Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

desktop.exe and friends


  • Please log in to reply

#1
leftyelvis

leftyelvis

    Member

  • Member
  • PipPip
  • 27 posts
Please help!!!

I have seen this posted before and I tried to fix it on my own, but with no luck.

I am running XP and I get the Desktop.exe, popups, Ezula, web offer, buddy.exe and a few more beauties.

Thank you in advance for your help.

I deleted a few processes before I ran this. Wo.exe, desktop.exe
and a couple more.

Here is my HJT log

Logfile of HijackThis v1.99.1
Scan saved at 11:42:12 PM, on 3/29/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\picsvr\picsvr.exe
C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\WINDOWS\System32\vzmavz.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mlb.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Lefty\Application Data\Mozilla\Profiles\default\qk2es76k.slt\prefs.js)
O1 - Hosts: comments (such as these) may be inserted on individual
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O2 - BHO: CeresObj Class - {00000049-8F91-4D9C-9573-F016E7626484} - C:\WINDOWS\ceres.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [msvhae] c:\windows\system32\msvhae.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\vzmavz.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Startup: Norton System Doctor.lnk = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Video Poker - http://download.game...ts/y/vpt0_x.cab
O16 - DPF: Yahoo! Gin - http://download.game...nts/y/nt1_x.cab
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt1_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.dorneypar...sses/CFJava.cab
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - http://noteshub.rose...a.us/iNotes.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab
O16 - DPF: {92C6F560-8F6D-11D9-9669-0800200C9A66} - http://fad-1112.nyc1...iewer_cia15.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivi...n/ravonline.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...sa/SymAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{08AE78C9-2E0D-4822-9237-C662654EBA3B}: NameServer = 151.197.0.38 151.197.0.39
O17 - HKLM\System\CS1\Services\Tcpip\..\{08AE78C9-2E0D-4822-9237-C662654EBA3B}: NameServer = 151.197.0.38 151.197.0.39
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll
O20 - Winlogon Notify: policies - C:\WINDOWS\system32\n6l8lg3u16.dll (file missing)
O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\k4620ejoehoc0.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - Unknown owner - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

I will be posting my panda scan as soon as it is done
  • 0

Advertisements


#2
leftyelvis

leftyelvis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Post from Panda scan

