Need Help Removing Virtumondo.C
Hi,
This is my first post. We found out the McAfee Virus Scan had expired on my son's laptop (Compaq Presario R3000, Windows XP). Immediately after renewing, it began notifying us of a PUP (potentially unwanted program), specifially C:\WINDOWS\system32\mljge.dll. System speed also dropped significantly. VirusScan offers to remove, but can not.
Next I installed MS AntiSpyware, Beta 1. It reports finding Virtumondo.C, offers to remove it, but it keeps coming back.
I tried using the Vundo remove tool at Symantec, but became alarmed after it was still running through upwards of 80,000 files. I checked the file properties on my Documents and Settings folders and there are tens of thousand of files. Is this virus creating files and folders?
Also the system is now slower than molasses.
Have been watching this forum, and downloaded hijackthis. Here is the run log:
Logfile of HijackThis v1.99.1
Scan saved at 8:45:31 PM, on 1/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\system32\bcmntray.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qus8l.hpwis.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - C:\WINDOWS\system32\mljge.dll
O2 - BHO: (no name) - {9d4c7cce-221d-49c0-b60d-6ed650d8543d} - C:\WINDOWS\system32\jnpmraxe.dll (file missing)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\bcmntray
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Start Maven Updater.lnk = C:\Program Files\Maven\mavenUpdater.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Start Maven Client.lnk = C:\Program Files\Maven\mavenAgent.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://qus8l.hpwis.com
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/installer.v3/vet_install_popup.pl?2&4&04.00.08.43&unknown&unknown&http://www.remington.com/accessories/knives/smkymtn_zv2.htm
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://sympatico.zone.msn.com/binFrameWork/v10/StagingUI.cab40641.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://sympatico.zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://sympatico.zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {63FA0A10-5AA8-449F-9C5B-C8853F697405} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} (WTDMMPVersion Class) - http://install.wildtangent.com/bgn/partners/aolim/install.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://sympatico.zone.msn.com/bingame/zpagames/zpa_pool.cab36107.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/default/gf.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://sympatico.zone.msn.com/binframework/v10/StProxy.cab41227.cab
O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object) - http://zone.msn.com/bingame/zpagames/CheckersZPA.cab40641.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{14BD48BE-DE57-4BC7-A7F2-E6475F610EEC}: NameServer = 192.168.2.1,4.2.2.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{14BD48BE-DE57-4BC7-A7F2-E6475F610EEC}: NameServer = 192.168.2.1,4.2.2.2
O18 - Protocol: mavencache - {DB47FDC2-8C38-4413-9C78-D1A68BF24EED} - C:\Program Files\Maven\protocolHandlers.dll (file missing)
O20 - Winlogon Notify: mljge - C:\WINDOWS\system32\mljge.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
I would sincerely appreciate any help anyone can give me.
Thanks,
Tim in Maryland.
This is my first post. We found out the McAfee Virus Scan had expired on my son's laptop (Compaq Presario R3000, Windows XP). Immediately after renewing, it began notifying us of a PUP (potentially unwanted program), specifially C:\WINDOWS\system32\mljge.dll. System speed also dropped significantly. VirusScan offers to remove, but can not.
Next I installed MS AntiSpyware, Beta 1. It reports finding Virtumondo.C, offers to remove it, but it keeps coming back.
I tried using the Vundo remove tool at Symantec, but became alarmed after it was still running through upwards of 80,000 files. I checked the file properties on my Documents and Settings folders and there are tens of thousand of files. Is this virus creating files and folders?
Also the system is now slower than molasses.
