Options
Take a look at my log please
Yesterday I ran a scan and found over 7000 items that were infected with a virus and about 100 items that were spyware. I have Ad-Aware and Spybot so I ran those and removed some things but I still had pop-ups galore. I noticed the files infected are zip files and McAfee says its Generic VB virus and some other virus plus surf sidekick and look2me. Anyway I stumbled across one of the threads here and started doing things on the list. I have the panda scan and the hijackthis logfiles here:
panda scan
Incident Status Location
Adware:Adware/TheLocalSearch Not disinfected C:\data.dll
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\LocalService\Cookies\system@c.enhance[1].txt
Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\LocalService\Cookies\system@c.goclick[1].txt
Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\Owner\Application Data\Sskuknwrd.dll
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner\Cookies\owner@2o7[2].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Owner\Cookies\owner@888[2].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Owner\Cookies\owner@888[3].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Owner\Cookies\owner@adopt.hbmediapro[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Owner\Cookies\owner@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Owner\Cookies\owner@adrevolver[2].txt
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Owner\Cookies\owner@anm.co[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Owner\Cookies\owner@as-eu.falkag[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Owner\Cookies\owner@as-us.falkag[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Owner\Cookies\owner@atdmt[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Owner\Cookies\owner@ath.belnk[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Cookies\owner@atwola[2].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Owner\Cookies\owner@azjmp[2].txt
Spyware:Cookie/nCase Not disinfected C:\Documents and Settings\Owner\Cookies\owner@banners.searchingbooth[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Owner\Cookies\owner@belnk[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Owner\Cookies\owner@burstnet[1].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Owner\Cookies\owner@c.enhance[1].txt
Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\Owner\Cookies\owner@c.goclick[2].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Owner\Cookies\owner@cassava[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Owner\Cookies\owner@com[1].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Owner\Cookies\owner@ct.360i[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Owner\Cookies\owner@dist.belnk[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Owner\Cookies\owner@entrepreneur[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Owner\Cookies\owner@fastclick[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Owner\Cookies\owner@go[1].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Owner\Cookies\owner@i.screensavers[2].txt
Spyware:Cookie/Kmpads Not disinfected C:\Documents and Settings\Owner\Cookies\owner@kmpads[2].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner\Cookies\owner@microsofteup.112.2o7[1].txt
Spyware:Cookie/Mp3search Not disinfected C:\Documents and Settings\Owner\Cookies\owner@mp3search[2].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Owner\Cookies\owner@offeroptimizer[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner\Cookies\owner@realmedia[1].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Owner\Cookies\owner@revenue[1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Owner\Cookies\owner@searchportal.information[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Owner\Cookies\owner@statcounter[1].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Owner\Cookies\owner@stats1.reliablestats[2].txt
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\Owner\Cookies\owner@targetnet[1].txt
Spyware:Cookie/TargetSaver Not disinfected C:\Documents and Settings\Owner\Cookies\owner@targetsaver[2].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Owner\Cookies\owner@toplist[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt
Spyware:Cookie/Affiliate fuel Not disinfected C:\Documents and Settings\Owner\Cookies\owner@www.affiliatefuel[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Owner\Cookies\owner@www.burstbeacon[1].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Owner\Cookies\owner@www.myaffiliateprogram[1].txt
Spyware:Cookie/web-stat Not disinfected C:\Documents and Settings\Owner\Cookies\owner@www.web-stat[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Owner\Cookies\owner@xiti[1].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Owner\Cookies\owner@yadro[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Owner\Cookies\owner@zedo[2].txt
Spyware:Spyware/MyNetProtector Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\1.26 MB.exe
Adware:Adware/EliteBar Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\327762_592_2580_3216_63.41.tmp
Adware:Adware/EliteBar Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\327762_592_2580_3216_63.41.tmp1
Adware:Adware/EliteBar Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\3473458_512_2580_196_63.41.tmp
Adware:Adware/EliteBar Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\3473458_512_2580_196_63.41.tmp1
