Hijacking problem

  1. 30-04-2005  #1
    SlaBe
    SlaBe is offline Newbie

    Exclamation Hijacking problem

    Alrightie, i also have the problem with the "make sure the internet path is correct".... after running Hijack this is my log file....

    C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    J:\firefox\firefox.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\IS CO\Desktop\hijackthis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://antiform.nu:2095/
    R3 - Default URLSearchHook is missing
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [AIM] C:\Program Files\Aim\aim.exe -cnetwait.odl
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Aim\aim.exe
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - J:\partypoker\IEExtension.dll
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - J:\partypoker\IEExtension.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
    O15 - Trusted Zone: *.frame.crazywinnings.com
    O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\System32\CTsvcCDA.exe (file missing)
    O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Network Security Service (NSS) (%AF夶À¨) - Unknown owner - C:\WINDOWS\d3va32.exe (file missing)

    Any help would be greatly appreciated....thank you

  3. 30-04-2005  #2
    HJThis
    HJThis is offline Senior Member
    Save 20% on AVG Internet Security 2012 Suite!
    Hello,SlaBe & Welcome

    We need to see all of the logfile headers & all

    Create a new folder in your C: Drive
    Name it C:\HJT or HijackThis and move the HijackThis.exe file in it.
    It's best for this tool NOT TO be located in your Desktop or in a TEMP folder.
    This way you can undo any changes if something goes wrong

    HijackThis.exe
    http://www.isecurity.org.uk/downloads/hijackthis.exe

    instructions for posting a log can be found at
    http://www.isecurity.org.uk/misc/hijackthis.html

    HGD
+ Reply to Thread
« pop ups and spyware | Hijack this log, can't get rid of coolwebsearch »