1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: picked up problems

Discussion in 'Virus & Other Malware Removal' started by ksk2175, Jan 20, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. ksk2175

    ksk2175 Thread Starter

    Joined:
    Oct 18, 2004
    Messages:
    86
    ive got repeating problems after cleaning with Ad aware and spybot S&D ...

    any help?



    Logfile of HijackThis v1.99.1
    Scan saved at 7:12:46 PM, on 1/20/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    C:\WINDOWS\zHotkey.exe
    C:\Program Files\Digital Media Reader\shwiconem.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\ALCWZRD.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\SurfAccuracy\SAcc.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\BigFix\BigFix.exe
    C:\Program Files\FinePixViewer\QuickDCF.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
    O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
    O4 - HKLM\..\Run: [GVy6] C:\WINDOWS\nelrl.exe
    O4 - HKLM\..\Run: [Power Scan] "C:\Program Files\Power Scan\powerscan.exe" /aid:1003782
    O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
    O4 - Global Startup: Exif Launcher.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: officejet 6100.lnk = ?
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://us-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
     
  2. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Please download Webroot SpySweeper from here: http://www.webroot.com/consumer/products/spysweeper/index.html?acode=af1&rc=4129
    (It's a 2 week trial.)

    Click the Free Trial link under to "SpySweeper" to download the program.
    Install it.
    Once the program is installed, it will open.
    It will prompt you to update to the latest definitions, click Yes.
    Once the definitions are installed, click Sweep Now on the left side.
    Click the Start button.
    When it's done scanning, click the Next button.
    Make sure everything has a check next to it, then click the Next button.
    It will remove all of the items found.
    Click Session Log in the upper right corner, copy everything in that window.
    Click the Summary tab and click Finish.

    Paste the contents of the session log you copied into your next reply.
     
  3. ksk2175

    ksk2175 Thread Starter

    Joined:
    Oct 18, 2004
    Messages:
    86
    ********
    8:51 PM: | Start of Session, Friday, January 20, 2006 |
    8:51 PM: Spy Sweeper started
    8:51 PM: Sweep initiated using definitions version 604
    8:51 PM: Starting Memory Sweep
    8:54 PM: Memory Sweep Complete, Elapsed Time: 00:02:45
    8:54 PM: Starting Registry Sweep
    8:54 PM: Found Adware: ist istbar
    8:54 PM: HKLM\software\microsoft\windows\currentversion\run\ || ist service (ID = 129146)
    8:54 PM: Found Adware: ist powerscan
    8:54 PM: HKLM\software\microsoft\windows\currentversion\run\ || power scan (ID = 136825)
    8:54 PM: Found Adware: ist surf accuracy
    8:54 PM: HKLM\software\sacc\ (10 subtraces) (ID = 203068)
    8:54 PM: HKLM\software\microsoft\windows\currentversion\run\ || surfaccuracy (ID = 203069)
    8:54 PM: HKLM\software\microsoft\windows\currentversion\uninstall\sacc\ (2 subtraces) (ID = 203070)
    8:54 PM: Found Adware: ist sidefind
    8:54 PM: HKU\WRSS_Profile_S-1-5-21-2182231760-4168649598-2365718849-1008\software\microsoft\internet explorer\extensions\cmdmapping\ || {10e42047-deb9-4535-a118-b3f6ec39b807} (ID = 141778)
    8:54 PM: Found Adware: ist software
    8:54 PM: HKU\WRSS_Profile_S-1-5-21-2182231760-4168649598-2365718849-1007\software\ist\ (1 subtraces) (ID = 129108)
    8:54 PM: HKU\WRSS_Profile_S-1-5-21-2182231760-4168649598-2365718849-1007\software\microsoft\internet explorer\extensions\cmdmapping\ || {10e42047-deb9-4535-a118-b3f6ec39b807} (ID = 141778)
    8:54 PM: HKU\WRSS_Profile_S-1-5-21-2182231760-4168649598-2365718849-1006\software\microsoft\internet explorer\extensions\cmdmapping\ || {10e42047-deb9-4535-a118-b3f6ec39b807} (ID = 141778)
    8:54 PM: Registry Sweep Complete, Elapsed Time:00:00:21
    8:54 PM: Starting Cookie Sweep
    8:54 PM: Found Spy Cookie: addynamix cookie
    8:54 PM: [email protected][2].txt (ID = 2062)
    8:54 PM: Found Spy Cookie: ask cookie
    8:54 PM: [email protected][1].txt (ID = 2245)
    8:54 PM: Found Spy Cookie: atlas dmt cookie
    8:54 PM: [email protected][1].txt (ID = 2253)
    8:54 PM: Found Spy Cookie: belnk cookie
    8:54 PM: [email protected][1].txt (ID = 2292)
    8:54 PM: Found Spy Cookie: burstnet cookie
    8:54 PM: [email protected][2].txt (ID = 2336)
    8:54 PM: Found Spy Cookie: dbbsrv cookie
    8:54 PM: [email protected][1].txt (ID = 2499)
    8:54 PM: [email protected][2].txt (ID = 2293)
    8:54 PM: Found Spy Cookie: fastclick cookie
    8:54 PM: [email protected][2].txt (ID = 2651)
    8:54 PM: Found Spy Cookie: screensavers.com cookie
    8:54 PM: [email protected][1].txt (ID = 3298)
    8:54 PM: [email protected][2].txt (ID = 2652)
    8:54 PM: Found Spy Cookie: starware.com cookie
    8:54 PM: [email protected][2].txt (ID = 3441)
    8:54 PM: Found Spy Cookie: tribalfusion cookie
    8:54 PM: [email protected][1].txt (ID = 3589)
    8:54 PM: Found Spy Cookie: burstbeacon cookie
    8:54 PM: [email protected][1].txt (ID = 2335)
    8:54 PM: [email protected][1].txt (ID = 3298)
    8:54 PM: Found Spy Cookie: primaryads cookie
    8:54 PM: [email protected][2].txt (ID = 3190)
    8:54 PM: Found Spy Cookie: 2o7.net cookie
    8:54 PM: [email protected][2].txt (ID = 1957)
    8:54 PM: Found Spy Cookie: websponsors cookie
    8:54 PM: [email protected][1].txt (ID = 3665)
    8:54 PM: Found Spy Cookie: go.com cookie
    8:54 PM: [email protected][2].txt (ID = 2729)
    8:54 PM: Found Spy Cookie: about cookie
    8:54 PM: [email protected][1].txt (ID = 2037)
    8:54 PM: Found Spy Cookie: yieldmanager cookie
    8:54 PM: [email protected][2].txt (ID = 3751)
    8:54 PM: Found Spy Cookie: adknowledge cookie
    8:54 PM: [email protected][2].txt (ID = 2072)
    8:54 PM: Found Spy Cookie: hbmediapro cookie
    8:54 PM: [email protected][2].txt (ID = 2768)
    8:54 PM: Found Spy Cookie: adrevolver cookie