Have been watching this forum, and downloaded hijackthis. Here is the run log:
Logfile of HijackThis v1.99.1
Scan saved at 8:45:31 PM, on 1/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\system32\bcmntray.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qus8l.hpwis.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - C:\WINDOWS\system32\mljge.dll
O2 - BHO: (no name) - {9d4c7cce-221d-49c0-b60d-6ed650d8543d} - C:\WINDOWS\system32\jnpmraxe.dll (file missing)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\bcmntray
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Start Maven Updater.lnk = C:\Program Files\Maven\mavenUpdater.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Start Maven Client.lnk = C:\Program Files\Maven\mavenAgent.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://qus8l.hpwis.com
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/installer.v3/vet_install_popup.pl?2&4&04.00.08.43&unknown&unknown&http://www.remington.com/accessories/knives/smkymtn_zv2.htm
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://sympatico.zone.msn.com/binFrameWork/v10/StagingUI.cab40641.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://sympatico.zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://sympatico.zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {63FA0A10-5AA8-449F-9C5B-C8853F697405} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} (WTDMMPVersion Class) - http://install.wildtangent.com/bgn/partners/aolim/install.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://sympatico.zone.msn.com/bingame/zpagames/zpa_pool.cab36107.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/default/gf.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://sympatico.zone.msn.com/binframework/v10/StProxy.cab41227.cab
O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object) - http://zone.msn.com/bingame/zpagames/CheckersZPA.cab40641.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{14BD48BE-DE57-4BC7-A7F2-E6475F610EEC}: NameServer = 192.168.2.1,4.2.2.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{14BD48BE-DE57-4BC7-A7F2-E6475F610EEC}: NameServer = 192.168.2.1,4.2.2.2
O18 - Protocol: mavencache - {DB47FDC2-8C38-4413-9C78-D1A68BF24EED} - C:\Program Files\Maven\protocolHandlers.dll (file missing)
O20 - Winlogon Notify: mljge - C:\WINDOWS\system32\mljge.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
I would sincerely appreciate any help anyone can give me.
Thanks,
Tim in Maryland.
0
This discussion has been closed.
Comments
--
Please print these instructions out for use in Safe Mode.
Please download VundoFix.exe to your desktop.
it should look like this
C:\WINDOWS\system32\mljge.dll
[*]Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
[*] Next you will see: [*]At this point please type the following file path (make sure to enter it exactly as below!):
C:\WINDOWS\system32\egjlm.*
[*]Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
[*]The fix will run then HijackThis will open.
[*]In HijackThis, please place a check next to the following items and click FIX CHECKED:
O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - C:\WINDOWS\system32\mljge.dll
O2 - BHO: (no name) - {9d4c7cce-221d-49c0-b60d-6ed650d8543d} - C:\WINDOWS\system32\jnpmraxe.dll (file missing)
O16 - DPF: {63FA0A10-5AA8-449F-9C5B-C8853F697405} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} (WTDMMPVersion Class) - http://install.wildtangent.com/bgn/p...im/install.cab
O20 - Winlogon Notify: mljge - C:\WINDOWS\system32\mljge.dll
[*]After you have fixed these items, close Hijackthis and Press any key to Force a reboot of your computer.
[*]Pressing any key will cause a "Blue Screen of Death" this is normal, do not worry!
[*]Once your machine reboots please continue with the instructions below.
Then, please run this online virus scan: ActiveScan
Copy the results of the ActiveScan and paste them here along with a new HijackThis log and the vundofix.txt file from the vundofix folder into this topic.
First of all, thanks so much for your help. What you do is very important!
Here are my results:
VundoFix V2.15 by Atri
Listing files contained in the vundofix folder.
killvundo.bat
process.exe
ReadMe.txt
vundo.reg
vundofix.txt
Filepaths entered
The filepath entered was C:\WINDOWS\system32\mljge.dll
The second filepath entered was C:\WINDOWS\system32\egjlm.*
Log from Process
Killing PID 172 'smss.exe'
Killing PID 776 'explorer.exe'
Killing PID 244 'winlogon.exe'
C:\WINDOWS\system32\mljge.dll Deleted sucessfully.
C:\WINDOWS\system32\egjlm.* Deleted sucessfully.
