Member Avatar for spiffymallethea

okay, sorry for the lack of knowledge when it comes to this, but i'm wanting to learn more about my computer (since it always seems to have something wrong with it.)

i recently did a scan on my computer using the panda active scan, and 200 infected items showed up. :eek: i saved the log and am now trying to figure out what is what, if it's important and how important, what to do to get rid of it and all that fun stuff.

is there a site that i can go to that explains this stuff? kind of like a dictionary for computers? also, is there any programs that ya'll could recommend?

i have ad-aware, uwclean, hijackthis, cwshredder, spysubtract, smartpopblocker and microsoft antispyware, but most of them don't seem to be helping much. :confused:

thanks for any help. =)

  • 3 Contributors
  • 8 Replies
  • 300 Views
  • 4 Days Discussion Span
  • Latest Post Latest Post by crunchie

Recommended Answers

All 8 Replies

Member Avatar for dlh6213

Hi spiffymallethea, welcome to DaniWeb :D

I don't see Spybot or SpywareBlaster in your list; you should have those.

Google is your best bet for researching stuff... better then a dictionary! :)

If you like, you can post your HijackThis log here and we can have a look at it.

Member Avatar for spiffymallethea

thanks for the welcome, dlh. =) and thanks for the offer to help :)

since the last post, my computer has somehow managed to get even more screwed. :-|

anyway, here's my hijackthis log and i figured i'd go ahead and post the log from the panda scan i did.

thanks again for the help. =)


Logfile of HijackThis v1.97.7
Scan saved at 8:59:01 PM, on 5/28/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SmartPopupBlocker\SmartPopupBlockerTray.exe
C:\Program Files\Soulseek\slsk.exe
C:\Documents and Settings\Sillius Dolcus\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HTTP://YAHOO.SBC.COM/DIAL
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dial
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydial/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydial/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dial
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydial/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydial/*http://www.yahoo.com
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0D929918-C804-4756-B0AC-640EF3F061E9} - C:\Program Files\SmartPopupBlocker\PopupBlockerBHO.dll
O2 - BHO: (no name) - {A78860C8-EE1A-46DF-A97F-E3E6D433E80B} - C:\WINDOWS\system32\tpgw.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [SBC Yahoo! Connection Manager] C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe -Show
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [Uninstall_WinTools] C:\WINDOWS\Temp\WTuninst.exe /remove
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe ] SBC Yahoo! Connection Manager
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [vtjgex] C:\WINDOWS\System32\vtjgex.exe
O4 - HKLM\..\Run: [nihnn] C:\WINDOWS\System32\nihnn.exe
O4 - HKLM\..\Run: [svpbfio] C:\WINDOWS\System32\svpbfio.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [nulc] C:\WINDOWS\System32\nulc.exe
O4 - HKLM\..\Run: [jnvoih] C:\WINDOWS\System32\jnvoih.exe
O4 - HKLM\..\Run: [gldcdvv] C:\WINDOWS\System32\gldcdvv.exe
O4 - HKLM\..\Run: [mfqff] C:\WINDOWS\System32\mfqff.exe
O4 - HKLM\..\Run: [gzz] C:\WINDOWS\System32\gzz.exe
O4 - HKLM\..\Run: [hti] C:\WINDOWS\System32\hti.exe
O4 - HKLM\..\Run: [inpu] C:\WINDOWS\System32\inpu.exe
O4 - HKLM\..\Run: [mcqe] C:\WINDOWS\System32\mcqe.exe
O4 - HKLM\..\Run: [moog] C:\WINDOWS\System32\moog.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [xyiezxn] C:\WINDOWS\System32\xyiezxn.exe
O4 - HKLM\..\Run: [uguzmfg] C:\WINDOWS\System32\uguzmfg.exe
O4 - HKLM\..\Run: [xnhkpys] C:\WINDOWS\System32\xnhkpys.exe
O4 - HKLM\..\Run: [gbaz] C:\WINDOWS\System32\gbaz.exe
O4 - HKLM\..\Run: [alvtt] C:\WINDOWS\System32\alvtt.exe
O4 - HKLM\..\Run: [kpnz] C:\WINDOWS\System32\kpnz.exe
O4 - HKLM\..\Run: [wilrqt] C:\WINDOWS\System32\wilrqt.exe
O4 - HKLM\..\Run: [bgpb] C:\WINDOWS\System32\bgpb.exe
O4 - HKLM\..\Run: [oezg] C:\WINDOWS\System32\oezg.exe
O4 - HKLM\..\Run: [ixtfibe] C:\WINDOWS\System32\ixtfibe.exe
O4 - HKLM\..\Run: [tempx] C:\WINDOWS\System32\tempx.exe
O4 - HKLM\..\Run: [yxucoq] C:\WINDOWS\System32\yxucoq.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\RunOnce: [8906u2.exe] C:\WINDOWS\System32\8906u2.exe /k
O4 - HKCU\..\RunOnce: [8906u2.exe] C:\WINDOWS\System32\8906u2.exe /k
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Yahoo! Login (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://download.yahoo.com/dl/installs/ymail/ymmapi.dll
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://download.yahoo.com/dl/installs/yab_af.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB0EC981-1A24-432C-8E38-F0AB5E8501DF}: NameServer = 151.164.1.8 206.13.28.12

panda active scan results:


Incident Status Location

Adware:Adware/Neededware No disinfected C:\WINDOWS\System32\tempxndw30103lib.dll
Adware:Adware/Adtomi No disinfected C:\WINDOWS\system32\tpgw.dll
Adware:Adware/Ndware No disinfected C:\WINDOWS\System32\vtjgex.exe
Adware:Adware/Ndware No disinfected C:\WINDOWS\System32\nihnn.exe
Adware:Adware/Ndware No disinfected C:\WINDOWS\System32\svpbfio.exe
Adware:Adware/Ndware No disinfected C:\WINDOWS\System32\nulc.exe
Adware:Adware/Ndware No disinfected C:\WINDOWS\System32\jnvoih.exe
Adware:Adware/Ndware No disinfected C:\WINDOWS\System32\gldcdvv.exe
Adware:Adware/Ndware No disinfected C:\WINDOWS\System32\mfqff.exe
Adware:Adware/Ndware No disinfected C:\WINDOWS\System32\gzz.exe
Adware:Adware/Ndware No disinfected C:\WINDOWS\System32\hti.exe
Adware:Adware/Ndware No disinfected C:\WINDOWS\System32\inpu.exe
Adware:Adware/Ndware No disinfected C:\WINDOWS\System32\mcqe.exe
Adware:Adware/Ndware No disinfected C:\WINDOWS\System32\moog.exe
Adware:Adware/Ndware No disinfected C:\WINDOWS\System32\xyiezxn.exe
Adware:Adware/Ndware No disinfected C:\WINDOWS\System32\uguzmfg.exe
Adware:Adware/Ndware No disinfected C:\WINDOWS\System32\xnhkpys.exe
Adware:Adware/Ndware No disinfected C:\WINDOWS\System32\gbaz.exe
Adware:Adware/Ndware No disinfected C:\WINDOWS\System32\alvtt.exe
Adware:Adware/Ndware No disinfected C:\WINDOWS\System32\kpnz.exe
Adware:Adware/Ndware No disinfected C:\WINDOWS\System32\wilrqt.exe
Adware:Adware/Ndware No disinfected C:\WINDOWS\System32\bgpb.exe
Adware:Adware/Neededware No disinfected C:\WINDOWS\System32\oezg.exe
Adware:Adware/Ndware No disinfected C:\WINDOWS\System32\ixtfibe.exe
Adware:Adware/Neededware No disinfected C:\WINDOWS\System32\tempx.exe
Adware:Adware/Ndware No disinfected C:\WINDOWS\System32\yxucoq.exe
Adware:Adware/Adtomi No disinfected C:\WINDOWS\System32\8906u2.exe
Adware:Adware/MyWay No disinfected C:\Program Files\MySearch
Adware:Adware/nCase No disinfected C:\WINDOWS\System32\FLEOK
Adware:Adware/PortalScan No disinfected C:\WINDOWS\System32\winupdt.008
Adware:Adware/WinTools No disinfected Windows Registry
Adware:Adware/Twain-Tech No disinfected C:\DOCUME~1\SILLIU~1\LOCALS~1\Temp\THI*.tmp
Adware:Adware/WUpd No disinfected Windows Registry
Spyware:Spyware/SurfSideKick No disinfected C:\Program Files\SurfSideKick*
Adware:Adware/SearchTheWeb No disinfected Windows Registry
Adware:Adware/Adtomi No disinfected C:\Documents and Settings\John Kanady\Local Settings\Temp\0czg4.sys
Adware:Adware/Adtomi No disinfected C:\Documents and Settings\John Kanady\Local Settings\Temp\e1xg8f.sys
Adware:Adware/Adtomi No disinfected C:\Documents and Settings\John Kanady\Local Settings\Temp\z9092x9.sys
Spyware:Spyware/BetterInet No disinfected C:\Documents and Settings\Sillius Dolcus\Application Data\Business Logic\UWC\Backup\J38430.8923502315.WCU[thnall1p.exe]
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Sillius Dolcus\Application Data\Business Logic\UWC\Backup\J38430.8923502315.WCU[suicidetb.exe]
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\Sillius Dolcus\Application Data\Business Logic\UWC\Backup\J38430.8923502315.WCU[farmmext.cab][farmmext.inf]
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\Sillius Dolcus\Application Data\Business Logic\UWC\Backup\J38430.8923502315.WCU[farmmext.cab][farmmext.exe]
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\Sillius Dolcus\Application Data\Business Logic\UWC\Backup\J38430.8923502315.WCU[farmmext.cab][farmmext.ini]
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\Sillius Dolcus\Application Data\Business Logic\UWC\Backup\J38430.8923502315.WCU[farmmext.exe]
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\Sillius Dolcus\Application Data\Business Logic\UWC\Backup\J38430.8923502315.WCU[farmmext.inf]
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\Sillius Dolcus\Application Data\Business Logic\UWC\Backup\J38430.8923502315.WCU[farmmext.ini]
Adware:Adware/Transponder No disinfected C:\Documents and Settings\Sillius Dolcus\Application Data\Business Logic\UWC\Backup\J38430.8923502315.WCU[pynix.cab]
Adware:Adware/Transponder No disinfected C:\Documents and Settings\Sillius Dolcus\Application Data\Business Logic\UWC\Backup\J38430.8923502315.WCU[pynix.cab][Pynix.inf]
