Options
Assistance with Removal of Infestation
My wife was online the other day and I login behind her and wham! Pop-ups galore, Mcafee starts popping cleaning and infected file messages like crazy, I thought we were done for.
I cleaned what I could and then followed the directions in the sticky prior to posting, and here are the log files leftover.
*Panda Active Scan Log*:
Incident Status Location
Spyware:Cookie/2o7
Not disinfected
C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt
Spyware:Cookie/Atwola
Not disinfected
C:\Documents and Settings\Owner\Cookies\owner@atwola[1].txt
Adware:Adware/Sqwire
Not disinfected
C:\Documents and Settings\Owner\Local Settings\Temp\b103.exe[stub_109_4_0_4_0.exe]
Adware:Adware/ISearch
Not disinfected
C:\Documents and Settings\Owner\Local Settings\Temp\b104.exe[MTE3MTk6ODoxNg.exe]
Adware:Adware/Maxifiles
Not disinfected
C:\Documents and Settings\Owner\Local Settings\Temp\b115.exe[direct3.exe]
Adware:Adware/MaxFiles
Not disinfected
C:\Documents and Settings\Owner\Local Settings\Temp\b122.exe
*Bitdefender Online Scanner Log*:
Scan report generated at: Tue, Aug 15, 2006 - 23:16:30
Scan path: A:\;C:\;D:\;E:\;
Statistics
Time
03:29:17
Files
971941
Folders
8566
Boot Sectors
3
Archives
22369
Packed Files
103258
Results
Identified Viruses
10
Infected Files
28
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
28
Engines Info
Virus Definitions
449381
Engine build
AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)
Scan plugins
13
Archive plugins
39
Unpack plugins
5
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\HI0HAKC8\L2[1].exe
Infected with: Trojan.Downloader.IIM
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\HI0HAKC8\L2[1].exe
Disinfection failed
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\HI0HAKC8\L2[1].exe
Deleted
C:\Documents and Settings\Owner\Local Settings\Temp\b103.exe
Infected with: Trojan.Downloader.TSUpdate.D
C:\Documents and Settings\Owner\Local Settings\Temp\b103.exe
Disinfection failed
C:\Documents and Settings\Owner\Local Settings\Temp\b103.exe
Deleted
C:\Documents and Settings\Owner\Local Settings\Temp\b104.exe=>(NSIS o)=>lzma_solid_nsis0002
Infected with: Trojan.Downloader.Small.BUY
C:\Documents and Settings\Owner\Local Settings\Temp\b104.exe=>(NSIS o)=>lzma_solid_nsis0002
Deleted
C:\Documents and Settings\Owner\Local Settings\Temp\b104.exe=>(NSIS o)
Update failed
C:\Program Files\Common Files\{1428963E-0A7D-1033-0716-030527030001}\services.dll
Detected with: Adware.Mcboo.A
C:\Program Files\Common Files\{1428963E-0A7D-1033-0716-030527030001}\services.dll
Disinfection failed
C:\Program Files\Common Files\{1428963E-0A7D-1033-0716-030527030001}\services.dll
Deleted
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP1021\A0181421.exe
Infected with: Trojan.Starter.V
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP1021\A0181421.exe
Disinfection failed
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP1021\A0181421.exe
Deleted
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP1035\A0185911.dll
Detected with: Adware.Mcboo.A
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP1035\A0185911.dll
Disinfection failed
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP1035\A0185911.dll
Deleted
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP1037\A0185950.exe
Infected with: Trojan.Zlob.Gen
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP1037\A0185950.exe
Disinfection failed
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP1037\A0185950.exe
Deleted
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP1037\A0185968.exe
Infected with: Trojan.Zlob.Gen
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP1037\A0185968.exe
Disinfection failed
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP1037\A0185968.exe
Deleted
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP1044\A0187683.dll
Detected with: Adware.Mcboo.A
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP1044\A0187683.dll
Disinfection failed
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP1044\A0187683.dll
Deleted
C:\WINDOWS\system32\webcamupdate.exe
Infected with: Trojan.Aditer.B
C:\WINDOWS\system32\webcamupdate.exe
Disinfection failed
C:\WINDOWS\system32\webcamupdate.exe
Deleted
C:\WINDOWS\Temp\win12AE.tmp.exe=>(NSIS o)=>zlib_nsis0005
Infected with: Trojan.Dropper.VB.AY
C:\WINDOWS\Temp\win12AE.tmp.exe=>(NSIS o)=>zlib_nsis0005
Disinfection failed
C:\WINDOWS\Temp\win12AE.tmp.exe=>(NSIS o)=>zlib_nsis0005
Deleted
C:\WINDOWS\Temp\win12AE.tmp.exe=>(NSIS o)
Update failed
C:\WINDOWS\Temp\win12C7.tmp.exe=>(NSIS o)=>zlib_nsis0005
Infected with: Trojan.Dropper.VB.AY
C:\WINDOWS\Temp\win12C7.tmp.exe=>(NSIS o)=>zlib_nsis0005
Disinfection failed
C:\WINDOWS\Temp\win12C7.tmp.exe=>(NSIS o)=>zlib_nsis0005
Deleted
C:\WINDOWS\Temp\win12C7.tmp.exe=>(NSIS o)
Update failed
C:\WINDOWS\Temp\win12FD.tmp.exe=>(NSIS o)=>zlib_nsis0005
Infected with: Trojan.Dropper.VB.AY
C:\WINDOWS\Temp\win12FD.tmp.exe=>(NSIS o)=>zlib_nsis0005
Disinfection failed
C:\WINDOWS\Temp\win12FD.tmp.exe=>(NSIS o)=>zlib_nsis0005
Deleted
C:\WINDOWS\Temp\win12FD.tmp.exe=>(NSIS o)
Update failed
C:\WINDOWS\Temp\win1365.tmp.exe
Infected with: Trojan.Pakes.NH
C:\WINDOWS\Temp\win1365.tmp.exe
Disinfection failed
C:\WINDOWS\Temp\win1365.tmp.exe
Deleted
C:\WINDOWS\Temp\win1369.tmp.exe=>(NSIS o)=>lzma_solid_nsis0004
Detected with: Adware.Mcboo.A
C:\WINDOWS\Temp\win1369.tmp.exe=>(NSIS o)=>lzma_solid_nsis0004
Disinfection failed
C:\WINDOWS\Temp\win1369.tmp.exe=>(NSIS o)=>lzma_solid_nsis0004
Deleted
C:\WINDOWS\Temp\win1369.tmp.exe=>(NSIS o)
Update failed
C:\WINDOWS\Temp\win139C.tmp.exe
Infected with: Trojan.Pakes.NH
C:\WINDOWS\Temp\win139C.tmp.exe
Disinfection failed
C:\WINDOWS\Temp\win139C.tmp.exe
Deleted
C:\WINDOWS\Temp\win13A2.tmp.exe
Infected with: Trojan.Pakes.NH
C:\WINDOWS\Temp\win13A2.tmp.exe
Disinfection failed
C:\WINDOWS\Temp\win13A2.tmp.exe
Deleted
C:\WINDOWS\Temp\win1CDF.tmp.exe
Infected with: Trojan.Pakes.NH
C:\WINDOWS\Temp\win1CDF.tmp.exe
Disinfection failed
C:\WINDOWS\Temp\win1CDF.tmp.exe
Deleted
C:\WINDOWS\Temp\win1CE7.tmp.exe
Infected with: Trojan.Pakes.NH
C:\WINDOWS\Temp\win1CE7.tmp.exe
Disinfection failed
C:\WINDOWS\Temp\win1CE7.tmp.exe
Deleted
C:\WINDOWS\Temp\win1DDD.tmp.exe=>(NSIS o)=>lzma_solid_nsis0004
Detected with: Adware.Mcboo.A
C:\WINDOWS\Temp\win1DDD.tmp.exe=>(NSIS o)=>lzma_solid_nsis0004
Disinfection failed
C:\WINDOWS\Temp\win1DDD.tmp.exe=>(NSIS o)=>lzma_solid_nsis0004
Deleted
C:\WINDOWS\Temp\win1DDD.tmp.exe=>(NSIS o)
Update failed
C:\WINDOWS\Temp\win1DE2.tmp=>(NSIS o)=>lzma_solid_nsis0004
Detected with: Adware.Mcboo.A
C:\WINDOWS\Temp\win1DE2.tmp=>(NSIS o)=>lzma_solid_nsis0004
Disinfection failed
C:\WINDOWS\Temp\win1DE2.tmp=>(NSIS o)=>lzma_solid_nsis0004
Deleted
C:\WINDOWS\Temp\win1DE2.tmp=>(NSIS o)
Update failed
C:\WINDOWS\Temp\win1DE8.tmp
Infected with: Trojan.Downloader.Obfuscated.A
C:\WINDOWS\Temp\win1DE8.tmp
Disinfection failed
C:\WINDOWS\Temp\win1DE8.tmp
Deleted
C:\WINDOWS\Temp\win1DE8.tmp.exe=>(NSIS o)=>zlib_nsis0005
Infected with: Trojan.Dropper.VB.AY
C:\WINDOWS\Temp\win1DE8.tmp.exe=>(NSIS o)=>zlib_nsis0005
Disinfection failed
C:\WINDOWS\Temp\win1DE8.tmp.exe=>(NSIS o)=>zlib_nsis0005
Deleted
C:\WINDOWS\Temp\win1DE8.tmp.exe=>(NSIS o)
Update failed
C:\WINDOWS\Temp\win1DF1.tmp.exe=>(NSIS o)=>zlib_nsis0005
Infected with: Trojan.Dropper.VB.AY
C:\WINDOWS\Temp\win1DF1.tmp.exe=>(NSIS o)=>zlib_nsis0005
Disinfection failed
C:\WINDOWS\Temp\win1DF1.tmp.exe=>(NSIS o)=>zlib_nsis0005
Deleted
C:\WINDOWS\Temp\win1DF1.tmp.exe=>(NSIS o)
Update failed
C:\WINDOWS\Temp\win1E08.tmp.exe
Infected with: Trojan.Pakes.NH
C:\WINDOWS\Temp\win1E08.tmp.exe
Disinfection failed
C:\WINDOWS\Temp\win1E08.tmp.exe
Deleted
C:\WINDOWS\Temp\win1E0A.tmp.exe
Infected with: Trojan.Pakes.NH
C:\WINDOWS\Temp\win1E0A.tmp.exe
Disinfection failed
C:\WINDOWS\Temp\win1E0A.tmp.exe
Deleted
C:\WINDOWS\Temp\win280.tmp.exe
Infected with: Trojan.Pakes.NH
C:\WINDOWS\Temp\win280.tmp.exe
Disinfection failed
C:\WINDOWS\Temp\win280.tmp.exe
Deleted
C:\WINDOWS\Temp\win595.tmp.exe
Infected with: Trojan.Pakes.NH
C:\WINDOWS\Temp\win595.tmp.exe
Disinfection failed
C:\WINDOWS\Temp\win595.tmp.exe
Deleted
*Hijackthis Log*
Logfile of HijackThis v1.99.1
Scan saved at 4:34:11 PM, on 8/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\nvsvc32.exe
c:\SvcTools\1.0.15\bin\lnchr.exe
C:\WINDOWS\System32\svchost.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\SvcTools\1.0.15\bin\lnchr.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\MSC\McLogCln.exe
C:\Program Files\Common Files\AOL\1135041662\ee\aolsoftware.exe
C:\WINDOWS\system32\wscntfy.exe
c:\program files\common files\aol\1135041662\ee\services\sscAntiSpywarePlugin\ver1_205_1_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1135041662\ee\aolssc.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.c
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://my.netzero.net/s/sp?r=al&cf=sp&mem=ewhite_98&key=ec5b0c870c61e694b3a8e036e3c6eadf&ts=3fdc0055&A=0&B=1070956800000&C=1070265600000&D=0&I=6.0B5&L=w%2321&M=1070265600000&N=PLHS&O=I
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local>
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O2 - BHO: X1IEHook Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\System32\IETie.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {E521797A-22DE-4B46-8B2F-8E98AB77B942} - C:\WINDOWS\system32\pmnmmli.dll
O2 - BHO: (no name) - {FD081C30-FA32-4D73-8A4A-2C13A74041A5} - C:\WINDOWS\system32\mllji.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O4 - HKLM\..\Run: [Dial32] C:\WINDOWS\dl.exe
O4 - HKLM\..\Run: [Dial33] C:\WINDOWS\dlm.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SMA1.0.15] c:\SvcTools\1.0.15\bin\lnchr.exe --context=user --control-dir=c:\SvcTools\1.0.15\ctrl
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1135041662\ee\services\sscFirewallPlugin\ver1_205_1_1\SSCRun.exe
O4 - HKLM\..\Run: [0153161154538158mcinstcleanup] C:\DOCUME~1\Owner\LOCALS~1\Temp\015316~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [McLogLch_exe] C:\Program Files\McAfee\MSC\McLogLch.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.everdream.com (HKLM)
O16 - DPF: {01118400-3E00-11D2-8470-0060089874ED} (SdcNetCheckCtl Class) - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/244cdff3178368ee8305/netzip/RdxIE601.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1153684155484
O16 - DPF: {6EE39BFC-2FB6-4B69-9D05-CFC10E4F5B3E} (MavenBootInstallerAXControl Class) - http://client.maven.net/client/mavenBootInstaller.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.filelodge.com/ImageUploader3.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O16 - DPF: {BDF9A7C7-F4DC-455D-B5C2-045D74788295} (AOLRegistrationWizard Control) - https://objects.aol.com/filebackup/AOLRegistrationWizard.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4810/mcfscan.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: pmnmmli - C:\WINDOWS\SYSTEM32\pmnmmli.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winhld32 - C:\WINDOWS\SYSTEM32\winhld32.dll
O21 - SSODL: SysTray.Ex - {F5B7D0BE-5f02-4255-96DB-386DFA244900} - C:\WINDOWS\bdekpdbf.dll (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MBackMonitor - - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Software Management Agent 1.0.15 (SMA1.0.15) - Everdream - c:\SvcTools\1.0.15\bin\lnchr.exe
I await instructions from this point, any assistance would be appreciated.
