Thread: Spyware Help Needed
View Single Post
Old 04-13-2005, 10:36 AM   #3 (permalink)
bpurcy76
Registered User
 
Join Date: Mar 2005
Posts: 10
OS: xp pro


Still some issues!
Here is the analyzer log after following your instructions. I still have a desktop backround with a smartsecurity spyware ad that I can't get rid of.

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 4/1/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 12:29:07 PM, on 4/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\WINDOWS\Bng.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Ntc] C:\WINDOWS\system32\Cmd.exe
O4 - HKLM\..\Run: [Gqd] C:\WINDOWS\Eua.exe
O4 - HKLM\..\Run: [Kfp] C:\WINDOWS\Bng.exe
O4 - HKLM\..\Run: [Dqo] C:\WINDOWS\system32\Qql.exe
O4 - HKLM\..\Run: [Apd] C:\WINDOWS\system32\Pvb.exe
O4 - HKLM\..\Run: [Tfh] C:\WINDOWS\Egk.exe
O4 - HKLM\..\Run: [Tja] C:\WINDOWS\Kri.exe
O4 - HKLM\..\Run: [Ctf] C:\WINDOWS\system32\Qbp.exe
O4 - HKLM\..\Run: [Uvh] C:\WINDOWS\system32\Gul.exe
O4 - HKLM\..\Run: [Lgr] C:\WINDOWS\Qqe.exe
O4 - HKLM\..\Run: [Emj] C:\WINDOWS\Bve.exe
O4 - HKLM\..\Run: [Nds] C:\WINDOWS\system32\Sbj.exe
O4 - HKLM\..\Run: [Phi] C:\WINDOWS\Cak.exe
O4 - HKLM\..\Run: [Hcs] C:\WINDOWS\system32\Gsp.exe
O4 - HKLM\..\Run: [Dfa] C:\WINDOWS\Rqg.exe
O4 - HKLM\..\Run: [Rop] C:\WINDOWS\system32\Sua.exe
O4 - HKLM\..\Run: [Bfg] C:\WINDOWS\system32\Ekq.exe
O4 - HKLM\..\Run: [Gik] C:\WINDOWS\Ach.exe
O4 - HKLM\..\Run: [Chq] C:\WINDOWS\system32\Ugh.exe
O4 - HKLM\..\Run: [Umn] C:\WINDOWS\Bac.exe
O4 - HKLM\..\Run: [Qfb] C:\WINDOWS\system32\Aht.exe
O4 - HKLM\..\Run: [Otd] C:\WINDOWS\system32\Tdr.exe
O4 - HKLM\..\Run: [Mgg] C:\WINDOWS\Kss.exe
O4 - HKLM\..\Run: [Ana] C:\WINDOWS\system32\Aun.exe
O4 - HKLM\..\Run: [Bve] C:\WINDOWS\Rit.exe
O4 - HKLM\..\Run: [Tuc] C:\WINDOWS\system32\Rkd.exe
O4 - HKLM\..\Run: [Sit] C:\WINDOWS\system32\Qgc.exe
O4 - HKLM\..\Run: [Nra] C:\WINDOWS\Epo.exe
O4 - HKLM\..\Run: [Uhl] C:\WINDOWS\system32\Otc.exe
O4 - HKLM\..\Run: [Lcb] C:\WINDOWS\Bfh.exe
O4 - HKLM\..\Run: [Atq] C:\WINDOWS\Tto.exe
O4 - HKLM\..\Run: [Eev] C:\WINDOWS\system32\Ovj.exe
O4 - HKLM\..\Run: [Nuk] C:\WINDOWS\system32\Dka.exe
O4 - HKLM\..\Run: [Slp] C:\WINDOWS\system32\Ttt.exe
O4 - HKLM\..\Run: [Cko] C:\WINDOWS\system32\Qea.exe
O4 - HKLM\..\Run: [Stn] C:\WINDOWS\system32\Kqa.exe
O4 - HKLM\..\Run: [Vru] C:\WINDOWS\Bdq.exe
O4 - HKLM\..\Run: [Jou] C:\WINDOWS\system32\Bli.exe
O4 - HKLM\..\Run: [Mva] C:\WINDOWS\Ttu.exe
O4 - HKLM\..\Run: [Foj] C:\WINDOWS\system32\Lnf.exe
O4 - HKLM\..\Run: [Muk] C:\WINDOWS\system32\Fim.exe
O4 - HKLM\..\Run: [Hqn] C:\WINDOWS\Gog.exe
O4 - HKLM\..\Run: [Mcs] C:\WINDOWS\Otp.exe
O4 - HKLM\..\Run: [Qto] C:\WINDOWS\system32\Bic.exe
