Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

unable to get rid of spyware


  • This topic is locked This topic is locked
1 reply to this topic

#1 donnar

donnar

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Local time:11:45 PM

Posted 11 March 2005 - 03:43 PM

Have run AdAware, SpyBot, McAfee Antispyware, several antivitrus scans with Norton, TrendMicro, etc. Here is my HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 2:57:43 PM, on 3/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\System32\gah95on6.exe
O4 - HKLM\..\Run: [_AntiSpyware] C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
O4 - HKLM\..\Run: [Nic] C:\WINDOWS\System32\Col.exe
O4 - HKLM\..\Run: [Ahb] C:\WINDOWS\Dum.exe
O4 - HKLM\..\Run: [Ovc] C:\WINDOWS\System32\Iem.exe
O4 - HKLM\..\Run: [Ifv] C:\WINDOWS\System32\Qpb.exe
O4 - HKLM\..\Run: [Imm] C:\WINDOWS\Iqc.exe
O4 - HKLM\..\Run: [Flv] C:\WINDOWS\System32\Eah.exe
O4 - HKLM\..\Run: [Otc] C:\WINDOWS\Rkk.exe
O4 - HKLM\..\Run: [Ule] C:\WINDOWS\System32\Mkk.exe
O4 - HKLM\..\Run: [Hei] C:\WINDOWS\Jdo.exe
O4 - HKLM\..\Run: [Qsl] C:\WINDOWS\System32\Qlh.exe
O4 - HKLM\..\Run: [Cnu] C:\WINDOWS\System32\Knm.exe
O4 - HKLM\..\Run: [Lhg] C:\WINDOWS\System32\Qtj.exe
O4 - HKLM\..\Run: [Dct] C:\WINDOWS\System32\Uhi.exe
O4 - HKLM\..\Run: [Ggp] C:\WINDOWS\System32\Pkc.exe
O4 - HKLM\..\Run: [Lun] C:\WINDOWS\Bsh.exe
O4 - HKLM\..\Run: [Kmu] C:\WINDOWS\Asq.exe
O4 - HKLM\..\Run: [Jvs] C:\WINDOWS\System32\Jus.exe
O4 - HKLM\..\Run: [Jtr] C:\WINDOWS\Dmc.exe
O4 - HKLM\..\Run: [Fmd] C:\WINDOWS\System32\Bgg.exe
O4 - HKLM\..\Run: [Dav] C:\WINDOWS\System32\Iaf.exe
O4 - HKLM\..\Run: [Kcl] C:\WINDOWS\Krh.exe
O4 - HKLM\..\Run: [Jcf] C:\WINDOWS\Tia.exe
O4 - HKLM\..\Run: [Qce] C:\WINDOWS\Gcd.exe
O4 - HKLM\..\Run: [Pmb] C:\WINDOWS\System32\Opd.exe
O4 - HKLM\..\Run: [Gtl] C:\WINDOWS\Jaf.exe
O4 - HKLM\..\Run: [Dmf] C:\WINDOWS\System32\Pov.exe
O4 - HKLM\..\Run: [Sbd] C:\WINDOWS\Nhg.exe
O4 - HKLM\..\Run: [Cps] C:\WINDOWS\Bvs.exe
O4 - HKLM\..\Run: [Ctc] C:\WINDOWS\Htg.exe
O4 - HKLM\..\Run: [Uqg] C:\WINDOWS\Cdr.exe
O4 - HKLM\..\Run: [Rnj] C:\WINDOWS\System32\Vvp.exe
O4 - HKLM\..\Run: [Psk] C:\WINDOWS\System32\Abf.exe
O4 - HKLM\..\Run: [Csa] C:\WINDOWS\System32\Hmo.exe
O4 - HKLM\..\Run: [Ghb] C:\WINDOWS\System32\Vik.exe
O4 - HKLM\..\Run: [Ifd] C:\WINDOWS\Fdq.exe
O4 - HKLM\..\Run: [Nvv] C:\WINDOWS\Nrc.exe
O4 - HKLM\..\Run: [Krl] C:\WINDOWS\Ave.exe
O4 - HKLM\..\Run: [Tch] C:\WINDOWS\Aoi.exe
O4 - HKLM\..\Run: [Vfu] C:\WINDOWS\Ndr.exe
O4 - HKLM\..\Run: [Iof] C:\WINDOWS\System32\Tai.exe
O4 - HKLM\..\Run: [Lmv] C:\WINDOWS\System32\Hjp.exe
O4 - HKLM\..\Run: [Aeq] C:\WINDOWS\Nrr.exe
O4 - HKLM\..\Run: [Guf] C:\WINDOWS\Chi.exe
O4 - HKLM\..\Run: [Tlt] C:\WINDOWS\System32\Obf.exe
O4 - HKLM\..\Run: [Cqb] C:\WINDOWS\Kll.exe
O4 - HKLM\..\Run: [Mqk] C:\WINDOWS\System32\Dkv.exe
O4 - HKLM\..\Run: [Odu] C:\WINDOWS\Nmq.exe
O4 - HKLM\..\Run: [Itg] C:\WINDOWS\System32\Rmg.exe
O4 - HKLM\..\Run: [Gms] C:\WINDOWS\System32\Vid.exe
O4 - HKLM\..\Run: [Nnq] C:\WINDOWS\Kfo.exe
O4 - HKLM\..\Run: [Kij] C:\WINDOWS\Bob.exe
O4 - HKLM\..\Run: [Hmp] C:\WINDOWS\System32\Mln.exe
O4 - HKLM\..\Run: [Ddc] C:\WINDOWS\System32\Vur.exe
O4 - HKLM\..\Run: [Dkq] C:\WINDOWS\Rli.exe
O4 - HKLM\..\Run: [Dfv] C:\WINDOWS\Krj.exe
O4 - HKLM\..\Run: [Okt] C:\WINDOWS\Rkl.exe
O4 - HKLM\..\Run: [Ceb] C:\WINDOWS\System32\Ovo.exe
O4 - HKLM\..\Run: [Pjq] C:\WINDOWS\System32\Jbs.exe
O4 - HKLM\..\Run: [Cmj] C:\WINDOWS\System32\Iuk.exe
O4 - HKLM\..\Run: [Tvt] C:\WINDOWS\Bnn.exe
O4 - HKLM\..\Run: [Dga] C:\WINDOWS\Utd.exe
O4 - HKLM\..\Run: [Gjf] C:\WINDOWS\Rqf.exe
O4 - HKLM\..\Run: [Rrj] C:\WINDOWS\System32\Ljh.exe
O4 - HKLM\..\Run: [Vdt] C:\WINDOWS\Fia.exe
O4 - HKLM\..\Run: [Etp] C:\WINDOWS\Rcn.exe
O4 - HKLM\..\Run: [Jmb] C:\WINDOWS\System32\Slh.exe
O4 - HKLM\..\Run: [Frv] C:\WINDOWS\System32\Cgr.exe
O4 - HKLM\..\Run: [Nen] C:\WINDOWS\Mdv.exe
O4 - HKLM\..\Run: [Krk] C:\WINDOWS\Tmf.exe
O4 - HKLM\..\Run: [Ofl] C:\WINDOWS\System32\Gvs.exe
O4 - HKLM\..\Run: [Qff] C:\WINDOWS\System32\Gjq.exe
O4 - HKLM\..\Run: [Mmp] C:\WINDOWS\System32\Tjb.exe
O4 - HKLM\..\Run: [Eap] C:\WINDOWS\System32\Nvk.exe
O4 - HKLM\..\Run: [Qsh] C:\WINDOWS\System32\Dft.exe
O4 - HKLM\..\Run: [Klo] C:\WINDOWS\System32\Sqb.exe
O4 - HKLM\..\Run: [Sla] C:\WINDOWS\System32\Dpa.exe
O4 - HKLM\..\Run: [Dob] C:\WINDOWS\System32\Los.exe
O4 - HKLM\..\Run: [Snu] C:\WINDOWS\System32\Shl.exe
O4 - HKLM\..\Run: [Phi] C:\WINDOWS\Kar.exe
O4 - HKLM\..\Run: [Kmq] C:\WINDOWS\System32\Utl.exe
O4 - HKLM\..\Run: [Isn] C:\WINDOWS\System32\Jdi.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Exif Launcher.lnk = ?
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...s/yinst0401.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cab
O21 - SSODL: MSMserv - {5084569D-83DC-4871-888C-E5820227B8B5} - C:\WINDOWS\System32\schapapi.dll
O21 - SSODL: NTWSMON - {B0EE26E7-7924-4175-A667-1B2D9356AF0D} - C:\WINDOWS\System32\msidctl.dll
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Thanks for any help.

BC AdBot (Login to Remove)

 


m

#2 Daisuke

Daisuke

    Cleaner on Duty


  • Members
  • 5,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania
  • Local time:10:45 PM

Posted 12 March 2005 - 08:52 AM

Duplicate

http://www.bleepingcomputer.com/forums/ind...topic=13178&hl=

Topic closed.
Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users