Incident Status Location

Adware:Adware/QoolShown No disinfected C:\WINDOWS\System32\tyhetyt.dll
Virus:W32/Spybot.QV.worm No disinfected Operating system
Adware:Adware/IESearchBar No disinfected C:\WINDOWS\isrvs\mfiltis.dll
Virus:Trj/Downloader.BBA No disinfected Operating system
Adware:Adware/eZula No disinfected C:\Program Files\eZula
Adware:Adware/SaveNow No disinfected Windows Registry
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\ceres.dll
Adware:Adware/SAHAgent No disinfected Windows Registry
Adware:Adware/CWS No disinfected C:\Documents and Settings\Lefty\Desktop\Virus Hunter Security.lnk
Spyware:Spyware/Searchcentrix No disinfected Windows Registry
Adware:Adware/IPInsight No disinfected C:\WINDOWS\FARMMEXT.exe
Adware:Adware/ISearch No disinfected C:\WINDOWS\isrvs
Adware:Adware/Twain-Tech No disinfected C:\DOCUME~1\Lefty\LOCALS~1\Temp\THI*.tmp
Spyware:Spyware/Altnet No disinfected Windows Registry
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\System32\appsetup.exe
Adware:Adware/MyCustomIE No disinfected Windows Registry
Spyware:Spyware/Search3 No disinfected C:\WINDOWS\DOWNLO~1\search3.dll
Adware:Adware/Transponder No disinfected Windows Registry
Virus:Trj/Delprot.A Disinfected C:\WINDOWS\system32\drivers\delprot.sys
Virus:Trj/CPR.A Disinfected C:\WINDOWS\system32\sysmonnt.exe
Virus:W32/Spybot.QV.worm Disinfected C:\WINDOWS\system32\pubgp.dat
Virus:Trj/Small.HQ Disinfected C:\WINDOWS\system32\winup2date.dll
Adware:Adware/DelFinMedia No disinfected C:\WINDOWS\system32\nsvsvc\nsv.ocx
Adware:Adware/QoolShown No disinfected C:\WINDOWS\system32\tyhetyt.dll
Virus:W32/Sdbot.CKD.worm Disinfected C:\WINDOWS\system32\msvhae.exe
Virus:W32/Spybot.QV.worm Disinfected C:\WINDOWS\system32\vzmavz.exe
Virus:Trj/Vundo.A Disinfected C:\WINDOWS\system32\appsetup.exe
Virus:Trj/Downloader.BBB Disinfected C:\WINDOWS\system32\n20050308.exe
Virus:Trj/Downloader.BBA Disinfected C:\WINDOWS\system32\MTE1Mzc6ODoxMg.exe
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\inf\ceres.inf
Adware:Adware/IPInsight No disinfected C:\WINDOWS\inf\farmmext.inf
Adware:Adware/ISearch No disinfected C:\WINDOWS\Temp\B209139303\build2.exe
Adware:Adware/IPInsight No disinfected C:\WINDOWS\Temp\THI5EA7.tmp\farmmext.cab[farmmext.inf]
Adware:Adware/IPInsight No disinfected C:\WINDOWS\Temp\THI5EA7.tmp\farmmext.cab[farmmext.exe]
Adware:Adware/IPInsight No disinfected C:\WINDOWS\Temp\THI5EA7.tmp\farmmext.cab[farmmext.ini]
Adware:Adware/IPInsight No disinfected C:\WINDOWS\Temp\THI5EA7.tmp\farmmext.inf
Adware:Adware/IPInsight No disinfected C:\WINDOWS\Temp\THI5EA7.tmp\farmmext.exe
Adware:Adware/IPInsight No disinfected C:\WINDOWS\Temp\THI5EA7.tmp\farmmext.ini
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\Temp\THI13F4.tmp\ceres.cab
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\Temp\THI13F4.tmp\ceres.cab[ceres.inf]
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\Temp\THI13F4.tmp\ceres.cab[ceres.dll]
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\Temp\THI13F4.tmp\ceres.inf
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\Temp\THI13F4.tmp\ceres.dll
Virus:W32/Spybot.QV.worm Disinfected C:\WINDOWS\Temp\f2036318.exe
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\ceres.dll
Adware:Adware/IESearchBar No disinfected C:\WINDOWS\isrvs\mfiltis.dll
Adware:Adware/IESearchBar No disinfected C:\WINDOWS\isrvs\desktop.exe
Adware:Adware/FIsearch No disinfected C:\WINDOWS\isrvs\msdbhk.dll
Adware:Adware/ISearch No disinfected C:\WINDOWS\isrvs\isearch.xpi[isearch.jar][isearch.js]
Adware:Adware/ISearch No disinfected C:\WINDOWS\isrvs\ffisearch.exe
Virus:Trj/Delprot.A Disinfected C:\WINDOWS\isrvs\delprot.sys
Adware:Adware/FIsearch No disinfected C:\WINDOWS\isrvs\edmond.exe
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\inst\3p_1n.exe
Adware:Adware/IPInsight No disinfected C:\WINDOWS\farmmext.exe
Adware:Adware/ISearch No disinfected C:\WINDOWS\delprot.ini
Adware:Adware/IPInsight No disinfected C:\WINDOWS\LastGood\INF\farmmext.inf
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\LastGood\ceres.dll
Adware:Adware/IPInsight No disinfected C:\WINDOWS\LastGood\farmmext.exe
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\Buddy.exe
Virus:W32/Spybot.QV.worm Disinfected C:\Documents and Settings\All Users\Start Menu\Programs\Startup\napu.exe
Virus:W32/Spybot.QV.worm Disinfected C:\Documents and Settings\Lefty\Local Settings\Temp\tp7543.exe
Spyware:Spyware/BetterInet No disinfected C:\Documents and Settings\Lefty\Local Settings\Temp\THI6D05.tmp\ceres.cab
Spyware:Spyware/BetterInet No disinfected C:\Documents and Settings\Lefty\Local Settings\Temp\THI6D05.tmp\ceres.cab[ceres.inf]
Spyware:Spyware/BetterInet No disinfected C:\Documents and Settings\Lefty\Local Settings\Temp\THI6D05.tmp\ceres.cab[ceres.dll]
Spyware:Spyware/BetterInet No disinfected C:\Documents and Settings\Lefty\Local Settings\Temp\THI6D05.tmp\ceres.inf
Spyware:Spyware/BetterInet No disinfected C:\Documents and Settings\Lefty\Local Settings\Temp\THI6D05.tmp\ceres.dll
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\Lefty\Local Settings\Temp\THI78A6.tmp\farmmext.cab[farmmext.inf]
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\Lefty\Local Settings\Temp\THI78A6.tmp\farmmext.cab[farmmext.exe]
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\Lefty\Local Settings\Temp\THI78A6.tmp\farmmext.cab[farmmext.ini]
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\Lefty\Local Settings\Temp\THI78A6.tmp\farmmext.inf
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\Lefty\Local Settings\Temp\THI78A6.tmp\farmmext.exe
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\Lefty\Local Settings\Temp\THI78A6.tmp\farmmext.ini
Adware:Adware/nCase No disinfected C:\Documents and Settings\Lefty\Local Settings\Temporary Internet Files\Content.IE5\1QLK48AM\AppWrap[3].exe
Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\Lefty\Local Settings\Temporary Internet Files\Content.IE5\1QLK48AM\AppWrap[1].exe
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\Local Settings\Temporary Internet Files\Content.IE5\WW4KRY1I\AppWrap[2].exe
Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\Lefty\Local Settings\Temporary Internet Files\Content.IE5\B8L88ODJ\AppWrap[3].exe
Virus:W32/Spybot.QV.worm Disinfected C:\Documents and Settings\Lefty\Local Settings\Temporary Internet Files\Content.IE5\B8L88ODJ\i282[1].exe
Adware:Adware/nCase No disinfected C:\Documents and Settings\Lefty\Local Settings\Temporary Internet Files\Content.IE5\40L4H2J3\AppWrap[5].exe
Adware:Adware/FunWeb No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\backups\backup-20050326-214356-863.inf
Spyware:Spyware/BetterInet No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\backups\backup-20050328-131700-267.dll
Adware:Adware/DelFinMedia No disinfected C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe
Adware:Adware/eZula No disinfected C:\Program Files\eZula\seng.dll
Adware:Adware/eZula No disinfected C:\Program Files\eZula\CHCON.dll
  • 0

#3
leftyelvis

leftyelvis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Here is the latest HJT log

Logfile of HijackThis v1.99.1
Scan saved at 1:09:40 AM, on 3/31/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\vzmavz.exe
C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mlb.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Lefty\Application Data\Mozilla\Profiles\default\qk2es76k.slt\prefs.js)
O1 - Hosts: comments (such as these) may be inserted on individual
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\vzmavz.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Startup: Norton System Doctor.lnk = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O16 - DPF: Video Poker - http://download.game...ts/y/vpt0_x.cab
O16 - DPF: Yahoo! Gin - http://download.game...nts/y/nt1_x.cab
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt1_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.dorneypar...sses/CFJava.cab
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - http://noteshub.rose...a.us/iNotes.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab
O16 - DPF: {92C6F560-8F6D-11D9-9669-0800200C9A66} - http://fad-1112.nyc1...iewer_cia15.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivi...n/ravonline.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...sa/SymAData.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://pcpitstop.com...irus/PitPav.cab
O20 - Winlogon Notify: policies - C:\WINDOWS\system32\n6l8lg3u16.dll (file missing)
O20 - Winlogon Notify: RunOnceEx - C:\WINDOWS\system32\lvp0097me.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - Unknown owner - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

will post the panda scan later
  • 0

#4
leftyelvis

leftyelvis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Latest Panda scan


Incident Status Location

Spyware:Spyware/CouponAge No disinfected C:\WINDOWS\System32\dolsp.dll
Adware:Adware/QoolShown No disinfected C:\WINDOWS\System32\tyhetyt.dll
Virus:W32/Spybot.QV.worm Disinfected Operating system
Adware:Adware/eZula No disinfected Windows Registry
Adware:Adware/ISearch No disinfected C:\WINDOWS\isrvs
Adware:Adware/Twain-Tech No disinfected C:\DOCUME~1\Lefty\LOCALS~1\Temp\THI*.tmp
Spyware:Spyware/Altnet No disinfected Windows Registry
Spyware:Spyware/Search3 No disinfected C:\WINDOWS\DOWNLO~1\search3.dll
Adware:Adware/IESearchBar No disinfected C:\Recycled\Dc16.exe
Adware:Adware/ISearch No disinfected C:\Recycled\Dc17.exe
Adware:Adware/DelFinMedia No disinfected C:\Recycled\Dc19.exe
Adware:Adware/FIsearch No disinfected C:\Recycled\Dc20.exe
Adware:Adware/FIsearch No disinfected C:\Recycled\Dc23.dll
Adware:Adware/ISearch No disinfected C:\Recycled\Dc24.ini
Adware:Adware/IPInsight No disinfected C:\Recycled\Dc25.inf
Spyware:Spyware/BetterInet No disinfected C:\Recycled\Dc26.exe
Virus:W32/Spybot.QV.worm Disinfected C:\WINDOWS\system32\vzmavz.exe
Adware:Adware/QoolShown No disinfected C:\WINDOWS\system32\tyhetyt.dll
Virus:W32/Spybot.QV.worm Disinfected C:\WINDOWS\system32\pubgp.dat
Adware:Adware/DelFinMedia No disinfected C:\WINDOWS\system32\nsvsvc\nsv.ocx
Spyware:Spyware/CouponAge No disinfected C:\WINDOWS\system32\dosync.dll
Spyware:Spyware/CouponAge No disinfected C:\WINDOWS\system32\docore.dll
Spyware:Spyware/CouponAge No disinfected C:\WINDOWS\system32\dolsp.dll
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\inf\ceres.inf
Adware:Adware/nCase No disinfected C:\WINDOWS\Temp\bw2.com
Adware:Adware/ISearch No disinfected C:\WINDOWS\Temp\B209139303\build2.exe
Adware:Adware/IPInsight No disinfected C:\WINDOWS\Temp\THI5EA7.tmp\farmmext.inf
Adware:Adware/IPInsight No disinfected C:\WINDOWS\Temp\THI5EA7.tmp\farmmext.ini
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\Temp\THI13F4.tmp\ceres.cab
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\Temp\THI13F4.tmp\ceres.cab[ceres.inf]
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\Temp\THI13F4.tmp\ceres.cab[ceres.dll]
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\Temp\THI13F4.tmp\ceres.inf
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\Temp\THI13F4.tmp\ceres.dll
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\Temp\THIEF0.tmp\ceres.cab
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\Temp\THIEF0.tmp\ceres.cab[ceres.inf]
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\Temp\THIEF0.tmp\ceres.cab[ceres.dll]
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\Temp\THIEF0.tmp\ceres.inf
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\Temp\THIEF0.tmp\ceres.dll
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\Temp\THIA86.tmp\ceres.cab
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\Temp\THIA86.tmp\ceres.cab[ceres.inf]
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\Temp\THIA86.tmp\ceres.cab[ceres.dll]
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\Temp\THIA86.tmp\ceres.inf
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\Temp\THIA86.tmp\ceres.dll
Adware:Adware/ISearch No disinfected C:\WINDOWS\isrvs\isearch.xpi[isearch.jar][isearch.js]
Adware:Adware/Look2Me No disinfected C:\WINDOWS\iconu.exe
Adware:Adware/nCase No disinfected C:\WINDOWS\icont.exe
Adware:Adware/eZula No disinfected C:\Documents and Settings\Lefty\Local Settings\Temp\temp.fr67A2\seng.dll
Spyware:Spyware/BetterInet No disinfected C:\Documents and Settings\Lefty\Local Settings\Temp\THI6D05.tmp\ceres.cab
Spyware:Spyware/BetterInet No disinfected C:\Documents and Settings\Lefty\Local Settings\Temp\THI6D05.tmp\ceres.cab[ceres.inf]
Spyware:Spyware/BetterInet No disinfected C:\Documents and Settings\Lefty\Local Settings\Temp\THI6D05.tmp\ceres.cab[ceres.dll]
Spyware:Spyware/BetterInet No disinfected C:\Documents and Settings\Lefty\Local Settings\Temp\THI6D05.tmp\ceres.inf
Spyware:Spyware/BetterInet No disinfected C:\Documents and Settings\Lefty\Local Settings\Temp\THI6D05.tmp\ceres.dll
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\Lefty\Local Settings\Temp\THI78A6.tmp\farmmext.inf
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\Lefty\Local Settings\Temp\THI78A6.tmp\farmmext.ini
Adware:Adware/nCase No disinfected C:\Documents and Settings\Lefty\Local Settings\Temporary Internet Files\Content.IE5\1QLK48AM\AppWrap[3].exe
Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\Lefty\Local Settings\Temporary Internet Files\Content.IE5\1QLK48AM\AppWrap[1].exe
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\Local Settings\Temporary Internet Files\Content.IE5\WW4KRY1I\AppWrap[2].exe
Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\Lefty\Local Settings\Temporary Internet Files\Content.IE5\B8L88ODJ\AppWrap[3].exe
Adware:Adware/nCase No disinfected C:\Documents and Settings\Lefty\Local Settings\Temporary Internet Files\Content.IE5\40L4H2J3\AppWrap[5].exe
Adware:Adware/FunWeb No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\backups\backup-20050326-214356-863.inf
Spyware:Spyware/BetterInet No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\backups\backup-20050328-131700-267.dll
Adware:Adware/DelFinMedia No disinfected C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe
  • 0

#5
leftyelvis

leftyelvis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Here is the latest panda scan, things are getting worse.


Incident Status Location

Spyware:Spyware/CouponAge No disinfected C:\WINDOWS\System32\dolsp.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\ajsmsext.dll
Adware:Adware/QoolShown No disinfected C:\WINDOWS\System32\tyhetyt.dll
Virus:Trj/Small.HQ Disinfected Operating system
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\rmsutils.dll
Virus:W32/Spybot.QV.worm No disinfected Operating system
Adware:Adware/eZula No disinfected C:\WINDOWS\System32\shdocvw.dll
Adware:Adware/SaveNow No disinfected Windows Registry
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\ceres.dll
Adware:Adware/SAHAgent No disinfected Windows Registry
Adware:Adware/AdDestroyer No disinfected C:\WINDOWS\system32\SWLAD1.dll
Adware:Adware/VirtualBouncer No disinfected Windows Registry
Adware:Adware/Look2Me No disinfected C:\WINDOWS\System32\guard.tmp
Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\smdat32m.sys
Spyware:Spyware/Virtumonde No disinfected C:\DOCUME~1\Lefty\LOCALS~1\Temp\bw2.com
Spyware:Spyware/Search3 No disinfected C:\WINDOWS\DOWNLO~1\search3.dll
Adware:Adware/Transponder No disinfected Windows Registry
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\ll32.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\sjimgvw.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\nwlanui.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\imrtprio.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\cgyptdlg.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\rdgwizc.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\sgnike.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\l04q0ah5ed4.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\insutil.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\nhevtmsg.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\kldycc.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\MZSCP.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\dcprop.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\aulddial.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\amptif.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\mdl_qic.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\uytheme.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\vswwdm32.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\jt6007jme.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\mrjava.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\wyadss.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\l4p20e7oeh.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\ajsmsext.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\lvnq0955e.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\mirui.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\tipmib.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\kxdhu.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\iymontr.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\syhannel.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\kfdbu.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\fp8403lqe.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\aza6lgjs16o6.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\gp80l3lm1.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\k2080cduef080.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\ir40l5hm1.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\gprql3951.dll
Virus:W32/Spybot.QV.worm Disinfected C:\WINDOWS\system32\vzmavz.exe
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\owbctrac.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\dnwsockx.dll
Adware:Adware/QoolShown No disinfected C:\WINDOWS\system32\tyhetyt.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\enn4l15q1.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\guard.tmp
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\DISPYDLL.DLL
Spyware:Spyware/CouponAge No disinfected C:\WINDOWS\system32\dosync.dll
Spyware:Spyware/CouponAge No disinfected C:\WINDOWS\system32\docore.dll
Virus:W32/Spybot.QV.worm Disinfected C:\WINDOWS\system32\pubgp.dat
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\i060lajm1doa.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\gpnsl3571.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\h4n00e5meh.dll
Adware:Adware/AdDestroyer No disinfected C:\WINDOWS\system32\SWLAD2.dll
Adware:Adware/AdDestroyer No disinfected C:\WINDOWS\system32\SWLAD1.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\rmsutils.dll
Spyware:Spyware/CouponAge No disinfected C:\WINDOWS\system32\dolsp.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\h0l2la3o1d.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\m682lglo16qc.dll
Adware:Adware/AdDestroyer No disinfected C:\WINDOWS\system32\PopOops2.dll
Adware:Adware/AdDestroyer No disinfected C:\WINDOWS\system32\PopOops.dll
Virus:Trj/Small.HQ Disinfected C:\WINDOWS\system32\winup2date.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system\UpdInst.exe
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\inf\ceres.inf
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\ceres.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\iconu.exe
Adware:Adware/ISearch No disinfected C:\WINDOWS\delprot.ini
Adware:Adware/Funcade No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\installer_MEDIAWHIZ5.exe
Adware:Adware/Funcade No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\installer_MEDIAWHIZ3.exe
Adware:Adware/Look2Me No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\BM2.dll
Adware:Adware/Funcade No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.2\installer_MEDIAWHIZ5.exe
Adware:Adware/Funcade No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.2\installer_MEDIAWHIZ3.exe
Adware:Adware/Funcade No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.3\installer_MEDIAWHIZ3.exe
Adware:Adware/Funcade No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.3\installer_MEDIAWHIZ5.exe
Adware:Adware/Funcade No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.4\installer_MEDIAWHIZ5.exe
Adware:Adware/Funcade No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.5\installer_MEDIAWHIZ5.exe
Virus:W32/Spybot.QV.worm Disinfected C:\Documents and Settings\All Users\Start Menu\Programs\Startup\napu.exe
Adware:Adware/ISearch No disinfected C:\Documents and Settings\Lefty\Local Settings\Temp\B209139303\build2.exe
Virus:W32/Spybot.QV.worm Disinfected C:\Documents and Settings\Lefty\Local Settings\Temp\f2592117.exe
Virus:W32/Spybot.QV.worm Disinfected C:\Documents and Settings\Lefty\Local Settings\Temp\tp7543.exe
Adware:Adware/nCase No disinfected C:\Documents and Settings\Lefty\Local Settings\Temporary Internet Files\Content.IE5\U7K3MHIV\AppWrap[1].exe
Virus:W32/Spybot.QV.worm Disinfected C:\Documents and Settings\Lefty\Local Settings\Temporary Internet Files\Content.IE5\CN8PCDKV\i282[1].exe
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\Local Settings\Temporary Internet Files\Content.IE5\GHIJ2L45\AppWrap[3].exe
Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\Lefty\Local Settings\Temporary Internet Files\Content.IE5\0P4RWRM7\AppWrap[1].exe
Adware:Adware/nCase No disinfected C:\Documents and Settings\Lefty\Local Settings\Temporary Internet Files\Content.IE5\0P4RWRM7\AppWrap[2].exe
Adware:Adware/FunWeb No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\backups\backup-20050326-214356-863.inf
Spyware:Spyware/BetterInet No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\backups\backup-20050328-131700-267.dll
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\UnInstaller.exe
Adware:Adware/eZula No disinfected C:\Documents and Settings\Lefty\ezStub.exe
Adware:Adware/VirtualBouncer No disinfected C:\Documents and Settings\Lefty\WrapperOuter.exe
Virus:Trj/Vundo.A Disinfected C:\Documents and Settings\Lefty\appsetup.exe
Adware:Adware/ISearch No disinfected C:\Documents and Settings\Jess\Local Settings\Temp\B209139303\build2.exe
Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\05IJG1A7\AppWrap[1].exe
Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\05IJG1A7\AppWrap[3].exe
Adware:Adware/nCase No disinfected C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\05IJG1A7\AppWrap[4].exe
Adware:Adware/nCase No disinfected C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\6NEDYDS5\AppWrap[3].exe
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Jess\Local Settings\Temporary Internet Files\Content.IE5\OTMBKTMF\AppWrap[3].exe
Adware:Adware/DelFinMedia No disinfected C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe


get one file with a virus when I do the trend micro scan. C:\WINDOWS\System32\dolsp.dll

Thanks in advance,

Lefty
  • 0

#6
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
If you still need help, please post another hijack this log. sorry it has taken so long. :tazz:
  • 0

#7
leftyelvis

leftyelvis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Coachwife6,

Thanks so much for getting back to me. I would really appreciate any help you can give me.

Here is the latest HJT log

Logfile of HijackThis v1.99.1
Scan saved at 8:39:55 PM, on 4/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\vzmavz.exe
C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mlb.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Lefty\Application Data\Mozilla\Profiles\default\qk2es76k.slt\prefs.js)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\vzmavz.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Startup: Norton System Doctor.lnk = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Video Poker - http://download.game...ts/y/vpt0_x.cab
O16 - DPF: Yahoo! Gin - http://download.game...nts/y/nt1_x.cab
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt1_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.dorneypar...sses/CFJava.cab
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - http://noteshub.rose...a.us/iNotes.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.bitdefend...bitdefender.cab
O16 - DPF: {92C6F560-8F6D-11D9-9669-0800200C9A66} - http://fad-1112.nyc1...iewer_cia15.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivi...n/ravonline.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...sa/SymAData.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...463/mcfscan.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://pcpitstop.com...irus/PitPav.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{08AE78C9-2E0D-4822-9237-C662654EBA3B}: NameServer = 151.197.0.38 151.197.0.39
O17 - HKLM\System\CS1\Services\Tcpip\..\{08AE78C9-2E0D-4822-9237-C662654EBA3B}: NameServer = 151.197.0.38 151.197.0.39
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - Unknown owner - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#8
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
You may wish to print out a copy of these instructions to follow while you complete this procedure.

Please save Hijack This in a permanent folder (i.e. C:\HJT). This ensures backups are saved and accessible.

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.


O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)

O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\vzmavz.exe

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

Please reboot into safe mode (continually tap the F8 key while your system is starting, select Safe Mode from the menu).
Be sure you're able to view hidden files, and remove the following files in bold (if found):

Please reboot into safe mode (continually tap the F8 key while your system is starting, select Safe Mode from the menu).
Be sure you're able to view hidden files, and remove the following files in bold (if found):

C:\WINDOWS\System32\vzmavz.exe

Please scan your system with Ad-aware:
Ad-aware SE - Download - Home Page
  • If you have a previous version of Ad-Aware installed, during the installation of the new version you will be prompted to uninstall or keep the older version - be sure to uninstall the previous version.
  • After installing Ad-aware, you will be prompted to update the program and run a full scan. De-select all boxes so that it does not run.
  • Manually run "Ad-Aware SE Personal" and from the main screen Click on "Check for Updates Now".
  • Once the definitions have been updated:
  • Reconfigure Ad-Aware for Full Scan as per the following instructions:
    • Launch the program, and click on the Gear at the top of the start screen.
    • Under General Settings the following boxes should all be checked off: (Checked will be indicated by a green circle with a check mark in it, Un-Checked is a red circle with an X in it. If it is greyed out, those features are only available in the retail version.)
      • "Automatically save logfile"
      • Automatically quarantine objects prior to removal"
      • Safe Mode (always request confirmation)
      • Prompt to update outdated confirmation) - Change to 7 days.
    • Click the "Scanning" button (On the left side).
    • Under Drives & Folders, select "Scan within Archives"
    • Click "Click here to select Drives + folders" and select your installed hard drives.
    • Under Memory & Registry, select all options.
    • Click the "Advanced" button (On the left hand side).
    • Under "Shell Integration", select "Move deleted files to Recycle Bin".
    • Under "Log-file detail", select all options.
    • Click on the "Defaults" button on the left.
    • Type in the full url of what you want as your default homepage and searchpage e.g. http://www.google.com.
    • Click the "Tweak" button (Again, on the left hand side).
    • Expand "Scanning Engine" by clicking on the "+" (Plus) symbol and select the following:
      • "Unload recognized processes during scanning."
      • "Obtain command line of scanned processes"
      • "Scan registry for all users instead of current user only"
    • Under "Cleaning Engine", select the following:
      • "Automatically try to unregister objects prior to deletion."
      • "During removal, unload explorer and IE if necessary"
      • "Let Windows remove files in use at next reboot."
      • "Delete quarrantined objects after restoring"
    • Click on "Safety Settings" and select "Write-protect system files after repair (Hosts file, etc)"
    • Click on "Proceed" to save these Preferences.
    • Click on the "Scan Now" button on the left.
    • Under "Select Scan Mode, be sure to select "Use Custom Scanning Options".
  • Close all programs except ad-aware.
  • Click on "Next" in the bottom right corner to start the scan.
  • Run the Ad-Aware scan and allow it to remove everything it finds and then REBOOT - Even if not prompted to.
  • After you log back in, Ad-Aware may run to finalize the scan and remove any locked files that it may of found. Allow it to finish.
Please delete your temporary files. Double Click My Computer (WinXP: Navigate to Start --->My Computer)
You will see an icon representing your harddrive (most likely C: Drive) Right Click on the hard drive icon and click Properties at the
bottom of the fly out window. One the very first tab (General) you will see a button labeled "Disk Cleanup"...click that button.
Make sure the following are checked:
Downloaded Program Files
Temporary Internet Files and
Recycle Bin

Click [b]OK
and Disk Cleanup will delete those files for you.


If you would please, rescan with HijackThis and post a fresh log in this same topic.
  • 0

#9
leftyelvis

leftyelvis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
could not delete vzmavz.exe in safe mode, gave me an error message.

thanks,
Lefty

Logfile of HijackThis v1.99.1
Scan saved at 12:00:28 AM, on 4/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\vzmavz.exe
C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Lefty\My Documents\spywear adwear tools\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mlb.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Lefty\Application Data\Mozilla\Profiles\default\qk2es76k.slt\prefs.js)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\vzmavz.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Startup: Norton System Doctor.lnk = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Video Poker - http://download.game...ts/y/vpt0_x.cab
O16 - DPF: Yahoo! Gin - http://download.game...nts/y/nt1_x.cab
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt1_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.dorneypar...sses/CFJava.cab
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - http://noteshub.rose...a.us/iNotes.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.bitdefend...bitdefender.cab
O16 - DPF: {92C6F560-8F6D-11D9-9669-0800200C9A66} - http://fad-1112.nyc1...iewer_cia15.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivi...n/ravonline.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...sa/SymAData.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...463/mcfscan.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://pcpitstop.com...irus/PitPav.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{08AE78C9-2E0D-4822-9237-C662654EBA3B}: NameServer = 151.197.0.38 151.197.0.39
O17 - HKLM\System\CS1\Services\Tcpip\..\{08AE78C9-2E0D-4822-9237-C662654EBA3B}: NameServer = 151.197.0.38 151.197.0.39
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - Unknown owner - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#10
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Open your task manager -- hit ctrl, alt, delete and stop the process. Then find it and delete it.
  • 0

Advertisements


#11
leftyelvis

leftyelvis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
This is strange! When I boot up in safe mode, the file is there, but the process is not running, and I can't delete it. When I reboot in regular mode, the file is NOT there and the process is not running. I am able to view hidden files.

I did a search for the file in normal mode and the only thing that came up was WINDOWS/PREFETCH VZMAVZ.EXE-15EIFA6E.PF
  • 0

#12
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts

If you look in your Windows folder, you will see a Prefetch folder. Think of this folder as a table of contents of the things that run when you start your computer and also, those things that you use the most.

It does not contain the files. The Prefetch folder only contains links or references to those items. Every three days or so during idle periods, Windows XP updates these links and saves these links on the fastest part of the hard drive. By monitoring these files, Windows XP can prefetch them at start-up.


Explanation
  • 0

#13
leftyelvis

leftyelvis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
can I use Killbox to delete the file? What should I do next?

Thanks for your help.

Lefty
  • 0

#14
leftyelvis

leftyelvis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
When I run HJT, it says that the program is running, when I check Windows task manager, it isn't
  • 0

#15
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Reset your restore points. Read directions below.

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

How to Turn On and Turn Off System Restore in Windows XP
http://support.micro...kb;en-us;310405


Also, use a tool called ccleaner. If you want to save your cookies, make sure you don't clear them out.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP