Jump to content


Photo

I know I am infected, but dont know what with


  • Please log in to reply
15 replies to this topic

#1 consumed

consumed

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 02 July 2004 - 04:16 PM

So, I know that I am infected with something, but I am not sure what. I continually run Ad-Aware and S&D, they always find things, and if i run both, and come back an hour later (without ever doing anything on my computer, i could have gone to walmart or something) more will show up.

Pop ups keep showing up, etc. I uze mozilla and IE popups show up ... Any sugestions? I tried to get Hijack This but the link wasnt working. Thanks in advance

#2 irelynnmisses

irelynnmisses

    Forum Goddess

  • Retired Staff - Helper
  • PipPipPipPip
  • 282 posts

Posted 02 July 2004 - 10:21 PM

Download Hiajckthis at:http://www.spywareinfo.com/~merijn/files/hijackthis.zip
Unzip to a convenient permanent folder,doubleclick HijackThis.exe, and hit "Scan".
When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, load it in Notepad, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.
FireFox is recommended over IE: http://www.mozilla.o...oducts/firefox/

Misses Loves Kisses

Also, Please don't PM me your hijack logs. I would you rather post them and PM me if you wish for me to look at them. A PM with a hijacklog will get ignored!

#3 consumed

consumed

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 03 July 2004 - 11:56 AM

The file isnt working .. for some reason I cannot access www.spywareinfo.com or the direct link to the file you gave me ...Is there anywhere else it can be downloaded?

Edited by consumed, 03 July 2004 - 11:56 AM.


#4 consumed

consumed

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 03 July 2004 - 11:58 AM

I have also seen my homepage be rest to something like default-homepage-network.com or something with the big sotp sign, and NAV automatically detects and removes a trojan downloaded from that site ..

#5 WinHelp2002

WinHelp2002

    Taking back the Internet

  • Global Moderator
  • PipPipPipPipPip
  • 5,365 posts

Posted 03 July 2004 - 03:03 PM

consumed,

for some reason I cannot access www.spywareinfo.com

Download Posted Image HijackThis! 1.98

Create a folder via Windows Explorer for HijackThis, unzip, then move the file (HijackThis.exe) to that folder. This way any backups created are saved in a legit folder.

Double-click "HijackThis.exe" and Press "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Click: "Save Log" (generates: "hijackthis.log")

Copy and Paste the entire log into your next post.

Note: do not attempt to "Fix" anything, as we need to see the entire log.
Also if you have any Startup items unchecked in Msconfig, uncheck those items, reboot, then post a fresh log. HijackThis can not "see" disabled items in Startup.

Hint: after posting your log click "Track this topic" at the top of the page, this way you will be notified (email) when a response is made to your post.
Mike
Former Microsoft MVP Posted Image 1999-2012
"There's no place like 127.0.0.1"
Posted Image
Blocking Malware, Parasites, Hijackers, Trojans, http://www.mvps.org/...p2002/hosts.htm with a HOSTS file

#6 consumed

consumed

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 03 July 2004 - 04:22 PM

Thanks ... here are my results:
====================
Logfile of HijackThis v1.98.0
Scan saved at 5:20:39 PM, on 7/3/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\documents and settings\brandon travis\local settings\temp\MlD.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Warez P2P Client\Warez.exe
C:\WINDOWS\System32\DllHost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\SYSTEM32\CS4P028.EXE
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Microsoft Office\Office10\EXCEL.EXE
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\SYSTEM32\CS4P028.EXE
C:\Program Files\Trillian\trillian.exe
C:\WINDOWS\System32\IqzqA.exe
C:\WINDOWS\System32\Iii97y.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ISS\BlackICE\blackice.exe
C:\Program Files\ISS\BlackICE\rapapp.exe
C:\Program Files\ISS\BlackICE\blackd.exe
C:\WINDOWS\System32\imapi.exe
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.sma...earch/?new-hkcu
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homep...rt.cgi?new-hkcu
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.sma...earch/?new-hklm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homep...rt.cgi?new-hklm
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: CSIECore Class - {00000000-0000-0000-0000-000000000221} - C:\PROGRA~1\Lycos\IEagent\CSIE.DLL
O2 - BHO: Sidesearch BHO - {00000762-3965-4A1A-98CE-3D4BF457D4C8} - C:\Program Files\Lycos\Sidesearch\sidesearch1400.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MlD.exe] C:\documents and settings\brandon travis\local settings\temp\MlD.exe
O4 - HKLM\..\Run: [4A7DHKC5H6M3HQ] C:\WINDOWS\System32\Pggg.exe
O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-him.exe
O4 - HKLM\..\Run: [sF4O3pR] helda.exe
O4 - HKLM\..\Run: [ClrSchLoader] C:\PROGRA~1\Lycos\IEagent\Loader.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BlackICE PC Protection.lnk = C:\Program Files\ISS\BlackICE\blackice.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Sidesearch - {000007C6-17DF-4438-92A4-DE5537471BA3} - C:\Program Files\Lycos\Sidesearch\sidesearch1400.dll

#7 WinHelp2002

WinHelp2002

    Taking back the Internet

  • Global Moderator
  • PipPipPipPipPip
  • 5,365 posts

Posted 03 July 2004 - 06:39 PM

Hi,
Looks like you have several issues ... one being an incomplete log.

First thing to do is ...

Uninstall via Add Remove: IEagent | Sidesearch (if exists)

Next:

Download Posted Image Ad-Aware

After installing Ad-Aware, and before running the program.

Update Ad-aware's Reference File:
Please update the reference file following the instructions Posted Image here

Required Step:
Posted Image Reconfigure Ad-Aware for Full Scan

Download and run Posted Image Lavasoft's VX2 Cleaner (plug-in)

Note: do not run Ad-Aware yet ...


Reconfigure Windows Explorer to show Hidden Files: [required step]
Open the Windows Explorer Folder Options - View [tab]:

Scroll down to the "Files and Folders" section.
Select: "Display the contents of system folders".

Scroll down to the "Hidden Files and Folders" section.
Select: "Show hidden files and folders", Ok the prompt
Uncheck: "Hide file extensions for known file types"
Uncheck: "Hide protected operating system files" Ok the Prompt, click Apply

Click the "Apply to all Folders" button. Close Windows Explorer.

Next:

Close all open windows, except for HijackThis place a check in each of the following:
Then click "Fix checked".

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.sma...earch/?new-hkcu
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homep...rt.cgi?new-hkcu
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.sma...earch/?new-hklm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homep...rt.cgi?new-hklm
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: CSIECore Class - {00000000-0000-0000-0000-000000000221} - C:\PROGRA~1\Lycos\IEagent\CSIE.DLL
O2 - BHO: Sidesearch BHO - {00000762-3965-4A1A-98CE-3D4BF457D4C8} - C:\Program Files\Lycos\Sidesearch\sidesearch1400.dll
O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O4 - HKLM\..\Run: [MlD.exe] C:\documents and settings\brandon travis\local settings\temp\MlD.exe
O4 - HKLM\..\Run: [4A7DHKC5H6M3HQ] C:\WINDOWS\System32\Pggg.exe
O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-him.exe
O4 - HKLM\..\Run: [sF4O3pR] helda.exe
O4 - HKLM\..\Run: [ClrSchLoader] C:\PROGRA~1\Lycos\IEagent\Loader.exe
O9 - Extra button: Sidesearch - {000007C6-17DF-4438-92A4-DE5537471BA3} - C:\Program Files\Lycos\Sidesearch\sidesearch1400.dll


Then reboot, on restart, restart in Safe Mode [required step - see "How To" below]

Start | Run (type) "%temp%" (no quotes)
Completely delete the entire contents of that "temp" folder.

Open Windows Explorer locate and delete the following:

C:\WINDOWS\SYSTEM32\CS4P028.EXE <--this file
C:\WINDOWS\System32\IqzqA.exe <--this file
C:\WINDOWS\System32\Iii97y.exe <--this file
C:\WINDOWS\System32\Pggg.exe <--this file
C:\WINDOWS\System32\dp-him.exe <--this file
C:\PROGRAM FILES\Lycos <--this folder

Next:

The WinPup trojan runs silently from the Windows folder.
In most cases one or more of the "clones" in the "System32" folder will show up in a HijackThis log. These are usually "65,536" bytes. Note: the clones will generate a new filename on each restart, so a restart in Safe Mode won't catch all the files unless you kill them all.

Open Windows Explorer
Click "sort by size" (Date Modified) right pane
Check the "Windows" folder for:

24,576 bookmarks.exe
65,536 actulice.exe < new version
65,536 pup.exe
65,536 over.exe < old version
65,536 winpup.exe < old version

Delete any existing there, then check the Windows\System32 folder.
Click "sort by size" (Date Modified) right pane
Delete the clones, they should all be grouped together. (65,536)
Note: right-click and select: Properties | Version
The culprit = "CompanyName : thunderdome" or totempole < older version

[Example]
CompanyName : thunderdome
InternalName : actulice
OriginalFilename : actulice.exe

Next: run Ad-Aware (in Safe Mode) fix everything it finds and reboot.

After the above, reboot, rescan with HijackThis and post a fresh log ...
Mike
Former Microsoft MVP Posted Image 1999-2012
"There's no place like 127.0.0.1"
Posted Image
Blocking Malware, Parasites, Hijackers, Trojans, http://www.mvps.org/...p2002/hosts.htm with a HOSTS file

#8 consumed

consumed

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 03 July 2004 - 09:07 PM

Logfile of HijackThis v1.98.0
Scan saved at 10:06:38 PM, on 7/3/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ISS\BlackICE\blackd.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\ISS\BlackICE\rapapp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ISS\BlackICE\blackice.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\Nyy42g.exe
C:\WINDOWS\System32\JlyNv62.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hjt\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [4A7DHKC5H6M3HQ] C:\WINDOWS\System32\VexG0Jgv.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BlackICE PC Protection.lnk = C:\Program Files\ISS\BlackICE\blackice.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

#9 WinHelp2002

WinHelp2002

    Taking back the Internet

  • Global Moderator
  • PipPipPipPipPip
  • 5,365 posts

Posted 04 July 2004 - 02:32 AM

Hi,
For some reason you are not posting a complete log? (bottom half missing)

Anyway ...

Close all open windows, except for HijackThis place a check in each of the following:
Then click "Fix checked".

R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [4A7DHKC5H6M3HQ] C:\WINDOWS\System32\VexG0Jgv.exe


Note: just close HijackThis (after selecting the above), do not reboot yet ...

Next: Download Posted Image Peper Trojan Remover

Double click on Newuninst.exe and press Uninstall.
Let it run and when the progress bar says complete, press Close.
You must be online to have this work and do not block any attempts for the program to connect to Internet if your firewall requests access.

Then reboot, on restart, restart in Safe Mode [required step - see "How To" below]

Start | Run (type) "%temp%" (no quotes)
Completely delete the entire contents of that "temp" folder.

Open Windows Explorer locate and delete the following: (if exists)

C:\WINDOWS\System32\Nyy42g.exe <--this file
C:\WINDOWS\System32\JlyNv62.exe <--this file
C:\WINDOWS\System32\VexG0Jgv.exe <--this file

While still in Safe Mode, run Ad-Aware and fix everything it finds.

After the above, reboot, rescan with HijackThis and post a fresh log ...
Mike
Former Microsoft MVP Posted Image 1999-2012
"There's no place like 127.0.0.1"
Posted Image
Blocking Malware, Parasites, Hijackers, Trojans, http://www.mvps.org/...p2002/hosts.htm with a HOSTS file

#10 consumed

consumed

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 04 July 2004 - 11:38 AM

Well, I'm not entirely sure why HijackThis isnt giving me a full log ... I am simply pressing scan, then then save log and copying what it gives me to here ... And inside HJT, what i post is all that shows up ... here is my new log after completeing those steps
==============
Logfile of HijackThis v1.98.0
Scan saved at 12:37:24 PM, on 7/4/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ISS\BlackICE\blackd.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\ISS\BlackICE\rapapp.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\ISS\BlackICE\blackice.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hjt\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BlackICE PC Protection.lnk = C:\Program Files\ISS\BlackICE\blackice.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

#11 WinHelp2002

WinHelp2002

    Taking back the Internet

  • Global Moderator
  • PipPipPipPipPip
  • 5,365 posts

Posted 04 July 2004 - 01:03 PM

Hi,
Your log looks clean now ... good job!

Note: I see you have one or more items disabled via Msconfig. If this is one of the items you were troubleshooting relating to your problem, you need to enable that entry, as HijackThis can not "see" disabled items, reboot and rescan with HijackThis. Otherwise ignore.

Last Step:

"Flush System Restore" (see "How To" below)
Basically turn off System Restore, reboot, run a full (updated) NAV scan, reboot and turn System Restore back on and create a new Restore Point.

How To: Configure Norton AntiVirus to scan all files

I would suggest adding some "Defense" to your system ...
How To: Prevent this from happening again? :wave:
Mike
Former Microsoft MVP Posted Image 1999-2012
"There's no place like 127.0.0.1"
Posted Image
Blocking Malware, Parasites, Hijackers, Trojans, http://www.mvps.org/...p2002/hosts.htm with a HOSTS file

#12 irelynnmisses

irelynnmisses

    Forum Goddess

  • Retired Staff - Helper
  • PipPipPipPip
  • 282 posts

Posted 08 July 2004 - 12:55 AM

Yay thanks winhelp :)
FireFox is recommended over IE: http://www.mozilla.o...oducts/firefox/

Misses Loves Kisses

Also, Please don't PM me your hijack logs. I would you rather post them and PM me if you wish for me to look at them. A PM with a hijacklog will get ignored!

#13 WinHelp2002

WinHelp2002

    Taking back the Internet

  • Global Moderator
  • PipPipPipPipPip
  • 5,365 posts

Posted 08 July 2004 - 04:48 AM

irelynnmisses,
You're welcome ... wasn't trying to jump in on your topic, I just happened to notice that the link wasn't working. :wave:
Mike
Former Microsoft MVP Posted Image 1999-2012
"There's no place like 127.0.0.1"
Posted Image
Blocking Malware, Parasites, Hijackers, Trojans, http://www.mvps.org/...p2002/hosts.htm with a HOSTS file

#14 consumed

consumed

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 08 July 2004 - 03:42 PM

Thanks so much! Sorry I havnt responded back yet, I had to run out of town on business last minute. I will finishe these last steps when I get home.

#15 irelynnmisses

irelynnmisses

    Forum Goddess

  • Retired Staff - Helper
  • PipPipPipPip
  • 282 posts

Posted 08 July 2004 - 07:03 PM

WINHELP.. I know you wern't.. but i'm happy he got help!

BTW.. ive been meaning to tell you.. I laugh MAO everytime i see your avatar :D
FireFox is recommended over IE: http://www.mozilla.o...oducts/firefox/

Misses Loves Kisses

Also, Please don't PM me your hijack logs. I would you rather post them and PM me if you wish for me to look at them. A PM with a hijacklog will get ignored!

#16 WinHelp2002

WinHelp2002

    Taking back the Internet

  • Global Moderator
  • PipPipPipPipPip
  • 5,365 posts

Posted 08 July 2004 - 08:03 PM

irelynnmisses,

I laugh MAO everytime i see your avatar

There is a long story behind that! I got in big trouble with MS when I first created that image. It was later shown at the MVP Summit several years ago. (Bill had a nice chuckle)
Mike
Former Microsoft MVP Posted Image 1999-2012
"There's no place like 127.0.0.1"
Posted Image
Blocking Malware, Parasites, Hijackers, Trojans, http://www.mvps.org/...p2002/hosts.htm with a HOSTS file




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button