Fixing Registry
============================================
Panda ActiveScan Results:
Incident Status Location
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\Benson\Cookies\benson@112.2o7[2].txt
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\Benson\Cookies\benson@2o7[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Benson\Cookies\benson@ad.yieldmanager[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Benson\Cookies\benson@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Benson\Cookies\benson@adrevolver[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Benson\Cookies\benson@ads.pointroll[2].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Benson\Cookies\benson@adtech[2].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Benson\Cookies\benson@adultfriendfinder[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Benson\Cookies\benson@advertising[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Benson\Cookies\benson@apmebf[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Benson\Cookies\benson@as-eu.falkag[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Benson\Cookies\benson@as-us.falkag[2].txt
Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\Benson\Cookies\benson@ask[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Benson\Cookies\benson@atdmt[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Benson\Cookies\benson@ath.belnk[1].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Benson\Cookies\benson@banner[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Benson\Cookies\benson@belnk[2].txt
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Benson\Cookies\benson@bfast[2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Benson\Cookies\benson@bluestreak[1].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Benson\Cookies\benson@bravenet[2].txt
Spyware:Cookie/Bs.serving-sys Not disinfected C:\Documents and Settings\Benson\Cookies\benson@bs.serving-sys[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Benson\Cookies\benson@casalemedia[1].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Benson\Cookies\benson@ccbill[2].txt
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Benson\Cookies\benson@centrport[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Benson\Cookies\benson@com[1].txt
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Benson\Cookies\benson@counter.hitslink[1].txt
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\Benson\Cookies\benson@data.coremetrics[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Benson\Cookies\benson@dist.belnk[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Benson\Cookies\benson@doubleclick[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Benson\Cookies\benson@ehg-idg.hitbox[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Benson\Cookies\benson@ehg.hitbox[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Benson\Cookies\benson@fastclick[2].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Benson\Cookies\benson@go[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Benson\Cookies\benson@hitbox[1].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Benson\Cookies\benson@i.screensavers[2].txt
Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\Benson\Cookies\benson@linksynergy[1].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Benson\Cookies\benson@maxserving[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Benson\Cookies\benson@media.fastclick[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Benson\Cookies\benson@mediaplex[1].txt
Spyware:Cookie/Omniture Not disinfected C:\Documents and Settings\Benson\Cookies\benson@omniture[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Benson\Cookies\benson@overture[2].txt
Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\Benson\Cookies\benson@paycounter[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Benson\Cookies\benson@perf.overture[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Benson\Cookies\benson@phg.hitbox[2].txt
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Benson\Cookies\benson@qksrv[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Benson\Cookies\benson@questionmarket[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Benson\Cookies\benson@realmedia[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Benson\Cookies\benson@sel.as-eu.falkag[2].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Benson\Cookies\benson@server.iad.liveperson[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Benson\Cookies\benson@serving-sys[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Benson\Cookies\benson@statcounter[2].txt
Spyware:Cookie/Clicktracks Not disinfected C:\Documents and Settings\Benson\Cookies\benson@stats1.clicktracks[1].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Benson\Cookies\benson@stats1.reliablestats[1].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Benson\Cookies\benson@statse.webtrendslive[1].txt
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\Benson\Cookies\benson@targetnet[2].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Benson\Cookies\benson@target[1].txt
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Benson\Cookies\benson@tickle[2].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Benson\Cookies\benson@tradedoubler[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Benson\Cookies\benson@trafficmp[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Benson\Cookies\benson@tribalfusion[2].txt
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\Benson\Cookies\benson@tucows[1].txt
