Posted June 6, 200420 yr i have this bar at the bottom of internet exploer everytime i start internet explorer up.. I have removed it using.. HiJackThis (got this from Jon).. but it comes back when i restart the comp. Also, Norton not finding anything,AVG not finding anything and also run lavasoft - Ad-Aware i got the latest updates on all programs but this thing keeps coming back!! also Internet exploer freezes every now and then.. think this has something to do with this bar.. anyone seen this b4 and got rid of it?
June 6, 200420 yr natalie had it also i managed to remove it from her pc using Hijack this and deleting a few files its a running process also its juts hard to spot in hijack this paste the log here oh and i hope u still love me ant! i take it all back MR2's are cool
June 6, 200420 yr Author Logfile of HijackThis v1.97.7Scan saved at 15:49:16, on 06/06/2004Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\PROGRA~1\Grisoft\AVG6\avgserv.exeC:\WINDOWS\System32\CTSvcCDA.exeC:\WINDOWS\System32\gearsec.exeC:\WINDOWS\system32\drivers\KodakCCS.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXEC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\ScsiAccess.EXEC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\taskswitch.exeC:\Program Files\Creative\ShareDLL\CtNotify.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Grisoft\AVG6\avgcc32.exeC:\WINDOWS\System32\gsicon.exeC:\WINDOWS\System32\dslagent.exeC:\Program Files\Messenger Plus! 3\MsgPlus.exeC:\PROGRA~1\ISOHTM~1\gram team.exeC:\Program Files\Creative\ShareDLL\MediaDet.ExeC:\Program Files\Widcomm\Bluetooth Software\BTTray.exeC:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exeC:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exeC:\Program Files\Widcomm\Bluetooth Software\BTStackServer.exeC:\Program Files\BT Broadband\Help\bin\mpbtn.exeC:\Program Files\MSN Messenger\msnmsgr.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Shareaza\Shareaza.exeC:\Program Files\Internet Explorer\iexplore.exeC:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HijackThis.exeC:\Program Files\Messenger\msmsgs.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchweb2.com/passthrough/index.ht...er=6&ar=msnhomeO2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {735A4A2E-DDFA-ADFE-2130-F052FA8A6B87} - C:\PROGRA~1\CITYTH~1\Dart Dog.dllO2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exeO4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exeO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXEO4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exeO4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startupO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [GSICONEXE] gsicon.exeO4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USBO4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"O4 - HKLM\..\Run: [manager less] C:\PROGRA~1\ISOHTM~1\gram team.exeO4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStartO4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /backgroundO4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband\Help\bin\matcli.exeO4 - Global Startup: BTTray.lnk = ?O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXEO4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exeO4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{CC5DF7D0-C0FA-4993-ABE0-721BDFD712F1}: NameServer = 194.74.65.68 194.72.9.39 I know this one R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchweb2.com/passthrough/index.ht...er=6&ar=msnhomeis def part of it, but wheres the rest! ?
June 6, 200420 yr O17 - HKLM\System\CCS\Services\Tcpip\..\{CC5DF7D0-C0FA-4993-ABE0-721BDFD712F1}: NameServer = 194.74.65.68 194.72.9.39 C:\WINDOWS\System32\gsicon.exe C:\WINDOWS\System32\ScsiAccess.EXE C:\PROGRA~1\ISOHTM~1\gram team.exe O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchweb2.com/passthrough/index.ht...er=6&ar=msnhome I think all these are suspicious nats was a file in program files also Check your Start menu/ Startup folder updated adware? update Hijack this in the options?
June 6, 200420 yr Author tried what u said jon but did not work.. so got more pissed off with it and decided to try XPs System Restore for the first time and its seems to be sorted!!
June 7, 200420 yr get a startup monitor.... www.spywareinfo.com goto FAO and look for startup monitors. I have one and it alerts me everytime a program trys to add its self to my registry, with or without my permission, its captured a few spyware/viruses in its time, so its highly recommended. Also goto the forums on spywareinfo.com and paste your hijack log....
Create an account or sign in to comment