM

Posted 15 January 2006 - 10:41 PM

:thumbsup: :flowers: :huh: (its 7 -21 chill factor)..............My problem is fixed. Adaware SE must have been the culprit. I turned it off along with AdWatch and then I was able to change my homepage and save it with no problems. I always closed IE6 before reopening it and testing. THEN it turned Adaware SE and AdWatch back on, expecting my home page to be unchangeable...WRONG! Now I can change my home page regardless. I haven't yet figured out what happened, but Adware was keeping me from changing my homepage, so turning it off and then back on again fixed the problem....WEIRD.

#3 Bobbi Flekman

Bobbi Flekman

    The computer whisperer


  • Malware Response Team
  • 4,423 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:08 PM

Posted 21 January 2006 - 06:10 AM

Hi,

You have probably been helped elsewhere, but if you still need help can you post a new log from HijackThis. The notification system will tell me that you posted.

In case you are not using the latest version of HijackThis (1.99.1), please download the latest version from one of these addresses:
http://www.bleepingcomputer.com/files/hijackthis.php
http://209.133.47.12/~merijn/files/HijackThis.exe
http://www.downloads.subratam.org/hijackthis.zip
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users