1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Hijack Log attached, Dont know what or how to delete...

Discussion in 'Malware and Virus Removal Archive' started by johnd1, 2006/04/05.

  1. 2006/04/05
    johnd1

    johnd1 Inactive Thread Starter

    Joined:
    2005/02/10
    Messages:
    21
    Likes Received:
    0
    Hello,

    Hope someone can help me.

    My computer seems running slow (bogged down)...so i thought i would send you my log and see if you all notice anything that shouldn't be running. Unfortunetly i don't remember how to remove anything from the hijack this report (if necessary)

    Anti Virus 4.6 (does take up alot of processing power?)
    Spybot- 1.4
    Ad-ware SE Personal.
    XP Professional

    I Ran spybot (full scan) and adware in safe mode before capturing this log.
    Logfile of HijackThis v1.99.1
    Scan saved at 12:46:31 PM, on 4/5/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\Explorer.EXE
    D:\Program Files\HIJACK THIS\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mmgweekly.com/w/w.html?SID=6f3e29a35278d71c7f65495871231324
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files 2\ADOBE 7.0.7\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\logitech\ISStart.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\AVAST\ashDisp.exe
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\program files\ACTIVE SYNC\WCESCOMM.EXE "
    O4 - HKCU\..\Run: [updateMgr] "D:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
    O4 - Startup: ProMortgageFees.lnk = ?
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files 2\ADOBE 7.0.7\Reader\reader_sl.exe
    O4 - Global Startup: SideACT!.lnk = C:\Program Files 2\SideACT.exe
    O8 - Extra context menu item: &Google Search - res://D:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://D:\Program Files\Google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: &Yahoo! Search - file:///D:\Program Files\Common/ycsrch.htm
    O8 - Extra context menu item: Backward Links - res://D:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://D:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://D:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://D:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Program Files\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///D:\Program Files\Common/ycdict.htm
    O9 - Extra button: BNTouch Toolbar - {25F97EB4-1C02-45BA-BA0C-E67AACE64D4A} - (no file)
    O9 - Extra 'Tools' menuitem: BNTouch Toolbar - {25F97EB4-1C02-45BA-BA0C-E67AACE64D4A} - (no file)
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - c:\program files\ACTIVE SYNC\INETREPL.DLL
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - c:\program files\ACTIVE SYNC\INETREPL.DLL
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - c:\program files\ACTIVE SYNC\INETREPL.DLL
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {25F97EB4-1C02-45BA-BA0C-E67AACE64D4A} - http://www.bntouchmortgage.com/toolbar/bntouch.cab
    O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {59D04288-805E-4D43-BE09-83B1083E9E1E} (IUpdateAutoLaunch Control) - http://idenphones.motorola.com/iden/client/iUpdateAutoLaunch.ocx
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {944713E8-1F29-42D9-ABD5-557728B9AC97} (PtClickLoanWF Control) - https://ilnet.wellsfargo.com/ilonline/crs/hmupload/ptclickloanwf.cab
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
    O16 - DPF: {DF05D910-DC8E-403A-93B0-5C866F3200D1} (PtClickLoan Control) - https://www.clickloan.com/CAB/PtClickLoan/1,0,0,12/PtClickLoan.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://docmagic.webex.com/client/v_mywebex/webex/ieatgpc.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?323
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O16 - DPF: {FA80138C-DEB1-42D9-AFC3-1104CF963C98} (MAPSWeb.Finance) - http://63.194.31.146/mapsweb/cabfile/MAPSWeb.CAB
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files 2\AVAST\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files 2\AVAST\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files 2\AVAST\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files 2\AVAST\ashWebSv.exe" /service (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe

    Thanks a million!!
     
    johnd1,
    #1
  2. 2006/04/06
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    Your HJT log appears to be clean, but there are a couple of items which can be fixed .....

    O9 - Extra button: BNTouch Toolbar - {25F97EB4-1C02-45BA-BA0C-E67AACE64D4A} - (no file)
    O9 - Extra 'Tools' menuitem: BNTouch Toolbar - {25F97EB4-1C02-45BA-BA0C-E67AACE64D4A} - (no file)

    Scan again and check the box on the left of the window for each of those two entries, the click on Fix Checked.

    If you feel that your computer is bogged down clean out all the temporary files ....

    Temporary Internet files (recommend you set under ie > Tools > Options > Tempory Internet Files > Settings the folder size to ~50 Mb and even better under Advanced scroll down to 'Empty Temp Internet Files when Browser closed' and check that too.)

    C:\Windows\Temp

    Start > Run > type in %temp% > OK - files and folders found are safe to delete.

    Turn off Indexing Service - right click My Computer > Manage > Services > double click on Indexing Service and set to 'Disabled'.
     
    PeteC,
    #2


  3. to hide this advert.

  4. 2006/04/06
    TonyT

    TonyT SuperGeek Staff

    Joined:
    2002/01/18
    Messages:
    9,072
    Likes Received:
    400
    Something is awry here. You seem to have a Programs Files directory on the C:\ drive and also a Programs Files directory on the D:\ drive. This is very unusual and possibly may be reason for comp being slow.
     
    TonyT,
    #3
  5. 2006/04/06
    johnd1

    johnd1 Inactive Thread Starter

    Joined:
    2005/02/10
    Messages:
    21
    Likes Received:
    0
    Thanks for the help guys. I will delete those files

    Tony,
    Yes, i have program folders on both drives....My friend set up my computer and partitioned the drive so the OS and programs would run on one drive and the data would be on the other....The D: drive is a total of 7.18GB w/3GB free and the C: drive is 85GB and 75GB are free. With that said i created another Program Drive on the C:drive because the D:drive was almost full and started to uninstall from D: drive and reinstall programs on C: drive....make sense. This is one physical drive. I guess i know just enough to be dangerous....

    Any ideas....i have no clue what how to fix this one?
     
    johnd1,
    #4
  6. 2006/04/06
    TonyT

    TonyT SuperGeek Staff

    Joined:
    2002/01/18
    Messages:
    9,072
    Likes Received:
    400
    2 things:
    1. How much RAM on comp? Minimum to be efficient system is 512 MB.
    2. post a scan log friom a normal boot (not safe mode).
     
    TonyT,
    #5
  7. 2006/04/06
    johnd1

    johnd1 Inactive Thread Starter

    Joined:
    2005/02/10
    Messages:
    21
    Likes Received:
    0
    Thanks Tony, here is the info.
    Pentium 4 CPU 1700MHz 1.69GHz, 448MB of RAM

    Logfile of HijackThis v1.99.1
    Scan saved at 10:40:39 AM, on 4/6/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    C:\Program Files 2\AVAST\aswUpdSv.exe
    C:\Program Files 2\AVAST\ashServ.exe
    D:\WINDOWS\System32\nvsvc32.exe
    D:\WINDOWS\System32\svchost.exe
    C:\Program Files 2\AVAST\ashMaiSv.exe
    D:\WINDOWS\Explorer.EXE
    C:\Program Files 2\AVAST\ashWebSv.exe
    D:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\AVAST\ashDisp.exe
    D:\WINDOWS\system32\RUNDLL32.EXE
    C:\program files\ACTIVE SYNC\WCESCOMM.EXE
    C:\Program Files 2\SideACT.exe
    D:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files 2\Microsoft Office\Office10\OUTLOOK.EXE
    c:\Program Files 2\Microsoft Office\Office10\WINWORD.EXE
    C:\WINPOINT\winpoint.exe
    D:\Program Files\HIJACK THIS\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mmgweekly.com/w/w.html?SID=6f3e29a35278d71c7f65495871231324
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files 2\ADOBE 7.0.7\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\logitech\ISStart.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\AVAST\ashDisp.exe
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\program files\ACTIVE SYNC\WCESCOMM.EXE "
    O4 - HKCU\..\Run: [updateMgr] "D:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
    O4 - Startup: ProMortgageFees.lnk = ?
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files 2\ADOBE 7.0.7\Reader\reader_sl.exe
    O4 - Global Startup: SideACT!.lnk = C:\Program Files 2\SideACT.exe
    O8 - Extra context menu item: &Google Search - res://D:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://D:\Program Files\Google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: &Yahoo! Search - file:///D:\Program Files\Common/ycsrch.htm
    O8 - Extra context menu item: Backward Links - res://D:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://D:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://D:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://D:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Program Files\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///D:\Program Files\Common/ycdict.htm
    O9 - Extra button: BNTouch Toolbar - {25F97EB4-1C02-45BA-BA0C-E67AACE64D4A} - (no file)
    O9 - Extra 'Tools' menuitem: BNTouch Toolbar - {25F97EB4-1C02-45BA-BA0C-E67AACE64D4A} - (no file)
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - c:\program files\ACTIVE SYNC\INETREPL.DLL
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - c:\program files\ACTIVE SYNC\INETREPL.DLL
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - c:\program files\ACTIVE SYNC\INETREPL.DLL
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {25F97EB4-1C02-45BA-BA0C-E67AACE64D4A} - http://www.bntouchmortgage.com/toolbar/bntouch.cab
    O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {59D04288-805E-4D43-BE09-83B1083E9E1E} (IUpdateAutoLaunch Control) - http://idenphones.motorola.com/iden/client/iUpdateAutoLaunch.ocx
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {944713E8-1F29-42D9-ABD5-557728B9AC97} (PtClickLoanWF Control) - https://ilnet.wellsfargo.com/ilonline/crs/hmupload/ptclickloanwf.cab
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
    O16 - DPF: {DF05D910-DC8E-403A-93B0-5C866F3200D1} (PtClickLoan Control) - https://www.clickloan.com/CAB/PtClickLoan/1,0,0,12/PtClickLoan.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://docmagic.webex.com/client/v_mywebex/webex/ieatgpc.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?323
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O16 - DPF: {FA80138C-DEB1-42D9-AFC3-1104CF963C98} (MAPSWeb.Finance) - http://63.194.31.146/mapsweb/cabfile/MAPSWeb.CAB
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files 2\AVAST\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files 2\AVAST\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files 2\AVAST\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files 2\AVAST\ashWebSv.exe" /service (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
     
    johnd1,
    #6
  8. 2006/04/06
    TonyT

    TonyT SuperGeek Staff

    Joined:
    2002/01/18
    Messages:
    9,072
    Likes Received:
    400
    Use HjT to Fix the following:
    O9 - Extra button: BNTouch Toolbar - {25F97EB4-1C02-45BA-BA0C-E67AACE64D4A} - (no file)
    O9 - Extra 'Tools' menuitem: BNTouch Toolbar - {25F97EB4-1C02-45BA-BA0C-E67AACE64D4A} - (no file)
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O4 - Startup: ProMortgageFees.lnk = ?
    O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/mini...ansporter.cab?

    These do NOT need tom load at boot time. Remove using HjT will not remove the pgm but will stop them from loading at boot:

    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\program files\ACTIVE SYNC\WCESCOMM.EXE "
    O4 - HKCU\..\Run: [updateMgr] "D:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files 2\ADOBE 7.0.7\Reader\reader_sl.exe
    O4 - Global Startup: SideACT!.lnk = C:\Program Files 2\SideACT.exe
     
    TonyT,
    #7
  9. 2006/04/06
    johnd1

    johnd1 Inactive Thread Starter

    Joined:
    2005/02/10
    Messages:
    21
    Likes Received:
    0
    Thanks again for everything SuperGeek. I really appreciate it.

    Logfile of HijackThis v1.99.1
    Scan saved at 2:48:23 PM, on 4/6/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    C:\Program Files 2\AVAST\aswUpdSv.exe
    C:\Program Files 2\AVAST\ashServ.exe
    D:\WINDOWS\System32\nvsvc32.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\System32\svchost.exe
    C:\Program Files 2\AVAST\ashMaiSv.exe
    C:\Program Files 2\AVAST\ashWebSv.exe
    c:\PROGRA~1\MICROS~1\Office10\OUTLOOK.EXE
    c:\Program Files 2\Microsoft Office\Office10\WINWORD.EXE
    D:\Program Files\Internet Explorer\iexplore.exe
    D:\Program Files\Internet Explorer\iexplore.exe
    D:\Program Files\HIJACK THIS\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mmgweekly.com/w/w.html?SID=6f3e29a35278d71c7f65495871231324
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files 2\ADOBE 7.0.7\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\logitech\ISStart.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\AVAST\ashDisp.exe
    O8 - Extra context menu item: &Google Search - res://D:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://D:\Program Files\Google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: &Yahoo! Search - file:///D:\Program Files\Common/ycsrch.htm
    O8 - Extra context menu item: Backward Links - res://D:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://D:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://D:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://D:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Program Files\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///D:\Program Files\Common/ycdict.htm
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - c:\program files\ACTIVE SYNC\INETREPL.DLL
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {59D04288-805E-4D43-BE09-83B1083E9E1E} (IUpdateAutoLaunch Control) - http://idenphones.motorola.com/iden/client/iUpdateAutoLaunch.ocx
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {944713E8-1F29-42D9-ABD5-557728B9AC97} (PtClickLoanWF Control) - https://ilnet.wellsfargo.com/ilonline/crs/hmupload/ptclickloanwf.cab
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
    O16 - DPF: {DF05D910-DC8E-403A-93B0-5C866F3200D1} (PtClickLoan Control) - https://www.clickloan.com/CAB/PtClickLoan/1,0,0,12/PtClickLoan.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://docmagic.webex.com/client/v_mywebex/webex/ieatgpc.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?323
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O16 - DPF: {FA80138C-DEB1-42D9-AFC3-1104CF963C98} (MAPSWeb.Finance) - http://63.194.31.146/mapsweb/cabfile/MAPSWeb.CAB
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files 2\AVAST\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files 2\AVAST\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files 2\AVAST\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files 2\AVAST\ashWebSv.exe" /service (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
     
    johnd1,
    #8
  10. 2006/04/08
    TonyT

    TonyT SuperGeek Staff

    Joined:
    2002/01/18
    Messages:
    9,072
    Likes Received:
    400
    How's the comp responding now?
     
    TonyT,
    #9

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...