i ran HIJACKTHIS and have its log.(see below); can any one tell me how to procceed? thanks. Logfile of HijackThis v1.97.7 Scan saved at 3:04:27 PM, on 22/12/2003 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\System32\Ati2evxx.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\SOUNDMAN.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Microsoft Hardware\Keyboard\type32.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\WINDOWS\MSMGT.exe C:\WINDOWS\System32\P2P Networking\P2P Networking.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Program Files\Norton AntiVirus\SAVScan.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\WINZIP\winzip32.exe C:\Program Files\Messenger\msmsgs.exe C:\unzipped\hijackthis[1]\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com R3 - URLSearchHook: CleverHook Class - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\WINDOWS\jeired.dll R3 - URLSearchHook: PerfectNavBHO Class - {A045DC85-FC44-45be-8A50-E4F9C62C9A84} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe O2 - BHO: (no name) - {00000762-3965-4A1A-98CE-3D4BF457D4C8} - C:\Program Files\Lycos\Sidesearch\sidesearch.dll O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll O2 - BHO: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\WINDOWS\jeired.dll O2 - BHO: NavErrRedir Class - {A045DC85-FC44-45be-8A50-E4F9C62C9A84} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [] C:\WINDOWS\Options\OEMReset.exe /Audit O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe O4 - HKLM\..\Run: [MSMGT] C:\WINDOWS\MSMGT.exe O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe" O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O9 - Extra button: Sidesearch (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM) O9 - Extra button: Real.com (HKLM) O9 - Extra button: MoneySide (HKLM) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37871.3738078704 O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{AFFAA3CD-2BE3-450D-A86B-F3332B9E7D05}: NameServer = 139.142.78.11 139.142.78.14

A word to the wise. Don't post your HJT log unless you've run AdAware and Spybot first, and say you've done it. Otherwise, the forum moderator may remove it. Also, you'll get better answers posting it in the Security and Virus forum. Spybot AdAware

Here is the logfile check list . http://hjt.wizardsofwebsites.com/ http://www.spywareinfo.com/bhos/ http://home01.wxs.nl/~kleyn080/BHO_list.html http://www.spywareinfo.com/~merijn/htlogtutorial.html#r http://www.computercops.biz/postt6393.html http://www.google.com/search?q=spyware+list You can identify bho's on your comp , with this . http://www.spywareinfo.com/downloads/bhod/ BHODemon scans your Registry for BHOs, and presents any it finds in a list. By highlighting a BHO in this list, and clicking the "Details" button, you can see information about this BHO, and even disable it if you wish. BHOs are disabled by simply renaming the DLL that houses them. By renaming the DLL, instead of deleting it, you have the option of enabling it later if you wish. Why would you want to do that? Because the program that installed the BHO will not run if it can't find the DLL: Go!Zilla, for example, won't run if you remove its BHOs. Works on XP . Or use hijackthis . http://www.spywareinfo.com/~merijn/downloads.html http://mjc1.com/mirror/hjt/ Next by clicking on List > F5 in BHOList , then after the latest list downloads , enter the found bho into Search , you can find if it is legitimate . BHOList http://www.spychecker.com/program/bholist.html BHOList is a simple frontend for TonyKleins BHO Collection . It fetches the list of currently known BHOs (Browser Helper Objects) and allows you to search it . You can also filter the list to show all known BHOs that are installed in your browser . Each BHO entry is noted as Safe or Legitimate (at the descretion of the author). Useful tool for advanced users . 98/ME/2000/XP What to do: If you don't directly recognize a toolbar's name, use TonyK's Toolbar List to find it by the class ID (CLSID, the number between curly brackets) and see if it's good or bad. In the Toolbar List, 'X' means spyware and 'L' means safe. If it's not on the list and the name seems a random string of characters and the file is somewhere in a folder named 'Application Data' (like the last one in the examples above), it's definitely bad, and you should have HijackThis fix it. Remove Spyfiles by using these 5 programs . Make sure you use the SpyBot/SpywareBlaster/Ad-aware/Bazooka/Swat It > Online > Update button regularly . Once you have the program installed , open SpyBot and select the "Immunize" icon on the left & Click on Immunize , in the new page . Then check the box "lock hosts file read-only as protection against hijackers". http://beam.to/spybotsd http://www.wilderssecurity.com/spywareblaster.html http://www.lsfileserv.com/ http://www.lavasoftsupport.com/index.php?showtopic=11613 Bazooka http://www.kephyr.com/spywarescanner/index.html Swat It http://swatit.org/ Bazooka http://www.winsite.com/bin/Info?17000000037943 http://www.kephyr.com/spywarescanner/index.html Bazooka Adware and Spyware Scanner detects a multitude of spyware, adware, trojan, keylogger and trackware components; sources of irritation that antivirus software does not deal with. The scanning process will only take a fraction of a second and tell you how to uninstall the invasive spyware or put you in contact with the spyware developer for the most up-to-date and safe uninstall instructions. Spyware and adware is often bundled with software such as Kazaa, Morpheus, Grokster, Imesh, Xolox, Gnutella and a myriad of other programs, and in many cases installed without your knowledge. Some send information about your surfing habits to ad companies, which target you with popup ads that fit your preferences. Bazooka Adware and Spyware Scanner search for Gator, GAIN, Bargain Buddy, CommonName, FlashTrack, IPInsight, n-CASE, NetRatings, NewDotNet, SaveNow, Wurldmedia, etc. The complete list is available here. To stay up-to-date with the latest spyware and adware software Bazooka downloads the threat definitions from the web. Bazooka is freeware and Windows 95/98/ME/NT/2000/XP compatible. Click on the files found & you will be taken to a site that will show you how to remove , either with a program or manually . It reports on all drives & partitions , so remember to check all these , when doing manual remove . After the Download - It is important to remember that once the installation of Bazooka is completed , that you should update the File Signatures by clicking on the Update tab and check for an update . Make sure you Update regularly . Spyware and Adware Encyclopedia http://www.kephyr.com/spywarescanner/library/index.phtml?source=bassindex