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Benson\Cookies\benson@valueclick[2].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Benson\Cookies\benson@winfixer[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Benson\Cookies\benson@www.burstbeacon[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Benson\Cookies\benson@xiti[1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Benson\Cookies\benson@z1.adserver[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Benson\Cookies\benson@zedo[2].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Administrator\Desktop\VundoFix\VundoFix\process.exe
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\Benson\Cookies\benson@112.2o7[2].txt
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\Benson\Cookies\benson@2o7[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Benson\Cookies\benson@ad.yieldmanager[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Benson\Cookies\benson@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Benson\Cookies\benson@adrevolver[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Benson\Cookies\benson@ads.pointroll[2].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Benson\Cookies\benson@adtech[2].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Benson\Cookies\benson@adultfriendfinder[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Benson\Cookies\benson@advertising[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Benson\Cookies\benson@apmebf[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Benson\Cookies\benson@as-eu.falkag[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Benson\Cookies\benson@as-us.falkag[2].txt
Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\Benson\Cookies\benson@ask[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Benson\Cookies\benson@atdmt[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Benson\Cookies\benson@ath.belnk[1].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Benson\Cookies\benson@banner[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Benson\Cookies\benson@belnk[2].txt
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Benson\Cookies\benson@bfast[2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Benson\Cookies\benson@bluestreak[1].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Benson\Cookies\benson@bravenet[2].txt
Spyware:Cookie/Bs.serving-sys Not disinfected C:\Documents and Settings\Benson\Cookies\benson@bs.serving-sys[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Benson\Cookies\benson@casalemedia[1].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Benson\Cookies\benson@ccbill[2].txt
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Benson\Cookies\benson@centrport[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Benson\Cookies\benson@com[1].txt
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Benson\Cookies\benson@counter.hitslink[1].txt
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\Benson\Cookies\benson@data.coremetrics[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Benson\Cookies\benson@dist.belnk[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Benson\Cookies\benson@doubleclick[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Benson\Cookies\benson@ehg-idg.hitbox[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Benson\Cookies\benson@ehg.hitbox[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Benson\Cookies\benson@fastclick[2].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Benson\Cookies\benson@go[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Benson\Cookies\benson@hitbox[1].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Benson\Cookies\benson@i.screensavers[2].txt
Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\Benson\Cookies\benson@linksynergy[1].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Benson\Cookies\benson@maxserving[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Benson\Cookies\benson@media.fastclick[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Benson\Cookies\benson@mediaplex[1].txt
Spyware:Cookie/Omniture Not disinfected C:\Documents and Settings\Benson\Cookies\benson@omniture[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Benson\Cookies\benson@overture[2].txt
Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\Benson\Cookies\benson@paycounter[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Benson\Cookies\benson@perf.overture[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Benson\Cookies\benson@phg.hitbox[2].txt
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Benson\Cookies\benson@qksrv[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Benson\Cookies\benson@questionmarket[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Benson\Cookies\benson@realmedia[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Benson\Cookies\benson@sel.as-eu.falkag[2].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Benson\Cookies\benson@server.iad.liveperson[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Benson\Cookies\benson@serving-sys[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Benson\Cookies\benson@statcounter[2].txt
Spyware:Cookie/Clicktracks Not disinfected C:\Documents and Settings\Benson\Cookies\benson@stats1.clicktracks[1].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Benson\Cookies\benson@stats1.reliablestats[1].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Benson\Cookies\benson@statse.webtrendslive[1].txt
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\Benson\Cookies\benson@targetnet[2].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Benson\Cookies\benson@target[1].txt
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Benson\Cookies\benson@tickle[2].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Benson\Cookies\benson@tradedoubler[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Benson\Cookies\benson@trafficmp[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Benson\Cookies\benson@tribalfusion[2].txt
