1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

HiJack This log - a few task manager processes keep coming back

Discussion in 'Virus & Other Malware Removal' started by NNCSavage, Oct 11, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. NNCSavage

    NNCSavage Thread Starter

    Joined:
    Oct 11, 2003
    Messages:
    5
    Logfile of HijackThis v1.97.3
    Scan saved at 11:03:40 PM, on 10/11/2003
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINNT\System32\nvsvc32.exe
    C:\WINNT\wanmpsvc.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\System32\CTHELPER.EXE
    C:\WINNT\System32\Grxp4exe.exe
    C:\PROGRA~1\NORTON~1\navapw32.exe
    C:\WINNT\System32\RUNDLL32.EXE
    C:\WINNT\System32\devldr32.exe
    C:\WINNT\system32\NOTEPAD.EXE
    C:\WINNT\System32\SxcV5wGL.exe
    C:\WINNT\System32\Lnoe7.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Messenger\msmsgs.exe
    d:\Temp\HijackThis.exe
    C:\WINNT\System32\notepad.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINNT\bi.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {C67BB1EC-00AA-464E-B855-BE05A39B6B02} - C:\WINNT\System32\nvtdll.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [Gravis Xperience Driver Support] Grxp4exe.exe /init
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [4AGYW8Q36L9DJC] C:\WINNT\System32\Grcpx5.exe
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: Yahoo! NHL StatTracker - http://aud4.sports.yahoo.com/java/y/nhlst8242_x.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37839.6965393519
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    There are 2 processes that keep coming back with various names - it seems to randomly pick them
    I ran searches to delete the files but they are only found in the prefetch folder and I can remove them but they come back
    Lnoe7.exe
    SxcV5wGL.exe
    Xhf5IW5.exe
    RumB3.exe
    Tgr89mf.exe
    LmwUjK.exe

    I've ran Spybot with the 10/10/03 update and cleaned out what I could from my HiJackThis log

    Doing all that seems to have fixed all my issues with pop-ups and slow IE loading times but those 2 processes keep coming back even after an End Task
    Once I was able to get them to not come back ("End Task"ing a whole bunch) but on a reboot they appeared once again.

    I'd appreciate any help someone can give me.
     
  2. Topkat

    Topkat

    Joined:
    Aug 10, 2003
    Messages:
    401
  3. NNCSavage

    NNCSavage Thread Starter

    Joined:
    Oct 11, 2003
    Messages:
    5
    Thanks for the help - I posted last night but it appears to have not saved.
    I had been reading the stickied posts and thought that sounded like what I had.

    Grabbed NOD and everything is good.
    Thanks.
     
  4. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    Thanx for getting back to us on that......It tells us the advice were giving for this one works.

    (y)
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/171341

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice