Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.
1 - 10 of 10 Posts

·
Registered
Joined
·
616 Posts
Discussion Starter · #1 ·
Logfile of HijackThis v1.97.7
Scan saved at 1:04:33 PM, on 4/11/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
G:\PROGRA~1\Grisoft\AVG6\avgserv.exe
G:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
G:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
G:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
G:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
G:\WINDOWS\System32\nvsvc32.exe
G:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
G:\WINDOWS\System32\MsPMSPSv.exe
G:\Program Files\Common Files\Real\Update_OB\realsched.exe
G:\WINDOWS\System32\devldr32.exe
G:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
G:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
G:\program files\altnet\points manager\points manager.exe
G:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
G:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EXE
G:\Program Files\Messenger\msmsgs.exe
G:\PROGRA~1\Altnet\DOWNLO~1\asm.exe
G:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
G:\Program Files\MSI\PC Alert 4\PCAlert4.exe
G:\WINDOWS\System32\P2P Networking\P2P Networking2.exe
G:\WINDOWS\System32\wuauclt.exe
G:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe
G:\WINDOWS\explorer.exe
G:\WINDOWS\System32\ctfmon.exe
G:\Documents and Settings\Greg Marshall\Desktop\hijackthis.exe

R3 - URLSearchHook: (no name) - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file)
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - G:\Program Files\MyWay\myBar\2.bin\MYBAR.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - g:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - G:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - G:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - g:\program files\google\googletoolbar1.dll
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - G:\Program Files\MyWay\myBar\2.bin\MYBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - G:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "G:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "G:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "G:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [LiveMonitor] G:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] G:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "G:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [AltnetPointsManager] g:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [AVG_CC] G:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [CreateCD50] G:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EXE -r
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "G:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE G:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Startup: WordCommand.lnk = C:\WCOMMAND\WCOMMAND.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = G:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = G:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PC Alert 4.lnk = G:\Program Files\MSI\PC Alert 4\PCAlert4.exe
O8 - Extra context menu item: &Google Search - res://g:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://g:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://g:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://g:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://g:\program files\google\GoogleToolbar1.dll/cmtrans.html
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com/activex/tdserver.cab
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw/autobios/client/iftwclix.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37918.6562847222
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
 

·
Registered
Joined
·
3,334 Posts
There's a couple of minor things you can clean up.

Close your browser, check the following entries in HJT, click Fix and reboot.

R3 - URLSearchHook: (no name) - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file)

O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - G:\Program Files\MyWay\myBar\2.bin\MYBAR.DLL

O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - G:\Program Files\MyWay\myBar\2.bin\MYBAR.DLL

If you have KaZaa installed you could get any number of pests downloaded. I don't see anything on your log but you need to be careful.

:)
 

·
Registered
Joined
·
616 Posts
Discussion Starter · #4 ·
For what ever reason my IE6 keeps crashing. I've done the updates on it but it didn't seem to help. Any answers?
 

·
Registered
Joined
·
3,334 Posts
Did you try IE Repair? You can find it via add/remove.
 

·
Registered
Joined
·
616 Posts
Discussion Starter · #7 ·
I didn't see the IE Repair. When I went to Windows updates, I tried updating but I keep getting an error report?
 

·
Registered
Joined
·
3,334 Posts
Maybe someone with XP can explain how to find it. I have XP at work, so I can check tomorrow for you and let you know how to find it.

:)
 
1 - 10 of 10 Posts
Status
Not open for further replies.
Top