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\Benson\Cookies\benson@tucows[1].txt
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Benson\Cookies\benson@valueclick[2].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Benson\Cookies\benson@winfixer[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Benson\Cookies\benson@www.burstbeacon[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Benson\Cookies\benson@xiti[1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Benson\Cookies\benson@z1.adserver[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Benson\Cookies\benson@zedo[2].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Benson\Desktop\VundoFix\VundoFix\process.exe
=======================================================
Logfile of HijackThis v1.99.1
Scan saved at 8:45:48 AM, on 1/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\system32\bcmntray.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qus8l.hpwis.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {9d4c7cce-221d-49c0-b60d-6ed650d8543d} - C:\WINDOWS\system32\jnpmraxe.dll (file missing)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\bcmntray
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Start Maven Updater.lnk = C:\Program Files\Maven\mavenUpdater.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Start Maven Client.lnk = C:\Program Files\Maven\mavenAgent.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://qus8l.hpwis.com
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/installer.v3/vet_install_popup.pl?2&4&04.00.08.43&unknown&unknown&http://www.remington.com/accessories/knives/smkymtn_zv2.htm
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://sympatico.zone.msn.com/binFrameWork/v10/StagingUI.cab40641.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://sympatico.zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://sympatico.zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {63FA0A10-5AA8-449F-9C5B-C8853F697405} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} (WTDMMPVersion Class) - http://install.wildtangent.com/bgn/partners/aolim/install.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://sympatico.zone.msn.com/bingame/zpagames/zpa_pool.cab36107.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/default/gf.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://sympatico.zone.msn.com/binframework/v10/StProxy.cab41227.cab
O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object) - http://zone.msn.com/bingame/zpagames/CheckersZPA.cab40641.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{14BD48BE-DE57-4BC7-A7F2-E6475F610EEC}: NameServer = 192.168.2.1,4.2.2.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{14BD48BE-DE57-4BC7-A7F2-E6475F610EEC}: NameServer = 192.168.2.1,4.2.2.2
O18 - Protocol: mavencache - {DB47FDC2-8C38-4413-9C78-D1A68BF24EED} - C:\Program Files\Maven\protocolHandlers.dll (file missing)
O20 - Winlogon Notify: mljge - C:\WINDOWS\system32\mljge.dll (file missing)
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
======================================================
Go to Add/Remove programs in Control Panel and look for the following
Viewpoint
Viewpoint Toolbar
If found, please uninstall.
===========
Please download the free Ad-Aware SE and install it. If you already have Ad-Aware SE, please configure it as indicated below. If you have a previous version of Ad-Aware, please uninstall your current version and install the newest version SE 1.06.
1) Run Ad-Aware, and click Check for updates now.
2) Select Configurations (click the Gear wheel at the top) as follows:
- General Button > Safety & Settings: Check (Green) all three.
- Tweak Button > Cleaning Engine > UNcheck "Always try to unload modules before deletion".
Click Proceed and Close for nowDownload Spybot S & D from here.
- Download and Install Spybot S&D (if you haven't already), accept the Default Settings
- In the Menu Bar at the top of the Spybot window you will see 'Mode'.
- Close ALL windows except Spybot S&D
- Click the button to ‘Search for Updates’ then download and install the updates.
- Exit for now
===========Make certain that 'default mode' has a check mark beside it.
You may want to print these instructions or save them as you'll have no internet connection once in Safe Mode
Go into Safe Mode - explained here
===========
ONCE IN SAFE
Check the following in HJT and click 'Fix Checked' - Close ALL open Browsers first
O2 - BHO: (no name) - {9d4c7cce-221d-49c0-b60d-6ed650d8543d} - C:\WINDOWS\system32\jnpmraxe.dll (file missing)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} (WTDMMPVersion Class) - http://install.wildtangent.com/bgn/p...im/install.cab
O18 - Protocol: mavencache - {DB47FDC2-8C38-4413-9C78-D1A68BF24EED} - C:\Program Files\Maven\protocolHandlers.dll (file missing)
O20 - Winlogon Notify: mljge - C:\WINDOWS\system32\mljge.dll (file missing)
===========
Find and Delete the following:
C:\Program Files\Viewpoint << this folder
===========
Delete Cookies:
- Go Start
- Control Panel
- Click on Internet Options
- Click the General Tab and under Temporary Internet Files click...
- Delete Cookies...
===========Now scan with Ad-Aware
To start the scan, Click > "Scan Now" at left
- Deselect "Search for negligible risk entries" as negligible risk entries (MRU's) are not considered to be a threat.
- Select "Search for low-risk threats"
- Select "Perform full system scan"
- Click Next
4) When the scan has completed, select Next.Scan with SpyBot
click the button ‘Check for Problems'
When Spybot is complete, it will be showing ‘RED’ entries, bold 'BLACK' entries and ‘GREEN’ entries in the window
Make certain there is a check mark beside all of the RED entries ONLY.
