Solved: Help with high jack this log

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

clmowers

Thread Starter
Joined
Jun 20, 2005
Messages
303
Can someone please help me. I am working on someone PC and there are a bunch of spyware and adware on the pc. I ran both adware and spybot and both of them together came up with about 1200 threats. I decided to run high jack this just to make sure. Can someone please analyse this for me thanks

Logfile of HijackThis v1.99.1
Scan saved at 6:24:56 PM, on 1/6/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\aupdate.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Microsoft.HOME-300RINVAO4\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://my.netzero.net/s/sp?r=al&cf=...10800000&D=1131436800000&I=8.NH3&N=PL&O=I&UT=
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\msbk32.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {55B2E4E4-F1D5-EA32-8609-869DD9324793} - C:\WINDOWS\dtdbfimv.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_0.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O3 - Toolbar: Search - {14976896-2F2E-3047-0B17-2944672D1777} - C:\WINDOWS\dtdbfimv.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Auto Updater] C:\WINDOWS\System32\aupdate.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\msbk32.dll,DllRun
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: repairs302972988.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
Click here to download the trial version of Ewido Security Suite:
http://www.ewido.net/en/download/

· Install Ewido.
· During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
· Launch ewido.
· It will prompt you to update click the OK button and it will go to the main screen.
· On the left side of the main screen click update.
· Click on Start and let it update.
· DO NOT run a scan yet.

Restart your computer into Safe Mode now.
(Start tapping the F8 key at Startup, before the Windows logo screen).
Perform the following steps in Safe Mode:

* Run Ewido:
Click on scanner
Click Complete System Scan and the scan will begin.
During the scan it will prompt you to clean files, click OK.
When the scan is finished, look at the bottom of the screen and click the Save report button.
Save the report to your desktop.

Reboot.

Post a new Hijack This log and the results of the Ewido scan.
 

clmowers

Thread Starter
Joined
Jun 20, 2005
Messages
303
Here is a copy of both Ewido log
The high jack this will be in next post as both together are to big
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 8:13:47 PM, 1/6/2006
+ Report-Checksum: 61067A68

+ Scan result:

