Please help.....I would be extremely grateful if someone could take the time to reply with advice. I have been trying to get rid of this for 2 days straight now It is driving me crazy!!! It has included:
1 - SmartSecurity virus-thing
2 - Taking over my desktop. I can't change my Background (still) - When Igo into Display Settings. - (I can't select any of the default pictures or select "Browse" or anything???)
3 - The Daosearch thing with PopUps and taking over webpages with certain words in them, and redirecting to
www.daosearch.com/...
4 - Also, I can no longer Right-Click on a file in any Explorer browser window (to Open, or Open With..., or Cut, Copy, Paste, etc...) or even right click in the window itself (to "View", "Arrange Icons", or create a "New" File, etc.). I haven't seen anything on this anywhere.....which really makes me nervous.
?
Since it started, I've updated Norton System Works to 2005, downloaded and installed Ad-Aware and SpyWareBlaster, and run everthing several times, including HJT.
I still have all of the problems, even though Norton and all the others have made several corrections, deletions, quaratines, etc. Now, Norton finds Backdoor.Haxdoor.D everytime I restart the computer.
I know there's a lot wrong in the HJT log, I just don't know what to do. I'm almost begging at this point for some help....
Thank you in advance for your advice!!!
Flora
Logfile of HijackThis v1.99.1
Scan saved at 3:05:40 PM, on 3/26/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\qttask.exe
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINNT\System32\Services\{B575DF10-2D02-46AA-8785-2AE5949C8319}\SVCHOST.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINNT\System32\r?gsvr32.exe
C:\WINNT\System32\dcet.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://espn.go.com/O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {A20D0D39-B5D1-C151-AD2F-C8C9DEB03FE0} - C:\WINNT\System32\icnvnjct.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINNT\System32\qttask.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [FinePrint Dispatcher v4] C:\WINNT\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Service Host] C:\WINNT\System32\Services\{B575DF10-2D02-46AA-8785-2AE5949C8319}\SVCHOST.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PayTime] C:\WINNT\System32\paytime.exe
O4 - HKCU\..\Run: [Sonp] C:\WINNT\System32\rror.exe
O4 - HKCU\..\Run: [Ptyygs] C:\WINNT\System32\r?gsvr32.exe
O4 - HKCU\..\Run: [gwotRTNsh] mpg2fw95.exe
O4 - HKCU\..\Run: [Mta] C:\WINNT\System32\Uao.exe
O4 - HKCU\..\Run: [Sav] C:\WINNT\Bfo.exe
O4 - HKCU\..\Run: [Sbv] C:\WINNT\System32\Efg.exe
O4 - HKCU\..\Run: [Jjk] C:\WINNT\System32\Lvg.exe
O4 - HKCU\..\Run: [Suh] C:\WINNT\System32\Mov.exe
O4 - HKCU\..\Run: [Cmv] C:\WINNT\Gli.exe
O4 - HKCU\..\Run: [Ajp] C:\WINNT\Agr.exe
O4 - HKCU\..\Run: [Etl] C:\WINNT\Jve.exe
O4 - HKCU\..\Run: [Oau] C:\WINNT\System32\Tbr.exe
O4 - HKCU\..\Run: [Jfp] C:\WINNT\System32\Ubd.exe
O4 - HKCU\..\Run: [Jef] C:\WINNT\System32\Vqf.exe
O4 - HKCU\..\Run: [Lhb] C:\WINNT\System32\Bjp.exe
O4 - HKCU\..\Run: [Tnp] C:\WINNT\Qts.exe
O4 - HKCU\..\Run: [Vpt] C:\WINNT\System32\Tld.exe
O4 - HKCU\..\Run: [Tqr] C:\WINNT\System32\Lqm.exe
O4 - HKCU\..\Run: [Jvq] C:\WINNT\System32\Ojm.exe
O4 - HKCU\..\Run: [Tcst] C:\WINNT\System32\dcet.exe
O4 - HKCU\..\Run: [Hufsu] C:\WINNT\System32\??plorer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.iframedollars.biz (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 213.159.117.202
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) -
http://www.ipswitch.com/_installs/wsftp_le/setup.exeO16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} -
http://iframedollars.biz/tb/loader2.ocxO16 - DPF: {AD5F3C4B-BD73-11D5-838B-0050042DF1E4} (HOOPS 3D Stream Control Class) -
http://www.hoops3d.com/downloads/hoopsatlcontrol.cabO16 - DPF: {D3D53657-4115-11D2-B73A-00805F85736F} (HOOPS 3D Stream Control) -
http://www.hoops3d.com/downloads/hoops3daf.cabO20 - Winlogon Notify: drct16 - C:\WINNT\SYSTEM32\drct16.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: ZESOFT - Unknown owner - C:\WINNT\zeta.exe (file missing)
Show Posts
\' /> ) I thought it was logging me in automatically....