Options
I'm new, I have a vundo virus, please help me?
So pretty much McAfee keeps telling me that I have a vundo trojan virius on the.. awvtu.dll file and I have no idea on how to get rid of it. I noticed a lot of you have hijackthis, well I don't.. where can I get that and what does it do? I really really need help, the McAfee pop up is driving me crazy! And another question.. how did I get this virius? Was it something I downloaded?
0
Comments
http://www.short-media.com/download.php?dc=69&p=3
After downloading please unzip the program to its own folder or unzip it to your desktop. Open the program and have it do a system scan and save a log. The log will open in notepad. Save the log to your desktop then copy and paste the entire contents of the log here on your next reply and I'll help you with your infection. If you have any questions let me know.
Scan saved at 1:00:28 PM, on 4/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\program files\mcafee.com\shared\mghtml.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Common Files\Aol\aoltpspd.exe
C:\PROGRA~1\DELLSU~1\DSBrws.exe
C:\Documents and Settings\Dani\Desktop\hijackthis_199\HijackThis.exe
c:\program files\mcafee.com\agent\mcupdate.exe
c:\dell\E-center\gtb.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.imesh.com/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/download/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O2 - BHO: DosSpecFolder Object - {FDA4DFFB-2C3D-4730-8D7E-28523C7F2F67} - C:\WINDOWS\system32\awvtu.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ShowLOMControl]
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [ECenter] "c:\dell\E-Center\gtb.exe"
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{B0ECEE73-676E-4E2C-83D0-2F5F52C67594}: NameServer = 205.188.146.145
O20 - Winlogon Notify: awvtu - C:\WINDOWS\system32\awvtu.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
okay thats everything on the notepad, thanks for all the help so far
Please download VundoFix.exe to your desktop.
Logfile of HijackThis v1.99.1
Scan saved at 1:34:03 PM, on 4/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\NetWaiting\netWaiting.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Dani\Desktop\hijackthis_199\HijackThis.exe
c:\dell\E-center\gtb2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.imesh.com/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/download/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ShowLOMControl]
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [ECenter] "c:\dell\E-Center\gtb.exe"
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
and now the vundofix thingie
VundoFix V4.2.51
Checking Java version...
Java version is 1.4.2.3
Scan started at 1:30:09 PM 4/7/2006
Listing files found while scanning....
C:\WINDOWS\system32\awvtu.dll
C:\WINDOWS\system32\utvwa.ini
C:\WINDOWS\system32\utvwa.bak1
C:\WINDOWS\system32\utvwa.bak2
C:\WINDOWS\system32\utvwa.bak1
C:\WINDOWS\system32\utvwa.bak2
C:\WINDOWS\system32\utvwa.ini
C:\WINDOWS\system32\awvtu.dll
Attempting to delete C:\WINDOWS\system32\awvtu.dll
C:\WINDOWS\system32\awvtu.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\utvwa.ini
C:\WINDOWS\system32\utvwa.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\utvwa.bak1
C:\WINDOWS\system32\utvwa.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\utvwa.bak2
C:\WINDOWS\system32\utvwa.bak2 Has been deleted!
Performing Repairs to the registry.
Done!
and i think its gone! well.. mcafee hasn't said anymore about it so... THANK YOU SO MUCH! and dont take this the wrong way but.. i love you. lol
Anyway the Vundo trojan is gone. There is one entry in your log here:
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
That may or may not be a problem. Let me know if you're having pop-ups or other problems browsing the internet.
there! that's what it said.