HKLM\SOFTWARE\Classes\AppID\BookedSpace.DLL -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\{0DC5CD7C-F653-4417-AA43-D457BE3A9622} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\BookedSpace.Extension -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\BookedSpace.Extension\CLSID -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\BookedSpace.Extension\CurVer -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\BookedSpace.Extension.5 -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{05080E6B-A88A-4CFD-8C3D-9B2557670B6E} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{0DC5CD7C-F653-4417-AA43-D457BE3A9622} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75} -> Spyware.NetNucleus : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Surf SideKick -> Spyware.SurfSide : Cleaned with backup
C:\command.exe -> Dropper.Delf.ev : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt -> Spyware.Cookie.Epilot : Cleaned with backup
C:\Documents and Settings\Microsoft\Cookies\[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Microsoft\Cookies\[email protected].specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Microsoft\Cookies\[email protected][2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Microsoft\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Microsoft\Cookies\[email protected][1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Microsoft\Cookies\[email protected][2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Microsoft\Cookies\[email protected][2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Microsoft\Cookies\[email protected][1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Microsoft\Cookies\[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Microsoft\Local Settings\Temp\99_app99.exe -> Dropper.Agent.xw : Cleaned with backup
C:\Documents and Settings\Microsoft\Local Settings\Temp\adwsetup_upd.exe -> Dropper.Agent.abb : Cleaned with backup
C:\Documents and Settings\Microsoft\Local Settings\Temporary Internet Files\Content.IE5\OH6J8T2N\WinFixerScannerInstall[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup
C:\Documents and Settings\Microsoft.HOME-300RINVAO4\Cookies\[email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Microsoft.HOME-300RINVAO4\Cookies\[email protected][2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Microsoft.HOME-300RINVAO4\Cookies\[email protected][2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Microsoft.HOME-300RINVAO4\Cookies\[email protected][1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Microsoft.HOME-300RINVAO4\Cookies\[email protected][1].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Microsoft.HOME-300RINVAO4\Cookies\[email protected][1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Microsoft.HOME-300RINVAO4\Cookies\[email protected][2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Microsoft.HOME-300RINVAO4\Cookies\[email protected][1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Microsoft.HOME-300RINVAO4\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Microsoft.HOME-300RINVAO4\Cookies\[email protected][2].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Microsoft.HOME-300RINVAO4\Cookies\[email protected][2].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Microsoft.HOME-300RINVAO4\Cookies\[email protected][1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Microsoft.HOME-300RINVAO4\Cookies\[email protected][1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Microsoft.HOME-300RINVAO4\Cookies\[email protected][1].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Microsoft.HOME-300RINVAO4\Cookies\[email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Microsoft.HOME-300RINVAO4\Local Settings\Temp\temp.fr569F -> Spyware.CommAd : Cleaned with backup
C:\Documents and Settings\Microsoft.HOME-300RINVAO4\Local Settings\Temp\temp.fr7162\Ssk.exe -> Adware.SurfSide : Cleaned with backup
C:\Documents and Settings\Microsoft.HOME-300RINVAO4\Local Settings\Temp\temp.fr7162\SskBho.dll -> Adware.SurfSide : Cleaned with backup
C:\Documents and Settings\Microsoft.HOME-300RINVAO4\Local Settings\Temp\temp.fr7162\SskCore.dll -> Adware.SurfSide : Cleaned with backup
C:\Documents and Settings\Microsoft.HOME-300RINVAO4\Local Settings\Temp\temp.fr8705 -> Adware.EZula : Cleaned with backup
C:\Documents and Settings\Microsoft.HOME-300RINVAO4\Local Settings\Temp\temp.fr9FF7 -> Spyware.HotSearchBar : Cleaned with backup
C:\Program Files\SurfSideKick 3\SskCore.dll -> Adware.SurfSide : Cleaned with backup
C:\Program Files\Windows Media Player\wmplayer.exe.tmp -> Downloader.Small.cdo : Cleaned with backup
C:\Program Files\Yazzle Sudoku\Sudoku.exe -> Dropper.VB.kk : Cleaned with backup
C:\RECYCLER\NPROTECT\00021850.TXT -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\RECYCLER\NPROTECT\00021918.exe -> Adware.CommAd : Cleaned with backup
C:\RECYCLER\NPROTECT\00021920.EXE -> Spyware.VirtualBouncer : Cleaned with backup
C:\RECYCLER\NPROTECT\00021921.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00021922.TXT -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\RECYCLER\NPROTECT\00021923.TXT -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\RECYCLER\NPROTECT\00021924.TXT -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\RECYCLER\NPROTECT\00021925.TXT -> Spyware.Cookie.Adserver : Cleaned with backup
C:\RECYCLER\NPROTECT\00021926.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00021927.TXT -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\RECYCLER\NPROTECT\00021928.TXT -> Spyware.Cookie.Falkag : Cleaned with backup
C:\RECYCLER\NPROTECT\00021929.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00021930.TXT -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\RECYCLER\NPROTECT\00021931.TXT -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00021935.TXT -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\RECYCLER\NPROTECT\00021936.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00021938.TXT -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\RECYCLER\NPROTECT\00021939.TXT -> Spyware.Cookie.Bfast : Cleaned with backup
C:\RECYCLER\NPROTECT\00021942.TXT -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\RECYCLER\NPROTECT\00021943.TXT -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\RECYCLER\NPROTECT\00021944.TXT -> Spyware.Cookie.Findwhat : Cleaned with backup
C:\RECYCLER\NPROTECT\00021945.TXT -> Spyware.Cookie.Hotlog : Cleaned with backup
C:\RECYCLER\NPROTECT\00021947.TXT -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\RECYCLER\NPROTECT\00021948.TXT -> Spyware.Cookie.Overture : Cleaned with backup
C:\RECYCLER\NPROTECT\00021949.TXT -> Spyware.Cookie.Overture : Cleaned with backup
C:\RECYCLER\NPROTECT\00021950.TXT -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\RECYCLER\NPROTECT\00021951.TXT -> Spyware.Cookie.Spylog : Cleaned with backup
C:\RECYCLER\NPROTECT\00021952.TXT -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\RECYCLER\NPROTECT\00021953.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00021955.TXT -> Spyware.Cookie.Adserver : Cleaned with backup
C:\RECYCLER\NPROTECT\00021968.EXE -> Spyware.VirtualBouncer : Cleaned with backup
C:\RECYCLER\NPROTECT\00021971.exe -> Spyware.SafeSurfing : Cleaned with backup
C:\RECYCLER\NPROTECT\00021972.dll -> Spyware.SafeSurfing : Cleaned with backup
C:\RECYCLER\NPROTECT\00021973.EXE -> Spyware.Maxifiles : Cleaned with backup
C:\RECYCLER\NPROTECT\00021978.EXE -> Downloader.Small.buy : Cleaned with backup
C:\RECYCLER\NPROTECT\00021979.dll -> Adware.EZula : Cleaned with backup
C:\RECYCLER\NPROTECT\00021980.dll -> Adware.EZula : Cleaned with backup
C:\RECYCLER\NPROTECT\00021981.dll -> Adware.EZula : Cleaned with backup
C:\RECYCLER\NPROTECT\00021982.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\RECYCLER\NPROTECT\00021983.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\RECYCLER\NPROTECT\00021984.dll -> Spyware.SafeSurfing : Cleaned with backup
C:\RECYCLER\NPROTECT\00021985.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\RECYCLER\NPROTECT\00021986.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\RECYCLER\NPROTECT\00021988.dll -> Spyware.Getmirar : Cleaned with backup
C:\RECYCLER\NPROTECT\00023066.DLL -> Spyware.HideOne : Cleaned with backup
C:\RECYCLER\NPROTECT\00023222.EXE -> Dropper.Agent.abb : Cleaned with backup
C:\RECYCLER\NPROTECT\00023276.EXE -> Spyware.Maxifiles : Cleaned with backup
C:\RECYCLER\NPROTECT\00023391.dll -> Spyware.CASClient : Cleaned with backup
C:\RECYCLER\NPROTECT\00023440.EXE -> Adware.SurfSide : Cleaned with backup
C:\RECYCLER\NPROTECT\00023482.TXT -> Spyware.Cookie.Revenue : Cleaned with backup
C:\RECYCLER\NPROTECT\00023518.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023519.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023520.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023521.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023522.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023523.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023529.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023530.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023531.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023532.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023533.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023534.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023535.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023536.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023537.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023539.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00023540.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00023541.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00023542.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00023543.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00023544.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00023545.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00023546.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023547.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023548.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023549.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00023550.TXT -> Spyware.Cookie.Adserver : Cleaned with backup
C:\RECYCLER\NPROTECT\00023551.TXT -> Spyware.Cookie.Adserver : Cleaned with backup
C:\RECYCLER\NPROTECT\00023556.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023557.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023558.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023559.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023560.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023561.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023562.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023565.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023566.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023567.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023568.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023569.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023570.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023571.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00023572.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00023573.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00023574.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00023575.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00023576.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00023577.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00023578.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023579.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023580.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023581.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00023582.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00023583.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00023584.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00023586.TXT -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\RECYCLER\NPROTECT\00023587.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023588.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023589.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023590.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023595.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023596.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023597.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023599.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023600.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023601.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023605.TXT -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\RECYCLER\NPROTECT\00023606.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00023607.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00023608.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00023609.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00023610.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00023611.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023612.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023613.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023618.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023619.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023620.