Adware:Adware/Transponder No disinfected C:\Documents and Settings\Sillius Dolcus\Application Data\Business Logic\UWC\Backup\J38430.8923502315.WCU[pynix.cab][Pynix.dll]
Adware:Adware/Transponder No disinfected C:\Documents and Settings\Sillius Dolcus\Application Data\Business Logic\UWC\Backup\J38430.8923502315.WCU[pynix.cab][spike.exe]
Adware:Adware/Transponder No disinfected C:\Documents and Settings\Sillius Dolcus\Application Data\Business Logic\UWC\Backup\J38430.8923502315.WCU[Pynix.dll]
Adware:Adware/Transponder No disinfected C:\Documents and Settings\Sillius Dolcus\Application Data\Business Logic\UWC\Backup\J38430.8923502315.WCU[Pynix.inf]
Adware:Adware/Transponder No disinfected C:\Documents and Settings\Sillius Dolcus\Application Data\Business Logic\UWC\Backup\J38430.8923502315.WCU[dlmax.cab]
Adware:Adware/Transponder No disinfected C:\Documents and Settings\Sillius Dolcus\Application Data\Business Logic\UWC\Backup\J38430.8923502315.WCU[dlmax.cab][dlmax.inf]
Adware:Adware/Transponder No disinfected C:\Documents and Settings\Sillius Dolcus\Application Data\Business Logic\UWC\Backup\J38430.8923502315.WCU[dlmax.cab][dlmax.dll]
Adware:Adware/Transponder No disinfected C:\Documents and Settings\Sillius Dolcus\Application Data\Business Logic\UWC\Backup\J38430.8923502315.WCU[dlmax.cab][spike.exe]
Adware:Adware/Transponder No disinfected C:\Documents and Settings\Sillius Dolcus\Application Data\Business Logic\UWC\Backup\J38430.8923502315.WCU[dlmax.dll]
Adware:Adware/Transponder No disinfected C:\Documents and Settings\Sillius Dolcus\Application Data\Business Logic\UWC\Backup\J38430.8923502315.WCU[dlmax.inf]
Adware:Adware/Transponder No disinfected C:\Documents and Settings\Sillius Dolcus\Application Data\Business Logic\UWC\Backup\J38430.8923502315.WCU[dlmax.cab]
Adware:Adware/Transponder No disinfected C:\Documents and Settings\Sillius Dolcus\Application Data\Business Logic\UWC\Backup\J38430.8923502315.WCU[dlmax.cab][dlmax.inf]
Adware:Adware/Transponder No disinfected C:\Documents and Settings\Sillius Dolcus\Application Data\Business Logic\UWC\Backup\J38430.8923502315.WCU[dlmax.cab][dlmax.dll]
Adware:Adware/Transponder No disinfected C:\Documents and Settings\Sillius Dolcus\Application Data\Business Logic\UWC\Backup\J38430.8923502315.WCU[dlmax.cab][spike.exe]
Adware:Adware/Transponder No disinfected C:\Documents and Settings\Sillius Dolcus\Application Data\Business Logic\UWC\Backup\J38430.8923502315.WCU[dlmax.dll]
Adware:Adware/Transponder No disinfected C:\Documents and Settings\Sillius Dolcus\Application Data\Business Logic\UWC\Backup\J38430.8923502315.WCU[dlmax.inf]
Adware:Adware/AlwaysupdatednewsNo disinfected C:\Documents and Settings\Sillius Dolcus\Application Data\Business Logic\UWC\Backup\J38430.8923502315.WCU[toc_0011.exe]
Adware:Adware/AlwaysupdatednewsNo disinfected C:\Documents and Settings\Sillius Dolcus\Application Data\Business Logic\UWC\Backup\J38430.8923502315.WCU[toc_0032.exe]
Adware:Adware/WinTools No disinfected C:\Documents and Settings\Sillius Dolcus\Application Data\Business Logic\UWC\Backup\J38430.8923502315.WCU[Toolbar3.cab][IExploreSkins.exe]
Adware:Adware/AlwaysupdatednewsNo disinfected C:\Documents and Settings\Sillius Dolcus\Application Data\Business Logic\UWC\Backup\J38430.8923502315.WCU[wmplayer.exe.tmp]
Adware:Adware/PurityScan No disinfected C:\Documents and Settings\Sillius Dolcus\Application Data\Business Logic\UWC\Backup\J38430.9404179051.WCU[!update.exe]
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Sillius Dolcus\Application Data\Business Logic\UWC\Backup\J38430.9404179051.WCU[1618078.dll]
Adware:Adware/TopRebates No disinfected C:\Documents and Settings\Sillius Dolcus\Application Data\Business Logic\UWC\Backup\J38430.9404179051.WCU[djtopr1150.exe]
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\Sillius Dolcus\Application Data\Business Logic\UWC\Backup\J38430.9404179051.WCU[dnyyzil.tmp]
Spyware:Spyware/BetterInet No disinfected C:\Documents and Settings\Sillius Dolcus\Application Data\Business Logic\UWC\Backup\J38430.9404179051.WCU[thnall1p.exe]
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\Sillius Dolcus\Application Data\Business Logic\UWC\Backup\J38430.9404179051.WCU[GLF27GLF27.EXE]
