Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack This! Log Rolfev


  • Please log in to reply
1 reply to this topic

#1 rolfev

rolfev

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:40 AM

Posted 04 May 2006 - 10:08 AM

Logfile of HijackThis v1.99.1
Scan saved at 10:51:02 AM, on 5/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\Program Files\Microsoft Hardware\Mouse\point32.exe
D:\Program Files\CA\eTrust Internet Security Suite\eTrust Anti-Spam\QSP-2.1.215.15\QOELoader.exe
D:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe
D:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe
D:\Program Files\CA\eTrust Internet Security Suite\eTrust Personal Firewall\ca.exe
D:\Program Files\Pure Networks\Network Magic\nmapp.exe
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
D:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
D:\Program Files\Executive Software\Diskeeper\DkService.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
D:\WINDOWS\system32\ZONELABS\vsmon.exe
D:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
D:\WINDOWS\System32\svchost.exe
C:\Program Files\Opera75\opera.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Documents and Settings\Vern\Desktop\Hijack This!\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wtnh.com/
R3 - Default URLSearchHook is missing
O2 - BHO: CNavHook Object - {07D7F044-2F5F-41B2-BAA5-936814AF0163} - D:\Program Files\Pure Networks\Network Magic\nmbrhelp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [\\MR SLOW\EPSON PRINT] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P21 "\\MR SLOW\EPSON PRINT" /O21 "\\MR SLOW\EPSON PRINT" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [QOELOADER] "D:\Program Files\CA\eTrust Internet Security Suite\eTrust Anti-Spam\QSP-2.1.215.15\QOELoader.exe"
O4 - HKLM\..\Run: [CaAvTray] "D:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "D:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Zone Labs Client] D:\Program Files\CA\eTrust Internet Security Suite\eTrust Personal Firewall\ca.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O5 "LPT1:" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [nmapp] "D:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [\\home-973j9tfkt3\EPSON Stylus Photo R300 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P48 "\\home-973j9tfkt3\EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R300 Series on home-973j9tfkt3] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P54 "Auto EPSON Stylus Photo R300 Series on home-973j9tfkt3" /O30 "\\HOME-973J9TFKT3\EPSONStylusP" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1117381936482
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotion...ctor/WebAAS.cab
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - D:\Program Files\Common Files\Pure Networks Shared\puresp.dll
O23 - Service: CAISafe - Computer Associates International, Inc. - D:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - D:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Unknown owner - D:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe" -k runservice (file missing)
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - D:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - D:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZONELABS\vsmon.exe

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:07:40 AM

Posted 09 May 2006 - 07:17 PM

Hello rolfev and welcome to the BC HijackThis forum. I see no signs of viruses or malware in the log. There are a couple of housekeeping items that can be fixed so let's do that while you are here.

Start HijackThis and click the Scan button to perform a scan. Look for the following items and click in the checkbox in front of each item to select it:R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R3 - Default URLSearchHook is missing

Now close ALL open windows except HijackThis and click the Fix Checked button to finish the repair.

That's it. Everything else looks good.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users