Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Up and Running » Security » Security » hijack this log computer 2
Uniqs:
88		 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
Yahoo Mail + Zone Alarm Pro »
« Please Prove My Father Wrong!  
owood1

join:2004-05-06
Milton, FL

hijack this log computer 2

I am following the steps in the 'I think my computer is infected or hijacked FAQ

Logfile of HijackThis v1.97.7
Scan saved at 12:42:00 PM, on 5/20/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe
F:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
F:\QUICKENW\QWDLLS.EXE
F:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
F:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
F:\WINDOWS\System32\nvsvc32.exe
F:\WINDOWS\System32\ofps.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\Tablet.exe
F:\WINDOWS\system32\ZONELABS\vsmon.exe
\Ziggy\F\Media\HijackThis.exe

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - F:\Program Files\MyWebSearch\SearchAt\1.bin\MWSSRCAS.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\windows\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Guard-IE - {D2F719F3-106A-402B-9996-3A5B12ACA564} - F:\Program Files\Failsafe\GuardIE\PnIE.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Guard-IE - {37C8204D-97C3-4127-BB28-1BFF3FA2F7DA} - F:\Program Files\Failsafe\GuardIE\PnIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\windows\googletoolbar1.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] F:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [EM_EXEC] F:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [UpdReg] F:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "F:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "F:\Program Files\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "F:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Opware12] "F:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe"
O4 - HKLM\..\Run: [myNetWatchman] F:\Program Files\myNetWatchman\NWClient.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Acrobat Assistant.lnk = F:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Quicken Startup.lnk = F:\QUICKENW\QWDLLS.EXE
O4 - Global Startup: Billminder.lnk = F:\QUICKENW\BILLMIND.EXE
O4 - Global Startup: ZoneAlarm.lnk = F:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://f:\windows\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://f:\windows\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://f:\windows\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://f:\windows\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://f:\windows\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: @F:\Program Files\Failsafe\GuardIE\PnIE.dll,-100 (HKLM)
O9 - Extra 'Tools' menuitem: @F:\Program Files\Failsafe\GuardIE\PnIE.dll,-100 (HKLM)
O12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Pool 2 - »download.games.yahoo.com/games/c···tc_x.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - »download.macromedia.com/pub/shoc···wdir.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - »ak.imgfarm.com/images/nocache/fu···.0.6.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - »download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - »download.microsoft.com/download/···9VCM.CAB
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - »216.249.24.142/code/PWActiveXImgCtl.CAB
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - »v4.windowsupdate.microsoft.com/C···78587963
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - »download.macromedia.com/pub/shoc···lash.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - »officeupdate.microsoft.com/Templ···outc.cab
permalink · 2004-05-20 14:58:01 · Print · Reply to this

John2g
Qui Tacet Consentit
Premium
join:2001-08-10
England

Re: hijack this log computer 2

You have Mywebsearch

Removal
Open 'Add/Remove Programs' in the Control Panel. Select the 'My Search Bar' (MySearch variant), 'MyWay Speed Bar' (MyWay) or 'My Web Search Bar' (MyWeb) entry and click 'Remove'. For the MyWeb variant, be sure to also remove 'Fun Web Products Easy Installer'.

You can then reset your home page (Internet Options->General->Start Page) if it has been changed, and search settings (Internet Options->Programs->Reset web settings).
--
Better to remain silent and be thought a fool, than to speak and remove all doubt.
permalink · 2004-05-20 16:52:25 · Print · Reply to this

John2g
Qui Tacet Consentit
Premium
join:2001-08-10
England		 I would then download Ad-aware or SpyBot S&D, update and then run.
permalink · 2004-05-20 16:54:27 · Reply to this
owood1

join:2004-05-06
Milton, FL

 Thanks John2g.
Don't know where the MyWay came from. Did want to get rid of it. There was an entry for MyWay that I removed. None for a MyWay Bar nor could I find anything for the fun web products easy installer.

Ran SpyBot S&D, Ad-Aware and Spy Ferret with latest updates
earler this am. Just ran them again. Both times no problems found.
permalink · 2004-05-20 18:03:45 · Reply to this
Forums » Up and Running » Security » SecurityYahoo Mail + Zone Alarm Pro »
« Please Prove My Father Wrong!  

Thursday, 03-Dec 12:50:16 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.
page compression OFF
Most commented news this week
· [162] Comcast Releasing Promised Usage Meter
· [121] Avast Antivirus Has Gone Mad
· [103] Graduate Student Unveils Sprint's GPS Sharing With Feds
· [80] Latest Consumer Reports Survey Not Kind To AT&T
· [70] Baltimore To Ban Lazy Cable Installs
· [65] Comcast Makes NBC Universal Acquisition Official
· [63] Broadband Killed The Game Console
· [55] Rogers Unveils The ISP Dream Model
· [47] ACTA: Global Three Strikes
· [42] Cable Industry's 'Adoption Plus': Altruism Or PR Stunt?
Most people now reading
· False positive in Avast! or is it real? [Security]
· Many Sites Unreachable [Rogers]
· Warrior tank seem underpowered these days [World of Warcraft]
· [Rant] Disrespect of PTO [Rants, Raves, and Praise]
· [TWC] Audio/Video outage in Brooklyn [Time Warner Cable TV/Voice]
· Quality/longevity of 15A 120V receptacles [Home Repair & Improvement]
· Microsoft actively urges IE 6 users to upgrade [Security]
· Windows 7 boot manager editing questions [Microsoft Help]
· Need 100Mb fiber line.. any recommendations? [Canadian Broadband]