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@888[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@888[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@ad.yieldmanager[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@ad.yieldmanager[3].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@adopt.hbmediapro[2].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@azjmp[1].txt
Spyware:Cookie/nCase Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@banners.searchingbooth[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@belnk[1].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@cassava[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@dist.belnk[2].txt
Spyware:Cookie/Kmpads Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@kmpads[2].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@rn11[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@trafficmp[1].txt
Adware:Adware/Qoologic Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\f10425734.exe
Adware:Adware/Qoologic Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\f137060578.exe
Adware:Adware/Midaddle Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\fixit.exe[clicks.dll]
Adware:Adware/Midaddle Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\fixit.exe[Updater.exe]
Adware:Adware/Midaddle Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\fixit.exe[Watcher.exe]
Spyware:Spyware/SurfSideKick Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\i159.tmp
Spyware:Spyware/New.net Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Install-Emoticons.exe[SHNT288.exe]
Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Install-Emoticons.exe[wh.exe]
Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Install-Emoticons.exe[wh.exe][whAgent.inf]
Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Install-Emoticons.exe[wh.exe][whAgent.exe]
Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Install-Emoticons.exe[wh.exe][whInstaller.exe]
Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Install-Emoticons.exe[wh.exe][whSurvey.exe]
Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Install-Emoticons.exe[wh.exe][webhdll.dll]
Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Install-Emoticons.exe[wh.exe][whiehlpr.dll]
Adware:Adware/WinAD Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Install-Emoticons.exe[MGW_SH.exe]
Adware:Adware/Transponder Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\polmx2.inf
Spyware:Spyware/SafeSurf Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\s2e4..exe[ExtractDLL.dll]
Adware:Adware/SideSearch Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\ss_cdt_setup.exe[² =.dll]
Adware:Adware/SideSearch Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\ss_cdt_setup.exe[offline.htm]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\temp.fr1952
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\temp.fr6A5F
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\toolbar.dll
Adware:Adware/QoolAid Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\tp7543.exe
Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\WZS4.tmp\whAgent.inf
Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\WZS4.tmp\whInstaller.exe
Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\WZS7D.tmp\whAgent.inf
Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\WZS96.tmp\whAgent.inf
Spyware:Spyware/SafeSurf Not disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1JNJ5TO6\IrsmInst[1].exe[ExtractDLL.dll]
Adware:Adware/QoolAid Not disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4Z5VQ2ZH\rcverlib[1].exe
and the hijackthis logfile
Logfile of HijackThis v1.99.1
Scan saved at 9:22:49 PM, on 5/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\ipwins\ipwins.exe
c:\windows\system32\dwdsregt.exe
C:\Documents and Settings\Owner\Application Data\W?nSxS\ntvdm.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Microsoft ActiveSync\MSCONV97.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Owner\My Documents\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,pfivgqg.exe
O2 - BHO: Internet Explorer Web Content Catcher - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Program Files\DNS\Catcher.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_6_0_0.dll
O4 - HKLM\..\Run: [iz9f] C:\PROGRA~1\wxuprvtp\fAQAB4xN.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [keyboard] C:\\keyboard23.exe
O4 - HKLM\..\Run: [newname] C:\\newname23.exe
O4 - HKLM\..\Run: [w829ec43.dll] RUNDLL32.EXE w829ec43.dll,I2 0010e11a0829ec43
O4 - HKLM\..\Run: [{FE-E2-23-33-ZN}] c:\windows\system32\dwdsregt.exe FI002
O4 - HKLM\..\Run: [win3211-1797266893] C:\WINDOWS\win3211-1797266893.exe
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\RunOnce: [BorraT2006TMP] cmd /C RD /s/q "C:\DOCUME~1\Owner\LOCALS~1\Temp\T2006tmp\"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Adal] "C:\PROGRA~1\SSTEM~1\msconfig.exe" -vt yazb
O4 - HKCU\..\Run: [Pmme] C:\Documents and Settings\Owner\Application Data\W?nSxS\ntvdm.exe
O4 - HKCU\..\Run: [irssyncd] C:\WINDOWS\system32\irssyncd.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-110-12-0000140.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\pjdsregm.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\winlspak.dll' missing
O15 - Trusted Zone: *.mmohsix.com
O15 - Trusted Zone: http://download.verizon.net
O15 - Trusted Zone: http://www2.verizon.net
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://mygmgw.gm.com/http://usabhma35.mail.gm.com/iNotes.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://www.runaware.com/dolphin/wficat.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,911,0
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136265005500
O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} - http://cc.iwon.com/ct/pm3/iWonPMSetup_12_1,0,2,5.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://mycampus.phoenix.edu/secure/PhxStudent15.CAB
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_6us.cab
O16 - DPF: {BAE57CC6-88D1-4AE8-B6FD-306120D5BC52} (SystemRequirement.TechCheck) - http://www.riosalado.edu/techcheck/SystemRequirements.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O16 - DPF: {C432C4BD-3566-411C-8F3C-E5E0D3AE5D33} (CBrowser Class) - http://www.streamingfaith.com/common/mbrowser/MINIBrowser.CAB
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://aolsvc.aol.com/onlinegames/dinerdash/DinerDash.1.0.0.72.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/pcastropop/popcaploader_v7.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\lvn2095oe.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Setup - C:\WINDOWS\system32\n4n6le5s1h.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: STOPzilla Local Service - Unknown owner - C:\Program Files\STOPzilla!\szntsvc.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
panda scan
Incident Status Location
Adware:Adware/TheLocalSearch Not disinfected C:\data.dll
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\LocalService\Cookies\system@c.enhance[1].txt
Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\LocalService\Cookies\system@c.goclick[1].txt
Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\Owner\Application Data\Sskuknwrd.dll
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner\Cookies\owner@2o7[2].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Owner\Cookies\owner@888[2].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Owner\Cookies\owner@888[3].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Owner\Cookies\owner@adopt.hbmediapro[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Owner\Cookies\owner@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Owner\Cookies\owner@adrevolver[2].txt
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Owner\Cookies\owner@anm.co[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Owner\Cookies\owner@as-eu.falkag[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Owner\Cookies\owner@as-us.falkag[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Owner\Cookies\owner@atdmt[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Owner\Cookies\owner@ath.belnk[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Cookies\owner@atwola[2].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Owner\Cookies\owner@azjmp[2].txt
Spyware:Cookie/nCase Not disinfected C:\Documents and Settings\Owner\Cookies\owner@banners.searchingbooth[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Owner\Cookies\owner@belnk[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Owner\Cookies\owner@burstnet[1].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Owner\Cookies\owner@c.enhance[1].txt
Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\Owner\Cookies\owner@c.goclick[2].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Owner\Cookies\owner@cassava[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Owner\Cookies\owner@com[1].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Owner\Cookies\owner@ct.360i[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Owner\Cookies\owner@dist.belnk[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Owner\Cookies\owner@entrepreneur[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Owner\Cookies\owner@fastclick[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Owner\Cookies\owner@go[1].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Owner\Cookies\owner@i.screensavers[2].txt
Spyware:Cookie/Kmpads Not disinfected C:\Documents and Settings\Owner\Cookies\owner@kmpads[2].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner\Cookies\owner@microsofteup.112.2o7[1].txt
Spyware:Cookie/Mp3search Not disinfected C:\Documents and Settings\Owner\Cookies\owner@mp3search[2].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Owner\Cookies\owner@offeroptimizer[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner\Cookies\owner@realmedia[1].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Owner\Cookies\owner@revenue[1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Owner\Cookies\owner@searchportal.information[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Owner\Cookies\owner@statcounter[1].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Owner\Cookies\owner@stats1.reliablestats[2].txt
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\Owner\Cookies\owner@targetnet[1].txt
Spyware:Cookie/TargetSaver Not disinfected C:\Documents and Settings\Owner\Cookies\owner@targetsaver[2].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Owner\Cookies\owner@toplist[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt
Spyware:Cookie/Affiliate fuel Not disinfected C:\Documents and Settings\Owner\Cookies\owner@www.affiliatefuel[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Owner\Cookies\owner@www.burstbeacon[1].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Owner\Cookies\owner@www.myaffiliateprogram[1].txt
