something found

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

lax30

Thread Starter
Joined
Sep 21, 2003
Messages
44
After putting up with this MSsvc.exe error for the last little while I decided to look deeper into the issue to fix the problem. I went through the usual steps and found the hidden "Recycler folder" in my drive. I went through some of the postings on this forum and went through the necassary steps to run Hijackthis. I did it from "Safe Mode and came up with this entry.

Logfile of HijackThis v1.97.2
Scan saved at 3:11:02 PM, on 21/09/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\WINZIP\wzqkpick.exe
C:\PROGRA~1\WINZIP\winzip32.exe
D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - D:\Program Files\Panicware\Pop-Up Stopper Pro\CCHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - D:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\E2G\IeBHOs.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - D:\Program Files\Panicware\Pop-Up Stopper Pro\popuppro.dll
O4 - HKLM\..\Run: [Versato] C:\WINDOWS\System32\USB_Kbd\Versato.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [WinKnight32] e:\windows\knight.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37803.8077662037
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

If any of you guys could help me clean up my system I would be greatly appreciative.
 
Joined
Oct 4, 2002
Messages
2,773
Close all browser windows - run hijackthis - tick to fix :-


O2 - BHO: (no name) - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\E2G\IeBHOs.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

steam
 
Joined
May 28, 2003
Messages
2,366
Steamwiz, I'm not an expert like you, but some items poped out at me.{pun intended}.

O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: (no name) - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\E2G\IeBHOs.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL

What do you think about this "MyBar" thing?
 
Joined
Mar 25, 2001
Messages
3,334
BillC, nothing nefarious about MyWay:

http://www.myway.com/


lax30

....do you know what this entry is:

O4 - HKLM\..\Run: [WinKnight32] e:\windows\knight.exe

I don't know what it is, it may be legitimate.

:)
 

TonyKlein

Malware Specialist
Joined
Aug 26, 2001
Messages
10,392
About the MyWay search bar, IMHO it depends whether it was installed wittingly.
It gets stealth installed on an extremely wide basis, being bundled with Grokster, and other P2P apps.

If you didn't actually intend to install it, simply uninstall it through Add/Remove programs.

And it's wise to have this one fixed:

O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART

It's routinely responsible for system slowdowns.
 
Joined
May 28, 2003
Messages
2,366
Buckaroo. Thanks for the heads-up on MyWay. I'm no expert and it looked to be one of those unwanted BHOs.

All I can find about knight.exe points me to games, but I know you already know that.
 
Joined
Mar 25, 2001
Messages
3,334
I used to have MyWay as my homepage and nothing else installed with it. I didn't know the other aspects of MyWay that TK mentioned. Of course he's right on, if it installed behind your back, then by all means remove it.

Thanks Tony!

:)
 
Joined
Mar 25, 2001
Messages
3,334
Thanks Tony. Nice to know there's no advertising or privacy issues with MyWay, but, need to be cautious anyway.
 

TonyKlein

Malware Specialist
Joined
Aug 26, 2001
Messages
10,392
Other, formerly reputable apps have recently gone the same way:

The DogPile toolbar and Lycos SideSearch are now confirmed to get stealth installed, bundled with other software... :(

NOT a good development, methinks...
 
Joined
Mar 25, 2001
Messages
3,334
NOT a good development, methinks...
No, I agree.....glad there's folks out there like yourself and forums like this to keep the rest of us apprised of what's really going on out there.

To second steam........keep up the good fight Tony. (y)
 
Joined
May 28, 2003
Messages
2,366
Hey Tony, nice to see you drop in again. I haven't seen you here for awhile, but I notice you do stay busy on other forums.

And Steamwiz... thanks for the link. I didn't know that BHOLiist.exe was even around until a few minutes ago. So that is how you guys look BHOs up sodarn fast!! What a GREAT tool. Thanks to Tony and the young fella Merjin in Holland.
 

lax30

Thread Starter
Joined
Sep 21, 2003
Messages
44
I appreciate all the help that you guys have given. The speed at which you gave was most generous as well.

As far as the knight.exe file is concerned, I've never installed any type of games that had that executable. I just formatted this summer so I have a pretty good idea of what I've put on the comp.

The other thing that is fishy about it is that it's path is e: and that would be my cd writer.

Any thoughts?
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top