Question:
Comp. running Ok but notice A Toolbar With No Name, only have IE and Google...
Logfile of HijackThis v1.99.1
Scan saved at 08:52:42, on 07/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\SlipStream Web Accelerator\slipaccel.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\My Downloads\hijackthis\HijackThis.exe
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - !!02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - !!06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PBlockHelper Class - !!4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\SlipStream Web Accelerator\PBHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - !!2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - Global Startup: tiscali web accelerator.lnk = C:\Program Files\SlipStream Web Accelerator\slipaccel.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.targa.co.uk/
O15 - Trusted Zone:
O16 - DPF: !!6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: !!6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) -
O17 - HKLM\System\CCS\Services\Tcpip\..\!!0381509B-883F-4C42-9354-1E4C9439A7DC}: NameServer = 212.74.112.67 212.74.114.129
O17 - HKLM\System\CS1\Services\Tcpip\..\!!0381509B-883F-4C42-9354-1E4C9439A7DC}: NameServer = 212.74.112.67 212.74.114.129
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Answers:
Sorry....can you analyize Brown....Targa system XP ..IE.
Printer only on occasionally. TIA
Answers:
there is no home page set, but I'm taking a look now :0
Answers:
fix these
O2 - BHO: (no name) - !!02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
and this one as it only resets your homepage to targa's
O14 - IERESET.INF: START_PAGE_URL=http://www.targa.co.uk/
Answers:
this shows you how to change your homepage to whatever you want
the log looks clean apart from that, are you having any other problems with the PC ??
for peace of mind you can run trough these
posts 1 to 4, will make sure there is no infection in the background
Answers:
Also got Adaware, Spyware Blaster, ccleaner and Reg Cleaner, see they are not on the log list. Reg Cleaner I got orf a disk , good for showing startup progs, of which there are only three, desktop, nvraid and accelerator. You's quick. 2 minutes :-)
Answers:
Also got Adaware, Spyware Blaster, ccleaner and Reg Cleaner, see they are not on the log list. Reg Cleaner I got orf a disk , good for showing startup progs, of which there are only three, desktop, nvraid and accelerator. You's quick. 2 minutes :-)
Ken
Are you still having problems with the forum display?
Have you tried not using that accelerator that you are loading at startup?
Answers:
Ken
Are you still having problems with the forum display?
Have you tried not using that accelerator that you are loading at startup?
Good thinking, Expresso, will give it a go, and report back.
Answers:
Good suggestion from espresso. I, for one, would like to know what happens.
Ken ... if you are using DAP, Download Accelerator Plus, it can sometimes cause more problems than it's worth.
Answers:
was sitting here ..lol
your lucky , I'm out later !!
Answers:
Thank you muchly, Browntoa, will delete as necessary, home page is 'about blank' for speed but see from your microsoft web link, I can customize it . Perhaps Windows Live or Google Reader with RSS feeds .
At present, single click from a mass of shortcuts on the desktop.
Answers:
was just checking, some hijacker infections leave "about blank" or the removal of the infection leaves no home page
mines google for ease
Answers:
Yesterday I unticked Tiscali Accelerator from a start up list in Reg Cleaner.
Couldn't find the server so reversed it.
Just now unticked from within msconfig, ticked apply, it put me into selective start up, told me orf, told me to undo and restart.The registry re-ticked the box.
Have written to tiscali free support yesterday, but might try slipstream the makers.
But since Neil did something yesterday, no duff pages,even tho the accel is on.
Still can't give thanks or smilies, or maddies.
Answers:
Still can't give thanks or smilies, or maddies.
Hmmm ... I had something similar a while ago. With me it was a firewall options thing stopping me post them. Have you cheked the options in your firewall to ensure it will allow them?
Answers:
Just had a reply from the free Tiscali Support Team about their accelerator, they said any site can be bypassed in the settings.
Doh! should have seen that, but as things are no problems,yet, since Neil's last correction. Touch wood.
Answers:
Slipstream is allowed thru, wouldn't know what a smilie program looks like.