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023621.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023622.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023623.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023624.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023625.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023626.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023627.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023628.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023629.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023635.TXT -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\RECYCLER\NPROTECT\00023636.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023637.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023638.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023639.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00023640.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00023641.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00023642.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00023643.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00023644.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023645.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023646.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023647.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00023648.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00023649.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00023650.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00023652.TXT -> Spyware.Cookie.Revenue : Cleaned with backup
C:\RECYCLER\NPROTECT\00023653.TXT -> Spyware.Cookie.Revenue : Cleaned with backup
C:\RECYCLER\NPROTECT\00023657.TXT -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\RECYCLER\NPROTECT\00023658.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00023659.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00023660.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00023661.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00023662.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023663.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023664.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023665.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023666.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023667.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00023668.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00023669.TXT -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\RECYCLER\NPROTECT\00023676.TXT -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\RECYCLER\NPROTECT\00023680.TXT -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\RECYCLER\NPROTECT\00023681.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023682.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023683.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023684.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023685.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023686.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023687.TXT -> Spyware.Cookie.Revenue : Cleaned with backup
C:\RECYCLER\NPROTECT\00023688.TXT -> Spyware.Cookie.Revenue : Cleaned with backup
C:\RECYCLER\NPROTECT\00023689.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023690.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023691.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023692.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023693.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023694.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023695.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023696.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023698.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00023699.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\NPROTECT\00023706.TXT -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\RECYCLER\NPROTECT\00023713.TXT -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\RECYCLER\NPROTECT\00023726.TXT -> Spyware.Cookie.Falkag : Cleaned with backup
C:\RECYCLER\NPROTECT\00023727.TXT -> Spyware.Cookie.Falkag : Cleaned with backup
C:\RECYCLER\NPROTECT\00023728.TXT -> Spyware.Cookie.Falkag : Cleaned with backup
C:\RECYCLER\NPROTECT\00023729.TXT -> Spyware.Cookie.Falkag : Cleaned with backup
C:\RECYCLER\NPROTECT\00023730.TXT -> Spyware.Cookie.Falkag : Cleaned with backup
C:\RECYCLER\NPROTECT\00023731.TXT -> Spyware.Cookie.Falkag : Cleaned with backup
C:\RECYCLER\NPROTECT\00023738.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023739.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023740.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00023741.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00023742.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00023743.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00023744.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00023745.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00023746.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00023747.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00023748.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00023749.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00023818.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00023845.TXT -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\RECYCLER\NPROTECT\00023850.TXT -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\RECYCLER\NPROTECT\00023858.TXT -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\RECYCLER\NPROTECT\00023861.TXT -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\RECYCLER\NPROTECT\00023866.TXT -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\RECYCLER\NPROTECT\00023871.TXT -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\RECYCLER\NPROTECT\00023903.TXT -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\RECYCLER\S-1-5-21-1844237615-1580818891-854245398-1003\Dc8.exe -> Downloader.Adload.k : Cleaned with backup
C:\WINDOWS\Amngoomf.dll -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\cfgmgr52\EECH1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\cfgmgr52\SPZ3.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\dtdbfimv.dll -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\msbk32.dll -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\rizcalug.exe -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\system32\aupdate.exe -> Downloader.Adload.k : Cleaned with backup
C:\WINDOWS\system32\nsaE.dll -> Adware.EZula : Cleaned with backup
C:\WINDOWS\system32\WinNB57.dll -> Adware.Mirar : Cleaned with backup
 

clmowers

Thread Starter
Joined
Jun 20, 2005
Messages
303
Here is the high jack this log

Logfile of HijackThis v1.99.1
Scan saved at 8:23:28 PM, on 1/6/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\NetZero\exec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Microsoft.HOME-300RINVAO4\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://my.netzero.net/s/sp?r=al&cf=...10800000&D=1131436800000&I=8.NH3&N=PL&O=I&UT=
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {55B2E4E4-F1D5-EA32-8609-869DD9324793} - C:\WINDOWS\dtdbfimv.dll (file missing)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_0.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O3 - Toolbar: Search - {14976896-2F2E-3047-0B17-2944672D1777} - C:\WINDOWS\dtdbfimv.dll (file missing)
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136590406389
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: repairs302972988.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
If SurfSideKick 3 is located in Add/Remove Programs, uninstall it.

Please download Webroot SpySweeper from here: http://www.webroot.com/consumer/products/spysweeper/index.html?acode=af1&rc=4129
(It's a 2 week trial.)

Click the Free Trial link under to "SpySweeper" to download the program.
Install it.
Once the program is installed, it will open.
It will prompt you to update to the latest definitions, click Yes.
Once the definitions are installed, click Sweep Now on the left side.
Click the Start button.
When it's done scanning, click the Next button.
Make sure everything has a check next to it, then click the Next button.
It will remove all of the items found.
Click Session Log in the upper right corner, copy everything in that window.
Click the Summary tab and click Finish.

Paste the contents of the session log you copied into your next reply.
 

clmowers

Thread Starter
Joined
Jun 20, 2005
Messages
303
Here is the log for spy sweeper. that program does a number on system performace if the PC isnt that fast. I had problem trying to update. It just ate up all my cpu. So I had to run in safe mode and with the def. that came with the program.
********
3:08 PM: | Start of Session, Saturday, January 07, 2006 |
3:08 PM: Spy Sweeper started
3:08 PM: Sweep initiated using definitions version 556
3:08 PM: Warning: Stream read error
3:08 PM: Warning: Stream read error
3:08 PM: Warning: Stream read error
3:08 PM: Warning: Stream read error
3:08 PM: Warning: TIdentify2700Obj.Identify: Unable to map user: S-1-5-21-1844237615-1580818891-854245398-1003.bak
3:08 PM: Starting Memory Sweep
3:10 PM: Memory Sweep Complete, Elapsed Time: 00:01:28
3:10 PM: Starting Registry Sweep
3:10 PM: Found Adware: bookedspace
3:10 PM: HKLM\software\configuration manager\cfgmgr52\ (247 subtraces) (ID = 104873)
3:10 PM: Found Adware: cws-aboutblank
3:10 PM: HKCR\protocols\filter\text/html\ (1 subtraces) (ID = 114343)
3:10 PM: HKLM\software\classes\protocols\filter\text/html\ (1 subtraces) (ID = 115907)
3:10 PM: Found Adware: mirar webband
3:10 PM: HKU\.default\software\microsoft\internet explorer\toolbar\webbrowser\ || {9a9c9b68-f908-4aab-8d0c-10ea8997f37e} (ID = 135063)
3:10 PM: Found Adware: surfsidekick
3:10 PM: HKLM\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 143400)
3:10 PM: HKLM\software\surfsidekick3\ (2 subtraces) (ID = 143413)
3:10 PM: HKU\S-1-5-21-1844237615-1580818891-854245398-500\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 143397)
3:10 PM: HKU\S-1-5-21-1844237615-1580818891-854245398-500\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 143403)
3:10 PM: Warning: Stream read error
3:10 PM: Warning: Stream read error
3:10 PM: Warning: Stream read error
3:10 PM: Warning: Stream read error
3:10 PM: Warning: TIdentifyRegistryObj.Identify: Unable to map user: S-1-5-21-1844237615-1580818891-854245398-1003.bak
3:10 PM: HKU\WRSS_Profile_S-1-5-21-1844237615-1580818891-854245398-1003\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 143397)
3:10 PM: HKU\WRSS_Profile_S-1-5-21-1844237615-1580818891-854245398-1003\software\surfsidekick3\ (3 subtraces) (ID = 143412)
3:10 PM: HKU\S-1-5-18\software\microsoft\internet explorer\toolbar\webbrowser\ || {9a9c9b68-f908-4aab-8d0c-10ea8997f37e} (ID = 135102)
3:10 PM: Registry Sweep Complete, Elapsed Time:00:00:31
3:10 PM: Warning: Stream read error
3:10 PM: Warning: Stream read error
3:11 PM: Warning: Stream read error
3:11 PM: Warning: Stream read error
3:11 PM: Warning: Stream read error
3:11 PM: Warning: Stream read error
3:11 PM: Warning: TIdentifyCookieObj.GetCookiePaths(): Unable to map user: S-1-5-21-1844237615-1580818891-854245398-1003.bak
3:11 PM: Starting Cookie Sweep
3:11 PM: Found Spy Cookie: adknowledge cookie
3:11 PM: [email protected][2].txt (ID = 2072)
3:11 PM: Found Spy Cookie: hbmediapro cookie
3:11 PM: [email protected][2].txt (ID = 2768)
3:11 PM: Found Spy Cookie: falkag cookie
3:11 PM: [email protected][1].txt (ID = 2650)
3:11 PM: Found Spy Cookie: zedo cookie
3:11 PM: [email protected][1].txt (ID = 3763)
3:11 PM: Found Spy Cookie: exitexchange cookie
3:11 PM: [email protected][2].txt (ID = 2633)
3:11 PM: [email protected][1].txt (ID = 2767)
3:11 PM: Found Spy Cookie: clickandtrack cookie
3:11 PM: [email protected][2].txt (ID = 2397)
3:11 PM: Found Spy Cookie: kmpads cookie
3:11 PM: [email protected][2].txt (ID = 2909)
3:11 PM: Found Spy Cookie: 2o7.net cookie
3:11 PM: [email protected][1].txt (ID = 1958)
3:11 PM: Found Spy Cookie: realmedia cookie
3:11 PM: [email protected][2].txt (ID = 3235)
3:11 PM: Found Spy Cookie: rn11 cookie
3:11 PM: [email protected][2].txt (ID = 3261)
3:11 PM: Found Spy Cookie: statcounter cookie
3:11 PM: [email protected][1].txt (ID = 3447)
3:11 PM: Found Spy Cookie: reliablestats cookie
3:11 PM: [email protected][2].txt (ID = 3254)
3:11 PM: [email protected][1].txt (ID = 3762)
3:11 PM: Found Spy Cookie: websponsors cookie
3:11 PM: [email protected][2].txt (ID = 3665)
3:11 PM: [email protected][2].txt (ID = 2072)
3:11 PM: Found Spy Cookie: azjmp cookie
3:11 PM: [email protected][2].txt (ID = 2270)
3:11 PM: Found Spy Cookie: belnk cookie
3:11 PM: [email protected][1].txt (ID = 2292)
3:11 PM: Found Spy Cookie: enhance cookie
3:11 PM: [email protected][1].txt (ID = 2614)
3:11 PM: Found Spy Cookie: goclick cookie
3:11 PM: [email protected][1].txt (ID = 2733)
3:11 PM: Found Spy Cookie: directtrack cookie
3:11 PM: [email protected][1].txt (ID = 2527)
3:11 PM: [email protected][2].txt (ID = 2293)
3:11 PM: [email protected][2].txt (ID = 2633)
3:11 PM: [email protected][2].txt (ID = 2528)
3:11 PM: Found Spy Cookie: upspiral cookie
3:11 PM: [email protected][2].txt (ID = 3615)
3:11 PM: Found Spy Cookie: yadro cookie
3:11 PM: [email protected][1].txt (ID = 3743)
3:11 PM: Cookie Sweep Complete, Elapsed Time: 00:00:07
3:11 PM: Starting File Sweep
3:11 PM: c:\windows\cfgmgr52 (70 subtraces) (ID = -2147479590)
3:11 PM: Warning: Stream read error
3:11 PM: Warning: Stream read error
3:11 PM: Warning: Stream read error
3:11 PM: Warning: Stream read error
3:11 PM: Warning: TWinStartupScanner.Initialize(): could not map user [S-1-5-21-1844237615-1580818891-854245398-1003.bak]
3:11 PM: sskknwrd.dll (ID = 77733)
3:13 PM: sskknwrd.dll (ID = 77733)
3:15 PM: flrpklrrho.thh (ID = 164416)
3:15 PM: dadocwpuj.ele (ID = 158998)
3:15 PM: xgagresgxum.lpo (ID = 164350)
3:15 PM: 876056.exe (ID = 158984)
3:15 PM: vzqzyknloh.byg (ID = 159040)
3:15 PM: ttvyfvf.kby (ID = 164357)
3:16 PM: yiszqipd.snk (ID = 164348)
3:16 PM: iaahejnfak.opa (ID = 159017)
3:16 PM: qdbyuivgmnp.sij (ID = 159013)
3:16 PM: Found Adware: cas
3:16 PM: pf78.exe (ID = 164525)
3:16 PM: Found Adware: virtualbouncer
3:16 PM: 00023349.xml (ID = 82817)
3:16 PM: File Sweep Complete, Elapsed Time: 00:05:30
3:16 PM: Full Sweep has completed. Elapsed time 00:08:18
3:16 PM: Traces Found: 375
********
3:08 PM: | Start of Session, Saturday, January 07, 2006 |
3:08 PM: Spy Sweeper started
3:08 PM: Program Version 4.5.8 (Build 683) Using Spyware Definitions 556
3:08 PM: Warning: Stream read error
3:08 PM: Warning: Stream read error
3:08 PM: Warning: Stream read error
3:08 PM: Warning: Stream read error
3:08 PM: Warning: TCSIDLs.Refresh: could not map user [S-1-5-21-1844237615-1580818891-854245398-1003.bak]
3:08 PM: | End of Session, Saturday, January 07, 2006 |
 

clmowers

Thread Starter
Joined
Jun 20, 2005
Messages
303
Here is a new hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 5:06:15 PM, on 1/7/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\NetZero\exec.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Microsoft.HOME-300RINVAO4\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://my.netzero.net/s/sp?r=al&cf=...10800000&D=1131436800000&I=8.NH3&N=PL&O=I&UT=
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {55B2E4E4-F1D5-EA32-8609-869DD9324793} - C:\WINDOWS\dtdbfimv.dll (file missing)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_0.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O3 - Toolbar: Search - {14976896-2F2E-3047-0B17-2944672D1777} - C:\WINDOWS\dtdbfimv.dll (file missing)
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\RunOnce: [srePostpone] rundll32.exe c:\windows\system32\zonelabs\srescan.dll,DoSpecialAction
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136590406389
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
Rescan with Hijack This.
Close all browser windows except Hijack This.
Put a check mark beside these entries and click "Fix Checked".

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {55B2E4E4-F1D5-EA32-8609-869DD9324793} - C:\WINDOWS\dtdbfimv.dll (file missing)

O3 - Toolbar: Search - {14976896-2F2E-3047-0B17-2944672D1777} - C:\WINDOWS\dtdbfimv.dll (file missing)

O15 - Trusted Zone: http://click.getmirar.com (HKLM)

O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)

O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)

O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab


Boot into Safe Mode.

Navigate to the C:\Windows\Temp folder.
Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Go to Start > Run and type %temp% in the Run box.
The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

It's normal if some files don't delete!

Finally go to Control Panel > Internet Options.
On the General tab under "Temporary Internet Files" Click "Delete Files".
Put a check by "Delete Offline Content" and click OK.
Click on the Programs tab then click the "Reset Web Settings" button.
Click Apply then OK.

Empty the Recycle Bin.

Reboot, post a new log.
 

clmowers

Thread Starter
Joined
Jun 20, 2005
Messages
303
Here is another log of hijack this


Logfile of HijackThis v1.99.1
Scan saved at 6:31:09 PM, on 1/7/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\NetZero\exec.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\NetZero\exec.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Microsoft.HOME-300RINVAO4\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://my.netzero.net/s/sp?r=al&cf=...10800000&D=1131436800000&I=8.NH3&N=PL&O=I&UT=
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_0.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136590406389
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
 

clmowers

Thread Starter
Joined
Jun 20, 2005
Messages
303
Well its alot better then what it was. The only thing now is spy-bot is finding a command service as a threat.it located in the reg. tried to delete and it still shows up. I even did the regedit and browse to the key and still shows up after deleting it.I install microsoft anti-spyware,hoping mabey good old billy boy could fix it, and it found it to. But again still cant delete it. Do you know anything that could get ride of this?
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
What version of SpyBot are you using?

Can you post the exact name and location of the threat detected?
 

clmowers

Thread Starter
Joined
Jun 20, 2005
Messages
303
Im using spybot 1.4
The problem come up as Command Service - locations are

HKEY_local_machine\system\ControlSet002\services\cmdservice
HKEY_local_machine\system\ControlSet001\services\cmdservice
HKEY_local_machine\system\CurrentControlset\services\cmdservice
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top