Spyware:Cookie/web-stat Not disinfected C:\Documents and Settings\Owner\Cookies\owner@www.web-stat[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Owner\Cookies\owner@xiti[1].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Owner\Cookies\owner@yadro[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Owner\Cookies\owner@zedo[2].txt
Spyware:Spyware/MyNetProtector Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\1.26 MB.exe
Adware:Adware/EliteBar Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\327762_592_2580_3216_63.41.tmp
Adware:Adware/EliteBar Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\327762_592_2580_3216_63.41.tmp1
Adware:Adware/EliteBar Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\3473458_512_2580_196_63.41.tmp
Adware:Adware/EliteBar Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\3473458_512_2580_196_63.41.tmp1
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@888[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@888[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@ad.yieldmanager[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@ad.yieldmanager[3].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@adopt.hbmediapro[2].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@azjmp[1].txt
Spyware:Cookie/nCase Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@banners.searchingbooth[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@belnk[1].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@cassava[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@dist.belnk[2].txt
Spyware:Cookie/Kmpads Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@kmpads[2].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@rn11[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@trafficmp[1].txt
Adware:Adware/Qoologic Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\f10425734.exe
Adware:Adware/Qoologic Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\f137060578.exe
Adware:Adware/Midaddle Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\fixit.exe[clicks.dll]
Adware:Adware/Midaddle Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\fixit.exe[Updater.exe]
Adware:Adware/Midaddle Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\fixit.exe[Watcher.exe]
Spyware:Spyware/SurfSideKick Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\i159.tmp
Spyware:Spyware/New.net Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Install-Emoticons.exe[SHNT288.exe]
Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Install-Emoticons.exe[wh.exe]
Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Install-Emoticons.exe[wh.exe][whAgent.inf]
Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Install-Emoticons.exe[wh.exe][whAgent.exe]
Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Install-Emoticons.exe[wh.exe][whInstaller.exe]
Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Install-Emoticons.exe[wh.exe][whSurvey.exe]
Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Install-Emoticons.exe[wh.exe][webhdll.dll]
Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Install-Emoticons.exe[wh.exe][whiehlpr.dll]
Adware:Adware/WinAD Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Install-Emoticons.exe[MGW_SH.exe]
Adware:Adware/Transponder Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\polmx2.inf
Spyware:Spyware/SafeSurf Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\s2e4..exe[ExtractDLL.dll]
Adware:Adware/SideSearch Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\ss_cdt_setup.exe[² =.dll]
Adware:Adware/SideSearch Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\ss_cdt_setup.exe[offline.htm]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\temp.fr1952
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\temp.fr6A5F
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\toolbar.dll
Adware:Adware/QoolAid Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\tp7543.exe
Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\WZS4.tmp\whAgent.inf
Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\WZS4.tmp\whInstaller.exe
Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\WZS7D.tmp\whAgent.inf
Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\WZS96.tmp\whAgent.inf
Spyware:Spyware/SafeSurf Not disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1JNJ5TO6\IrsmInst[1].exe[ExtractDLL.dll]
Adware:Adware/QoolAid Not disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4Z5VQ2ZH\rcverlib[1].exe
and the hijackthis logfile
Logfile of HijackThis v1.99.1
Scan saved at 9:22:49 PM, on 5/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\ipwins\ipwins.exe
c:\windows\system32\dwdsregt.exe
C:\Documents and Settings\Owner\Application Data\W?nSxS\ntvdm.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Microsoft ActiveSync\MSCONV97.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Owner\My Documents\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,pfivgqg.exe
O2 - BHO: Internet Explorer Web Content Catcher - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Program Files\DNS\Catcher.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_6_0_0.dll
O4 - HKLM\..\Run: [iz9f] C:\PROGRA~1\wxuprvtp\fAQAB4xN.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [keyboard] C:\\keyboard23.exe
O4 - HKLM\..\Run: [newname] C:\\newname23.exe
O4 - HKLM\..\Run: [w829ec43.dll] RUNDLL32.EXE w829ec43.dll,I2 0010e11a0829ec43
O4 - HKLM\..\Run: [{FE-E2-23-33-ZN}] c:\windows\system32\dwdsregt.exe FI002
O4 - HKLM\..\Run: [win3211-1797266893] C:\WINDOWS\win3211-1797266893.exe
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\RunOnce: [BorraT2006TMP] cmd /C RD /s/q "C:\DOCUME~1\Owner\LOCALS~1\Temp\T2006tmp\"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Adal] "C:\PROGRA~1\SSTEM~1\msconfig.exe" -vt yazb
O4 - HKCU\..\Run: [Pmme] C:\Documents and Settings\Owner\Application Data\W?nSxS\ntvdm.exe
O4 - HKCU\..\Run: [irssyncd] C:\WINDOWS\system32\irssyncd.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-110-12-0000140.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\pjdsregm.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\winlspak.dll' missing
O15 - Trusted Zone: *.mmohsix.com
O15 - Trusted Zone: http://download.verizon.net
O15 - Trusted Zone: http://www2.verizon.net
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://mygmgw.gm.com/http://usabhma35.mail.gm.com/iNotes.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://www.runaware.com/dolphin/wficat.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,911,0
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136265005500
O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} - http://cc.iwon.com/ct/pm3/iWonPMSetup_12_1,0,2,5.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://mycampus.phoenix.edu/secure/PhxStudent15.CAB
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_6us.cab
O16 - DPF: {BAE57CC6-88D1-4AE8-B6FD-306120D5BC52} (SystemRequirement.TechCheck) - http://www.riosalado.edu/techcheck/SystemRequirements.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O16 - DPF: {C432C4BD-3566-411C-8F3C-E5E0D3AE5D33} (CBrowser Class) - http://www.streamingfaith.com/common/mbrowser/MINIBrowser.CAB
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://aolsvc.aol.com/onlinegames/dinerdash/DinerDash.1.0.0.72.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/pcastropop/popcaploader_v7.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\lvn2095oe.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Setup - C:\WINDOWS\system32\n4n6le5s1h.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: STOPzilla Local Service - Unknown owner - C:\Program Files\STOPzilla!\szntsvc.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Comments
Double-click
ATF-Cleaner.exe to run the program.Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser
Click
Firefox at the top and choose: Select AllClick the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
Click
Opera at the top and choose: Select AllClick the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
Restart the computer. Please download Ewido Anti Malware it is a trial version of the program.
- Install ewido anti malware
- Launch ewido, there should be an icon on your desktop double-click it.
- The program will now go to the main screen
You will need to update ewido to the latest definition files.- On the left hand side of the main screen click update
- Then click on Start Update
The update will start and a progress bar will show the updates being installed.If you are having problems with the updater, you can use this link to manually update Ewido.
Ewido manual updates
Once the updates are installed do the following:
- You will need to step through the process of cleaning files one-by-one.
- If ewido detects a file you KNOW to be legitimate, select none as the action.
- DO NOT select "Perform action on all infections"
- If you are unsure of any entry found select none for now.
Now close ewido anti-malware.Restart the computer again. As the computer is booting press and hold your "F8 Key" which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode" and press your Enter key.
Once in safe mode, delete the following files/folders:
C:\data.dll
Reboot back into normal mode and rescan with both Panda ActiveScan and HijackThis. Post the two fresh logs in your next reply.
Incident Status Location
Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\Owner\Application Data\Sskuknwrd.dll
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Owner\Cookies\owner@adopt.hbmediapro[2].txt
Spyware:Cookie/nCase Not disinfected C:\Documents and Settings\Owner\Cookies\owner@banners.searchingbooth[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Owner\Cookies\owner@belnk[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Owner\Cookies\owner@dist.belnk[2].txt
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Owner\Cookies\owner@hc2.humanclick[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner\Cookies\owner@realmedia[2].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Owner\Cookies\owner@winfixer[2].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@888[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@888[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@ad.yieldmanager[1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@adopt.hbmediapro[2].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@azjmp[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@belnk[1].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@cassava[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@dist.belnk[2].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@rn11[2].txt
Spyware:Spyware/SafeSurf Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\ExtractDLL.dll
Adware:Adware/Midaddle Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\fixit.exe[clicks.dll]
Adware:Adware/Midaddle Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\fixit.exe[Updater.exe]
Adware:Adware/Midaddle Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\fixit.exe[Watcher.exe]
Spyware:Spyware/New.net Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Install-Emoticons.exe[SHNT288.exe]
Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Install-Emoticons.exe[wh.exe]
Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Install-Emoticons.exe[wh.exe][whAgent.inf]
Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Install-Emoticons.exe[wh.exe][whAgent.exe]
Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Install-Emoticons.exe[wh.exe][whInstaller.exe]
Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Install-Emoticons.exe[wh.exe][whSurvey.exe]
Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Install-Emoticons.exe[wh.exe][webhdll.dll]
Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Install-Emoticons.exe[wh.exe][whiehlpr.dll]
Adware:Adware/WinAD Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Install-Emoticons.exe[MGW_SH.exe]
Adware:Adware/Transponder Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\polmx2.inf
Spyware:Spyware/SafeSurf Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\qmsA.tmp[ExtractDLL.dll]
Spyware:Spyware/SafeSurf Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\s2e4..exe[ExtractDLL.dll]
Adware:Adware/SideSearch Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\ss_cdt_setup.exe[² =.dll]
Adware:Adware/SideSearch Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\ss_cdt_setup.exe[offline.htm]
Adware:Adware/WinTools Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\toolbar.dll
Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\WZS4.tmp\whAgent.inf
Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\WZS7D.tmp\whAgent.inf
Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\WZS96.tmp\whAgent.inf
Spyware:Spyware/SafeSurf Not disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1JNJ5TO6\IrsmInst[1].exe[ExtractDLL.dll]
Adware:Adware/Maxifiles Not disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4PAN45YB\117[1].avi
Spyware:Spyware/SafeSurf Not disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\65UBUL6F\IrsmInst[1].exe[ExtractDLL.dll]
Adware:Adware/Beginto Not disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\6PD6VU5C\trafficsectorInst[1].exe[b2search_v17.exe]
Adware:Adware/PopupSearches Not disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\6PD6VU5C\trafficsectorInst[1].exe[b2search_v17.exe][²èÇ]
Spyware:Spyware/SafeSurf Not disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\IVKR21Q5\SSInstaller[1].exe[ExtractDLL.dll]
Logfile of HijackThis v1.99.1
Scan saved at 5:45:03 AM, on 5/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Documents and Settings\Owner\Application Data\W?nSxS\ntvdm.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\SpywareBlaster\ckdatabase.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Owner\My Documents\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,pfivgqg.exe
O2 - BHO: RieMon Class - {70F6A776-579A-4C95-BA88-134253907752} - C:\WINDOWS\system32\irsmjkca.dll
O2 - BHO: Internet Explorer Web Content Catcher - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Program Files\DNS\Catcher.dll (file missing)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_6_0_0.dll
O4 - HKLM\..\Run: [iz9f] C:\PROGRA~1\wxuprvtp\fAQAB4xN.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [keyboard] C:\\keyboard23.exe
O4 - HKLM\..\Run: [newname] C:\\newname23.exe
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Pmme] C:\Documents and Settings\Owner\Application Data\W?nSxS\ntvdm.exe
O4 - HKCU\..\Run: [irssyncd] C:\WINDOWS\system32\irssyncd.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-110-12-0000140.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\winlspak.dll' missing
O15 - Trusted Zone: *.mmohsix.com
O15 - Trusted Zone: http://download.verizon.net
O15 - Trusted Zone: http://www2.verizon.net
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://mygmgw.gm.com/http://usabhma35.mail.gm.com/iNotes.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - http://www.runaware.com/dolphin/wficat.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,911,0
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136265005500
O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} - http://cc.iwon.com/ct/pm3/iWonPMSetup_12_1,0,2,5.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://mycampus.phoenix.edu/secure/PhxStudent15.CAB
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_6us.cab
O16 - DPF: {BAE57CC6-88D1-4AE8-B6FD-306120D5BC52} (SystemRequirement.TechCheck) - http://www.riosalado.edu/techcheck/SystemRequirements.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O16 - DPF: {C432C4BD-3566-411C-8F3C-E5E0D3AE5D33} (CBrowser Class) - http://www.streamingfaith.com/common/mbrowser/MINIBrowser.CAB
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://aolsvc.aol.com/onlinegames/dinerdash/DinerDash.1.0.0.72.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/pcastropop/popcaploader_v7.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\lvn2095oe.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Setup - C:\WINDOWS\system32\n4n6le5s1h.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: STOPzilla Local Service - Unknown owner - C:\Program Files\STOPzilla!\szntsvc.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe