Hijack Log (My First One)

Question

Thong_Ispector 2 Practically a Master Poster

18 Years Ago

Here is my HJ Log

Not having any problems but thought it was worth checking it out.
Thanks in advance for your time...

Logfile of HijackThis v1.99.1
Scan saved at 7:34:11 AM, on 4/23/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\pctspk.exe

D:\WINDOWS\system32\ZONELABS\vsmon.exe
D:\WINDOWS\Explorer.EXE

D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\Program Files\IC\Card Reader Driver v1.9e2\Disk_Monitor.exe
D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
D:\Program Files\HP\hpcoretech\hpcmpmgr.exe
D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
D:\WINDOWS\System32\hphmon05.exe

D:\Program Files\Microsoft Office\Office\OSA.EXE
D:\Program Files\Microsoft Office\Office\FINDFAST.EXE

D:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
D:\WINDOWS\System32\HPZipm12.exe

D:\Documents and Settings\Paul\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
(Should be able to delete this)

O3 - Toolbar: Search Bar - {0A8CE102-FA03-4612-9BEE-7FE5452F4CB1} - D:\WINDOWS\system32\srchbar.dll
(Should be able to delete this)

O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [Zone Labs Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [x07Nr3.exe] d:\documents and settings\paul\local settings\temp\x07Nr3.exe
(This one is suspicious)

O4 - HKLM\..\Run: [Disk Monitor] D:\Program Files\IC\Card Reader Driver v1.9e2\Disk_Monitor.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM\..\Run: [HPHUPD05] D:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

O4 - HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HPHmon05] D:\WINDOWS\System32\hphmon05.exe

O4 - Global Startup: Office Startup.lnk = D:\Program Files\Microsoft Office\Office\OSA.EXE

O4 - Global Startup: Microsoft Find Fast.lnk = D:\Program Files\Microsoft Office\Office\FINDFAST.EXE

O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
(Should be able to delete this as I dont use IE)

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/housecall/xscan60.cab

O20 - Winlogon Notify: PCANotify - D:\WINDOWS\SYSTEM32\PCANotify.dll

O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe

O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - D:\Program Files\Symantec\pcAnywhere\awhost32.exe

O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - D:\WINDOWS\system32\pctspk.exe

O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\System32\HPZipm12.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - D:\WINDOWS\system32\ZONELABS\vsmon.exe

windows-virus

4 Contributors
5 Replies
127 Views
12 Hours Discussion Span
Latest Post 18 Years Ago Latest Post by DMR

All 5 Replies

caperjack 875 I hate 20 Questions

18 Years Ago

its in a temp folder go there and delete the content of the temp folder .
O4 - HKLM\..\Run: [x07Nr3.exe] d:\documents and settings\paul\local settings\temp\x07Nr3.exe
(This one is suspicious)

You could fix these as they are only rescource hogs and not need in startup
O4 - Global Startup: Office Startup.lnk = D:\Program Files\Microsoft Office\Office\OSA.EXE

O4 - Global Startup: Microsoft Find Fast.lnk = D:\Program Files\Microsoft Office\Office\FINDFAST.EXE

crunchie 990 Most Valuable Poster

18 Years Ago

Just a couple more things for you to do...

===============

Now, let's open a command prompt by going to the start menu and then select 'Run'.

In the box that pops up type in 'cmd'. The command prompt will open.

OR

You can go to Start -> Programs -> Accessories -> Command Prompt. Unregister the dll(s) we're going to remove, by entering the following:

regsvr32 /u srchbar.dll

It's ok, if these aren't found or 'error' out. If you want, just copy and paste the individual lines to the command prompt to save typing them in.

===============

Run HiJackThis and click "Scan", then check(tick) the following, if present:

O3 - Toolbar: Search Bar - {0A8CE102-FA03-4612-9BEE-7FE5452F4CB1} - D:\WINDOWS\system32\srchbar.dll

Now, with all windows closed except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure your able to "view system and hidden files/ folders:"

files...

D:\WINDOWS\system32\srchbar.dll

-

Note that some of these file(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in "Safe Mode".

-

Reboot.

===============

After rebooting your PC, post back a new log and let me know how everything goes.

-

crunchie.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

Thong_Ispector 2 Practically a Master Poster · Answer 1 · 2005-04-23T21:28:09+00:00

Thanks....

You really help many people on this site...

Take Care..

Thong_Ispector 2 Practically a Master Poster · Answer 2 · 2005-04-23T23:32:03+00:00

Thanks for the help...

Here is the new log...

Logfile of HijackThis v1.99.1
Scan saved at 10:22:50 AM, on 4/23/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\pctspk.exe
D:\WINDOWS\system32\ZONELABS\vsmon.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\Program Files\IC\Card Reader Driver v1.9e2\Disk_Monitor.exe
D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
D:\Program Files\HP\hpcoretech\hpcmpmgr.exe
D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
D:\WINDOWS\System32\hphmon05.exe
D:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
D:\WINDOWS\System32\HPZipm12.exe
D:\Documents and Settings\Paul\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Disk Monitor] D:\Program Files\IC\Card Reader Driver v1.9e2\Disk_Monitor.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] D:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] D:\WINDOWS\System32\hphmon05.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/housecall/xscan60.cab
O20 - Winlogon Notify: PCANotify - D:\WINDOWS\SYSTEM32\PCANotify.dll
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - D:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - D:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - D:\WINDOWS\system32\ZONELABS\vsmon.exe

DMR 152 Wombat At Large Team Colleague · Answer 3 · 2005-04-24T03:41:43+00:00

Log is sqeaky clean; you look good to go. :)

One thing though- I see that you have the ZA firewall and SpyBot's "Sd Helper" installed, but I see no indication of any anti-virus software. You really should have some sort of real-time AV protection running.

Hijack Log (My First One)

Recommended Answers Collapse Answers

All 5 Replies

Recommended Answers