republican-creole
site Search:


Home Reviews Tools Forums FAQs Find Service ISP News Maps About  
 
    All Forums Hot Topics Gallery






how-to block ads

  
Forums >

Broadband Tech > Security > Security > ZZB.exe Is it a virus?

Search Topic:
 Uniqs:
3130		 Share Topic
Posting?
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
AuthorAll Replies


hitachi369
Embrace Your Rights
Premium
join:2001-10-03
Grand Rapids, MI
kudos:4
Reviews:
·AT&T U-Verse
1 edit

ZZB.exe Is it a virus?

I jumped on my brothers computer, to patch and update his virus def. and when I logged on this popped up, I did a search for it and I found it in my system32 folder. Is this a normal windows file? Norton says its clean but the first few hits on google make me think other wise...
--
Wunderbar! Let's hit it!

-Nightcrawler
to forum · permalink · 2004-03-03 10:52:03 ·


Vampirefo
Premium,MVM
join:2000-12-11
Huntington, WV
kudos:1

Re: ZZB.exe

Send me a copy vampirefo@yahoo.com
--
Spam Officially Legal
to forum · permalink · 2004-03-03 10:54:52 ·

kpatz
MY HEAD A SPLODE
Premium
join:2003-06-13
Manchester, NH

Go to Kaspersky's online file checker here: »www.kaspersky.com/remoteviruschk.html

and submit the file. If it's a known threat, it'll tell you.

to forum · permalink · 2004-03-03 10:57:16 ·


pieter arntz

join:2002-02-26
Netherlands

reply to hitachi369

Re: ZZB.exe Is it a virus?

Very likely a variant of
»sarc.com/avcenter/venc/data/adwa···old.html
If it is the same one I found, it has been submitted to NAV, AAW and SSD 3 weeks ago.
--
Metallica rulez
to forum · permalink · 2004-03-03 11:07:16 ·


Vampirefo
Premium,MVM
join:2000-12-11
Huntington, WV
kudos:1
1 edit

reply to hitachi369
It's spyware. it copies itself to System32\zzb.exe adds itself to run then tries to download from »tool4ame.com.

SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects new goglue foostringwithmlupd goglue iagold rien error »tool4ame.com/stat2.php?action=ne···ithMLupd ebn criss Goglue key removed done »tool4ame.com/iagold.exe dwn \iagold.exe Identification : Dllpath : Subkey : {1E1B2879-88FF-11D2-8D96-D7ACAC92927F} {1E1B2879-88FF-11D2-8D96-D7ACAC87872F} {1E1B2879-88FF-11D2-8D96-D7ACAC98982F} \InprocServer32 CLSID\ 
--
Spam Officially Legal

to forum · permalink · 2004-03-03 11:18:15 ·


hitachi369
Embrace Your Rights
Premium
join:2001-10-03
Grand Rapids, MI
kudos:4

reply to hitachi369
Thank You ALL:)

Ran both ad-aware and S&D, hopefully they cleaned up the mess that my brother made
--
Wunderbar! Let's hit it!
-Nightcrawler

to forum · permalink · 2004-03-03 11:31:58 ·

Tablet
Premium
join:2003-01-15
Czech

reply to hitachi369
Now detected by KAV as TrojanDownloader.Win32.Small.ez.
McAfee now detects it as Adware-IAGold.dldr

to forum · permalink · 2004-03-03 17:01:48 ·

interclik

join:2002-11-03
Brossard, QC

reply to Vampirefo
HELP Tell me how to get rid of this zzb CRAP. I tried the VB script posted and STILL it returns. I tried selective starts (msconfig) and miss it , Thanks. Gil

to forum · permalink · 2004-03-06 14:22:07 ·


jvmorris
I Am The Man Who Was Not There.
Premium,MVM
join:2001-04-03
Reston, VA

What I'm reading is that it also copies itself to randomly named files and leaves registry entries behind. That's all I know about it at the moment.
--
Regards, Joseph V. Morris

to forum · permalink · 2004-03-06 14:35:10 ·


Zupe
Premium,MVM
join:2001-11-29
New York, NY
1 edit

reply to interclik
This one is showing up in about half the Hijack This logs I've seen of late. It's fairly easy to get rid of, but I'll need to see a Hijack This log. Please download Hijack This from here: »www.computercops.biz/downloads-file-328.html . Unzip the files to an actual directory (ex. C:\HJT) then run Hijack This. On the opening screen, click the scan button, then choose save log file, save it somewhere, open the log file with a text editor and copy and paste the contents here.
--
Brain: Pinky, are you pondering what I'm pondering?
Pinky: I think so, Brain, but "Snowball for Windows"?

to forum · permalink · 2004-03-06 15:00:55 ·

interclik

join:2002-11-03
Brossard, QC

Zupe here is my logfile...
Logfile of HijackThis v1.97.7
Scan saved at 5:42:29 PM, on 3/6/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\lexbces.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\LEXPPS.EXE
C:\Program Files\PopUp Killer\PopUpKiller.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE
C:\Program Files\The Cleaner\tcm.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Maximizer\MxFinder.exe
C:\Program Files\Maximizer\MxAlarm.exe
C:\QUICKENW\QWDLLS.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\hj\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = »interclik.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = »www.interclik.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Sympatico
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:14000
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = »interclik.com/
R3 - Default URLSearchHook is missing
O1 - Hosts: 209.68.60.180 www.interclik.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {AD1ACCE6-4D2B-6D0F-ECD2-DC3DCCBB60B5} - C:\WINDOWS\system32\iowdnrgq.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [PopUpKiller] C:\Program Files\PopUp Killer\PopUpKiller.EXE
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [EPSON Stylus C42 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE /P32 "EPSON Stylus C42 Series (Copy 1)" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [iobhqqxv] C:\WINDOWS\zvdpfvbz.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [aqbvvcap] C:\WINDOWS\System32\wzwbidyo.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: MaxFinder.lnk = C:\Program Files\Maximizer\MxFinder.exe
O4 - Global Startup: MaxAlarm.lnk = C:\Program Files\Maximizer\MxAlarm.exe
O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O8 - Extra context menu item: &NeoTrace It! - C:\Program Files\NeoTrace Express\NTXcontext.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: ICQ (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Documents Expert (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O9 - Extra button: NeoTrace It! (HKCU)
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin4.dll
O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .tif: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O16 - DPF: HushEncryptionEngine - »mailserver1.hushmail.com/shared/···gine.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - »office.microsoft.com/officeupdat···opuc.cab
O16 - DPF: {8B6193F1-837F-11D4-89E6-0050DA666184} (Sol2axctl Class) - »download.solitaire.com/download/···aire.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - »v4.windowsupdate.microsoft.com/C···21990741
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - »download.macromedia.com/pub/shoc···lash.cab
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} (CTAdjust Class) - »download.microsoft.com/download/···radj.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A344654-2998-4861-87F3-0AD22E23F3CC}: Domain = istop.com

to forum · permalink · 2004-03-06 17:44:07 ·


Zupe
Premium,MVM
join:2001-11-29
New York, NY

said by interclik:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {AD1ACCE6-4D2B-6D0F-ECD2-DC3DCCBB60B5} - C:\WINDOWS\system32\iowdnrgq.dll

O4 - HKLM\..\Run: [iobhqqxv] C:\WINDOWS\zvdpfvbz.exe

O4 - HKLM\..\Run: [aqbvvcap] C:\WINDOWS\System32\wzwbidyo.exe

O16 - DPF: HushEncryptionEngine - »mailserver1.hushmail.com/shared/···gine.cab

O16 - DPF: {8B6193F1-837F-11D4-89E6-0050DA666184} (Sol2axctl Class) - »download.solitaire.com/download/···aire.cab
Given your user name, I assume all the INterclik items are legitimate What about this one? O17 - HKLM\System\CCS\Services\Tcpip\..\{7A344654-2998-4861-87F3-0AD22E23F3CC}: Domain = istop.com

With all browser windows closed, rescan with Hijack This, put a check next to the items I quoted above and click "Fix checked" (if the istop.com entry isn't legit, fix that one as well). Reboot, scan again with Hijack This and post a new log here.
--
Brain: Pinky, are you pondering what I'm pondering?
Pinky: I think so, Brain, but "Snowball for Windows"?
to forum · permalink · 2004-03-06 20:24:14 ·


nainai

@dsl.pltn13.pacbell.n

hayY!! i have that bulltwinkie on my computer too!! HELP!!!!! nailovesya@hotmail.com, if i could get some assistance with this rediculous pop up krap windows that zzb.exe keeps shoveling down my neck, it would be greatly appreciated! thanks.

to forum · permalink · 2004-03-07 00:43:55 ·

interclik

join:2002-11-03
Brossard, QC

reply to hitachi369
PROBLEM SOLVED!!!!!!

I followed your instructions except for:
a) all interclik stuff...
b) one Hush encryption engine

BTW., I downloaded KAV personal professional, as suggested somewhere that is removed zzb. IT DIDN'T!

Many thanks, I owe you one!

Gil

to forum · permalink · 2004-03-07 10:32:24 ·

precioustr1

join:2004-03-09
Lincoln Park, NJ

reply to hitachi369
I have the system32 folder on my computer too

to forum · permalink · 2004-03-09 01:56:55 ·


Sparrow
Crystal Sky
Premium
join:2002-12-03
Sachakhand

precioustr1 - Stay in the thread you started, so everyone knows this is a new problem.
»How do I get rid of it?

to forum · permalink · 2004-03-09 02:02:02 ·

Gavin_TH

join:2003-04-03
Australia

reply to hitachi369
..and submit those random EXE files
zvdpfvbz.exe
wzwbidyo.exe

Using the submit suspected malware link
»Security »I think my computer is infected or hijacked. What should I do?
--
Gavin Coe
DiamondCS Analyst
»www.diamondcs.com.au

to forum · permalink · 2004-03-09 02:17:51 ·

precioustr1

join:2004-03-09
Lincoln Park, NJ

reply to Sparrow
I am new to this site so I really dont know what to do...sorry

to forum · permalink · 2004-03-09 02:19:07 ·

srt4eh

join:2004-03-13
Milwaukee, WI

reply to hitachi369
here is my log file....Please help me!