Logfile of HijackThis v1.99.1
Scan saved at 2:31:25 PM, on 4/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Media Gateway\MediaGateway.exe
C:\Program Files\SurfAccuracy\SAcc.exe
C:\Program Files\Goelky\Jburajn.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\windows\eee2.exe
C:\Program Files\webHancer\Programs\whAgent.exe
C:\Program Files\webHancer\Programs\whSurvey.exe
C:\windows\system32\qjdsrego.exe
C:\WINDOWS\system32\qwinkrag.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\WINDOWS\system32\kbddad.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\WINDOWS\system32\kbddad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\America Online 9.0\aolwbspd.exe
C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Documents and Settings\delsie\Desktop\hijackthis_199\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB57.dll
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB57.dll
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [iilrta] C:\WINDOWS\System32\iilrta.exe
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKLM\..\Run: [fcx] C:\WINDOWS\fcx.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [Wppawsr] C:\Program Files\Goelky\Jburajn.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NI.UWFX5_0001_N57M2112] "C:\Documents and Settings\delsie\Local Settings\Temporary Internet Files\Content.IE5\B80TMYXK\WinFixerScannerInstall[1].exe" -nag
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [wahm] C:\windows\eee2.exe
O4 - HKLM\..\Run: [ahkw] C:\windows\eee2.exe
O4 - HKLM\..\Run: [webHancer Agent] "C:\Program Files\webHancer\Programs\whAgent.exe"
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [{02-21-16-63-ZN}] C:\windows\system32\qjdsrego.exe TST001
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\qwinkrag.exe TST001
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [kbddad] C:\WINDOWS\system32\kbddad.exe
O4 - HKCU\..\RunOnce: [kbddad] C:\WINDOWS\system32\kbddad.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\qwinkrag.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: http://www.neededware.com
O15 - Trusted Zone: *.popuppers.com
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: NDWCab - http://www.neededware.com/ndw4.cab
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab
O16 - DPF: {52DE3A24-0A3F-11D4-B9D2-008048FD54E6} (POLAR Draw v2.0 Control) - http://www.polarsoftware.com/test/SierraLH/polardraw20.cab
O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} (IObjSafety.DemoCtl) - http://cabs.media-motor.net/cabs/joysaver.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.bigfishgames.com/online/tumblebugs/axhost.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://click.mirarsearch.com/FIX/WinATS.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.pogo.com/game/deluxe/insaniquarium/popcaploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0778A5E6-2C59-4C40-8B23-86472744E936}: NameServer = 205.188.146.145
O17 - HKLM\System\CS1\Services\Tcpip\..\{0778A5E6-2C59-4C40-8B23-86472744E936}: NameServer = 205.188.146.145
O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Lol, you're my hero.
Next thing to do is to click Start---->Control Panel---->Add/Remove Programs. In the list that appears look for the following program:
Webhancer
If found please uninstall it. Next download Ewido Anti-Malware from my signature below. Install the program and follow the instructions below:
You will need to update ewido to the latest definition files.
The update will start and a progress bar will show the updates being installed. After the updates are installed, exit ewido.
Once the updates are installed do the following:
Post back with the Ewido Log, and a fresh Hijack This log.
Scan saved at 12:59:37 PM, on 4/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\WINDOWS\system32\msicdl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\WINDOWS\system32\msicdl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\delsie\Desktop\hijackthis_199\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll (file missing)
O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB57.dll (file missing)
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB57.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKLM\..\Run: [fcx] C:\WINDOWS\fcx.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [Wppawsr] C:\Program Files\Goelky\Jburajn.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NI.UWFX5_0001_N57M2112] "C:\Documents and Settings\delsie\Local Settings\Temporary Internet Files\Content.IE5\B80TMYXK\WinFixerScannerInstall[1].exe" -nag
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [ahkw] C:\windows\eee2.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [msicdl] C:\WINDOWS\system32\msicdl.exe
O4 - HKCU\..\RunOnce: [msicdl] C:\WINDOWS\system32\msicdl.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\qwinkrag.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: http://www.neededware.com
O15 - Trusted Zone: *.popuppers.com
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: NDWCab - http://www.neededware.com/ndw4.cab
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab
O16 - DPF: {52DE3A24-0A3F-11D4-B9D2-008048FD54E6} (POLAR Draw v2.0 Control) - http://www.polarsoftware.com/test/SierraLH/polardraw20.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.media-motor.net/cabs/joysaver.cab
O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} (IObjSafety.DemoCtl) - http://cabs.media-motor.net/cabs/joysaver.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.bigfishgames.com/online/tumblebugs/axhost.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://click.mirarsearch.com/FIX/WinATS.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.pogo.com/game/deluxe/insaniquarium/popcaploader_v6.cab
O20 - AppInit_DLLs: iniwin32.dll
O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
ewido anti-malware - Scan report
+ Created on: 12:55:27 PM, 4/12/2006
+ Report-Checksum: FAA8F44
+ Scan result:
HKLM\SOFTWARE\Altnet -> Adware.Altnet : Error during cleaning
HKLM\SOFTWARE\Altnet\Dashboard -> Adware.Altnet : Error during cleaning
HKLM\SOFTWARE\Altnet\Dashboard\Settings -> Adware.Altnet : Error during cleaning
HKLM\SOFTWARE\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Avenue Media\Internet Optimizer -> Adware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper -> Adware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 -> Adware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj -> Adware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj\CLSID -> Adware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj\CurVer -> Adware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj.1 -> Adware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control -> Adware.E2G : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control\CLSID -> Adware.E2G : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control\CurVer -> Adware.E2G : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control.1 -> Adware.E2G : Cleaned with backup
HKLM\SOFTWARE\Classes\IObjSafety.DemoCtl -> Adware.MediaMotor : Cleaned with backup
HKLM\SOFTWARE\Classes\IObjSafety.DemoCtl\Clsid -> Adware.MediaMotor : Cleaned with backup
HKLM\SOFTWARE\Classes\ISTx.Installer -> Adware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ISTx.Installer\CLSID -> Adware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\TopSearch.TSLink -> Adware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\TopSearch.TSLink\CLSID -> Adware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\TopSearch.TSLink\CurVer -> Adware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\TopSearch.TSLink.1 -> Adware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/istactivex.dll -> Adware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DyFuCA -> Adware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer -> Adware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout -> Adware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\media-motor -> Adware.MediaMotor : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rotue -> Adware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UrlSidebar -> Adware.ClearSearch : Cleaned with backup
HKLM\SOFTWARE\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup
HKLM\SOFTWARE\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup
HKLM\SOFTWARE\VGroup -> Adware.SAHA : Cleaned with backup
HKLM\SOFTWARE\VGroup\SAHAgent -> Adware.SAHA : Cleaned with backup
HKLM\SOFTWARE\VGroup\SAHPopup -> Adware.SAHA : Cleaned with backup
HKLM\SOFTWARE\webHancer -> Adware.WebHancer : Cleaned with backup
HKLM\SOFTWARE\webHancer\CC -> Adware.WebHancer : Cleaned with backup
HKLM\SOFTWARE\YourSiteBar -> Adware.ISTBar : Error during cleaning
HKLM\SOFTWARE\YourSiteBar\Historyfiles -> Adware.ISTBar : Error during cleaning
HKLM\SOFTWARE\YourSiteBar\Historygs -> Adware.ISTBar : Error during cleaning
C:\counter.cab/counter.exe -> Dropper.Agent.az : Error during cleaning