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Sillius Dolcus\Application Data\Business Logic\UWC\Backup\J38430.9404179051.WCU[suicidetb.exe]
Adware:Adware/Transponder No disinfected C:\Documents and Settings\Sillius Dolcus\Application Data\Business Logic\UWC\Backup\J38430.9404179051.WCU[dlmax.cab]
Adware:Adware/Transponder No disinfected C:\Documents and Settings\Sillius Dolcus\Application Data\Business Logic\UWC\Backup\J38430.9404179051.WCU[dlmax.cab][dlmax.inf]
Adware:Adware/Transponder No disinfected C:\Documents and Settings\Sillius Dolcus\Application Data\Business Logic\UWC\Backup\J38430.9404179051.WCU[dlmax.cab][dlmax.dll]
Adware:Adware/Transponder No disinfected C:\Documents and Settings\Sillius Dolcus\Application Data\Business Logic\UWC\Backup\J38430.9404179051.WCU[dlmax.cab][spike.exe]
Adware:Adware/Transponder No disinfected C:\Documents and Settings\Sillius Dolcus\Application Data\Business Logic\UWC\Backup\J38430.9404179051.WCU[dlmax.dll]
Adware:Adware/Transponder No disinfected C:\Documents and Settings\Sillius Dolcus\Application Data\Business Logic\UWC\Backup\J38430.9404179051.WCU[dlmax.inf]
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\Sillius Dolcus\Application Data\Business Logic\UWC\Backup\J38430.9404179051.WCU[farmmext.cab][farmmext.inf]
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\Sillius Dolcus\Application Data\Business Logic\UWC\Backup\J38430.9404179051.WCU[farmmext.cab][farmmext.exe]
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\Sillius Dolcus\Application Data\Business Logic\UWC\Backup\J38430.9404179051.WCU[farmmext.cab][farmmext.ini]
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\Sillius Dolcus\Application Data\Business Logic\UWC\Backup\J38430.9404179051.WCU[farmmext.exe]
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\Sillius Dolcus\Application Data\Business Logic\UWC\Backup\J38430.9404179051.WCU[farmmext.inf]
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\Sillius Dolcus\Application Data\Business Logic\UWC\Backup\J38430.9404179051.WCU[farmmext.ini]
Adware:Adware/Transponder No disinfected C:\Documents and Settings\Sillius Dolcus\Application Data\Business Logic\UWC\Backup\J38430.9404179051.WCU[dlmax.cab]
Adware:Adware/Transponder No disinfected C:\Documents and Settings\Sillius Dolcus\Application Data\Business Logic\UWC\Backup\J38430.9404179051.WCU[dlmax.cab][dlmax.inf]
Adware:Adware/Transponder No disinfected C:\Documents and Settings\Sillius Dolcus\Application Data\Business Logic\UWC\Backup\J38430.9404179051.WCU[dlmax.cab][dlmax.dll]
Adware:Adware/Transponder No disinfected C:\Documents and Settings\Sillius Dolcus\Application Data\Business Logic\UWC\Backup\J38430.9404179051.WCU[dlmax.cab][spike.exe]
Adware:Adware/Transponder No disinfected C:\Documents and Settings\Sillius Dolcus\Application Data\Business Logic\UWC\Backup\J38430.9404179051.WCU[dlmax.dll]
Adware:Adware/Transponder No disinfected C:\Documents and Settings\Sillius Dolcus\Application Data\Business Logic\UWC\Backup\J38430.9404179051.WCU[dlmax.inf]
Adware:Adware/Transponder No disinfected C:\Documents and Settings\Sillius Dolcus\Application Data\Business Logic\UWC\Backup\J38430.9404179051.WCU[dlmax.cab]
Adware:Adware/Transponder No disinfected C:\Documents and Settings\Sillius Dolcus\Application Data\Business Logic\UWC\Backup\J38430.9404179051.WCU[dlmax.cab][dlmax.inf]
Adware:Adware/Transponder No disinfected C:\Documents and Settings\Sillius Dolcus\Application Data\Business Logic\UWC\Backup\J38430.9404179051.WCU[dlmax.cab][dlmax.dll]
Adware:Adware/Transponder No disinfected C:\Documents and Settings\Sillius Dolcus\Application Data\Business Logic\UWC\Backup\J38430.9404179051.WCU[dlmax.cab][spike.exe]
Adware:Adware/Transponder No disinfected C:\Documents and Settings\Sillius Dolcus\Application Data\Business Logic\UWC\Backup\J38430.9404179051.WCU[dlmax.dll]
Adware:Adware/Transponder No disinfected C:\Documents and Settings\Sillius Dolcus\Application Data\Business Logic\UWC\Backup\J38430.9404179051.WCU[dlmax.inf]
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\Sillius Dolcus\Application Data\Business Logic\UWC\Backup\J38430.9404179051.WCU[tsinstall_4_0_3_8_b17.exe]
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Sillius Dolcus\Application Data\Business Logic\UWC\Backup\J38430.9404179051.WCU[uninstall.exe]
Adware:Adware/MyWebSearch No disinfected C:\Documents and Settings\Sillius Dolcus\Application Data\Business Logic\UWC\Backup\J38430.9404179051.WCU[WTuninst.exe]
Adware:Adware/AlwaysupdatednewsNo disinfected C:\Documents and Settings\Sillius Dolcus\Application Data\Business Logic\UWC\Backup\J38430.9755636343.WCU[toc_0029.exe]
Adware:Adware/AlwaysupdatednewsNo disinfected C:\Documents and Settings\Sillius Dolcus\Application Data\Business Logic\UWC\Backup\J38430.9755636343.WCU[wmplayer.exe.tmp]
Adware:Adware/AlwaysupdatednewsNo disinfected C:\Documents and Settings\Sillius Dolcus\Application Data\Business Logic\UWC\Backup\J38431.1226350116.WCU[toc_0032.exe]
Adware:Adware/AlwaysupdatednewsNo disinfected C:\Documents and Settings\Sillius Dolcus\Application Data\Business Logic\UWC\Backup\J38431.1226350116.WCU[wmplayer.exe.tmp]
Spyware:Spyware/SurfSideKick No disinfected C:\Documents and Settings\Sillius Dolcus\Application Data\Sskknwrd.dll
Spyware:Spyware/SurfSideKick No disinfected C:\Documents and Settings\Sillius Dolcus\Application Data\Sskuknwrd.dll
Adware:Adware/Adtomi No disinfected C:\Documents and Settings\Sillius Dolcus\Local Settings\Temp\e1xg8f.sys
Adware:Adware/Adtomi No disinfected C:\Documents and Settings\Sillius Dolcus\Local Settings\Temp\hmz.sys
Spyware:Spyware/SurfSideKick No disinfected C:\Documents and Settings\Sillius Dolcus\Local Settings\Temporary Internet Files\Ssk.log
Adware:Adware/nCase No disinfected C:\WINDOWS\Downloaded Program Files\ClientAX.dll
Adware:Adware/Zango No disinfected C:\WINDOWS\Downloaded Program Files\ClientAX.inf
Adware:Adware/Adtomi No disinfected C:\WINDOWS\e1xg8f.sys
Adware:Adware/Adtomi No disinfected C:\WINDOWS\system32\00ruy6.dll
Adware:Adware/Adtomi No disinfected C:\WINDOWS\system32\8906u2.exe
Adware:Adware/Ndware No disinfected C:\WINDOWS\system32\afjpqd.exe
Adware:Adware/Ndware No disinfected C:\WINDOWS\system32\alvtt.exe
Adware:Adware/Neededware No disinfected C:\WINDOWS\system32\alvttndw301lib.dll
Adware:Adware/Ndware No disinfected C:\WINDOWS\system32\bgpb.exe
Adware:Adware/Ndware No disinfected C:\WINDOWS\system32\bjtzzw.exe
Adware:Adware/Neededware No disinfected C:\WINDOWS\system32\bjtzzwndw30102lib.dll
Adware:Adware/Ndware No disinfected C:\WINDOWS\system32\bvvwe.exe
Adware:Adware/Neededware No disinfected C:\WINDOWS\system32\bvvwendw301lib.dll
Adware:Adware/nCase No disinfected C:\WINDOWS\system32\Cache\pop.exe
Adware:Adware/ILookup No disinfected C:\WINDOWS\system32\Cache\trgen_fran-162813.exe
Adware:Adware/Ndware No disinfected C:\WINDOWS\system32\cfwo.exe
Adware:Adware/Adtomi No disinfected C:\WINDOWS\system32\e1xg8f.sys
Adware:Adware/Ndware No disinfected C:\WINDOWS\system32\exxvhex.exe
Adware:Adware/Neededware No disinfected C:\WINDOWS\system32\exxvhexndw301lib.dll
Adware:Adware/Ndware No disinfected C:\WINDOWS\system32\gbaz.exe
Adware:Adware/Ndware No disinfected C:\WINDOWS\system32\gcdzvi.exe
Adware:Adware/Neededware No disinfected C:\WINDOWS\system32\gcdzvindw301lib.dll
Adware:Adware/Ndware No disinfected C:\WINDOWS\system32\gdg.exe
Adware:Adware/Neededware No disinfected C:\WINDOWS\system32\gdgndw30102lib.dll
Adware:Adware/Ndware No disinfected C:\WINDOWS\system32\gldcdvv.exe
Adware:Adware/Neededware No disinfected C:\WINDOWS\system32\gldcdvvndw30102lib.dll
Adware:Adware/Ndware No disinfected C:\WINDOWS\system32\gzz.exe
Adware:Adware/Neededware No disinfected C:\WINDOWS\system32\gzzndw301lib.dll
Adware:Adware/Ndware No disinfected C:\WINDOWS\system32\hti.exe
Adware:Adware/Neededware No disinfected C:\WINDOWS\system32\htindw301lib.dll
Virus:W32/Sdbot.ftp Disinfected C:\WINDOWS\system32\i
Adware:Adware/Ndware No disinfected C:\WINDOWS\system32\inpu.exe
Adware:Adware/Neededware No disinfected C:\WINDOWS\system32\inpundw301lib.dll
Adware:Adware/Ndware No disinfected C:\WINDOWS\system32\ixtfibe.exe
Adware:Adware/Ndware No disinfected C:\WINDOWS\system32\izav.exe
Adware:Adware/Neededware No disinfected C:\WINDOWS\system32\izavndw301lib.dll
Adware:Adware/Ndware No disinfected C:\WINDOWS\system32\jnvoih.exe
Adware:Adware/Neededware No disinfected C:\WINDOWS\system32\jnvoihndw301lib.dll
Adware:Adware/Ndware No disinfected C:\WINDOWS\system32\kfeynp.exe
Adware:Adware/Ndware No disinfected C:\WINDOWS\system32\kpnz.exe
Adware:Adware/Neededware No disinfected C:\WINDOWS\system32\kpnzndw301lib.dll
Adware:Adware/Ndware No disinfected C:\WINDOWS\system32\krqfs.exe
Adware:Adware/Neededware No disinfected C:\WINDOWS\system32\krqfsndw30102lib.dll
Adware:Adware/Ndware No disinfected C:\WINDOWS\system32\kzpwz.exe
Adware:Adware/Neededware No disinfected C:\WINDOWS\system32\kzpwzndw301lib.dll
Adware:Adware/Ndware No disinfected C:\WINDOWS\system32\kzwh.exe
Adware:Adware/Neededware No disinfected C:\WINDOWS\system32\kzwhndw301lib.dll
Adware:Adware/Ndware No disinfected C:\WINDOWS\system32\mcqe.exe
Adware:Adware/Neededware No disinfected C:\WINDOWS\system32\mcqendw301lib.dll
Adware:Adware/Ndware No disinfected C:\WINDOWS\system32\mfqff.exe
Adware:Adware/Neededware No disinfected C:\WINDOWS\system32\mfqffndw301lib.dll
Adware:Adware/Ndware No disinfected C:\WINDOWS\system32\moog.exe
Adware:Adware/Neededware No disinfected C:\WINDOWS\system32\moogndw301lib.dll
Adware:Adware/Ndware No disinfected C:\WINDOWS\system32\naqwue.exe
Adware:Adware/Neededware No disinfected C:\WINDOWS\system32\naqwuendw301lib.dll
Adware:Adware/Ndware No disinfected C:\WINDOWS\system32\nihnn.exe
Adware:Adware/Neededware No disinfected C:\WINDOWS\system32\nihnnndw301lib.dll
Adware:Adware/Ndware No disinfected C:\WINDOWS\system32\nulc.exe
Adware:Adware/Neededware No disinfected C:\WINDOWS\system32\nulcndw301lib.dll
Adware:Adware/Ndware No disinfected C:\WINDOWS\system32\oali.exe
Adware:Adware/Neededware No disinfected C:\WINDOWS\system32\oalindw301lib.dll
Adware:Adware/Ndware No disinfected C:\WINDOWS\system32\obolh.exe
Adware:Adware/Neededware No disinfected C:\WINDOWS\system32\obolhndw301lib.dll
Adware:Adware/Neededware No disinfected C:\WINDOWS\system32\oezg.exe
Adware:Adware/Neededware No disinfected C:\WINDOWS\system32\oezgndw30103lib.dll
Adware:Adware/Ndware No disinfected C:\WINDOWS\system32\qqp.exe
Adware:Adware/Ndware No disinfected C:\WINDOWS\system32\qqwtd.exe
Adware:Adware/Neededware No disinfected C:\WINDOWS\system32\qqwtdndw301lib.dll
Adware:Adware/Ndware No disinfected C:\WINDOWS\system32\svpbfio.exe
Adware:Adware/Neededware No disinfected C:\WINDOWS\system32\svpbfiondw301lib.dll
Adware:Adware/Neededware No disinfected C:\WINDOWS\system32\tempx.exe
Adware:Adware/Neededware No disinfected C:\WINDOWS\system32\tempxndw30102lib.dll
Adware:Adware/Neededware No disinfected C:\WINDOWS\system32\tempxndw30103lib.dll
Adware:Adware/Adtomi No disinfected C:\WINDOWS\system32\tpgw.dll
Adware:Adware/Ndware No disinfected C:\WINDOWS\system32\tsjrvsb.exe
Adware:Adware/Neededware No disinfected C:\WINDOWS\system32\tsjrvsbndw301lib.dll
Adware:Adware/Ndware No disinfected C:\WINDOWS\system32\uguzmfg.exe
Adware:Adware/Neededware No disinfected C:\WINDOWS\system32\uguzmfgndw301lib.dll
Adware:Adware/Ndware No disinfected C:\WINDOWS\system32\vtjgex.exe
Adware:Adware/Neededware No disinfected C:\WINDOWS\system32\vtjgexndw301lib.dll
Adware:Adware/Ndware No disinfected C:\WINDOWS\system32\wilrqt.exe
Adware:Adware/Neededware No disinfected C:\WINDOWS\system32\wilrqtndw301lib.dll
Adware:Adware/PortalScan No disinfected C:\WINDOWS\system32\winupdt.008
Adware:Adware/Neededware No disinfected C:\WINDOWS\system32\wqciez.exe
Adware:Adware/Neededware No disinfected C:\WINDOWS\system32\wqciezndw30101lib.dll
Adware:Adware/Ndware No disinfected C:\WINDOWS\system32\xnhkpys.exe
Adware:Adware/Ndware No disinfected C:\WINDOWS\system32\xojiuy.exe
Adware:Adware/Neededware No disinfected C:\WINDOWS\system32\xojiuyndw301lib.dll
Adware:Adware/Ndware No disinfected C:\WINDOWS\system32\xyiezxn.exe
Adware:Adware/Neededware No disinfected C:\WINDOWS\system32\xyiezxnndw301lib.dll
Adware:Adware/Ndware No disinfected C:\WINDOWS\system32\yxucoq.exe
Adware:Adware/Ndware No disinfected C:\WINDOWS\system32\yyqqbbe.exe
Adware:Adware/Neededware No disinfected C:\WINDOWS\system32\yyqqbbendw301lib.dll
Adware:Adware/Adtomi No disinfected C:\WINDOWS\Temp\z9092x9.sys

Member Avatar for crunchie

You have a few things there that need removing...

-

We'll need to unload (not uninstall) Intermute's SpySubtract, since it might interfere with other program(s) we might be using to 'clean' off your system.

===============

When we're done cleaning off your system, i'd recommend that you install all the critical windows updates available from Microsoft, upto service pack 1. This will help to make your system more secure and prevent many 'problems' from reoccuring in the future.

===============

Go to www.trendmicro.com, and then:

1. Click "Free Online Scan".
2. Click "Scan now, it's free".

It'll take a few minutes to download (especially with a dialup connection), so be patient. When it's down:

1. Select all available drives.
2. Check(tick) "Auto Clean".
3. Click "Scan".

When it completes, post back the full filename of any files that cannot be cleaned or deleted.

===============

Now, let's open a command prompt by going to the start menu and then select 'Run'.

In the box that pops up type in 'cmd'. The command prompt will open.

OR

You can go to Start -> Programs -> Accessories -> Command Prompt. Unregister the dll(s) we're going to remove, by entering the following:

regsvr32 /u tpgw.dll

It's ok, if these aren't found or 'error' out. If you want, just copy and paste the individual lines to the command prompt to save typing them in.

===============

Run HiJackThis and click "Scan", then check(tick) the following, if present:


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com

R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll

O2 - BHO: (no name) - {A78860C8-EE1A-46DF-A97F-E3E6D433E80B} - C:\WINDOWS\system32\tpgw.dll

O4 - HKLM\..\Run: [vtjgex] C:\WINDOWS\System32\vtjgex.exe
O4 - HKLM\..\Run: [nihnn] C:\WINDOWS\System32\nihnn.exe
O4 - HKLM\..\Run: [svpbfio] C:\WINDOWS\System32\svpbfio.exe
O4 - HKLM\..\Run: [nulc] C:\WINDOWS\System32\nulc.exe
O4 - HKLM\..\Run: [jnvoih] C:\WINDOWS\System32\jnvoih.exe
O4 - HKLM\..\Run: [gldcdvv] C:\WINDOWS\System32\gldcdvv.exe
O4 - HKLM\..\Run: [mfqff] C:\WINDOWS\System32\mfqff.exe
O4 - HKLM\..\Run: [gzz] C:\WINDOWS\System32\gzz.exe
O4 - HKLM\..\Run: [hti] C:\WINDOWS\System32\hti.exe
O4 - HKLM\..\Run: [inpu] C:\WINDOWS\System32\inpu.exe
O4 - HKLM\..\Run: [mcqe] C:\WINDOWS\System32\mcqe.exe
O4 - HKLM\..\Run: [moog] C:\WINDOWS\System32\moog.exe
O4 - HKLM\..\Run: [xyiezxn] C:\WINDOWS\System32\xyiezxn.exe
O4 - HKLM\..\Run: [uguzmfg] C:\WINDOWS\System32\uguzmfg.exe
O4 - HKLM\..\Run: [xnhkpys] C:\WINDOWS\System32\xnhkpys.exe
O4 - HKLM\..\Run: [gbaz] C:\WINDOWS\System32\gbaz.exe
O4 - HKLM\..\Run: [alvtt] C:\WINDOWS\System32\alvtt.exe
O4 - HKLM\..\Run: [kpnz] C:\WINDOWS\System32\kpnz.exe
O4 - HKLM\..\Run: [wilrqt] C:\WINDOWS\System32\wilrqt.exe
O4 - HKLM\..\Run: [bgpb] C:\WINDOWS\System32\bgpb.exe
O4 - HKLM\..\Run: [oezg] C:\WINDOWS\System32\oezg.exe
O4 - HKLM\..\Run: [ixtfibe] C:\WINDOWS\System32\ixtfibe.exe
O4 - HKLM\..\Run: [tempx] C:\WINDOWS\System32\tempx.exe
O4 - HKLM\..\Run: [yxucoq] C:\WINDOWS\System32\yxucoq.exe
O4 - HKLM\..\RunOnce: [8906u2.exe] C:\WINDOWS\System32\8906u2.exe /k
O4 - HKCU\..\RunOnce: [8906u2.exe] C:\WINDOWS\System32\8906u2.exe /k

O15 - Trusted Zone: http://www.neededware.com


Now, with all windows closed except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure your able to view system and hidden files/ folders:

folders...

C:\Program Files\SurfSideKick 3

files...

C:\WINDOWS\system32\tpgw.dll
C:\WINDOWS\System32\vtjgex.exe
C:\WINDOWS\System32\nihnn.exe
C:\WINDOWS\System32\svpbfio.exe
C:\WINDOWS\System32\nulc.exe
C:\WINDOWS\System32\jnvoih.exe
C:\WINDOWS\System32\gldcdvv.exe
C:\WINDOWS\System32\mfqff.exe
C:\WINDOWS\System32\gzz.exe
C:\WINDOWS\System32\hti.exe
C:\WINDOWS\System32\inpu.exe
C:\WINDOWS\System32\mcqe.exe
C:\WINDOWS\System32\moog.exe
C:\WINDOWS\System32\xyiezxn.exe
C:\WINDOWS\System32\uguzmfg.exe
C:\WINDOWS\System32\xnhkpys.exe
C:\WINDOWS\System32\gbaz.exe
C:\WINDOWS\System32\alvtt.exe
C:\WINDOWS\System32\kpnz.exe
C:\WINDOWS\System32\wilrqt.exe
C:\WINDOWS\System32\bgpb.exe
C:\WINDOWS\System32\oezg.exe
C:\WINDOWS\System32\ixtfibe.exe
C:\WINDOWS\System32\tempx.exe
C:\WINDOWS\System32\yxucoq.exe
C:\WINDOWS\System32\8906u2.exe

-

Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in "Safe Mode".

-

Reboot.

===============

Clear out your Temporary internet files and other temp files.
Go to Start > Settings > Control Panel >Internet Options.
Under the General tab click the Delete temporary internet files,
delete all Offline content as well. Clear out Cookies.

Also, go to Start > Find/search > Files or folders > in the named box, type: *.tmp and choose Edit > select all -> File > delete.

Empty/delete the entire contents of the C:\Windows\temp folder and C:\temp folder, if you have one. (Contents but not the folder itself.)

C:\Documents and Settings\username\Local Settings\Temp\

In order to view these files you may have to select 'show hidden files/folders.' Instructions on how to here.

Empty the Recycle Bin.

=============

After rebooting, rescan with hijackthis and post back a new log. Let me know how everything goes.

Member Avatar for dlh6213

Before posting a new hijackthis log, please get the latest version, 1.99.1

Member Avatar for spiffymallethea

thank you ssooooo much for the help! i really appreciate it all. :lol: ya'll are so nice.

i just downloaded the latest version of hijackthis, and this is the new log:


Logfile of HijackThis v1.99.1
Scan saved at 1:02:23 AM, on 5/30/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\tempx.exe
C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Sillius Dolcus\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HTTP://YAHOO.SBC.COM/DIAL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dial
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydial/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydial/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydial/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dial
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydial/*http://www.yahoo.com
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PopupBlockerBHO.CPopupBlockerBHO - {0D929918-C804-4756-B0AC-640EF3F061E9} - C:\Program Files\SmartPopupBlocker\PopupBlockerBHO.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [SBC Yahoo! Connection Manager] C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe -Show
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [Uninstall_WinTools] C:\WINDOWS\Temp\WTuninst.exe /remove
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe ] SBC Yahoo! Connection Manager
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [vtjgex] C:\WINDOWS\System32\vtjgex.exe
O4 - HKLM\..\Run: [nihnn] C:\WINDOWS\System32\nihnn.exe
O4 - HKLM\..\Run: [svpbfio] C:\WINDOWS\System32\svpbfio.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [nulc] C:\WINDOWS\System32\nulc.exe
O4 - HKLM\..\Run: [jnvoih] C:\WINDOWS\System32\jnvoih.exe
O4 - HKLM\..\Run: [gldcdvv] C:\WINDOWS\System32\gldcdvv.exe
O4 - HKLM\..\Run: [gzz] C:\WINDOWS\System32\gzz.exe
O4 - HKLM\..\Run: [hti] C:\WINDOWS\System32\hti.exe
O4 - HKLM\..\Run: [inpu] C:\WINDOWS\System32\inpu.exe
O4 - HKLM\..\Run: [mcqe] C:\WINDOWS\System32\mcqe.exe
O4 - HKLM\..\Run: [moog] C:\WINDOWS\System32\moog.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [xyiezxn] C:\WINDOWS\System32\xyiezxn.exe
O4 - HKLM\..\Run: [uguzmfg] C:\WINDOWS\System32\uguzmfg.exe
O4 - HKLM\..\Run: [xnhkpys] C:\WINDOWS\System32\xnhkpys.exe
O4 - HKLM\..\Run: [gbaz] C:\WINDOWS\System32\gbaz.exe
O4 - HKLM\..\Run: [alvtt] C:\WINDOWS\System32\alvtt.exe
O4 - HKLM\..\Run: [kpnz] C:\WINDOWS\System32\kpnz.exe
O4 - HKLM\..\Run: [wilrqt] C:\WINDOWS\System32\wilrqt.exe
O4 - HKLM\..\Run: [bgpb] C:\WINDOWS\System32\bgpb.exe
O4 - HKLM\..\Run: [oezg] C:\WINDOWS\System32\oezg.exe
O4 - HKLM\..\Run: [ixtfibe] C:\WINDOWS\System32\ixtfibe.exe
O4 - HKLM\..\Run: [tempx] C:\WINDOWS\System32\tempx.exe
O4 - HKLM\..\Run: [yxucoq] C:\WINDOWS\System32\yxucoq.exe
O4 - HKLM\..\Run: [iabxsa] C:\WINDOWS\System32\iabxsa.exe
O4 - HKLM\..\RunOnce: [8906u2.exe] C:\WINDOWS\System32\8906u2.exe /k
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\RunOnce: [8906u2.exe] C:\WINDOWS\System32\8906u2.exe /k
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

ohh, one more thing, i noticed that crunchie told me to remove/delete the yahoo things from the hijackthis log. that is my isp and i was wondering if that was going to affect anything. thanks again!! =)

Member Avatar for crunchie

Your log looks no different to the first one?? Did you follow my previous instructions?? The yahoo entries I marked for deletion are related to redsherif, something you do not want on your pc :).

Member Avatar for spiffymallethea

okay, i did everything you said to, and here's my new hijackthis log:


Logfile of HijackThis v1.99.1
Scan saved at 1:42:28 AM, on 5/31/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Documents and Settings\Sillius Dolcus\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HTTP://YAHOO.SBC.COM/DIAL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dial
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dial
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll (file missing)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PopupBlockerBHO.CPopupBlockerBHO - {0D929918-C804-4756-B0AC-640EF3F061E9} - C:\Program Files\SmartPopupBlocker\PopupBlockerBHO.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [SBC Yahoo! Connection Manager] C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe -Show
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [Uninstall_WinTools] C:\WINDOWS\Temp\WTuninst.exe /remove
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe ] SBC Yahoo! Connection Manager
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [iabxsa] C:\WINDOWS\System32\iabxsa.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [tempx] C:\WINDOWS\System32\tempx.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O23 - Service: Workstation Service Library (Microsoft Locator Service) - Unknown owner - C:\WINDOWS\wkssvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE


there were some questions i had also. when i was going through C:\WINDOWS\system32... there were some files that matched some of the ones i was deleting, but they had "dw301lib.dll" at the end of it, like C:\WINDOWS\System32\nihnndw301lib.dll i was wondering if i should delete those also?

and there was a backup folder created on my desktop after i deleted/fixed everything from hijackthis, can i delete that also?

thanks! =)

Member Avatar for crunchie

there were some files that matched some of the ones i was deleting, but they had "dw301lib.dll" at the end of it, like C:\WINDOWS\System32\nihnndw301lib.dll i was wondering if i should delete those also?

Yes. Any files that match the ones I had you fix should be removed too.

and there was a backup folder created on my desktop after i deleted/fixed everything from hijackthis, can i delete that also?

No, not yet. They are the backups created from the hijackthis fix. You should place hijackthis in it's own folder, then move the backups folder into it too.

-

You have a few things still that need removing...

-

We'll need to unload (not uninstall) Intermute's SpySubtract again since it might interfere with other program(s) we might be using to 'clean' off your system.

===============

When we're done cleaning off your system, i'd recommend that you install all the critical windows updates available from Microsoft, upto service pack 1. This will help to make your system more secure and prevent many 'problems' from reoccuring in the future.

===============

Still in HiJackThis, click "Scan", then check(tick) the following, if present:


R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll (file missing)

O4 - HKLM\..\Run: [iabxsa] C:\WINDOWS\System32\iabxsa.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [tempx] C:\WINDOWS\System32\tempx.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?


Now, with all windows closed except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure your able to view system and hidden files/ folders:

folders...

C:\Program Files\SurfSideKick 3

files...

C:\WINDOWS\System32\iabxsa.exe
C:\WINDOWS\System32\tempx.exe

-

Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in "Safe Mode".

-

Reboot.

===============

After rebooting, rescan with hijackthis and post back a new log. Let me know how everything goes.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.