I traced some of the eZula back to a program that's been installed in my programs called TopTool iLookup. I went to Add/Remove programs, but it's not listed there, and there is no uninstall function.

Any ideas?

Please do this.
Download 'Hijack This!'. http://www.spywareinfo.com/~merijn/files/HijackThis.exe
Save it in a convenient permanent folder such as C:\HJT\, double click HijackThis.exe, and hit "Scan".

Your copy of HijackThis needs to be in a folder of it's own. When HJT fixes anything, it makes backups of the original files in the folder it is in. Since Temporary folders are emptied now and then (the files are DELETED), it would not be a good idea to have your backups there. Those backups would be VITAL to restoring your system if something went wrong in the FIX process!


1. Please go to you're 'My Documents' folder, right-click and select 'New > Folder' then name the folder 'HJT'.

2. Copy and paste HijackThis.exe to the new folder.

3. Close ALL windows except HJT

4. SCAN with HJT

5. POST the new log in this thread using 'Add Reply'

DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL WE CHECK THE LOG, AS SOME OF THE FILES ARE LEGIT AND VITAL TO YOUR COMPUTER'S HEALTH

Thanks, caperjack. I'll do it tonight.

I tried the other spyhunter program, but was reluctant to make the purchase to fix the many "hits" until I had reviewed this site more and had seen what others had done for a fix.

I wouldn't purchase anything like that. I don't know what program you used, but a lot of times some of the ones that tell you that you have to purchase the full program to fix your problems are not legit. They give you false positives to convince you to buy their program. Almost any spyware/adware programs you need you can find for free...a couple of good examples are Adaware and Spybot Search and Destroy.

There are links to several helpful utilities in this thread:
http://www.daniweb.com/techtalkforums/thread5690.html

Post a Hijackthis log (explained in that thread -- make sure you get version 1.99) and we can help you get rid of eZula and whatever else you may have

All good info. Couldn't get to it last night. I, Robot grabbed my attention.

Logfile of HijackThis v1.99.0
Scan saved at 11:55:10 AM, on 12/18/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Compaq\EAB\EabServr.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\America Online 9.0a\aoltray.exe
C:\Program Files\ISS\BlackICE\blackice.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Intrigue Technologies\Harmony Remote\EasyZapperMonitor.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Intrigue Technologies\Harmony Remote\EasyZapperManagerExe.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\ISS\BlackICE\blackd.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\WINDOWS\system32\mdm.exe
C:\My Documents\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/yessen.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kusa.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/yessen...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://store.presario.net/scripts/re...c=1c02&lc=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [Cpqset] c:\compaq\cpqsetup\cpqset.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [EPSON Stylus C82 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE /P23 "EPSON Stylus C82 Series" /O3 "usb" /M "Stylus C82"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [EPSON Stylus C82 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE /P32 "EPSON Stylus C82 Series (Copy 1)" /O6 "USB001" /M "Stylus C82"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: BlackICE PC Protection.lnk = C:\Program Files\ISS\BlackICE\blackice.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Harmony Monitor.lnk = C:\Program Files\Intrigue Technologies\Harmony Remote\EasyZapperMonitor.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Advisor - {62CC2E89-A512-4453-B155-6549CC6C77EB} - C:\Program Files\COMPAQ\Compaq Advisor\bin\rbaLauncher.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .wmv: C:\Program Files\Compaq\Netscape Custom NA XP\PLUGINS\npdsplay.dll
O16 - DPF: Microsoft WFC Forms Designer - file://D:\VJ98\wfcforms.cab
O16 - DPF: Visual Studio 6 Extensibility Libraries - file://D:\VJ98\vstudio6.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = linthicum.md.smcteam.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = linthicum.md.smcteam.com
O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service - Unknown - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\blackd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Norton AntiVirus Client - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\rapapp.exe
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Scan with hijackthis and tick the boxes next to all the following entries, then close all browser and explorer windows, and hit the "Fix checked" button.

O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - Startup: PowerReg Scheduler.exe

O9 - Extra button: Advisor - {62CC2E89-A512-4453-B155-6549CC6C77EB} - C:\Program Files\COMPAQ\Compaq Advisor\bin\rbaLauncher.exe (file missing) (HKCU)

Reboot and delete the C:\PROGRA~1\ezula<----folder

I checked these lines and ran the Fix Checked. Reran the scan, and these lines are verified gone.

I must have deleted the C:\PROGRA~1\ezula<----folder before I posted here, because this folder was already in my recycle bin.

Anything else I should do?