O4 - HKLM\..\Run: [Uninstall_WinTools] C:\WINDOWS\Temp\WTuninst.exe /remove
O4 - HKLM\..\Run: [Jro] C:\WINDOWS\system32\Bph.exe
O4 - HKLM\..\RunServices: [ntddetect] C:\WINDOWS\system32\ntddetect.exe
O4 - HKCU\..\Run: [Ntc] C:\WINDOWS\system32\Cmd.exe
O4 - HKCU\..\Run: [Gqd] C:\WINDOWS\Eua.exe
O4 - HKCU\..\Run: [Kfp] C:\WINDOWS\Bng.exe
O4 - HKCU\..\Run: [Dqo] C:\WINDOWS\system32\Qql.exe
O4 - HKCU\..\Run: [Apd] C:\WINDOWS\system32\Pvb.exe
O4 - HKCU\..\Run: [Tfh] C:\WINDOWS\Egk.exe
O4 - HKCU\..\Run: [Tja] C:\WINDOWS\Kri.exe
O4 - HKCU\..\Run: [Ctf] C:\WINDOWS\system32\Qbp.exe
O4 - HKCU\..\Run: [Uvh] C:\WINDOWS\system32\Gul.exe
O4 - HKCU\..\Run: [Lgr] C:\WINDOWS\Qqe.exe
O4 - HKCU\..\Run: [Emj] C:\WINDOWS\Bve.exe
O4 - HKCU\..\Run: [Nds] C:\WINDOWS\system32\Sbj.exe
O4 - HKCU\..\Run: [Phi] C:\WINDOWS\Cak.exe
O4 - HKCU\..\Run: [Hcs] C:\WINDOWS\system32\Gsp.exe
O4 - HKCU\..\Run: [Dfa] C:\WINDOWS\Rqg.exe
O4 - HKCU\..\Run: [Rop] C:\WINDOWS\system32\Sua.exe
O4 - HKCU\..\Run: [Bfg] C:\WINDOWS\system32\Ekq.exe
O4 - HKCU\..\Run: [Gik] C:\WINDOWS\Ach.exe
O4 - HKCU\..\Run: [Chq] C:\WINDOWS\system32\Ugh.exe
O4 - HKCU\..\Run: [Umn] C:\WINDOWS\Bac.exe
O4 - HKCU\..\Run: [Qfb] C:\WINDOWS\system32\Aht.exe
O4 - HKCU\..\Run: [Otd] C:\WINDOWS\system32\Tdr.exe
O4 - HKCU\..\Run: [Mgg] C:\WINDOWS\Kss.exe
O4 - HKCU\..\Run: [Ana] C:\WINDOWS\system32\Aun.exe
O4 - HKCU\..\Run: [Bve] C:\WINDOWS\Rit.exe
O4 - HKCU\..\Run: [Tuc] C:\WINDOWS\system32\Rkd.exe
O4 - HKCU\..\Run: [Sit] C:\WINDOWS\system32\Qgc.exe
O4 - HKCU\..\Run: [Nra] C:\WINDOWS\Epo.exe
O4 - HKCU\..\Run: [Uhl] C:\WINDOWS\system32\Otc.exe
O4 - HKCU\..\Run: [Lcb] C:\WINDOWS\Bfh.exe
O4 - HKCU\..\Run: [Atq] C:\WINDOWS\Tto.exe
O4 - HKCU\..\Run: [Eev] C:\WINDOWS\system32\Ovj.exe
O4 - HKCU\..\Run: [Nuk] C:\WINDOWS\system32\Dka.exe
O4 - HKCU\..\Run: [Slp] C:\WINDOWS\system32\Ttt.exe
O4 - HKCU\..\Run: [Cko] C:\WINDOWS\system32\Qea.exe
O4 - HKCU\..\Run: [Stn] C:\WINDOWS\system32\Kqa.exe
O4 - HKCU\..\Run: [Vru] C:\WINDOWS\Bdq.exe
O4 - HKCU\..\Run: [Jou] C:\WINDOWS\system32\Bli.exe
O4 - HKCU\..\Run: [Mva] C:\WINDOWS\Ttu.exe
O4 - HKCU\..\Run: [Foj] C:\WINDOWS\system32\Lnf.exe
O4 - HKCU\..\Run: [Muk] C:\WINDOWS\system32\Fim.exe
O4 - HKCU\..\Run: [Hqn] C:\WINDOWS\Gog.exe
O4 - HKCU\..\Run: [Mcs] C:\WINDOWS\Otp.exe
O4 - HKCU\..\Run: [Qto] C:\WINDOWS\system32\Bic.exe
O4 - HKCU\..\Run: [Jro] C:\WINDOWS\system32\Bph.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://files.member.yahoo.com/dl/installs/sbc/yinst.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1109833910141
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab


End of KRC HijackThis Analyzer Log.
====================================================================
bpurcy76 is offline   Reply With Quote