    8:54 PM: [email protected][1].txt (ID = 2088)
    8:54 PM: [email protected][3].txt (ID = 2088)
    8:54 PM: Found Spy Cookie: ads.businessweek cookie
    8:54 PM: [email protected][1].txt (ID = 2113)
    8:54 PM: Found Spy Cookie: cc214142 cookie
    8:54 PM: [email protected][1].txt (ID = 2367)
    8:54 PM: Found Spy Cookie: pointroll cookie
    8:54 PM: [email protected][2].txt (ID = 3148)
    8:54 PM: Found Spy Cookie: advertising cookie
    8:54 PM: [email protected][2].txt (ID = 2175)
    8:54 PM: [email protected][2].txt (ID = 2038)
    8:54 PM: Found Spy Cookie: apmebf cookie
    8:54 PM: [email protected][2].txt (ID = 2229)
    8:54 PM: [email protected][1].txt (ID = 2245)
    8:54 PM: [email protected][2].txt (ID = 2253)
    8:54 PM: [email protected][1].txt (ID = 2293)
    8:54 PM: Found Spy Cookie: atwola cookie
    8:54 PM: [email protected][2].txt (ID = 2255)
    8:54 PM: Found Spy Cookie: azjmp cookie
    8:54 PM: [email protected][1].txt (ID = 2270)
    8:54 PM: Found Spy Cookie: bannerspace cookie
    8:54 PM: [email protected][2].txt (ID = 2284)
    8:54 PM: Found Spy Cookie: banner cookie
    8:54 PM: [email protected][2].txt (ID = 2276)
    8:54 PM: [email protected][1].txt (ID = 2292)
    8:54 PM: Found Spy Cookie: bizrate cookie
    8:54 PM: [email protected][2].txt (ID = 2308)
    8:54 PM: Found Spy Cookie: bravenet cookie
    8:54 PM: [email protected][2].txt (ID = 2322)
    8:54 PM: [email protected][2].txt (ID = 2336)
    8:54 PM: Found Spy Cookie: casalemedia cookie
    8:54 PM: [email protected][2].txt (ID = 2354)
    8:54 PM: Found Spy Cookie: ccbill cookie
    8:54 PM: [email protected][2].txt (ID = 2369)
    8:54 PM: Found Spy Cookie: tickle cookie
    8:54 PM: [email protected][1].txt (ID = 3530)
    8:54 PM: Found Spy Cookie: 360i cookie
    8:54 PM: [email protected][1].txt (ID = 1962)
    8:54 PM: Found Spy Cookie: customer cookie
    8:54 PM: [email protected][1].txt (ID = 2481)
    8:54 PM: [email protected][2].txt (ID = 2481)
    8:54 PM: Found Spy Cookie: coremetrics cookie
    8:54 PM: [email protected][1].txt (ID = 2472)
    8:54 PM: Found Spy Cookie: overture cookie
    8:54 PM: [email protected][1].txt (ID = 3106)
    8:54 PM: [email protected][1].txt (ID = 2499)
    8:54 PM: Found Spy Cookie: dealtime cookie
    8:54 PM: [email protected][1].txt (ID = 2505)
    8:54 PM: [email protected][2].txt (ID = 2293)
    8:54 PM: [email protected][1].txt (ID = 2729)
    8:54 PM: [email protected][2].txt (ID = 2651)
    8:54 PM: Found Spy Cookie: fortunecity cookie
    8:54 PM: [email protected][2].txt (ID = 2686)
    8:54 PM: Found Spy Cookie: gamespy cookie
    8:54 PM: [email protected][2].txt (ID = 2719)
    8:54 PM: [email protected][1].txt (ID = 2038)
    8:54 PM: Found Spy Cookie: gostats cookie
    8:54 PM: [email protected][2].txt (ID = 2747)
    8:54 PM: [email protected][2].txt (ID = 2728)
    8:54 PM: Found Spy Cookie: humanclick cookie
    8:54 PM: [email protected]anclick[2].txt (ID = 2810)
    8:54 PM: Found Spy Cookie: infospace cookie
    8:54 PM: [email protected][2].txt (ID = 2865)
    8:54 PM: Found Spy Cookie: maxserving cookie
    8:54 PM: [email protected][2].txt (ID = 2966)
    8:54 PM: Found Spy Cookie: nextag cookie
    8:54 PM: [email protected][1].txt (ID = 5014)
    8:54 PM: [email protected][2].txt (ID = 2038)
    8:54 PM: [email protected][1].txt (ID = 3105)
    8:54 PM: [email protected][1].txt (ID = 2038)
    8:54 PM: Found Spy Cookie: partypoker cookie
    8:54 PM: [email protected][2].txt (ID = 3111)
    8:54 PM: [email protected][1].txt (ID = 3106)
    8:54 PM: Found Spy Cookie: pricegrabber cookie
    8:54 PM: [email protected][2].txt (ID = 3185)
    8:54 PM: [email protected][2].txt (ID = 2729)
    8:54 PM: Found Spy Cookie: questionmarket cookie
    8:54 PM: [email protected][1].txt (ID = 3217)
