[lhasa86]

Hi, here's my hijack this log - I did follow the instructions posted except for the Housecall step. For some reason, I cannot get that site to cooperate with me. Ad-Aware and Spybot did not pick up on the items found by ActiveScan and I keep getting error messages ("error during cleaning") when I try to quarantine or delete 3 types found in Ewido. Please find my logs below:

Logfile of HijackThis v1.99.1
Scan saved at 9:27:58 AM, on 8/11/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Documents and Settings\Di\Desktop\Computer Protection Programs\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.theanimalrescuesite.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

Here's my ActiveScan log:

Incident Status Location

Adware:adware/sidesearch Not disinfected C:\Documents and Settings\Di\Application Data\Lycos
Adware:adware/statblaster Not disinfected Windows Registry
Spyware:spyware/omi Not disinfected Windows Registry
Adware:adware/bookedspace Not disinfected Windows Registry
Adware:adware/dealhelper Not disinfected Windows Registry
Potentially unwanted tool:application/myway Not disinfected hkey_local_machine\software\classes\MyWayToolBar.SettingsPlugin

Ewido Report
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:16:26 PM 8/10/2006

+ Scan result:



HKLM\SOFTWARE\Classes\BookedSpace.Extension -> Adware.BookedSpace : Error during cleaning.
HKLM\SOFTWARE\Classes\BookedSpace.Extension.5 -> Adware.BookedSpace : Error during cleaning.
HKLM\SOFTWARE\Classes\DHP.DHEvents -> Adware.DealHelper : Error during cleaning.
HKLM\SOFTWARE\Classes\DHP.DHEvents.1 -> Adware.DealHelper : Error during cleaning.
HKLM\SOFTWARE\Classes\DHP.Popup -> Adware.DealHelper : Error during cleaning.
HKLM\SOFTWARE\Classes\DHP.Popup.1 -> Adware.DealHelper : Error during cleaning.
HKLM\SOFTWARE\Classes\DealPop.CDealHelperPopup -> Adware.DealHelper : Error during cleaning.
HKLM\SOFTWARE\Classes\DealPop.CDealHelperPopup.1 -> Adware.DealHelper : Error during cleaning.
HKLM\SOFTWARE\Classes\DealPop.DealPopEvents -> Adware.DealHelper : Error during cleaning.
HKLM\SOFTWARE\Classes\DealPop.DealPopEvents.1 -> Adware.DealHelper : Error during cleaning.
HKLM\SOFTWARE\Classes\Dealhlpr.Band -> Adware.DealHelper : Error during cleaning.
HKLM\SOFTWARE\Classes\Dealhlpr.Band.1 -> Adware.DealHelper : Error during cleaning.
HKLM\SOFTWARE\Classes\Dhsvr.CFileDatabase -> Adware.DealHelper : Error during cleaning.
HKLM\SOFTWARE\Classes\Dhsvr.CFileDatabase.1 -> Adware.DealHelper : Error during cleaning.
HKLM\SOFTWARE\Classes\Dhsvr.DBHelper -> Adware.DealHelper : Error during cleaning.
HKLM\SOFTWARE\Classes\Dhsvr.DBHelper.1 -> Adware.DealHelper : Error during cleaning.
HKLM\SOFTWARE\Classes\Dhsvr.Even -> Adware.DealHelper : Error during cleaning.
HKLM\SOFTWARE\Classes\Dhsvr.Even.1 -> Adware.DealHelper : Error during cleaning.
HKLM\SOFTWARE\Classes\Dhsvr.WebDealEvents -> Adware.DealHelper : Error during cleaning.
HKLM\SOFTWARE\Classes\Dhsvr.WebDealEvents.1 -> Adware.DealHelper : Error during cleaning.
HKLM\SOFTWARE\Classes\Tchk.TChkBHO -> Adware.InetSpeak : Error during cleaning.
C:\Documents and Settings\Di\Cookies\[email protected][1].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).


::Report end



Thank you in advance for any help!

lhasa86
Honolulu, HI

[Advertisements]

Hello lhasa86,

Open notepad and copy (Ctrl C) and paste (Ctrl V) the following text in the quote:

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BookedSpace.Extension]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BookedSpace.Extension.5]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DHP.DHEvents]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DHP.DHEvents.1]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DHP.Popup]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DHP.Popup.1]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DealPop.CDealHelperPopup]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DealPop.CDealHelperPopup.1]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DealPop.DealPopEvents]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DealPop.DealPopEvents.1]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dealhlpr.Band]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dealhlpr.Band.1]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dhsvr.CFileDatabase]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dhsvr.CFileDatabase.1]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dhsvr.DBHelper]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dhsvr.DBHelper.1]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dhsvr.Even]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dhsvr.Even.1]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dhsvr.WebDealEvents]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dhsvr.WebDealEvents.1]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Tchk.TChkBHO]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWayToolBar.SettingsPlugin]

Save it to your desktop as fix133.reg and as Type "All files"
Double click on fix133.reg and allow when prompted to let it merge with the registry.

Then do another scan with Ewido and see if it still detects any problems.

[RiP]

Hello lhasa86,

Open notepad and copy (Ctrl C) and paste (Ctrl V) the following text in the quote:

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BookedSpace.Extension]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BookedSpace.Extension.5]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DHP.DHEvents]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DHP.DHEvents.1]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DHP.Popup]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DHP.Popup.1]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DealPop.CDealHelperPopup]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DealPop.CDealHelperPopup.1]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DealPop.DealPopEvents]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DealPop.DealPopEvents.1]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dealhlpr.Band]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dealhlpr.Band.1]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dhsvr.CFileDatabase]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dhsvr.CFileDatabase.1]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dhsvr.DBHelper]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dhsvr.DBHelper.1]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dhsvr.Even]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dhsvr.Even.1]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dhsvr.WebDealEvents]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dhsvr.WebDealEvents.1]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Tchk.TChkBHO]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWayToolBar.SettingsPlugin]

Save it to your desktop as fix133.reg and as Type "All files"
Double click on fix133.reg and allow when prompted to let it merge with the registry.

Then do another scan with Ewido and see if it still detects any problems.

[lhasa86]

I hope it's ok that I just ran a registry scan instead of the complete system scan. Here's the report:

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:30:44 AM 8/11/2006

+ Scan result:



HKLM\SOFTWARE\Classes\BookedSpace.Extension -> Adware.BookedSpace : Error during cleaning.
HKLM\SOFTWARE\Classes\BookedSpace.Extension.5 -> Adware.BookedSpace : Error during cleaning.
HKLM\SOFTWARE\Classes\DHP.DHEvents -> Adware.DealHelper : Error during cleaning.
HKLM\SOFTWARE\Classes\DHP.DHEvents.1 -> Adware.DealHelper : Error during cleaning.
HKLM\SOFTWARE\Classes\DHP.Popup -> Adware.DealHelper : Error during cleaning.
HKLM\SOFTWARE\Classes\DHP.Popup.1 -> Adware.DealHelper : Error during cleaning.
HKLM\SOFTWARE\Classes\DealPop.CDealHelperPopup -> Adware.DealHelper : Error during cleaning.
HKLM\SOFTWARE\Classes\DealPop.CDealHelperPopup.1 -> Adware.DealHelper : Error during cleaning.
HKLM\SOFTWARE\Classes\DealPop.DealPopEvents -> Adware.DealHelper : Error during cleaning.
HKLM\SOFTWARE\Classes\DealPop.DealPopEvents.1 -> Adware.DealHelper : Error during cleaning.
HKLM\SOFTWARE\Classes\Dealhlpr.Band -> Adware.DealHelper : Error during cleaning.
HKLM\SOFTWARE\Classes\Dealhlpr.Band.1 -> Adware.DealHelper : Error during cleaning.
HKLM\SOFTWARE\Classes\Dhsvr.CFileDatabase -> Adware.DealHelper : Error during cleaning.
HKLM\SOFTWARE\Classes\Dhsvr.CFileDatabase.1 -> Adware.DealHelper : Error during cleaning.
HKLM\SOFTWARE\Classes\Dhsvr.DBHelper -> Adware.DealHelper : Error during cleaning.
HKLM\SOFTWARE\Classes\Dhsvr.DBHelper.1 -> Adware.DealHelper : Error during cleaning.
HKLM\SOFTWARE\Classes\Dhsvr.Even -> Adware.DealHelper : Error during cleaning.
HKLM\SOFTWARE\Classes\Dhsvr.Even.1 -> Adware.DealHelper : Error during cleaning.
HKLM\SOFTWARE\Classes\Dhsvr.WebDealEvents -> Adware.DealHelper : Error during cleaning.
HKLM\SOFTWARE\Classes\Dhsvr.WebDealEvents.1 -> Adware.DealHelper : Error during cleaning.
HKLM\SOFTWARE\Classes\Tchk.TChkBHO -> Adware.InetSpeak : Error during cleaning.


::Report end

[lhasa86]

I am now getting an Internet Explorer error message - an error has occured and IE has to shut down. It seems to be related to a temp file (which I just cleared) but thought I should mention it in case it matters.

[lhasa86]

Hi - I just wanted to let you know that I finally got rid of the stupid things by downloading a free trial of ca PestPatrol. It picked up over 10 spy/malware files and removed them free while Trojan Hunter found about 3 items and removed them.

So no need to get back to me on this issue. I'll return if anything else happens!

Aloha,

[RiP]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.