Cyberanswers is now on youtube

Register a free account
ne nw
Crawlability Inc. Files for SEO Technology Patent
se sw

Go Back   Forum Index > Internet > Spyware / Virus Removal
Reload this Page Popups have seized my computer
The Software Store
Register Members List Social Groups Calendar Search Today's Posts Mark Forums Read FAQ

Spyware / Virus Removal Spyware, virus, browser hijack and other malware removal.

Closed Thread
Page 4 of 24 « First 23 4 5614 Last »
 
Thread Tools Display Modes
  #31  
Old 03-24-2005, 01:14 PM
skinsfan87 skinsfan87 is offline
Senior Member
  
Join Date: Mar 2005
Posts: 141
which scan should i run?
Sponsored Links

  #32  
Old 03-24-2005, 01:16 PM
Mobo's Avatar
Mobo Mobo is offline
Thinking outside the box
  
Join Date: Sep 2004
Location: Cape Breton
Posts: 4,612
Send a message via MSN to Mobo
im working on it..
__________________
[Only Registered and Activated Users Can See Links. Click Here To Register...] [Only Registered and Activated Users Can See Links. Click Here To Register...]
  #33  
Old 03-24-2005, 01:22 PM
Mobo's Avatar
Mobo Mobo is offline
Thinking outside the box
  
Join Date: Sep 2004
Location: Cape Breton
Posts: 4,612
Send a message via MSN to Mobo
Ok then lets try it this way for now.

Download this and leave it onm the desktop
[Only Registered and Activated Users Can See Links. Click Here To Register...]

then download this as well
[Only Registered and Activated Users Can See Links. Click Here To Register...]


Reboot into safe mode:

open task manager and end task these if present:
vlavmm.exe
desktop.exe



Now open killbox.exe, in the space provided paste
C:\WINDOWS\isrvs\desktop.exe
then tick "delete on reboot"
then tick "the red x"
<span style="color:red">Do not reboot when prompted</span>

then do the same for these:
C:\WINDOWS\system32\vlavmm.exe
C:\WINDOWS\isrvs\ffisearch.exe
C:\WINDOWS\system32\hldub.exe
C:\WINDOWS\isrvs\mfiltis.dll

Close killbox without rebooting

open hoster.exe and click "restore original hosts file"
then tick "make hosts file read only"

Close that program

open mcafee and run a full scan while still in safe mode

Reboot normally and give me a fresh hijack log.
__________________
[Only Registered and Activated Users Can See Links. Click Here To Register...] [Only Registered and Activated Users Can See Links. Click Here To Register...]
  #34  
Old 03-24-2005, 01:38 PM
skinsfan87 skinsfan87 is offline
Senior Member
  
Join Date: Mar 2005
Posts: 141
i have somewhere to go right now but i will do this when i get back in about an hour. thanks alot.
  #35  
Old 03-24-2005, 01:44 PM
skinsfan87 skinsfan87 is offline
Senior Member
  
Join Date: Mar 2005
Posts: 141
my mcafee just found a vondo virus. im running a full scan on it right now
  #36  
Old 03-24-2005, 01:50 PM
Mobo's Avatar
Mobo Mobo is offline
Thinking outside the box
  
Join Date: Sep 2004
Location: Cape Breton
Posts: 4,612
Send a message via MSN to Mobo
Im going out on a service call bnow as well but will check in when I return
__________________
[Only Registered and Activated Users Can See Links. Click Here To Register...] [Only Registered and Activated Users Can See Links. Click Here To Register...]
  #37  
Old 03-24-2005, 03:12 PM
skinsfan87 skinsfan87 is offline
Senior Member
  
Join Date: Mar 2005
Posts: 141
well im gonna try your directions now.
  #38  
Old 03-24-2005, 04:55 PM
skinsfan87 skinsfan87 is offline
Senior Member
  
Join Date: Mar 2005
Posts: 141
i did what you said and desktop.exe is still there. but here is the fresh log.

Logfile of HijackThis v1.99.1
Scan saved at 4:51:51 PM, on 3/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.ex e
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\ncun.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Only Registered and Activated Users Can See Links. Click Here To Register...]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = [Only Registered and Activated Users Can See Links. Click Here To Register...]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINDOWS\isrvs\sysupd.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.ex e
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.ex e /auto
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\vlavmm.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VBundleOuterDL] C:\Program Files\VBouncer\BundleOuter.EXE
O4 - HKLM\..\Run: [nsvcin] C:\WINDOWS\system32\n20050308.exe
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\system32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [picsvr] C:\WINDOWS\system32\picsvr\picsvr.exe
O4 - HKCU\..\Run: [Swtu] C:\WINDOWS\system32\hldub.exe
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Verizon Online Dialer.lnk = C:\Program Files\Common Files\Verizon Online\ConnMgr\Verizon Online.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: RaptisoftGameLoader - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: Yahoo! Graffiti - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: Yahoo! Word Racer - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {36A59337-6EEF-40AE-94B1-ED443A0C4740} - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} (hostCntrlIE Class) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F0648E8-D53B-478A-91DC-9725A4A8F600}: NameServer = 199.45.32.43 199.45.32.38
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll
O20 - Winlogon Notify: Reliability - C:\WINDOWS\system32\h6n00g5me6.dll
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe (file missing)

please help me get rid of all this ****.
  #39  
Old 03-24-2005, 07:08 PM
skinsfan87 skinsfan87 is offline
Senior Member
  
Join Date: Mar 2005
Posts: 141
hello?
  #40  
Old 03-24-2005, 08:00 PM
skinsfan87 skinsfan87 is offline
Senior Member
  
Join Date: Mar 2005
Posts: 141
mobo? ya there?
Closed Thread
Page 4 of 24 « First 23 4 5614 Last »

Bookmarks

« Previous Thread | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Computer powers on by it self kadu1669 Software 2 12-19-2008 09:24 PM
A whole new look to your computer... Raistlfiren Customizing | 2000 | XP | VISTA 16 10-08-2005 03:21 PM
Computer Infested With Tons Of Spyware ScionStatic Spyware / Virus Removal 3 07-23-2005 09:03 PM
Trojandownloader And Unremovable Files- Woes Me ibrbrt Spyware / Virus Removal 9 06-18-2005 12:28 PM
Computer Associates eTrust Intrusion Detection Mobo Security Alerts and vulnerabilities 0 04-07-2005 10:33 PM


All times are GMT -5. The time now is 01:53 AM.

Contact Us - CyberAnswers - Archive - Privacy Statement - Top

234x60
Bulletin Board Custom Version by Mobo
Copyright © 2004-2007 Cyberanswers.org All rights reserved