    8:54 PM: Found Spy Cookie: realmedia cookie
    8:54 PM: [email protected][1].txt (ID = 3235)
    8:54 PM: Found Spy Cookie: rednova cookie
    8:54 PM: [email protected][2].txt (ID = 3245)
    8:54 PM: [email protected][1].txt (ID = 2729)
    8:54 PM: [email protected][1].txt (ID = 2729)
    8:54 PM: Found Spy Cookie: serving-sys cookie
    8:54 PM: [email protected][2].txt (ID = 3343)
    8:54 PM: Found Spy Cookie: servlet cookie
    8:54 PM: [email protected][1].txt (ID = 3345)
    8:54 PM: [email protected][2].txt (ID = 3246)
    8:54 PM: [email protected][1].txt (ID = 2038)
    8:54 PM: [email protected][2].txt (ID = 2038)
    8:54 PM: [email protected][2].txt (ID = 3441)
    8:54 PM: [email protected][1].txt (ID = 2506)
    8:54 PM: Found Spy Cookie: statcounter cookie
    8:54 PM: [email protected][1].txt (ID = 3447)
    8:54 PM: Found Spy Cookie: clicktracks cookie
    8:54 PM: [email protected][1].txt (ID = 2407)
    8:54 PM: Found Spy Cookie: reliablestats cookie
    8:54 PM: [email protected][1].txt (ID = 3254)
    8:54 PM: Found Spy Cookie: tracking cookie
    8:54 PM: [email protected][1].txt (ID = 3571)
    8:54 PM: [email protected][1].txt (ID = 3589)
    8:54 PM: Found Spy Cookie: tripod cookie
    8:54 PM: [email protected][1].txt (ID = 3591)
    8:54 PM: [email protected][1].txt (ID = 2335)
    8:54 PM: [email protected][2].txt (ID = 3298)
    8:54 PM: Found Spy Cookie: adserver cookie
    8:54 PM: [email protected][1].txt (ID = 2142)
    8:54 PM: Found Spy Cookie: zedo cookie
    8:54 PM: [email protected][2].txt (ID = 3762)
    8:54 PM: [email protected][2].txt (ID = 2037)
    8:54 PM: [email protected][1].txt (ID = 2038)
    8:54 PM: [email protected][1].txt (ID = 2245)
    8:54 PM: [email protected][2].txt (ID = 2293)
    8:54 PM: [email protected][1].txt (ID = 2255)
    8:54 PM: [email protected][1].txt (ID = 2292)
    8:54 PM: Found Spy Cookie: classmates cookie
    8:54 PM: [email protected][2].txt (ID = 2384)
    8:54 PM: Found Spy Cookie: webtrendslive cookie
    8:54 PM: [email protected]_8j7n[1].txt (ID = 3673)
    8:54 PM: [email protected][2].txt (ID = 2293)
    8:54 PM: Found Spy Cookie: excite cookie
    8:54 PM: [email protected][1].txt (ID = 2631)
    8:54 PM: [email protected][1].txt (ID = 2038)
    8:54 PM: [email protected][1].txt (ID = 2728)
    8:54 PM: [email protected][2].txt (ID = 2038)
    8:54 PM: [email protected][2].txt (ID = 2038)
    8:54 PM: Found Spy Cookie: netster cookie
    8:54 PM: [email protected][1].txt (ID = 3072)
    8:54 PM: [email protected][1].txt (ID = 2966)
    8:54 PM: [email protected][1].txt (ID = 2038)
    8:54 PM: [email protected][2].txt (ID = 5014)
    8:54 PM: [email protected][1].txt (ID = 3235)
    8:54 PM: Found Spy Cookie: reunion cookie
    8:54 PM: [email protected][1].txt (ID = 3255)
    8:54 PM: [email protected][1].txt (ID = 2142)
    8:54 PM: [email protected][2].txt (ID = 3762)
    8:54 PM: [email protected][2].txt (ID = 3665)
    8:54 PM: [email protected][1].txt (ID = 2037)
    8:54 PM: Found Spy Cookie: ad-rotator cookie
    8:54 PM: [email protected][2].txt (ID = 2051)
    8:54 PM: [email protected][1].txt (ID = 3256)
    8:54 PM: Found Spy Cookie: adecn cookie
    8:54 PM: [email protected][2].txt (ID = 2063)
    8:54 PM: [email protected][1].txt (ID = 2072)
    8:54 PM: Found Spy Cookie: adlegend cookie
    8:54 PM: [email protected][1].txt (ID = 2074)
    8:54 PM: Found Spy Cookie: adultfriendfinder cookie
    8:54 PM: [email protected][1].txt (ID = 2165)
    8:54 PM: Found Spy Cookie: alt cookie
    8:54 PM: [email protected][2].txt (ID = 2217)
    8:54 PM: [email protected][1].txt (ID = 2245)
    8:54 PM: [email protected][2].txt (ID = 2293)
    8:54 PM: [email protected][1].txt (ID = 2255)
    8:54 PM: [email protected][2].txt (ID = 2270)
    8:54 PM: [email protected][1].txt (ID = 2276)
    8:54 PM: [email protected][1].txt (ID = 2292)
    8:54 PM: [email protected][1].txt (ID = 2308)
    8:54 PM: Found Spy Cookie: goclick cookie
    8:54 PM: [email protected][2].txt (ID = 2733)
    8:54 PM: [email protected][2].txt (ID = 2369)
    8:54 PM: [email protected][1].txt (ID = 2384)
    8:54 PM: [email protected]_8j7n[2].txt (ID = 3673)
    8:54 PM: [email protected][1].txt (ID = 2038)
    8:54 PM: Found Spy Cookie: did-it cookie
    8:54 PM: [email protected][1].txt (ID = 2523)
    8:54 PM: [email protected][1].txt (ID = 2293)
    8:54 PM: Found Spy Cookie: exitexchange cookie
    8:54 PM: [email protected][2].txt (ID = 2633)
    8:54 PM: [email protected][1].txt (ID = 2038)
    8:54 PM: [email protected][2].txt (ID = 2747)
    8:54 PM: [email protected][2].txt (ID = 2728)
    8:54 PM: Found Spy Cookie: herfirstanalsex cookie
    8:54 PM: [email protected][2].txt (ID = 2769)
    8:54 PM: [email protected][1].txt (ID = 2729)
    8:54 PM: Found Spy Cookie: homestore cookie
    8:54 PM: [email protected][1].txt (ID = 2793)
    8:54 PM: Found Spy Cookie: ic-live cookie
    8:54 PM: [email protected][1].txt (ID = 2821)
    8:54 PM: [email protected][2].txt (ID = 2865)
    8:54 PM: [email protected][2].txt (ID = 2166)
    8:54 PM: [email protected][1].txt (ID = 2794)
    8:54 PM: [email protected][1].txt (ID = 5014)
    8:54 PM: [email protected][2].txt (ID = 3111)
    8:54 PM: [email protected][1].txt (ID = 3255)
    8:54 PM: [email protected][1].txt (ID = 2038)
    8:54 PM: [email protected][2].txt (ID = 2506)
    8:54 PM: [email protected][1].txt (ID = 3447)
    8:54 PM: [email protected][1].txt (ID = 3254)
    8:54 PM: [email protected][2].txt (ID = 2407)
    8:54 PM: [email protected][2].txt (ID = 3571)
    8:54 PM: [email protected][2].txt (ID = 2038)
    8:54 PM: Found Spy Cookie: webpower cookie
    8:54 PM: [email protected][1].txt (ID = 3660)
    8:54 PM: [email protected][1].txt (ID = 3256)
    8:54 PM: [email protected][2].txt (ID = 3298)
    8:54 PM: Cookie Sweep Complete, Elapsed Time: 00:00:10
    8:54 PM: Starting File Sweep
    8:54 PM: c:\program files\surfaccuracy (4 subtraces) (ID = -2147478266)
    9:02 PM: uninstaller.prod.24oct2005.exe[1].67ed8085ef4da0dd46732bc56aa91a66 (ID = 180136)
    9:06 PM: sfbho13[1].dll (ID = 157821)
    9:06 PM: sacc[1].cfg (ID = 208330)
    9:06 PM: Found Adware: ist yoursitebar
    9:06 PM: ysb[1].dll (ID = 161559)
    9:06 PM: sidefind[1].exe (ID = 154905)
    9:06 PM: powerscan[1].exe (ID = 72679)
    9:06 PM: power_remove[1].exe (ID = 72675)
    9:06 PM: sidefind13[1].dll (ID = 157822)
    9:08 PM: saccu.exe (ID = 180136)
    9:08 PM: File Sweep Complete, Elapsed Time: 00:14:16
    9:08 PM: Full Sweep has completed. Elapsed time 00:17:37
    9:08 PM: Traces Found: 197
    9:09 PM: Removal process initiated
    9:09 PM: Quarantining All Traces: ist istbar
    9:09 PM: Quarantining All Traces: ist powerscan
    9:09 PM: Quarantining All Traces: ist sidefind
    9:09 PM: Quarantining All Traces: ist software
    9:09 PM: Quarantining All Traces: ist surf accuracy
    9:09 PM: ist surf accuracy is in use. It will be removed on reboot.
    9:09 PM: c:\program files\surfaccuracy is in use. It will be removed on reboot.
    9:09 PM: Quarantining All Traces: ist yoursitebar
    9:09 PM: Quarantining All Traces: 2o7.net cookie
    9:09 PM: Quarantining All Traces: 360i cookie
    9:09 PM: Quarantining All Traces: about cookie
    9:09 PM: Quarantining All Traces: addynamix cookie
    9:09 PM: Quarantining All Traces: adecn cookie
    9:09 PM: Quarantining All Traces: adknowledge cookie
    9:09 PM: Quarantining All Traces: adlegend cookie
    9:09 PM: Quarantining All Traces: adrevolver cookie
    9:09 PM: Quarantining All Traces: ad-rotator cookie
    9:09 PM: Quarantining All Traces: ads.businessweek cookie
    9:09 PM: Quarantining All Traces: adserver cookie
    9:09 PM: Quarantining All Traces: adultfriendfinder cookie
