0

My computer is infected with some really nastyware. Noticeable symptoms are pop-ups. Looking around other sites, I think I have a look2me/VX2/ActiveX problem, but I don't really know what that means.

I initially downloaded HJT, Adaware, Spybot, Microsoft Antispyware, and AVG. I then added the VX2 Add-on to adaware and attempted to use the L2mfix, unsuccessfully. So I disabled my internet access, went into safemode, and scanned with everything I have.

Unfortunately, most scans have come up with results, and supposedly fixed problems, but the symptoms are still occurring. Now most scans yield no results. However, the Adaware VX2 add-on, which couldn't fix the problem, created this report: "Posssible new VX2 variant file C:\WINDOWS\system32\u4ru0e99eh.dll". Every time I restart my computer and use the add-on, I get a different filename, which I am unable to modify.

I finally scanned my computer with Spyware Doctor and have received a large list of infections. I can't FIX these infections because the SD I downloaded is not registered.

This is the report:
"Scans (basic information only):

Scan Results:
scan start: 09/11/2005 19:58:32
scan stop: 09/11/2005 20:12:58
scanned items: 112696
found items: 121
found and ignored: 0
tools used: General Scanner, Process Scanner, Hosts scanner, LSP Scanner, Registry Scanner, Browser Defaults, Favorites and ZoneMap Scanner, ActiveX Scanner, Browser Activity Scanner, Disk Scanner