Choose ‘Fix Selected Problems’ and allow Spybot to fix the RED entries.
===========
Reboot into Normal Mode and post a new HJT log
Scan saved at 5:16:11 PM, on 1/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\system32\bcmntray.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qus8l.hpwis.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\bcmntray
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Start Maven Updater.lnk = C:\Program Files\Maven\mavenUpdater.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Start Maven Client.lnk = C:\Program Files\Maven\mavenAgent.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://qus8l.hpwis.com
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/installer.v3/vet_install_popup.pl?2&4&04.00.08.43&unknown&unknown&http://www.remington.com/accessories/knives/smkymtn_zv2.htm
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://sympatico.zone.msn.com/binFrameWork/v10/StagingUI.cab40641.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://sympatico.zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://sympatico.zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {63FA0A10-5AA8-449F-9C5B-C8853F697405} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://sympatico.zone.msn.com/bingame/zpagames/zpa_pool.cab36107.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/default/gf.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://sympatico.zone.msn.com/binframework/v10/StProxy.cab41227.cab
O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object) - http://zone.msn.com/bingame/zpagames/CheckersZPA.cab40641.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{14BD48BE-DE57-4BC7-A7F2-E6475F610EEC}: NameServer = 192.168.2.1,4.2.2.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{14BD48BE-DE57-4BC7-A7F2-E6475F610EEC}: NameServer = 192.168.2.1,4.2.2.2
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
Now that your PC is clean you need to follow these easy steps to keeping it this way:
Secure your Internet Explorer by going here and following the instructions there.
Better yet, use an alternative browser! Download FireFox and give it a run. It is far more secure than Internet Explorer. Or, you can get Opera which in my opinion, is better still.
Use a firewall to help prevent your PC's control being usurped by undesireables.
Install and keep updated, Ad-Aware SE, and Spybot S&D.
Run them both on a regular basis, following the manufacturer's recommendations.
Install and keep updated, SpywareBlaster 3.4
Install an anti-virus. There are some good, free AV's available today. Make sure that it is updated regularly and have it scan your system often.
Check for Windows Updates. Microsoft regularly post updates for your systems safe running. Make sure to take advantage of this. Reboot when installed and return to make sure there are no others.
Clear your Temp folders.
Clear out your Temporary internet files and other temp files.
Go to Start > Settings > Control Panel >Internet Options.
Under the General tab click the Delete temporary internet files,
delete all Offline content as well. Clear out Cookies.
Also, go to Start > Find/search > Files or folders > in the named box, type: *.tmp and choose Edit > select all -> File > delete.
Empty/delete the entire contents of the C:\Windows\temp folder and C:\temp folder, if you have one. (Contents but not the folder itself.)
C:\Documents and Settings\username\Local Settings\Temp\
In order to view these files you may have to select 'show hidden files/folders.' Instructions on how to here.
Empty the Recycle Bin.
For XP users.
After something like this it is a good idea to Flush the Restore Points and start fresh.
To flush the XP system Restore Points.
Go to Start>Run and type msconfig. Press enter.
When msconfig opens, click the Launch System Restore Button.
On the next page, click the System Restore Settings link on the left.
Check the box labelled 'Turn off System restore'.
Reboot. Go back in and Turn System Restore Back on. A new Restore Point will be created.
Note that all previous restore points will be lost.
===============
If you have any more problems, post back.
Please consider joining the Folding@Home Project
Join our Folding@Home team! Alzheimer's, Parkinson's, cancer... we're trying to cure them with our computers! You've at least read a little about it in the greeting I sent you when you signed up for the site. We're always really pleased to greet new members to the team, and it's a quick way to become an appreciated member of the community.
MORE INFO: READ THIS
P.S. I've been to London several times on business, and absolutely love your city.
I'm closing this thread. If you need help again, then start a new one