    9:09 PM: Quarantining All Traces: advertising cookie
    9:09 PM: Quarantining All Traces: alt cookie
    9:09 PM: Quarantining All Traces: apmebf cookie
    9:09 PM: Quarantining All Traces: ask cookie
    9:09 PM: Quarantining All Traces: atlas dmt cookie
    9:09 PM: Quarantining All Traces: atwola cookie
    9:09 PM: Quarantining All Traces: azjmp cookie
    9:09 PM: Quarantining All Traces: banner cookie
    9:09 PM: Quarantining All Traces: bannerspace cookie
    9:09 PM: Quarantining All Traces: belnk cookie
    9:09 PM: Quarantining All Traces: bizrate cookie
    9:09 PM: Quarantining All Traces: bravenet cookie
    9:09 PM: Quarantining All Traces: burstbeacon cookie
    9:09 PM: Quarantining All Traces: burstnet cookie
    9:09 PM: Quarantining All Traces: casalemedia cookie
    9:09 PM: Quarantining All Traces: cc214142 cookie
    9:09 PM: Quarantining All Traces: ccbill cookie
    9:09 PM: Quarantining All Traces: classmates cookie
    9:09 PM: Quarantining All Traces: clicktracks cookie
    9:09 PM: Quarantining All Traces: coremetrics cookie
    9:09 PM: Quarantining All Traces: customer cookie
    9:09 PM: Quarantining All Traces: dbbsrv cookie
    9:09 PM: Quarantining All Traces: dealtime cookie
    9:09 PM: Quarantining All Traces: did-it cookie
    9:09 PM: Quarantining All Traces: excite cookie
    9:09 PM: Quarantining All Traces: exitexchange cookie
    9:09 PM: Quarantining All Traces: fastclick cookie
    9:09 PM: Quarantining All Traces: fortunecity cookie
    9:09 PM: Quarantining All Traces: gamespy cookie
    9:09 PM: Quarantining All Traces: go.com cookie
    9:09 PM: Quarantining All Traces: goclick cookie
    9:09 PM: Quarantining All Traces: gostats cookie
    9:09 PM: Quarantining All Traces: hbmediapro cookie
    9:09 PM: Quarantining All Traces: herfirstanalsex cookie
    9:09 PM: Quarantining All Traces: homestore cookie
    9:09 PM: Quarantining All Traces: humanclick cookie
    9:09 PM: Quarantining All Traces: ic-live cookie
    9:09 PM: Quarantining All Traces: infospace cookie
    9:09 PM: Quarantining All Traces: maxserving cookie
    9:09 PM: Quarantining All Traces: netster cookie
    9:09 PM: Quarantining All Traces: nextag cookie
    9:09 PM: Quarantining All Traces: overture cookie
    9:09 PM: Quarantining All Traces: partypoker cookie
    9:09 PM: Quarantining All Traces: pointroll cookie
    9:09 PM: Quarantining All Traces: pricegrabber cookie
    9:09 PM: Quarantining All Traces: primaryads cookie
    9:09 PM: Quarantining All Traces: questionmarket cookie
    9:09 PM: Quarantining All Traces: realmedia cookie
    9:09 PM: Quarantining All Traces: rednova cookie
    9:09 PM: Quarantining All Traces: reliablestats cookie
    9:09 PM: Quarantining All Traces: reunion cookie
    9:09 PM: Quarantining All Traces: screensavers.com cookie
    9:09 PM: Quarantining All Traces: serving-sys cookie
    9:09 PM: Quarantining All Traces: servlet cookie
    9:09 PM: Quarantining All Traces: starware.com cookie
    9:09 PM: Quarantining All Traces: statcounter cookie
    9:09 PM: Quarantining All Traces: tickle cookie
    9:09 PM: Quarantining All Traces: tracking cookie
    9:09 PM: Quarantining All Traces: tribalfusion cookie
    9:09 PM: Quarantining All Traces: tripod cookie
    9:09 PM: Quarantining All Traces: webpower cookie
    9:09 PM: Quarantining All Traces: websponsors cookie
    9:09 PM: Quarantining All Traces: webtrendslive cookie
    9:09 PM: Quarantining All Traces: yieldmanager cookie
    9:09 PM: Quarantining All Traces: zedo cookie
    9:10 PM: Removal process completed. Elapsed time 00:01:26
    ********
    8:49 PM: | Start of Session, Friday, January 20, 2006 |
    8:49 PM: Spy Sweeper started
    8:50 PM: Your spyware definitions have been updated.
    8:51 PM: | End of Session, Friday, January 20, 2006 |
     
  4. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Now post a new Hijack This log.
     
  5. ksk2175

    ksk2175 Thread Starter

    Joined:
    Oct 18, 2004
    Messages:
    86
    Logfile of HijackThis v1.99.1
    Scan saved at 9:33:44 PM, on 1/20/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    C:\WINDOWS\zHotkey.exe
    C:\Program Files\Digital Media Reader\shwiconem.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\ALCWZRD.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\BigFix\BigFix.exe
    C:\Program Files\FinePixViewer\QuickDCF.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
    O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [GVy6] C:\WINDOWS\nelrl.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
    O4 - Global Startup: Exif Launcher.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: officejet 6100.lnk = ?
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://us-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
     
  6. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Download KillBox here: http://www.downloads.subratam.org/KillBox.exe
    Save it to your desktop.
    DO NOT run it yet.

    Rescan with Hijack This.
    Close all browser windows except Hijack This.
    Put a check mark beside these entries and click "Fix Checked".

    R3 - Default URLSearchHook is missing

    O4 - HKLM\..\Run: [GVy6] C:\WINDOWS\nelrl.exe


    Boot into Safe Mode.

    * Double-click on Killbox.exe to run it.

    Put a tick by Standard File Kill.
    In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time:

    C:\WINDOWS\nelrl.exe

    Click on the button that has the red circle with the X in the middle after you enter each file.
    It will ask for confirmation to delete the file.
    Click Yes.
    Continue with that procedure until you have pasted all of these in the "Paste Full Path of File to Delete" box.
    Killbox may tell you that one or more files do not exist.
    If that happens, just continue on with all the files. Be sure you don't miss any.
    Next in Killbox go to Tools > Delete Temp Files
    In the window that pops up, put a check by ALL the options there except these three:
    XP Prefetch
    Recent
    History

    Now click the Delete Selected Temp Files button.
    Exit the Killbox.

    Finally go to Control Panel > Internet Options.
    On the General tab under "Temporary Internet Files" Click "Delete Files".
    Put a check by "Delete Offline Content" and click OK.
    Click on the Programs tab then click the "Reset Web Settings" button.
    Click Apply then OK.

    Empty the Recycle Bin.

    Reboot, post a new log.
     
  7. ksk2175

    ksk2175 Thread Starter

    Joined:
    Oct 18, 2004
    Messages:
    86
    Logfile of HijackThis v1.99.1
    Scan saved at 10:11:04 PM, on 1/20/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    C:\WINDOWS\zHotkey.exe
    C:\Program Files\Digital Media Reader\shwiconem.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\ALCWZRD.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\BigFix\BigFix.exe
    C:\Program Files\FinePixViewer\QuickDCF.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
    O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
    O4 - Global Startup: Exif Launcher.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: officejet 6100.lnk = ?
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://us-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
     
  8. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    How are things now?
     
  9. ksk2175

    ksk2175 Thread Starter

    Joined:
    Oct 18, 2004
    Messages:
    86
    Thanks Chees, things look great, I will mark it as solved!!!
     
  10. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Great :)

    Also...Turn off System Restore:

    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    Check Turn off System Restore.
    Click Apply, and then click OK.

    Restart your computer.

    Turn System Restore back on and create a restore point.

    To create a restore point:

    Single-click Start and point to All Programs.
    Mouse over Accessories, then System Tools, and select System Restore.
    In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.
    Type a description for your new restore point. Something like "After trojan/spyware cleanup". Click Create and you're done.
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/435816

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice