Scan saved at 10:10:49 AM, on 4/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\LEAD Technologies, Inc\LEADTOOLS ePrint IV\Bin\LPSVS04n.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.exe
c:\windows\system32\nrozcg.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hijackthis\HijackThis.exe
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.msn.com"); (C:\Documents and Settings\Goonjan Shah\Application Data\Mozilla\Profiles\default\s21hhnha.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Goonjan Shah\Application Data\Mozilla\Profiles\default\s21hhnha.slt\prefs.js)
O2 - BHO: (no name) - {0044EF6E-7D84-5B7C-8A2A-2A27B0E3BF91} - C:\WINDOWS\System32\bordvflk.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINDOWS\Bolger.dll
O2 - BHO: Microsoft Configuration - {40205287-E793-41AC-B95C-D8D064BA33CA} - C:\WINDOWS\system32\mscfg.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ohb - {999A06FF-10EF-4A29-8640-69E99882C26B} - C:\WINDOWS\System32\nsg12.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Microsoft Update] rsvc32.exe
O4 - HKLM\..\Run: [VBundleOuterDL] C:\Program Files\VBouncer\BundleOuter.EXE
O4 - HKLM\..\Run: [Microsoft Update Machine] Linux.exe
O4 - HKLM\..\Run: [Windows USB Support] syscclk.exe
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun
O4 - HKLM\..\Run: [WebRebates0] C:\Program Files\Web_Rebates\WebRebates0.exe
O4 - HKLM\..\Run: [starter] scvhosting.exe
O4 - HKLM\..\RunServices: [Microsoft AutoUpdater] svhost.exe
O4 - HKLM\..\RunServices: [Microsoft Update] rsvc32.exe
O4 - HKLM\..\RunServices: [starter] scvhosting.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] Linux.exe
O4 - HKLM\..\RunOnce: [starter] scvhosting.exe
O4 - HKLM\..\RunOnce: [djtopr1150.exe] "C:\DOCUME~1\GOONJA~1\LOCALS~1\Temp\djtopr1150.exe"
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Microsoft Update] rsvc32.exe
O4 - HKCU\..\Run: [starter] scvhosting.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] Linux.exe
O4 - HKCU\..\RunOnce: [starter] scvhosting.exe
O4 - HKCU\..\RunOnce: [Web Offer] C:\WINDOWS\ezstub.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsear...earch.html?p=ZN
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamp...97/sdcregie.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} (SDCInstaller Class) - http://www.stamps.co...file=stamps.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredim...er/imloader.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EPrint 4.0 Service - Unknown owner - C:\Program Files\LEAD Technologies, Inc\LEADTOOLS ePrint IV\Bin\LPSVS04n.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MS System Spooler (MSpool) - Unknown owner - C:\WINDOWS\system32\systemspool.dll (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webcam Corp. Service Starter - Unknown owner - C:\Program Files\Webcam\Watchdog\dogsvc.exe
thanks for your help I truly appreciate it... lately I have had lots of problems and this file nail.exe seems to keep trying to run but adwatch blocks it as well as other problems like windows booting up saying its not activated almost every startup. also I adwatch says harmful process identified and when i look at what it says it shows some file r?gedit
I have gone through the recommended stuff stated on this site. I have norton antivirus running all the time providing real time protection and have zone alarm on my computer.
Here is the pandasoft log also:
Incident Status Location
Adware:Adware/ILookup No disinfected C:\Documents and Settings\Goonjan Shah\Local Settings\Temp\II22.exe
Adware:Adware/ILookup No disinfected C:\Documents and Settings\Goonjan Shah\Local Settings\Temporary Internet Files\Content.IE5\QFAF696F\thin_bundlelite[1].exe
Adware:Adware/ILookup No disinfected C:\Documents and Settings\Goonjan Shah\Local Settings\Temporary Internet Files\Content.IE5\QFAF696F\watch_free_porn[1].exe
Adware:Adware/Minibug No disinfected C:\Program Files\AIM\Sysfiles\WxBug.EXE
Virus:Bck/IRCFlood.V Disinfected C:\Program Files\PestPatrol\Quarantine\20041012121033259.zip[Stdio.dll]
Adware:Adware/MyWebSearch No disinfected C:\Program Files\PestPatrol\Quarantine\20041104173358985.zip[MWSOEPLG.DLL]
Adware:Adware/FunWeb No disinfected C:\Program Files\PestPatrol\Quarantine\20041104173358985.zip[F3SCRCTR.DLL]
Virus:Trj/Qhost.AF Disinfected C:\Program Files\PestPatrol\Quarantine\20050123121323.zip[hosts]
Virus:Trj/Qhost.AF Disinfected C:\Program Files\PestPatrol\Quarantine\20050409124650.zip[hosts]
Adware:Adware/ILookup No disinfected C:\Program Files\PestPatrol\Quarantine\20050409124650.zip[1.exe]
Virus:Trj/Qhost.AF Disinfected C:\Program Files\PestPatrol\Quarantine\20050409154713.zip[hosts]
Possible Virus. No disinfected C:\Program Files\Webcam\Watchdog\aaa.exe
Possible Virus. No disinfected C:\Program Files\Webcam\Watchdog\htdoc\mdl.exe
Possible Virus. No disinfected C:\Program Files\Webcam\Watchdog\htdoc\vlist.exe
Possible Virus. No disinfected C:\Program Files\Webcam\Watchdog\mdl.exe
Possible Virus. No disinfected C:\Program Files\Webcam\Watchdog\vlist.exe
Virus:Trj/Downloader.AEE Disinfected C:\WINDOWS\Downloaded Program Files\counter.inf
Adware:Adware/KeenValue No disinfected C:\WINDOWS\Downloaded Program Files\imloader.exe
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\Downloaded Program Files\setup4002b.ini
Virus:W32/Dedler.AA.worm Disinfected C:\WINDOWS\system\lsvchost.exe
Virus:Trj/Downloader.ANY Disinfected C:\WINDOWS\system\mssecure.exe
Adware:Adware/PurityScan No disinfected C:\WINDOWS\system32\bordvflk.dll
Virus:Trj/Zapchast.D Disinfected C:\WINDOWS\system32\c.bat
Virus:W32/Dedler.AE.worm Disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\718WSDKK\ftch32b[1].exe
Virus:Trj/Downloader.AQL Disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\AD7HJRM9\ldrx32c[1].exe
Virus:Trj/Qhost.AA Disinfected C:\WINDOWS\system32\drivers\etc\1.hosts
Virus:Trj/Qhost.AF Disinfected C:\WINDOWS\system32\drivers\etc\hosts
Virus:W32/Dedler.AE.worm Disinfected C:\WINDOWS\system32\ftch32b.exe
Adware:Adware/NSearch No disinfected C:\WINDOWS\system32\in10b6s.dll
Adware:Adware/404Search No disinfected C:\WINDOWS\system32\k404SearchSetup_MS14.exe
Virus:W32/Dedler.R.worm Disinfected C:\WINDOWS\system32\lassa32b.exe
Virus:Bck/Agent.EP Disinfected C:\WINDOWS\system32\lassa32i.exe
Virus:W32/Dedler.AA.worm Disinfected C:\WINDOWS\system32\lassa32j.exe
Virus:Trj/Downloader.AQL Disinfected C:\WINDOWS\system32\ldrx32c.exe
Adware:Adware/BHO No disinfected C:\WINDOWS\system32\mscfg.dll.tcf
Virus:W32/Sdbot.ftp Disinfected C:\WINDOWS\system32\o
Virus:W32/Sdbot.BVH.worm Disinfected C:\WINDOWS\system32\roba32d.exe
Virus:W32/Dedler.AD.worm Disinfected C:\WINDOWS\system32\roba32e.exe
Virus:Trj/Downloader.ANY Disinfected C:\WINDOWS\system32\roba32f.exe
Adware:Adware/PurityScan No disinfected C:\WINDOWS\system32\RGEDIT~1.EXE
Edited by starman91, 11 April 2005 - 06:11 PM.