Jump to content

Featured Replies

Posted

i have this bar at the bottom of internet exploer everytime i start internet explorer up..

 

virus.jpg

 

I have removed it using..

 

HiJackThis (got this from Jon).. but it comes back when i restart the comp.

 

Also, Norton not finding anything,

AVG not finding anything

 

and also run lavasoft - Ad-Aware

 

i got the latest updates on all programs but this thing keeps coming back!! :curse:

 

also Internet exploer freezes every now and then.. think this has something to do with this bar..

 

 

anyone seen this b4 and got rid of it?

natalie had it also

 

i managed to remove it from her pc using Hijack this and deleting a few files

 

its a running process also

 

its juts hard to spot in hijack this

 

paste the log here

 

oh and i hope u still love me ant! i take it all back MR2's are cool :thumb: :roll: :roll: :roll:

  • Author

Logfile of HijackThis v1.97.7

Scan saved at 15:49:16, on 06/06/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\PROGRA~1\Grisoft\AVG6\avgserv.exe

C:\WINDOWS\System32\CTSvcCDA.exe

C:\WINDOWS\System32\gearsec.exe

C:\WINDOWS\system32\drivers\KodakCCS.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\ScsiAccess.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\taskswitch.exe

C:\Program Files\Creative\ShareDLL\CtNotify.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Grisoft\AVG6\avgcc32.exe

C:\WINDOWS\System32\gsicon.exe

C:\WINDOWS\System32\dslagent.exe

C:\Program Files\Messenger Plus! 3\MsgPlus.exe

C:\PROGRA~1\ISOHTM~1\gram team.exe

C:\Program Files\Creative\ShareDLL\MediaDet.Exe

C:\Program Files\Widcomm\Bluetooth Software\BTTray.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe

C:\Program Files\Widcomm\Bluetooth Software\BTStackServer.exe

C:\Program Files\BT Broadband\Help\bin\mpbtn.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Shareaza\Shareaza.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HijackThis.exe

C:\Program Files\Messenger\msmsgs.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchweb2.com/passthrough/index.ht...er=6&ar=msnhome

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {735A4A2E-DDFA-ADFE-2130-F052FA8A6B87} - C:\PROGRA~1\CITYTH~1\Dart Dog.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe

O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe

O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe

O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [manager less] C:\PROGRA~1\ISOHTM~1\gram team.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband\Help\bin\matcli.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{CC5DF7D0-C0FA-4993-ABE0-721BDFD712F1}: NameServer = 194.74.65.68 194.72.9.39

 

 

 

 

 

 

 

 

I know this one

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchweb2.com/passthrough/index.ht...er=6&ar=msnhome

is def part of it, but wheres the rest! ?

O17 - HKLM\System\CCS\Services\Tcpip\..\{CC5DF7D0-C0FA-4993-ABE0-721BDFD712F1}: NameServer = 194.74.65.68 194.72.9.39

 

C:\WINDOWS\System32\gsicon.exe

 

C:\WINDOWS\System32\ScsiAccess.EXE

 

C:\PROGRA~1\ISOHTM~1\gram team.exe

 

O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchweb2.com/passthrough/index.ht...er=6&ar=msnhome

 

I think all these are suspicious

 

nats was a file in program files also

 

Check your Start menu/ Startup folder

 

updated adware?

 

update Hijack this in the options?

  • Author
tried what u said jon but did not work.. so got more pissed off with it and decided to try XPs System Restore for the first time and its seems to be sorted!! :thumb:

get a startup monitor....

 

www.spywareinfo.com goto FAO and look for startup monitors.

 

I have one and it alerts me everytime a program trys to add its self to my registry, with or without my permission, its captured a few spyware/viruses in its time, so its highly recommended.

 

Also goto the forums on spywareinfo.com and paste your hijack log....

Create an account or sign in to comment