1
   

Help With Hijack, Please

 
 
Reply Sun 5 Sep, 2004 10:43 am
this has shown up on squinneys compuer. She can't open any programs....she has run virus check, ad aware, hand deleted files.....it won't go away and she can't open anything....also, any ideas on how to make that goddam weather bug go away and not keep returning? thanks.
  • Topic Stats
  • Top Replies
  • Link to this Topic
Type: Discussion • Score: 1 • Views: 1,778 • Replies: 12
No top replies

 
Don77
 
  1  
Reply Sun 5 Sep, 2004 12:26 pm
I just got rid of Weather bug from my son's computer,
You can go to add/remove programs and see if you can remove it that way, Killed the remains of it with HJT, Also tick it off from msconfig
Can you run HJT on her computer copy to disk and post it from yours ?
0 Replies
 
squinney
 
  1  
Reply Mon 6 Sep, 2004 09:21 pm
Okay, I may have a second here before geetting redirected to error place... my current hell!

For several days I've had a redirect to errorplace where I then get a "Do you want to install Joystick?" which is a Media Motor product. I say no and get another popup that says I have to say yes in order to continue. I X out of that and get left with a blank page.

I've also had my search sidebar hijacked. Appears to be part of the same jerks idea of fun. This is all malware / spyware from what I can tell.

Well, I've gone into everything I know to do, and there were hundreds of things needing to be deleted. I cleaned cache, reset internet settings, emptied cookies, files, history, and all of that and restarted. Nope... Still there. It keep coming back. Even folders I deleted are getting replaced. (Bargain Buddy, Search Locate, etc.)

So, following is my HJT log. Can someone tell me what else needs to be deleted and if it needs to be in safe mode, how do I do that? My computer starts so fast I barely see the start-up page, so if I'm suppose to hit esc or something let me know if I do it as soon as I see the start-up.
0 Replies
 
squinney
 
  1  
Reply Mon 6 Sep, 2004 09:22 pm
Logfile of HijackThis v1.98.2
Scan saved at 11:07:54 PM, on 9/6/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Internet Security\SymProxySvc.exe
C:\Program Files\Norton Internet Security\NISSERV.EXE
C:\WINDOWS\Mixer.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Norton Internet Security\IAMAPP.EXE
C:\WINDOWS\yzbalkjuk.exe
C:\WINDOWS\uqrr.exe
C:\WINDOWS\dihqsgu.exe
C:\WINDOWS\dcwhubl.exe
C:\Program Files\Bargain Buddy\bin\bargains.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nc.rr.com/
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
R3 - URLSearchHook: BrowserAngel Sidepanel - {D6CA5D91-5EA2-4654-9B75-499267012611} - C:\Program Files\SearchLocate\sidebar.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: jimmyhelp.CBrowserHelper - {C50E1306-B84E-47E0-9958-3BB90E2DCDCB} - C:\WINDOWS\ngdigk.dll
O2 - BHO: jimmyhelp.CBrowserHelper - {CC6E5F28-4BE0-4473-8E92-79E56DF911A0} - C:\WINDOWS\edvucd.dll
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\Program Files\Bargain Buddy\bin\apuc.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: BA Toolbar - {952EC978-4920-4F18-8237-91D69B54C580} - C:\Program Files\SearchLocate\sidebar.dll (file missing)
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c
O4 - HKLM\..\Run: [Win32 USB2 Driver] svchosting.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [kjuxvsz] C:\WINDOWS\yzbalkjuk.exe
O4 - HKLM\..\Run: [wjotcpdm] C:\WINDOWS\uqrr.exe
O4 - HKLM\..\Run: [vgznulm] C:\WINDOWS\dihqsgu.exe
O4 - HKLM\..\Run: [hdscn] C:\WINDOWS\dcwhubl.exe
O4 - HKLM\..\Run: [Bargains] C:\Program Files\Bargain Buddy\bin\bargains.exe
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] svchosting.exe
O4 - HKCU\..\Run: [Win32 USB2 Driver] svchosting.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D798803-E796-4C16-9BBA-5834FEA3F448}: NameServer = 209.47.15.118,64.157.143.38,24.25.4.108,24.25.4.109
O17 - HKLM\System\CS1\Services\Tcpip\..\{3D798803-E796-4C16-9BBA-5834FEA3F448}: NameServer = 209.47.15.118,64.157.143.38,24.25.4.108,24.25.4.109

I think HJT may have fixed a couple of things, but it is still happening, so I need to know what gets the big boot to the trash can here. Thanks in advance.
0 Replies
 
Don77
 
  1  
Reply Tue 7 Sep, 2004 05:42 pm
Please restart HJT put a check next to the following, close all open windows and click "Fix Checked"

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
R3 - URLSearchHook: BrowserAngel Sidepanel - {D6CA5D91-5EA2-4654-9B75-499267012611} - C:\Program Files\SearchLocate\sidebar.dll (file missing)
O2 - BHO: jimmyhelp.CBrowserHelper - {C50E1306-B84E-47E0-9958-3BB90E2DCDCB} - C:\WINDOWS\ngdigk.dll
O2 - BHO: jimmyhelp.CBrowserHelper - {CC6E5F28-4BE0-4473-8E92-79E56DF911A0} - C:\WINDOWS\edvucd.dll
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\Program Files\Bargain Buddy\bin\apuc.dll
O3 - Toolbar: BA Toolbar - {952EC978-4920-4F18-8237-91D69B54C580} - C:\Program Files\SearchLocate\sidebar.dll (file missing)
O4 - HKLM\..\Run: [Win32 USB2 Driver] svchosting.exe
O4 - HKLM\..\Run: [kjuxvsz] C:\WINDOWS\yzbalkjuk.exe
O4 - HKLM\..\Run: [wjotcpdm] C:\WINDOWS\uqrr.exe
O4 - HKLM\..\Run: [vgznulm] C:\WINDOWS\dihqsgu.exe
O4 - HKLM\..\Run: [hdscn] C:\WINDOWS\dcwhubl.exe
O4 - HKLM\..\Run: [Bargains] C:\Program Files\Bargain Buddy\bin\bargains.exe
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] svchosting.exe
O4 - HKCU\..\Run: [Win32 USB2 Driver] svchosting.exe

. Next reboot to safe mode ( By tapping the F8 key on start up) Make sure you can view all Hidden Files/Folders search for and delete the following in BOLD
C:\WINDOWS\ngdigk.dll
C:\WINDOWS\edvucd.dll
svchosting.exe
C:\WINDOWS\yzbalkjuk.exe
C:\WINDOWS\uqrr.exe
C:\WINDOWS\dihqsgu.exe
C:\WINDOWS\dcwhubl.exe
C:\Program Files\Bargain Buddy\bin\bargains.exe <<Delete the entire folder

Restart your computer and post back a fresh log please
0 Replies
 
squinney
 
  1  
Reply Tue 7 Sep, 2004 06:02 pm
Thank you, Don. Gonna give it a try. Thought the last half dozen items were strange looking but didn't want to delete them until I knew for sure. That may be why this mess keeps coming back.

Will repost new log shortly.
0 Replies
 
squinney
 
  1  
Reply Tue 7 Sep, 2004 08:15 pm
Okay, I got all of that + some other stuff that appeared. Here's my new log. Did I get it all? Very Happy Hey, I think I'm learning to read this stuff! Still not sure about the ones in bold...




Logfile of HijackThis v1.98.2
Scan saved at 10:08:47 PM, on 9/7/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Mixer.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Norton Internet Security\IAMAPP.EXE
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Internet Security\SymProxySvc.exe
C:\Program Files\Norton Internet Security\NISSERV.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nc.rr.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D798803-E796-4C16-9BBA-5834FEA3F448}: NameServer = 209.47.15.118,64.157.143.38,24.25.4.108,24.25.4.109
O17 - HKLM\System\CS1\Services\Tcpip\..\{3D798803-E796-4C16-9BBA-5834FEA3F448}: NameServer = 209.47.15.118,64.157.143.38,24.25.4.108,24.25.4.109
0 Replies
 
Don77
 
  1  
Reply Tue 7 Sep, 2004 08:31 pm
Quote:
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll

Those 2 must go, Have HJT fix them the same way you did the others,
Before you do I m assuming you have Ad-aware, Check it for updates, But don't run it yet,

Have HJT fix the above, Then reboot to safe mode and search for and delete
C:\WINDOWS\System32\mscb.dll
C:\WINDOWS\System32\msbe.dll
While still in safe mode scan with Ad-aware,
Next restart your computer and scan again with it,

I need to go stare at the inside of my eyelids Laughing I will check back tomorrow


Quote:
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

This one is legit "Internet Explorer Radio Bar"
0 Replies
 
squinney
 
  1  
Reply Wed 8 Sep, 2004 11:33 am
Okay, I'm not seeing anything in the HJT Log, but for some reason my sidebar/ search is still hijacked. It SAYS:

(Note that there is no MSN logo at the top of the sidebar. No color or anything, just jumps into a plain white search sidebar)

Choose a category for your search:

O Find a Web page
O Find a person's address
O Find a business
O Find a map
O Look up a word
O Find a picture
O Previous searches

Then a search box to enter your query with a search button to click. Next to the button it says Brought to you by MSN Search

Search for other items: (these are links)
Files or Folders
Computers
People

So I enter a query and click search button. It takes me to:

We can't find "g.msn.com"

You can try again by typing the URL in the address bar above.
Or, search the Web:

Go to MSN Search to see complete results for "g.msn.com".

Check availability or register the domain name 'g.msn.com'.
--------------------------------------------------------------------------------

More information about this error.
About Results

Powered by MSN Search


?2003 Microsoft Corporation. All rights reserved. Terms of Use TRUSTe Approved Privacy Statement

Now, what is interesting is that:

We can't find "g.msn.com" links to http://g.msn.com/0SEENUS/images/dns-info.gif

You can try again by typing the URL in the address bar above.
Or, search the Web:


Go to MSN Search to see complete results for "g.msn.com". Links to http://search.findwhatevernow.com/search.jsp?AF=cmgrb&term=online+casino



Check availability or register the domain name 'g.msn.com'. links to http://search.findwhatevernow.com/search.jsp?AF=cmgrb&term=debt%2Bconsolidation
--------------------------------------------------------------------------------

More information about this error. Links to http://search.findwhatevernow.com/search.jsp?AF=cmgrb&term=viagra

About Results links to http://search.findwhatevernow.com/search.jsp?AF=cmgrb&term=travel

Powered by MSN Search links to http://search.findwhatevernow.com/search.jsp?AF=cmgrb&term=credit%2Bcards


?2003 Microsoft Corporation. All rights reserved. Terms of Use TRUSTe Approved Privacy Statement links to http://g.msn.com/0SEENUS/SAWS01?!&FORM=IE6

Will post my HJT log again to see if anyone knows what to do to get my REAL MSN search back.
0 Replies
 
Don77
 
  1  
Reply Wed 8 Sep, 2004 07:21 pm
Hi again squinney

Give this a shot
Close all Internet Explorer windows.
Open Control Panel. Click Start>Settings>Control Panel.
Double-click the Internet Options icon.
In the Internet Properties window, click the Programs tab.
Click the "Reset Web SettingsĀ…" button.
Select "Also reset my home page." Click Yes.
Click OK.

Post back a fresh log too please
0 Replies
 
squinney
 
  1  
Reply Wed 8 Sep, 2004 10:25 pm
Thank you, Don.

BTW, in my HKCU\ software\ microsoft\ internet explorer\ main file the g.msn file you had me get rid of was still showing up today. I changed it through regedit to http:\\ie.msn.com. That started giving me a "cannot be found" page when I open search in IE. Any idea what that link should be?

Here's the lnewest log:

Logfile of HijackThis v1.98.2
Scan saved at 12:20:18 AM, on 9/9/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Mixer.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Norton Internet Security\IAMAPP.EXE
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Internet Security\SymProxySvc.exe
C:\Program Files\Norton Internet Security\NISSERV.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nc.rr.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D798803-E796-4C16-9BBA-5834FEA3F448}: NameServer = 209.47.15.118,64.157.143.38,24.25.4.108,24.25.4.109
O17 - HKLM\System\CS1\Services\Tcpip\..\{3D798803-E796-4C16-9BBA-5834FEA3F448}: NameServer = 209.47.15.118,64.157.143.38,24.25.4.108,24.25.4.109
0 Replies
 
squinney
 
  1  
Reply Thu 9 Sep, 2004 05:12 am
So, any idea how to get my search sidebar back?
0 Replies
 
rynout
 
  1  
Reply Fri 8 Oct, 2004 12:56 pm
http://img.photobucket.com/albums/v228/rynout/FWN.gif

Is this the page?

I have this problem too, if anyone finds a solution please help.
0 Replies
 
 

Related Topics

Clone of Micosoft Office - Question by Advocate
Do You Turn Off Your Computer at Night? - Discussion by Phoenix32890
The "Death" of the Computer Mouse - Discussion by Phoenix32890
Windows 10... - Discussion by Region Philbis
Surface Pro 3: What do you think? - Question by neologist
Windows 8 tips thread - Discussion by Wilso
GOOGLE CHROME - Question by Setanta
.Net and Firefox... - Discussion by gungasnake
Hacking a computer and remote access - Discussion by trying2learn
 
  1. Forums
  2. » Help With Hijack, Please
Copyright © 2020 MadLab, LLC :: Terms of Service :: Privacy Policy :: Page generated in 0.04 seconds on 09/24/2020 at 01:04:19