Infection Name Location Risk
Azesearch Toolbar HKCR\AzEntretien.Loader High
Azesearch Toolbar HKCR\AzEntretien.Loader## High
Azesearch Toolbar HKCR\AzEntretien.Loader\CLSID High
Azesearch Toolbar HKCR\AzEntretien.Loader\CLSID## High
Azesearch Toolbar HKCR\AzEntretien.Loader\CurVer High
Azesearch Toolbar HKCR\AzEntretien.Loader\CurVer## High
Azesearch Toolbar HKLM\SOFTWARE\AzEntretienCo High
Azesearch Toolbar HKLM\SOFTWARE\AzEntretienCo## High
Azesearch Toolbar HKLM\SOFTWARE\AzEntretienCo\AzEntretien High
Azesearch Toolbar HKLM\SOFTWARE\AzEntretienCo\AzEntretien## High
Azesearch Toolbar HKLM\SOFTWARE\AzEntretienCo\AzEntretien##skip High
I-Search Desktop Search Toolbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920} Elevated
I-Search Desktop Search Toolbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}## Elevated
I-Search Desktop Search Toolbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}##Contact Elevated
I-Search Desktop Search Toolbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}##DisplayName Elevated
I-Search Desktop Search Toolbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}##DisplayVersion Elevated
I-Search Desktop Search Toolbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}##NoModify Elevated
I-Search Desktop Search Toolbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}##NoRemove Elevated
I-Search Desktop Search Toolbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}##NoRepair Elevated
I-Search Desktop Search Toolbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}##UninstallString Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\cmdService Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\cmdService## Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\cmdService##Type Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\cmdService##Start Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\cmdService##ErrorControl Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\cmdService##ImagePath Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\cmdService##DisplayName Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\cmdService##ObjectName Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Security Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Security## Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Security##Security Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum## Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum##0 Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum##Count Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum##NextInstance Elevated
TargetSavers HKCU\Software\tsl2 High
TargetSavers HKCU\Software\tsl2## High
TargetSavers HKCU\Software\tsl2##Tsl2HWND High
7AdPower HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0D62A517-E7C6-4E1F-A577-07D4AC549A48} Medium
7AdPower HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0D62A517-E7C6-4E1F-A577-07D4AC549A48}\iexplore Medium
Azesearch Toolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0D2DEF3A-F4F1-42EC-AC4F-132E7BA6E292} High
Azesearch Toolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0D2DEF3A-F4F1-42EC-AC4F-132E7BA6E292}\iexplore High
Azesearch Toolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A19EF336-01D4-48E6-926A-FE7E1C747AED} High
Azesearch Toolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A19EF336-01D4-48E6-926A-FE7E1C747AED}\iexplore High
Azesearch Toolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DA7FF3F8-08BE-4CAC-BC00-94D91C6AE7F4} High
Azesearch Toolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DA7FF3F8-08BE-4CAC-BC00-94D91C6AE7F4}\iexplore High
Azesearch Toolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F65B197F-8260-4D52-909A-F70118E646EB} High
Azesearch Toolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F65B197F-8260-4D52-909A-F70118E646EB}\iexplore High
Common Components for AZE nEtwork HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7BF3304-138B-4DD5-86EE-491BB6A2286C} Medium
Common Components for AZE nEtwork HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7BF3304-138B-4DD5-86EE-491BB6A2286C}\iexplore Medium
Common Components for WindUpdates HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} Medium
Common Components for WindUpdates HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6}\iexplore Medium
ISTbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C559105-9ECF-42B8-B3F7-832E75EDD959} High
ISTbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C559105-9ECF-42B8-B3F7-832E75EDD959}\iexplore High
MediaGateway HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} Elevated
MediaGateway HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8}\iexplore Elevated
YourSiteBar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658} High
YourSiteBar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}\iexplore High
Starware C:\DOCUME~1\CAPTAI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\GHMZGHER\starware[1].css Low
VX2.Look2Me C:\DOCUME~1\CAPTAI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OXU3G9UN\yyy65[1].htm High
Starware C:\DOCUME~1\CAPTAI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\UPKXMT67\weather_01[1].gif Low
VX2.Look2Me C:\DOCUME~1\CAPTAI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OXU3G9UN\laptop[1].swf High
VX2.Look2Me C:\DOCUME~1\CAPTAI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\UPKXMT67\dating03[1].swf High
Known Bad Sites C:\DOCUME~1\CAPTAI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OXU3G9UN\get[1].media High
VX2.Look2Me C:\DOCUME~1\CAPTAI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\UPKXMT67\laptop[1].rgn High
Known Bad Sites C:\DOCUME~1\CAPTAI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\UPKXMT67\pc[1].htm High
VX2.Look2Me C:\DOCUME~1\CAPTAI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\GHMZGHER\PopupV2A[1].htm High
Known Bad Sites C:\DOCUME~1\CAPTAI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\UPKXMT67\get[1].media High
VX2.Look2Me C:\DOCUME~1\CAPTAI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\GHMZGHER\PopupV2A[4].htm High
Known Bad Sites C:\DOCUME~1\CAPTAI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPER4TIV\457[1].gif High
VX2.Look2Me C:\DOCUME~1\CAPTAI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OXU3G9UN\cellphones02[1].swf High
Starware C:\DOCUME~1\CAPTAI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPER4TIV\weather_01[1].htm Low
VX2.Look2Me C:\DOCUME~1\CAPTAI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPER4TIV\PopupV2A[4].htm High
VX2.Look2Me C:\DOCUME~1\CAPTAI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPER4TIV\PopupV2A[1].htm High
Known Bad Sites C:\DOCUME~1\CAPTAI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OXU3G9UN\banner_728x90_carnival_gun(ipod)[1].swf High
Starware C:\DOCUME~1\CAPTAI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\UPKXMT67\hbx[1].js Low
VX2.Look2Me C:\DOCUME~1\CAPTAI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OXU3G9UN\internet05[1].rgn High
VX2.Look2Me C:\DOCUME~1\CAPTAI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\GHMZGHER\PopupV2A[2].htm High
VX2.Look2Me C:\DOCUME~1\CAPTAI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OXU3G9UN\PopupV2A[4].htm High
Affiliated with Browser Hijackers C:\DOCUME~1\CAPTAI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OXU3G9UN\index[6].htm Elevated
Known Bad Sites C:\DOCUME~1\CAPTAI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPER4TIV\v4flash[1].js High
VX2.Look2Me C:\DOCUME~1\CAPTAI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\GHMZGHER\internet05[1].swf High
VX2.Look2Me C:\DOCUME~1\CAPTAI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\UPKXMT67\cellphones02[1].rgn High
VX2.Look2Me C:\DOCUME~1\CAPTAI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OXU3G9UN\PopupV2A[3].htm High
VX2.Look2Me C:\DOCUME~1\CAPTAI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPER4TIV\PopupV2A[3].htm High
VX2.Look2Me C:\DOCUME~1\CAPTAI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\UPKXMT67\PopupV2A[2].htm High
VX2.Look2Me C:\DOCUME~1\CAPTAI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPER4TIV\dating03[1].rgn High
VX2.Look2Me C:\DOCUME~1\CAPTAI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\UPKXMT67\PopupV2A[3].htm High
VX2.Look2Me C:\DOCUME~1\CAPTAI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OXU3G9UN\PopupV2A[5].htm High
7AdPower C:\DOCUME~1\CAPTAI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OXU3G9UN\orca-screen[1].jpg Medium
VX2.Look2Me C:\DOCUME~1\CAPTAI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\UPKXMT67\PopupV2A[1].htm High
Affiliated with Browser Hijackers C:\DOCUME~1\CAPTAI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPER4TIV\index[5].htm Elevated
VX2.Look2Me C:\DOCUME~1\CAPTAI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPER4TIV\PopupV2A[2].htm High
Affiliated with Browser Hijackers C:\DOCUME~1\CAPTAI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\GHMZGHER\index[3].htm Elevated
7AdPower C:\DOCUME~1\CAPTAI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPER4TIV\auto02[1].jpg Medium
7AdPower C:\DOCUME~1\CAPTAI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPER4TIV\bella18[1].jpg Medium
7AdPower C:\DOCUME~1\CAPTAI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\GHMZGHER\manga[1].jpg Medium
VX2.Look2Me C:\DOCUME~1\CAPTAI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\UPKXMT67\PopupV2A[4].htm High
7AdPower C:\DOCUME~1\CAPTAI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\GHMZGHER\002[1].jpg Medium
VX2.Look2Me C:\DOCUME~1\CAPTAI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OXU3G9UN\PopupV2A[6].htm High
Known Bad Sites C:\DOCUME~1\CAPTAI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\UPKXMT67\get[1].htm High
7AdPower C:\DOCUME~1\CAPTAI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OPER4TIV\celbr[1].jpg Medium
7AdPower C:\DOCUME~1\CAPTAI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OXU3G9UN\tombraider-screen[1].jpg Medium
7AdPower C:\DOCUME~1\CAPTAI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\GHMZGHER\fantasy[1].jpg Medium
7AdPower C:\DOCUME~1\CAPTAI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OXU3G9UN\send_ocx_sof[1].htm Medium
VX2.Look2Me C:\DOCUME~1\CAPTAI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OXU3G9UN\PopupV2A[1].htm High
Affiliated with Browser Hijackers C:\DOCUME~1\CAPTAI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OXU3G9UN\index[10].htm Elevated
Starware C:\DOCUME~1\CAPTAI~1\LOCALS~1\Temp\Cookies\captain [email]awesome@www.starware[1].txt[/email] Low
Known Bad Sites C:\DOCUME~1\CAPTAI~1\LOCALS~1\Temp\Cookies\captain [email]awesome@landing.domainsponsor[1].txt[/email] High
Starware C:\DOCUME~1\CAPTAI~1\LOCALS~1\Temp\Cookies\captain [email]awesome@h.starware[2].txt[/email] Low
Azesearch Toolbar C:\WINDOWS\azesearch.bmp High
Zestyfind C:\WINDOWS\icont.exe Elevated
SP2Update C:\WINDOWS\teller2.chk High
VX2.Look2Me C:\installer.exe High
TargetSavers C:\Program Files\Common Files\muoz\muozd\class-barrel High
TargetSavers C:\Program Files\Common Files\muoz\muozd\vocabulary High
TargetSavers C:\Program Files\Common Files\muoz\muozp.exe High
I-Search Desktop Search Toolbar C:\RECYCLER\S-1-5-21-4267727553-162614391-1580500317-1006\Dc12.dll Elevated
I-Search Desktop Search Toolbar C:\RECYCLER\S-1-5-21-4267727553-162614391-1580500317-1006\Dc13._ Elevated
ISTbar C:\regular_plugin.exe High


Other Sections:

Copyright © 2003 PC Tools Research Pty Ltd. All rights reserved. Legal Notice "

I also have Finditnt2000xp and Hijack This!, and I can post those results if anyone requires them.

I would be incredibly grateful if someone could please help me out with getting rid of the adware/trojan/spawnofhell

Thanks for your time.

EDIT: I also made sure that all hidden folders were viewable, and all extensions and files were viewable before scanning.

3
Contributors
2
Replies
3
Views
11 Years
Discussion Span
Last Post by inlove2jc
0

Hi,
Download CleanUp and install it. Run it and click "Options.." button. Here move the "Quick Setup" slider to "Thorough Cleanup" position. Uncheck the option "Delete Favorites Palces/Bookmarks", if you have any bookmarks. Click "OK" to return to main window, and click "CleanUp!" to start cleaning. After it completes, click "Close" and click "No" to avoid logging off.


Download HijackThis and unzip it to dedicated folder (like C:\HijackThisFolder\hijackthis.exe).
Then run it and click the button Do a System scan and save log file. HijackThis will perform a scan and saves the log file as hijackthis.log in the same folder where it is installed and it also opens the file automatically.
Copy the entire contents of the file and post it this Section.

0

Hello!
I do appreciate your offer of helping us regarding this annoying malwares problem. I'm also experiencing problems regarding this matter and even the spyware doctor can't fix it. As suggested, I did the CleanUp tool and the hijackthis tool and here's the logs:

Logfile of HijackThis v1.99.1
Scan saved at 20:15:52, on 02/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\VM_STI.EXE
C:\dfndrb_3.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\msconfig.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Berlie's FILES\Installers\PC Cleaner Tools\hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE A4 Tech USB PC Camera
O4 - HKLM\..\Run: [keyboard] C:\\kybrdb_3.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmb_3.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrb_3.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: msconfig.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: Nls - C:\WINDOWS\system32\jasd400.dll (file missing)
O20 - Winlogon Notify: Reliability - C:\WINDOWS\system32\dzmv2clt.dll (file missing)
O20 - Winlogon Notify: RunOnce - C:\WINDOWS\system32\o0480ahued480.dll (file missing)
O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\kt26l7fs1.dll (file missing)
O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\ezpsrv.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\bmFtZQ\command.exe (file missing)
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

hope you can help me as well with this matter. Thank you and God bless.

Attachments
Logfile of HijackThis v1.99.1
Scan saved at 20:15:52, on 02/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\VM_STI.EXE
C:\dfndrb_3.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\msconfig.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Berlie's FILES\Installers\PC Cleaner Tools\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE A4 Tech USB PC Camera
O4 - HKLM\..\Run: [keyboard] C:\\kybrdb_3.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmb_3.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrb_3.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: msconfig.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: Nls - C:\WINDOWS\system32\jasd400.dll (file missing)
O20 - Winlogon Notify: Reliability - C:\WINDOWS\system32\dzmv2clt.dll (file missing)
O20 - Winlogon Notify: RunOnce - C:\WINDOWS\system32\o0480ahued480.dll (file missing)
O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\kt26l7fs1.dll (file missing)
O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\ezpsrv.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\bmFtZQ\command.exe (file missing)
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.