hijack this log computer 2

Author	All Replies
owood1 join:2004-05-06 Milton, FL	hijack this log computer 2 I am following the steps in the 'I think my computer is infected or hijacked FAQ Logfile of HijackThis v1.97.7 Scan saved at 12:42:00 PM, on 5/20/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: F:\WINDOWS\System32\smss.exe F:\WINDOWS\system32\winlogon.exe F:\WINDOWS\system32\services.exe F:\WINDOWS\system32\lsass.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\Explorer.EXE F:\WINDOWS\system32\spoolsv.exe F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe F:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE F:\Program Files\Common Files\Symantec Shared\ccApp.exe F:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe F:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe F:\QUICKENW\QWDLLS.EXE F:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe F:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE F:\WINDOWS\System32\nvsvc32.exe F:\WINDOWS\System32\ofps.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\System32\Tablet.exe F:\WINDOWS\system32\ZONELABS\vsmon.exe \Ziggy\F\Media\HijackThis.exe O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - F:\Program Files\MyWebSearch\SearchAt\1.bin\MWSSRCAS.DLL O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\windows\googletoolbar1.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: Guard-IE - {D2F719F3-106A-402B-9996-3A5B12ACA564} - F:\Program Files\Failsafe\GuardIE\PnIE.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Guard-IE - {37C8204D-97C3-4127-BB28-1BFF3FA2F7DA} - F:\Program Files\Failsafe\GuardIE\PnIE.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\windows\googletoolbar1.dll O4 - HKLM\..\Run: [HPDJ Taskbar Utility] F:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [EM_EXEC] F:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [UpdReg] F:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Jet Detection] "F:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [CloneCDElbyCDFL] "F:\Program Files\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "F:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NeroCheck] F:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Opware12] "F:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe" O4 - HKLM\..\Run: [myNetWatchman] F:\Program Files\myNetWatchman\NWClient.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Acrobat Assistant.lnk = F:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O4 - Global Startup: Quicken Startup.lnk = F:\QUICKENW\QWDLLS.EXE O4 - Global Startup: Billminder.lnk = F:\QUICKENW\BILLMIND.EXE O4 - Global Startup: ZoneAlarm.lnk = F:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &Google Search - res://f:\windows\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://f:\windows\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://f:\windows\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Si&milar Pages - res://f:\windows\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://f:\windows\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM) O9 - Extra button: @F:\Program Files\Failsafe\GuardIE\PnIE.dll,-100 (HKLM) O9 - Extra 'Tools' menuitem: @F:\Program Files\Failsafe\GuardIE\PnIE.dll,-100 (HKLM) O12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: Yahoo! Pool 2 - »download.games.yahoo.com/games/c···tc_x.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - »download.macromedia.com/pub/shoc···wdir.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - »ak.imgfarm.com/images/nocache/fu···.0.6.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - »download.yahoo.com/dl/installs/yinst0309.cab O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - »download.microsoft.com/download/···9VCM.CAB O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - »216.249.24.142/code/PWActiveXImgCtl.CAB O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - »v4.windowsupdate.microsoft.com/C···78587963 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - »download.macromedia.com/pub/shoc···lash.cab O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - »officeupdate.microsoft.com/Templ···outc.cab
owood1 join:2004-05-06 Milton, FL	to forum · permalink · · 2004-05-20 14:58:01 ·
John2g Qui Tacet Consentit Premium join:2001-08-10 England	You have Mywebsearch Removal Open 'Add/Remove Programs' in the Control Panel. Select the 'My Search Bar' (MySearch variant), 'MyWay Speed Bar' (MyWay) or 'My Web Search Bar' (MyWeb) entry and click 'Remove'. For the MyWeb variant, be sure to also remove 'Fun Web Products Easy Installer'. You can then reset your home page (Internet Options->General->Start Page) if it has been changed, and search settings (Internet Options->Programs->Reset web settings). -- Better to remain silent and be thought a fool, than to speak and remove all doubt.
	to forum · permalink · · 2004-05-20 16:52:25 ·
John2g Qui Tacet Consentit Premium join:2001-08-10 England	reply to owood1 I would then download Ad-aware or SpyBot S&D, update and then run.
	to forum · permalink · · 2004-05-20 16:54:27 ·
owood1 join:2004-05-06 Milton, FL	reply to owood1 Thanks John2g. Don't know where the MyWay came from. Did want to get rid of it. There was an entry for MyWay that I removed. None for a MyWay Bar nor could I find anything for the fun web products easy installer. Ran SpyBot S&D, Ad-Aware and Spy Ferret with latest updates earler this am. Just ran them again. Both times no problems found.
owood1 join:2004-05-06 Milton, FL	to forum · permalink · · 2004-05-20 18:03:45 ·


Monday, 09-Nov 16:46:37	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. page compression OFF