Hijack This Log

  Poloman69™ 14:42 18 Mar 05

Hey, could someone have a look at this Hijack Log for me. Its a friends computer and he's having problems with the msn virus, so i'm running stinger to sort that out, but from the look of his hijack log - there is certainly room for improvement here also

Logfile of HijackThis v1.99.1
Scan saved at 10:29:15, on 18/03/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\Norton Personal Firewall\SymProxySvc.exe
C:\Program Files\Norton Personal Firewall\NISSERV.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Steve\Desktop\stinger.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Steve\Desktop\Hijack This\HijackThis.exe

  Poloman69™ 14:44 18 Mar 05

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http:// red.clientapps.yahoo. com/customize/ycomp_wave/defaults/sb/*click here search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = click here. tesco.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = click here. tesco.net
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,C:\WINDOWS\System32\mcsv.com
O1 - Hosts: www. symantec.com
O1 - Hosts: www. sophos.com
O1 - Hosts: www. mcafee.com
O1 - Hosts: www. viruslist.com
O1 - Hosts: www. f-secure.com
O1 - Hosts: www. avp.com
O1 - Hosts: www. kaspersky.com
O1 - Hosts: www. network associates.com
O1 - Hosts: www. ca.com
O1 - Hosts: www. my-etrust.com
O1 - Hosts: www. nai.com
O1 - Hosts: www. trendmicro.com
O1 - Hosts: www. grisoft.com
O1 - Hosts: security response.symantec.com
O1 - Hosts: symantec.com
O1 - Hosts: sophos.com
O1 - Hosts: mcafee.com
O1 - Hosts: liveupdate.symantecliveupdate.com
O1 - Hosts: viruslist.com
O1 - Hosts: f-secure.com
O1 - Hosts: kaspersky.com
O1 - Hosts: kaspersky-labs.com
O1 - Hosts: avp.com
O1 - Hosts: networkassociates.com
O1 - Hosts: ca.com
O1 - Hosts: mast.mcafee.com
O1 - Hosts: my-etrust.com
O1 - Hosts: download.mcafee.com
O1 - Hosts: dispatch.mcafee.com
O1 - Hosts: secure.nai.com
O1 - Hosts: nai.com
O1 - Hosts: update.symantec.com
O1 - Hosts: updates.symantec.com
O1 - Hosts: us.mcafee.com
O1 - Hosts: liveupdate.symantec.com
O1 - Hosts: customer.symantec.com
O1 - Hosts: rads.mcafee.com
O1 - Hosts: trendmicro.com
O1 - Hosts: grisoft.com
O1 - Hosts: sandbox.norman.no
O1 - Hosts: click here
O1 - Hosts: uk.trendmicro-europe.com

  georgemac © 15:06 18 Mar 05

click here I was also having problems with the MSN virus - answers to that in the thread - used the symantec removal tool

  Yoda Knight 15:44 18 Mar 05


that looks like a toolbar of sum sort which is usually junk

This thread is now locked and can not be replied to.

Nintendo Switch review: Hands-on with the intuitive modular console and its disappointing games…

1995-2015: How technology has changed the world in 20 years

Prehistoric Britain is laid out in these Royal Mail stamp illustrations

Best running headphones | Best sport & fitness headphones: 4 brilliant pairs of wireless…