Logfile of HijackThis v1.97.7
Scan saved at 11:33:07 AM, on 3/13/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton Personal Firewall\SymProxySvc.exe
C:\Program Files\Norton Personal Firewall\NISSERV.EXE
C:\WINDOWS\System32\ltmsg.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\MMKeybd.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Netropa\Traymon.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Dell Computer\Dell Image Expert\IXApplet.exe
C:\PROGRA~1\Grisoft\AVG6\AVGCC32.EXE
C:\PROGRA~1\Grisoft\AVG6\avgw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Eddie Heinzelman\Local Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = »www.blazefind.com/search.php?search=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = »www.blazefind.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = »yahoo.sbc.com/dial
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = »www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = »yahoo.sbc.com/dial
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = »rd.yahoo.com/customize/sbcy/defa···/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = »www.blazefind.com/search_page.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = »www.blazefind.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = »www.dodge.com/srt-4/index.html?c···type=top
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = »www.ubi.com/login/newuser?l=en
R3 - URLSearchHook: (no name) - {DD1BCA06-F674-424D-A08E-42DA97C4D5DD} - (no file)
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\bi.dll
O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - C:\WINDOWS\System32\n3tpa1p.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_12_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {2CBD0A05-CEF9-1ECD-69F0-260EE5ABCADB} - C:\WINDOWS\system32\vhtisyni.dll
O2 - BHO: (no name) - {2CF0B992-5EEB-4143-99C0-5297EF71F443} - C:\WINDOWS\System32\stlbdist.DLL
O2 - BHO: (no name) - {576EB0AD-6980-11D5-A9CD-0001032FEE17} - C:\Program Files\Yahoo!\common\ycheckh.dll
O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll
O2 - BHO: (no name) - {96DE711E-53E1-44FF-A151-6A4747EDC054} - C:\WINDOWS\System32\iccaapi.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D8E25C53-9508-4f5c-9249-D98D438891D5} - C:\WINDOWS\System32\ssurf022.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: IE Search Bar - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_12_0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [SBC Yahoo! Connection Manager] "C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe"
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [cqirhfem] C:\WINDOWS\cudguqnm.exe
O4 - HKLM\..\Run: [WinFavorites] c:\program files\winfavorites\WinFavorites.exe1
O4 - HKLM\..\Run: [SQUpdatesChecker] C:\Program Files\Sqwire\uc.exe
O4 - HKLM\..\Run: [iehelper] C:\Program Files\syslaunch.exe
O4 - HKLM\..\Run: [{2CF0B992-5EEB-4143-99C0-5297EF71F444}] rundll32.exe C:\WINDOWS\System32\stlbdist.DLL,DllRunMain
O4 - HKLM\..\Run: [SQConfigChecker] C:\Program Files\Sqwire\cc.exe
O4 - HKLM\..\Run: [Belt] C:\WINDOWS\Belt.exe
O4 - HKLM\..\Run: [SafeSurfingUpdate] C:\WINDOWS\System32\SSUpdate.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [zzb] c:\WINDOWS\System32\zzb.exe
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [HXDL.EXE] C:\Program Files\Alset\HelpExpress\Eddie Heinzelman\HXDL.EXE -from="HXIUL.EXE" -to="HXIUL.EXE"
O4 - Global Startup: Camio Viewer.lnk = C:\Program Files\Dell Computer\Dell Image Expert\IXApplet.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Sidesearch (HKLM)
O9 - Extra button: Yahoo! Login (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .pct: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - »www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - »download.macromedia.com/pub/shoc···r/sw.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - »gamingzone.ubisoft.com/packages/···ager.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - »us.dl1.yimg.com/download.yahoo.c···0401.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - »download.microsoft.com/download/···9VCM.CAB
O16 - DPF: {36C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDKey Class) - »www.cdkeybonus.com/cdkey/ITCDKey.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - »a1540.g.akamai.net/7/1540/52/200···ller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - »207.188.7.150/10c9b33264d47d2472···xIE2.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - »office.microsoft.com/productupda···opuc.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - »216.249.24.142/code/PWActiveXImgCtl.CAB
O16 - DPF: {94837F90-A2CA-4A8A-9DA0-B5438EC563EA} - »install.wildtangent.com/cda/isla···etup.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - »v4.windowsupdate.microsoft.com/C···46990741
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - »download.yahoo.com/dl/installs/y···mapi.dll
O16 - DPF: {A27CFCAE-9351-4D74-BFFC-21EB19693D8C} - »www.xupiter.com/search4/install/···ader.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - »security.symantec.com/sscv6/Shar···absa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - »www-secure.symantec.com/techsupp···Data.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - »download.macromedia.com/pub/shoc···lash.cab
O16 - DPF: {DED22F57-FEE2-11D0-953B-00C04FD9152D} (CarPoint Auto-Pricer Control) - »autos.msn.com/components/ocx/aut···icer.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - »www-secure.symantec.com/techsupp···Data.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - »tools.ebayimg.com/eps/activex/EP···-3-0.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - »fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {F7ADCFE3-AA28-F99E-E665-B13AC332D249} (DownloadUL Class) - »public.searchbarcash.com/cab/351···zpca.cab

to forum · permalink · 2004-03-13 12:41:50 ·


Zupe
Premium,MVM
join:2001-11-29
New York, NY

said by srt4eh:
here is my log file....Please help me!
Please follow the steps in this FAQ, particularly the Ad-Aware and Spybot scans (remember to update them before scanning) and then post an updated Hijack This log in a new thread so it doesn't get confused with the original poster's - »Security »I think my computer is infected or hijacked. What should I do?
--
Brain: Pinky, are you pondering what I'm pondering?
Pinky: I think so, Brain, but "Snowball for Windows"?
to forum · permalink · 2004-03-13 13:35:27 ·
Forums > Broadband Tech > Security > Security

Monday, 04-Jun 09:50:51 Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 12.5 years online © 1999-2012 dslreports.com.
Most commented news this week
Hot Topics