C:\Documents and Settings\delsie\Cookies\delsie@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@ads1.revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@adserv.aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@banner.casinoking[2].txt -> TrackingCookie.Casinoking : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@bfast[1].txt -> TrackingCookie.Bfast : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@casinoking[1].txt -> TrackingCookie.Casinoking : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@casinotropez[1].txt -> TrackingCookie.Casinotropez : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@centrport[1].txt -> TrackingCookie.Centrport : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@clickbank[2].txt -> TrackingCookie.Clickbank : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@counter.hitslink[1].txt -> TrackingCookie.Hitslink : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@counter2.hitslink[1].txt -> TrackingCookie.Hitslink : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@cz7.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@data1.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@data3.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@data4.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@ehg-cafepress.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@ehg-chrysler.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@ehg-findlaw.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@ehg-homeloancenter.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@ehg-knightridder.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@ehg-kodak.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@ehg-lowermybills.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@ehg-zentropypartners.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@ehg.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@h.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@lawdepotcom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@linksynergy[1].txt -> TrackingCookie.Linksynergy : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@paypopup[2].txt -> TrackingCookie.Paypopup : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@pro-market[1].txt -> TrackingCookie.Pro-market : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@qksrv[1].txt -> TrackingCookie.Qksrv : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@sel.as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@sel.as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@spinbox[1].txt -> TrackingCookie.Spinbox : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@starware[2].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@stats.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@targetnet[1].txt -> TrackingCookie.Targetnet : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@try.starware[2].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@w102.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@web4.realtracker[2].txt -> TrackingCookie.Realtracker : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@www.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\delsie\Cookies\delsie@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\delsie\installer_MARKETING35.exe -> Downloader.Adload.a : Cleaned with backup
C:\Documents and Settings\delsie\Internet Optimizer\optimize.exe -> Downloader.Dyfuca.ei : Cleaned with backup
C:\Documents and Settings\delsie\Local Settings\Temporary Internet Files\Content.IE5\AMRRLCAP\nein[1].exe -> Downloader.Small.bgl : Cleaned with backup
C:\Documents and Settings\delsie\SSK3_B5 Verticlick 8.exe -> Dropper.Small.qn : Cleaned with backup
C:\Documents and Settings\delsie\thin-172-1-x-x.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\don\Cookies\don@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\don\Cookies\don@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\don\Cookies\don@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\don\Cookies\don@ehg-nestleusainc.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\don\Cookies\don@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\don\Cookies\don@revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\don\Cookies\don@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\don\Cookies\don@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\don\Local Settings\Temp\ClrSch\FNuninstaller.EXE -> Adware.ClearSearch : Cleaned with backup
C:\Documents and Settings\don\Local Settings\Temporary Internet Files\Content.IE5\STI3SL2V\WinATS[1].cab/WinATS.dll -> Adware.Mirar : Cleaned with backup
C:\Program Files\180searchassistant -> Adware.180Solutions : Cleaned with backup
C:\Program Files\180searchassistant\salmau.dat -> Adware.180Solutions : Cleaned with backup
C:\Program Files\180searchassistant\salm_gdf.dat -> Adware.180Solutions : Cleaned with backup
C:\Program Files\180searchassistant\salm_kyf.dat -> Adware.180Solutions : Cleaned with backup
C:\Program Files\Common Files\CMEII\GStoreServer.dll -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\CMEII\Gtools.dll -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\fuiw\fuiwa.exe -> Downloader.TSUpdate.l : Cleaned with backup
C:\Program Files\Common Files\fuiw\fuiwl.exe -> Downloader.TSUpdate.j : Cleaned with backup
C:\Program Files\Common Files\fuiw\fuiwm.exe -> Downloader.TSUpdate.k : Cleaned with backup
C:\Program Files\Common Files\fuiw\fuiwp.exe -> Adware.Xupiter : Cleaned with backup
C:\Program Files\Common Files\GMT\EGGCEngine.dll -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\GMT\EGIEProcess.dll -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\GMT\EGNSEngine.dll -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\GMT\GatorRes.dll -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\GMT\GatorStubSetup.exe -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\GMT\GMT.exe -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\GMT\gtrawbm.fil -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\ntnpjnjj\nndtnlnltn\bfajdclaf.exe -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\ntnpjnjj\pnltpdah\jpahdden.exe -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\WinSoftware\FCrXML.dll -> Adware.Winfixer : Cleaned with backup
C:\Program Files\CSBB\CSV7P79.exe -> Adware.IGetNet : Cleaned with backup
C:\Program Files\E2G\IeBHOs.dll -> Adware.E2Give : Cleaned with backup
C:\Program Files\Goelky\Jburajn.exe -> Trojan.Small.cy : Cleaned with backup
C:\Program Files\Internet Optimizer -> Adware.InternetOptimizer : Cleaned with backup
C:\Program Files\Internet Optimizer\optimize.exe -> Adware.InternetOptimizer : Cleaned with backup
C:\Program Files\Media Gateway\MediaGateway.exe -> Adware.WinAD : Cleaned with backup
C:\Program Files\PerfectNav -> Adware.PerfectNav : Cleaned with backup
C:\Program Files\PerfectNav\BHO -> Adware.PerfectNav : Cleaned with backup
C:\Program Files\PerfectNav\BHO\PerfectNav150c.dll -> Adware.PerfectNav : Cleaned with backup
C:\Program Files\SurfAccuracy -> Adware.SurfAccuracy : Cleaned with backup
C:\Program Files\SurfAccuracy\SAcc.cfg -> Adware.SurfAccuracy : Cleaned with backup
C:\Program Files\SurfAccuracy\sacc.cfg.002321a409d01883a2cf162284b33839 -> Adware.SurfAccuracy : Error during cleaning
C:\Program Files\SurfAccuracy\sacc.cfg.014e7677f4e23f3626259ae1fb8b3174 -> Adware.SurfAccuracy : Error during cleaning
C:\Program Files\SurfAccuracy\sacc.cfg.243640be327711f4b5ca5834a6d5805f -> Adware.SurfAccuracy : Error during cleaning
C:\Program Files\SurfAccuracy\sacc.cfg.33b4d9a0fb61f59e05f06782ee2c69ab -> Adware.SurfAccuracy : Error during cleaning
C:\Program Files\SurfAccuracy\sacc.cfg.363a4122d72a8329ef2f8430cde6ab43 -> Adware.SurfAccuracy : Error during cleaning
C:\Program Files\SurfAccuracy\sacc.cfg.38bba0033486a7e67f5fa3fcb99d8446 -> Adware.SurfAccuracy : Error during cleaning
C:\Program Files\SurfAccuracy\sacc.cfg.69bf334ba0dc4e69caed53157a5ecf81 -> Adware.SurfAccuracy : Error during cleaning
C:\Program Files\SurfAccuracy\sacc.cfg.6cb169d2a3d872f2ac5666dba66d4cd0 -> Adware.SurfAccuracy : Error during cleaning
C:\Program Files\SurfAccuracy\sacc.cfg.782ae22cb2d38caf00e74380c1f70dcf -> Adware.SurfAccuracy : Error during cleaning
C:\Program Files\SurfAccuracy\sacc.cfg.7dc18a8189f538753b47ca7e6f08826c -> Adware.SurfAccuracy : Error during cleaning
C:\Program Files\SurfAccuracy\sacc.cfg.893c9dfd5280219c6db2890a85f9e88b -> Adware.SurfAccuracy : Error during cleaning
C:\Program Files\SurfAccuracy\sacc.cfg.8a53fa3fe4500c1e0e771eed96f7f501 -> Adware.SurfAccuracy : Error during cleaning
C:\Program Files\SurfAccuracy\sacc.cfg.9367776b309db3eb2af1b26de93240a5 -> Adware.SurfAccuracy : Error during cleaning
C:\Program Files\SurfAccuracy\sacc.cfg.94cdc0693c4889d199a5e4a10110d46c -> Adware.SurfAccuracy : Error during cleaning
C:\Program Files\SurfAccuracy\sacc.cfg.95d64e020d68cc50519b8d91a8263ad3 -> Adware.SurfAccuracy : Error during cleaning
C:\Program Files\SurfAccuracy\sacc.cfg.9d90cb08236d5add62f0e098584b2ca0 -> Adware.SurfAccuracy : Error during cleaning
C:\Program Files\SurfAccuracy\sacc.cfg.cacc9dd3df1ef5fa78264d463755f6d8 -> Adware.SurfAccuracy : Error during cleaning
C:\Program Files\SurfAccuracy\sacc.cfg.e7348e6ffae4c7bf8d031aab06974790 -> Adware.SurfAccuracy : Error during cleaning
C:\Program Files\SurfAccuracy\sacc.cfg.e9394792bf770ce0665b4c26ed207dc6 -> Adware.SurfAccuracy : Error during cleaning
C:\Program Files\SurfAccuracy\sacc.cfg.ebc180fe6b6909a6b5a50d578df146e1 -> Adware.SurfAccuracy : Error during cleaning
C:\Program Files\SurfAccuracy\SAcc.exe -> Adware.SurfAccuracy : Cleaned with backup
C:\Program Files\SurfAccuracy\SAccU.exe -> Adware.SurfAccuracy : Error during cleaning
C:\Program Files\whInstall -> Adware.Webhancer : Cleaned with backup
C:\Program Files\whInstall\whAgent.inf -> Adware.Webhancer : Cleaned with backup
C:\Program Files\whInstall\whInstaller.ini -> Adware.Webhancer : Cleaned with backup
C:\Program Files\Windows Media Player\wmplayer.exe.tmp -> Downloader.Small.wj : Cleaned with backup
C:\temp\bundle_cdt1006.exe -> Adware.Sahat : Cleaned with backup
C:\temp\ZCWEDowST3.exe -> Dropper.Agent.rs : Cleaned with backup
C:\WINDOWS\876029.exe -> Adware.SaveNow : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\EPXActiveX.ocx -> Downloader.Lastad.r : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWFX5_0001_N53L1025NetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.f : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWFX5_0001_N53L1025NetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.f : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\mm83.ocx -> Downloader.VB.ov : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\UWFX5_0001_LP1014NetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\UWFX5_0001_MNINetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\UWFX5_0001_N53L1025NetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.f : Cleaned with backup
C:\WINDOWS\eee2.exe -> Adware.MediaMotor : Cleaned with backup
C:\WINDOWS\F ma.exe/eee2.exe -> Adware.MediaMotor : Cleaned with backup
C:\WINDOWS\mrjj.exe -> Trojan.LowZones.am : Cleaned with backup
C:\WINDOWS\nem220.dll -> Downloader.Dyfuca : Cleaned with backup
C:\WINDOWS\noC=.exe/mrjj.exe -> Trojan.LowZones.am : Cleaned with backup
C:\WINDOWS\optimize.exe -> Downloader.Dyfuca.ei : Cleaned with backup
C:\WINDOWS\pi1_25.exe -> Downloader.Small.afq : Cleaned with backup
C:\WINDOWS\pi1_34.exe -> Downloader.Small.bue : Cleaned with backup
C:\WINDOWS\surv3.exe -> Downloader.VB.vv : Cleaned with backup
C:\WINDOWS\survv.exe -> Downloader.VB.dm : Cleaned with backup
C:\WINDOWS\system32\bhyc.exe -> Downloader.Lastad.p : Cleaned with backup
C:\WINDOWS\system32\bhycaeg05.dll -> Downloader.Lastad.h : Cleaned with backup
C:\WINDOWS\system32\dwdsregt.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\system32\epx30106.exe -> Downloader.Lastad.r : Cleaned with backup
C:\WINDOWS\system32\iilrta.exe -> Downloader.Lastad.r : Cleaned with backup
C:\WINDOWS\system32\iilrtaaeg06.dll -> Downloader.Lastad.r : Cleaned with backup
C:\WINDOWS\system32\mrte.exe -> Trojan.Agent.hm : Cleaned with backup
C:\WINDOWS\system32\qjdsrego.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\system32\qwinkrag.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\system32\WinATS.dll -> Adware.Mirar : Cleaned with backup
C:\WINDOWS\system32\WinDmy.dll -> Adware.Mirar : Cleaned with backup
C:\WINDOWS\system32\WinNB57.dll -> Adware.Mirar : Cleaned with backup
C:\WINDOWS\system32\WinStat10.dll -> Adware.Winsta : Cleaned with backup
C:\WINDOWS\whCC-GIANT.exe/WhAgent.exe -> Adware.WebHancer : Cleaned with backup
C:\WINDOWS\zitst001.exe -> Adware.ZenoSearch : Cleaned with backup
::Report End
So is it all better now?
We'll get her fixed up though. You might want to print these instructions as you will not have access to the internet for part of this fix.
Run Hijack This again and put a check (tick) next to the following entries:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll (file missing)
O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB57.dll (file missing)
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB57.dll (file missing)
O4 - HKLM\..\Run: [Wppawsr] C:\Program Files\Goelky\Jburajn.exe
O4 - HKLM\..\Run: [NI.UWFX5_0001_N57M2112] "C:\Documents and Settings\delsie\Local Settings\Temporary Internet Files\Content.IE5\B80TMYXK\WinFixerScannerInstall[1].exe" -nag
O4 - HKLM\..\Run: [ahkw] C:\windows\eee2.exe
O4 - HKCU\..\Run: [msicdl] C:\WINDOWS\system32\msicdl.exe
O4 - HKCU\..\RunOnce: [msicdl] C:\WINDOWS\system32\msicdl.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\qwinkrag.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: http://www.neededware.com
O15 - Trusted Zone: *.popuppers.com
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: NDWCab - http://www.neededware.com/ndw4.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.media-motor.net/cabs/joysaver.cab
O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} (IObjSafety.DemoCtl) - http://cabs.media-motor.net/cabs/joysaver.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://click.mirarsearch.com/FIX/WinATS.cab
Close all other browsers/windows and click Fix Checked. Close Hijack This.
Reboot the PC into safe mode just like you did before you ran the Ewido Scan. Once in safe mode make sure you can view all hidden files and folders:
Next click Start---->Run. In the box type cleanmgr. The windows disk cleanup utility will open. Make sure the box next to temporary files and temporary internet files are checked then click OK. The disk cleanup utility will empty the temp files folders.
Next use Windows Explorer to delete the following (do not worry if you can't find some of these):
C:\Program Files\E2G<----This folder.
C:\Program Files\Goelky<----This folder.
C:\WINDOWS\System32\WinNB57.dll<----This file.
C:\WINDOWS\system32\msicdl.exe<----This file.
C:\WINDOWS\system32\qwinkrag.exe<----This file.
C:\WINDOWS\system32\dwdsregt.exe<----This file.
C:\windows\eee2.exe<----This file.
C:\Documents and Settings\delsie\Local Settings\Temporary Internet Files\Content.IE5\B80TMYXK<----This folder. Note that this one may not exist.
Empty the recycle bin.
Reboot the PC into normal mode and post a fresh Hijack This log.
Logfile of HijackThis v1.99.1
Scan saved at 12:31:47 AM, on 4/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\PROGRA~1\COMMON~1\AOL\114487~1\EE\AOLHOS~1.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\COMMON~1\AOL\114487~1\EE\AOLServiceHost.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Documents and Settings\delsie\Desktop\hijackthis_199\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKLM\..\Run: [fcx] C:\WINDOWS\fcx.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NI.UWFX5_0001_N57M2112] "C:\Documents and Settings\delsie\Local Settings\Temporary Internet Files\Content.IE5\B80TMYXK\WinFixerScannerInstall[1].exe" -nag
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [ahkw] C:\windows\eee2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1144879285\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab
O16 - DPF: {52DE3A24-0A3F-11D4-B9D2-008048FD54E6} (POLAR Draw v2.0 Control) - http://www.polarsoftware.com/test/SierraLH/polardraw20.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.bigfishgames.com/online/tumblebugs/axhost.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.pogo.com/game/deluxe/insaniquarium/popcaploader_v6.cab
O20 - AppInit_DLLs: iniwin32.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O4 - HKLM\..\Run: [NI.UWFX5_0001_N57M2112] "C:\Documents and Settings\delsie\Local Settings\Temporary Internet Files\Content.IE5\B80TMYXK\WinFixerScannerInstall[1].exe" -nag
O4 - HKLM\..\Run: [ahkw] C:\windows\eee2.exe
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
After fixing those with Hijack This reboot into safe mode again and delete the following:
C:\Program Files\E2G<----This folder.
C:\Documents and Settings\delsie\Local Settings\Temporary Internet Files\Content.IE5\B80TMYXK<----Delete all the files in this folder.
C:\windows\eee2.exe<----This file.
C:\counter.cab<----This file.
When you are finished reboot into normal mode and run a Panda Active Scan from my signature below. Make sure to tell the scan to autoclean. It will generate a log when finished. Please post back with the Panda Log and a fresh Hijack This log.
C:\windows\eee2.exe<----This file."
I couldn't find those two things.. :[ and I have to switch the internet over to my moms computer to download the panda thing. Sooo, I'll post that log and the hijackthis one when I'm done
- Once you are on the Panda site, click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes save the report to your desktop so you can find it easily.
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\delsie\Cookies\delsie@2o7[2].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\delsie\Cookies\delsie@888[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\delsie\Cookies\delsie@888[2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\delsie\Cookies\delsie@adopt.hbmediapro[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\delsie\Cookies\delsie@adrevolver[3].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\delsie\Cookies\delsie@ads.pointroll[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\delsie\Cookies\delsie@advertising[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\delsie\Cookies\delsie@apmebf[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\delsie\Cookies\delsie@as-us.falkag[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\delsie\Cookies\delsie@atdmt[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\delsie\Cookies\delsie@ath.belnk[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\delsie\Cookies\delsie@atwola[2].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\delsie\Cookies\delsie@azjmp[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\delsie\Cookies\delsie@belnk[1].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\delsie\Cookies\delsie@bravenet[1].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\delsie\Cookies\delsie@cassava[1].txt
Spyware:Cookie/DelfinMedia Not disinfected C:\Documents and Settings\delsie\Cookies\delsie@delfinproject[2].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\delsie\Cookies\delsie@did-it[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\delsie\Cookies\delsie@dist.belnk[2].txt
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\delsie\Cookies\delsie@fortunecity[2].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\delsie\Cookies\delsie@go[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\delsie\Cookies\delsie@hitbox[1].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\delsie\Cookies\delsie@i.screensavers[1].txt
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\delsie\Cookies\delsie@landing.domainsponsor[1].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\delsie\Cookies\delsie@maxserving[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\delsie\Cookies\delsie@mediaplex[2].txt
Spyware:Cookie/Media-motor Not disinfected C:\Documents and Settings\delsie\Cookies\delsie@mmm.media-motor[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\delsie\Cookies\delsie@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\delsie\Cookies\delsie@realmedia[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\delsie\Cookies\delsie@searchportal.information[1].txt
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\delsie\Cookies\delsie@tickle[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\delsie\Cookies\delsie@trafficmp[1].txt
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\delsie\Cookies\delsie@valueclick[1].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\delsie\Cookies\delsie@winfixer[2].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\delsie\Cookies\delsie@www.myaffiliateprogram[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\delsie\Cookies\delsie@zedo[2].txt
Spyware:Spyware/Media-motor Not disinfected C:\Documents and Settings\delsie\Desktop\hijackthis_199\backups\backup-20060413-000523-221.inf
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\don\Cookies\don@searchportal.information[1].txt
Spyware:Spyware/ClearSearch Not disinfected C:\Documents and Settings\don\Local Settings\Temp\ClrSch\FNuninstaller.EX_[FNuninstaller.EXe]
Dialer:dialer.baj Not disinfected C:\ied_s7.cab
Adware:Adware/Sqwire Not disinfected C:\Program Files\Common Files\fuiw\fuiwd\fuiwc.dll
Adware:Adware/Gator Not disinfected C:\Program Files\Common Files\GMT\egIEEngine.dll
Adware:Adware/Gator Not disinfected C:\Program Files\Common Files\GMT\GUninstaller.exe
Potentially unwanted tool:Application/Winfixer2005 Not disinfected C:\Program Files\Common Files\WinSoftware\PrCheck.dll
Adware:Adware/KeenValue Not disinfected C:\WINDOWS\browserxtras\pn\remove.exe
Adware:Adware/Neededware Not disinfected C:\WINDOWS\Downloaded Program Files\EPXActiveX.ocx
Adware:adware/gator Not disinfected C:\WINDOWS\GatorPatch.log
Spyware:application/bestoffer Not disinfected C:\WINDOWS\smdat32a.sys
Adware:adware program Not disinfected C:\WINDOWS\system32\data.~
Adware:adware/wupd Not disinfected C:\WINDOWS\system32\ide21201.vxd
Adware:Adware/E2Give Not disinfected C:\WINDOWS\system32\iniwin32.dll
Virus:Trj/Agent.APG Disinfected C:\WINDOWS\system32\krn_32.dll
Adware:adware/sqwire Not disinfected C:\WINDOWS\system32\tsuninst.exe
Adware:Adware/Winstat Not disinfected C:\WINDOWS\system32\WinStat13.dll
Spyware:spyware/media-motor Not disinfected C:\WINDOWS\unstall.exe
okayyy thats the activescan thingie i hope i did it right!
Scan saved at 3:14:59 AM, on 4/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\COMMON~1\AOL\114487~1\EE\AOLHOS~1.EXE
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\PROGRA~1\COMMON~1\AOL\114487~1\EE\AOLServiceHost.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Documents and Settings\delsie\Desktop\hijackthis_199\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKLM\..\Run: [fcx] C:\WINDOWS\fcx.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NI.UWFX5_0001_N57M2112] "C:\Documents and Settings\delsie\Local Settings\Temporary Internet Files\Content.IE5\B80TMYXK\WinFixerScannerInstall[1].exe" -nag
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1144879285\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab
O16 - DPF: {52DE3A24-0A3F-11D4-B9D2-008048FD54E6} (POLAR Draw v2.0 Control) - http://www.polarsoftware.com/test/SierraLH/polardraw20.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.bigfishgames.com/online/tumblebugs/axhost.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.pogo.com/game/deluxe/insaniquarium/popcaploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0778A5E6-2C59-4C40-8B23-86472744E936}: NameServer = 205.188.146.145
O17 - HKLM\System\CS1\Services\Tcpip\..\{0778A5E6-2C59-4C40-8B23-86472744E936}: NameServer = 205.188.146.145
O20 - AppInit_DLLs: iniwin32.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
SurfAccuracy
Let me know if it's not there. There are a couple of more things to take care of but we'll do that when I know we have the above program uninstalled.
http://www.ccleaner.com/ccdownload.asp
Install the program, but don't run it yet.
Next run Hijack This again and put a check (tick) next to the following:
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [NI.UWFX5_0001_N57M2112] "C:\Documents and Settings\delsie\Local Settings\Temporary Internet Files\Content.IE5\B80TMYXK\WinFixerScannerInstall[1].exe" -nag
O20 - AppInit_DLLs: iniwin32.dll
Close all other browsers/windows and click Fix Checked.
Reboot into safe mode again and delete the following:
C:\Program Files\E2G<----This folder.
C:\Program Files\SurfAccuracy<----This folder.
Next use the Windows search feature to look for the following file:
iniwin32.dll
Delete every instance of it you find.
Next run CCleaner that we downloaded earlier. It's real easy to use just make sure you check all the boxes for temporary files, etc. Do not use the issues feature, just run the cleaner.
After all this, please reboot into normal mode and post a fresh Hijack This log.