I cleaned what I could and then followed the directions in the sticky prior to posting, and here are the log files leftover.
*Panda Active Scan Log*:
Incident Status Location
Spyware:Cookie/2o7
Not disinfected
C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt
Spyware:Cookie/Atwola
Not disinfected
C:\Documents and Settings\Owner\Cookies\owner@atwola[1].txt
Adware:Adware/Sqwire
Not disinfected
C:\Documents and Settings\Owner\Local Settings\Temp\b103.exe[stub_109_4_0_4_0.exe]
Adware:Adware/ISearch
Not disinfected
C:\Documents and Settings\Owner\Local Settings\Temp\b104.exe[MTE3MTk6ODoxNg.exe]
Adware:Adware/Maxifiles
Not disinfected
C:\Documents and Settings\Owner\Local Settings\Temp\b115.exe[direct3.exe]
Adware:Adware/MaxFiles
Not disinfected
C:\Documents and Settings\Owner\Local Settings\Temp\b122.exe
*Bitdefender Online Scanner Log*:
Scan report generated at: Tue, Aug 15, 2006 - 23:16:30
Scan path: A:\;C:\;D:\;E:\;
Statistics
Time
03:29:17
Files
971941
Folders
8566
Boot Sectors
3
Archives
22369
Packed Files
103258
Results
Identified Viruses
10
Infected Files
28
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
28
Engines Info
Virus Definitions
449381
Engine build
AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)
Scan plugins
13
Archive plugins
39
Unpack plugins
5
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\HI0HAKC8\L2[1].exe
Infected with: Trojan.Downloader.IIM
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\HI0HAKC8\L2[1].exe
Disinfection failed
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\HI0HAKC8\L2[1].exe
Deleted
C:\Documents and Settings\Owner\Local Settings\Temp\b103.exe
Infected with: Trojan.Downloader.TSUpdate.D
C:\Documents and Settings\Owner\Local Settings\Temp\b103.exe
Disinfection failed
C:\Documents and Settings\Owner\Local Settings\Temp\b103.exe
Deleted
C:\Documents and Settings\Owner\Local Settings\Temp\b104.exe=>(NSIS o)=>lzma_solid_nsis0002
Infected with: Trojan.Downloader.Small.BUY
C:\Documents and Settings\Owner\Local Settings\Temp\b104.exe=>(NSIS o)=>lzma_solid_nsis0002
Deleted
C:\Documents and Settings\Owner\Local Settings\Temp\b104.exe=>(NSIS o)
Update failed
C:\Program Files\Common Files\{1428963E-0A7D-1033-0716-030527030001}\services.dll
Detected with: Adware.Mcboo.A
C:\Program Files\Common Files\{1428963E-0A7D-1033-0716-030527030001}\services.dll
Disinfection failed
C:\Program Files\Common Files\{1428963E-0A7D-1033-0716-030527030001}\services.dll
Deleted
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP1021\A0181421.exe
Infected with: Trojan.Starter.V
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP1021\A0181421.exe
Disinfection failed
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP1021\A0181421.exe
Deleted
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP1035\A0185911.dll
Detected with: Adware.Mcboo.A
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP1035\A0185911.dll
Disinfection failed
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP1035\A0185911.dll
Deleted
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP1037\A0185950.exe
Infected with: Trojan.Zlob.Gen
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP1037\A0185950.exe
Disinfection failed
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP1037\A0185950.exe
Deleted
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP1037\A0185968.exe
Infected with: Trojan.Zlob.Gen
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP1037\A0185968.exe
Disinfection failed
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP1037\A0185968.exe
Deleted
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP1044\A0187683.dll
Detected with: Adware.Mcboo.A
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP1044\A0187683.dll
Disinfection failed
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP1044\A0187683.dll
Deleted
C:\WINDOWS\system32\webcamupdate.exe
Infected with: Trojan.Aditer.B
C:\WINDOWS\system32\webcamupdate.exe
Disinfection failed
C:\WINDOWS\system32\webcamupdate.exe
Deleted
C:\WINDOWS\Temp\win12AE.tmp.exe=>(NSIS o)=>zlib_nsis0005
Infected with: Trojan.Dropper.VB.AY
C:\WINDOWS\Temp\win12AE.tmp.exe=>(NSIS o)=>zlib_nsis0005
Disinfection failed
C:\WINDOWS\Temp\win12AE.tmp.exe=>(NSIS o)=>zlib_nsis0005
Deleted
C:\WINDOWS\Temp\win12AE.tmp.exe=>(NSIS o)
Update failed
C:\WINDOWS\Temp\win12C7.tmp.exe=>(NSIS o)=>zlib_nsis0005
Infected with: Trojan.Dropper.VB.AY
C:\WINDOWS\Temp\win12C7.tmp.exe=>(NSIS o)=>zlib_nsis0005
Disinfection failed
C:\WINDOWS\Temp\win12C7.tmp.exe=>(NSIS o)=>zlib_nsis0005
Deleted
C:\WINDOWS\Temp\win12C7.tmp.exe=>(NSIS o)
Update failed
C:\WINDOWS\Temp\win12FD.tmp.exe=>(NSIS o)=>zlib_nsis0005
Infected with: Trojan.Dropper.VB.AY
C:\WINDOWS\Temp\win12FD.tmp.exe=>(NSIS o)=>zlib_nsis0005
Disinfection failed
C:\WINDOWS\Temp\win12FD.tmp.exe=>(NSIS o)=>zlib_nsis0005
Deleted
C:\WINDOWS\Temp\win12FD.tmp.exe=>(NSIS o)
Update failed
C:\WINDOWS\Temp\win1365.tmp.exe
Infected with: Trojan.Pakes.NH
C:\WINDOWS\Temp\win1365.tmp.exe
Disinfection failed
C:\WINDOWS\Temp\win1365.tmp.exe
Deleted
C:\WINDOWS\Temp\win1369.tmp.exe=>(NSIS o)=>lzma_solid_nsis0004
Detected with: Adware.Mcboo.A
C:\WINDOWS\Temp\win1369.tmp.exe=>(NSIS o)=>lzma_solid_nsis0004
Disinfection failed
C:\WINDOWS\Temp\win1369.tmp.exe=>(NSIS o)=>lzma_solid_nsis0004
Deleted
C:\WINDOWS\Temp\win1369.tmp.exe=>(NSIS o)
Update failed
C:\WINDOWS\Temp\win139C.tmp.exe
Infected with: Trojan.Pakes.NH
C:\WINDOWS\Temp\win139C.tmp.exe
Disinfection failed
C:\WINDOWS\Temp\win139C.tmp.exe
Deleted
C:\WINDOWS\Temp\win13A2.tmp.exe
Infected with: Trojan.Pakes.NH
C:\WINDOWS\Temp\win13A2.tmp.exe
Disinfection failed
C:\WINDOWS\Temp\win13A2.tmp.exe
Deleted
C:\WINDOWS\Temp\win1CDF.tmp.exe
Infected with: Trojan.Pakes.NH
C:\WINDOWS\Temp\win1CDF.tmp.exe
Disinfection failed
C:\WINDOWS\Temp\win1CDF.tmp.exe
Deleted
C:\WINDOWS\Temp\win1CE7.tmp.exe
Infected with: Trojan.Pakes.NH
C:\WINDOWS\Temp\win1CE7.tmp.exe
Disinfection failed
C:\WINDOWS\Temp\win1CE7.tmp.exe
Deleted
C:\WINDOWS\Temp\win1DDD.tmp.exe=>(NSIS o)=>lzma_solid_nsis0004
Detected with: Adware.Mcboo.A
C:\WINDOWS\Temp\win1DDD.tmp.exe=>(NSIS o)=>lzma_solid_nsis0004
Disinfection failed
C:\WINDOWS\Temp\win1DDD.tmp.exe=>(NSIS o)=>lzma_solid_nsis0004
Deleted
C:\WINDOWS\Temp\win1DDD.tmp.exe=>(NSIS o)
Update failed
C:\WINDOWS\Temp\win1DE2.tmp=>(NSIS o)=>lzma_solid_nsis0004
Detected with: Adware.Mcboo.A
C:\WINDOWS\Temp\win1DE2.tmp=>(NSIS o)=>lzma_solid_nsis0004
Disinfection failed
C:\WINDOWS\Temp\win1DE2.tmp=>(NSIS o)=>lzma_solid_nsis0004
Deleted
C:\WINDOWS\Temp\win1DE2.tmp=>(NSIS o)
Update failed
C:\WINDOWS\Temp\win1DE8.tmp
Infected with: Trojan.Downloader.Obfuscated.A
C:\WINDOWS\Temp\win1DE8.tmp
Disinfection failed
C:\WINDOWS\Temp\win1DE8.tmp
Deleted
C:\WINDOWS\Temp\win1DE8.tmp.exe=>(NSIS o)=>zlib_nsis0005
Infected with: Trojan.Dropper.VB.AY
C:\WINDOWS\Temp\win1DE8.tmp.exe=>(NSIS o)=>zlib_nsis0005
Disinfection failed
C:\WINDOWS\Temp\win1DE8.tmp.exe=>(NSIS o)=>zlib_nsis0005
Deleted
C:\WINDOWS\Temp\win1DE8.tmp.exe=>(NSIS o)
Update failed
C:\WINDOWS\Temp\win1DF1.tmp.exe=>(NSIS o)=>zlib_nsis0005
Infected with: Trojan.Dropper.VB.AY
C:\WINDOWS\Temp\win1DF1.tmp.exe=>(NSIS o)=>zlib_nsis0005
Disinfection failed
C:\WINDOWS\Temp\win1DF1.tmp.exe=>(NSIS o)=>zlib_nsis0005
Deleted
C:\WINDOWS\Temp\win1DF1.tmp.exe=>(NSIS o)
Update failed
C:\WINDOWS\Temp\win1E08.tmp.exe
Infected with: Trojan.Pakes.NH
C:\WINDOWS\Temp\win1E08.tmp.exe
Disinfection failed
C:\WINDOWS\Temp\win1E08.tmp.exe
Deleted
C:\WINDOWS\Temp\win1E0A.tmp.exe
Infected with: Trojan.Pakes.NH
C:\WINDOWS\Temp\win1E0A.tmp.exe
Disinfection failed
C:\WINDOWS\Temp\win1E0A.tmp.exe
Deleted
C:\WINDOWS\Temp\win280.tmp.exe
Infected with: Trojan.Pakes.NH
C:\WINDOWS\Temp\win280.tmp.exe
Disinfection failed
C:\WINDOWS\Temp\win280.tmp.exe
Deleted
C:\WINDOWS\Temp\win595.tmp.exe
Infected with: Trojan.Pakes.NH
C:\WINDOWS\Temp\win595.tmp.exe
Disinfection failed
C:\WINDOWS\Temp\win595.tmp.exe
Deleted
*Hijackthis Log*
Logfile of HijackThis v1.99.1
Scan saved at 4:34:11 PM, on 8/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\nvsvc32.exe
c:\SvcTools\1.0.15\bin\lnchr.exe
C:\WINDOWS\System32\svchost.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\SvcTools\1.0.15\bin\lnchr.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\MSC\McLogCln.exe
C:\Program Files\Common Files\AOL\1135041662\ee\aolsoftware.exe
C:\WINDOWS\system32\wscntfy.exe
c:\program files\common files\aol\1135041662\ee\services\sscAntiSpywarePlugin\ver1_205_1_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1135041662\ee\aolssc.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.c
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://my.netzero.net/s/sp?r=al&cf=sp&mem=ewhite_98&key=ec5b0c870c61e694b3a8e036e3c6eadf&ts=3fdc0055&A=0&B=1070956800000&C=1070265600000&D=0&I=6.0B5&L=w%2321&M=1070265600000&N=PLHS&O=I
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local>
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O2 - BHO: X1IEHook Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\System32\IETie.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {E521797A-22DE-4B46-8B2F-8E98AB77B942} - C:\WINDOWS\system32\pmnmmli.dll
O2 - BHO: (no name) - {FD081C30-FA32-4D73-8A4A-2C13A74041A5} - C:\WINDOWS\system32\mllji.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O4 - HKLM\..\Run: [Dial32] C:\WINDOWS\dl.exe
O4 - HKLM\..\Run: [Dial33] C:\WINDOWS\dlm.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SMA1.0.15] c:\SvcTools\1.0.15\bin\lnchr.exe --context=user --control-dir=c:\SvcTools\1.0.15\ctrl
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1135041662\ee\services\sscFirewallPlugin\ver1_205_1_1\SSCRun.exe
O4 - HKLM\..\Run: [0153161154538158mcinstcleanup] C:\DOCUME~1\Owner\LOCALS~1\Temp\015316~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [McLogLch_exe] C:\Program Files\McAfee\MSC\McLogLch.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.everdream.com (HKLM)
O16 - DPF: {01118400-3E00-11D2-8470-0060089874ED} (SdcNetCheckCtl Class) - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/244cdff3178368ee8305/netzip/RdxIE601.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1153684155484
O16 - DPF: {6EE39BFC-2FB6-4B69-9D05-CFC10E4F5B3E} (MavenBootInstallerAXControl Class) - http://client.maven.net/client/mavenBootInstaller.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.filelodge.com/ImageUploader3.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O16 - DPF: {BDF9A7C7-F4DC-455D-B5C2-045D74788295} (AOLRegistrationWizard Control) - https://objects.aol.com/filebackup/AOLRegistrationWizard.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4810/mcfscan.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: pmnmmli - C:\WINDOWS\SYSTEM32\pmnmmli.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winhld32 - C:\WINDOWS\SYSTEM32\winhld32.dll
O21 - SSODL: SysTray.Ex - {F5B7D0BE-5f02-4255-96DB-386DFA244900} - C:\WINDOWS\bdekpdbf.dll (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MBackMonitor - - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Software Management Agent 1.0.15 (SMA1.0.15) - Everdream - c:\SvcTools\1.0.15\bin\lnchr.exe
I await instructions from this point, any assistance would be appreciated.
0
Comments
==
Please download VundoFix.exe
to your desktop.
- Double-click VundoFix.exe to run it.
- Click the Scan for Vundo button.
- Once it's done scanning, click the Remove Vundo button.
- You will receive a prompt asking if you want to remove the files, click YES
- Once you click yes, your desktop will go blank as it starts removing Vundo.
- When completed, it will prompt that it will reboot your computer, click OK.
- Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for Vundo button." when
VundoFix appears at reboot.
Logfile of HijackThis v1.99.1
Scan saved at 12:13:56 PM, on 8/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\SvcTools\1.0.15\bin\lnchr.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Common Files\AOL\1135041662\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\MSC\McLogCln.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\nvsvc32.exe
c:\SvcTools\1.0.15\bin\lnchr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
c:\program files\common files\aol\1135041662\ee\services\sscAntiSpywarePlugin\ver1_205_1_1\AOLSP Scheduler.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\program files\common files\aol\1135041662\ee\aolssc.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.c
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://my.netzero.net/s/sp?r=al&cf=sp&mem=ewhite_98&key=ec5b0c870c61e694b3a8e036e3c6eadf&ts=3fdc0055&A=0&B=1070956800000&C=1070265600000&D=0&I=6.0B5&L=w%2321&M=1070265600000&N=PLHS&O=I
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local>
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O2 - BHO: X1IEHook Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\System32\IETie.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {E521797A-22DE-4B46-8B2F-8E98AB77B942} - C:\WINDOWS\system32\pmnmmli.dll
O2 - BHO: (no name) - {FD081C30-FA32-4D73-8A4A-2C13A74041A5} - C:\WINDOWS\system32\mllji.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O4 - HKLM\..\Run: [Dial32] C:\WINDOWS\dl.exe
O4 - HKLM\..\Run: [Dial33] C:\WINDOWS\dlm.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SMA1.0.15] c:\SvcTools\1.0.15\bin\lnchr.exe --context=user --control-dir=c:\SvcTools\1.0.15\ctrl
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1135041662\ee\services\sscFirewallPlugin\ver1_205_1_1\SSCRun.exe
O4 - HKLM\..\Run: [0153161154538158mcinstcleanup] C:\DOCUME~1\Owner\LOCALS~1\Temp\015316~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [McLogLch_exe] C:\Program Files\McAfee\MSC\McLogLch.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1135041662\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.everdream.com (HKLM)
O16 - DPF: {01118400-3E00-11D2-8470-0060089874ED} (SdcNetCheckCtl Class) - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/244cdff3178368ee8305/netzip/RdxIE601.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1153684155484
O16 - DPF: {6EE39BFC-2FB6-4B69-9D05-CFC10E4F5B3E} (MavenBootInstallerAXControl Class) - http://client.maven.net/client/mavenBootInstaller.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.filelodge.com/ImageUploader3.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O16 - DPF: {BDF9A7C7-F4DC-455D-B5C2-045D74788295} (AOLRegistrationWizard Control) - https://objects.aol.com/filebackup/AOLRegistrationWizard.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4810/mcfscan.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: pmnmmli - C:\WINDOWS\SYSTEM32\pmnmmli.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winhld32 - C:\WINDOWS\SYSTEM32\winhld32.dll
O21 - SSODL: SysTray.Ex - {F5B7D0BE-5f02-4255-96DB-386DFA244900} - C:\WINDOWS\bdekpdbf.dll (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MBackMonitor - - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Software Management Agent 1.0.15 (SMA1.0.15) - Everdream - c:\SvcTools\1.0.15\bin\lnchr.exe
VundoFix V6.0.2
Checking Java version...
Java version is 1.5.0.3
Java version is 1.5.0.6
Scan started at 5:46:38 PM 8/18/2006
Listing files found while scanning....
C:\windows\system32\mllji.dll
C:\windows\system32\ijllm.bak1
C:\windows\system32\ijllm.bak2
C:\windows\system32\ijllm.tmp
C:\windows\system32\opnnnkl.dll
VundoFix V6.0.2
Checking Java version...
Java version is 1.5.0.3
Java version is 1.5.0.6
Scan started at 6:17:08 PM 8/18/2006
Listing files found while scanning....
C:\windows\system32\mllji.dll
C:\windows\system32\ijllm.bak1
C:\windows\system32\ijllm.bak2
C:\windows\system32\ijllm.tmp
C:\windows\system32\opnnnkl.dll
VundoFix V6.0.2
Checking Java version...
Java version is 1.5.0.3
Java version is 1.5.0.6
Scan started at 10:59:11 AM 8/19/2006
Listing files found while scanning....
C:\windows\system32\mllji.dll
C:\windows\system32\ijllm.bak1
C:\windows\system32\ijllm.bak2
C:\windows\system32\ijllm.tmp
C:\windows\system32\opnnnkl.dll
Beginning removal...
Attempting to delete C:\windows\system32\mllji.dll
C:\windows\system32\mllji.dll Has been deleted!
Attempting to delete C:\windows\system32\ijllm.bak1
C:\windows\system32\ijllm.bak1 Has been deleted!
Attempting to delete C:\windows\system32\ijllm.bak2
C:\windows\system32\ijllm.bak2 Has been deleted!
Attempting to delete C:\windows\system32\ijllm.tmp
C:\windows\system32\ijllm.tmp Has been deleted!
Attempting to delete C:\windows\system32\opnnnkl.dll
C:\windows\system32\opnnnkl.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.0.2
Checking Java version...
Java version is 1.5.0.3
Java version is 1.5.0.6
Scan started at 11:59:28 AM 8/19/2006
Listing files found while scanning....
No infected files were found.
===============
Scan with HijackThis and then place a check next to all the following, if present:
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: X1IEHook Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll (file missing)
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\System32\IETie.dll (file missing)
O2 - BHO: (no name) - {E521797A-22DE-4B46-8B2F-8E98AB77B942} - C:\WINDOWS\system32\pmnmmli.dll
O2 - BHO: (no name) - {FD081C30-FA32-4D73-8A4A-2C13A74041A5} - C:\WINDOWS\system32\mllji.dll (file missing)
O4 - HKLM\..\Run: [Dial32] C:\WINDOWS\dl.exe
O4 - HKLM\..\Run: [Dial33] C:\WINDOWS\dlm.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/244cdff3...p/RdxIE601.cab
O20 - Winlogon Notify: pmnmmli - C:\WINDOWS\SYSTEM32\pmnmmli.dll
O20 - Winlogon Notify: winhld32 - C:\WINDOWS\SYSTEM32\winhld32.dll
O21 - SSODL: SysTray.Ex - {F5B7D0BE-5f02-4255-96DB-386DFA244900} - C:\WINDOWS\bdekpdbf.dll (file missing)
Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".
===============
Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:
files...
C:\WINDOWS\system32\pmnmmli.dll
C:\WINDOWS\dl.exe
C:\WINDOWS\dlm.exe
C:\WINDOWS\SYSTEM32\winhld32.dll
Search for...
ALCXMNTR.EXE
...using "Start | Search...".
-
Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in Safe Mode by doing the following:
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
- Instead of Windows loading as normal, a menu should appear.
Select the first option to run Windows in Safe Mode hit enter.-
Reboot.
===============
To help protect your system from hostile ActiveX content, or special 'downloadable' files:
Download, install and keep updated, SpywareBlaster. If you've installed it for the first time:
1) Check for any available updates; if present, they'll be automatically downloaded and installed.
2) Next, "Enable all protection".
3) Exit the program.
-
Note: Remember to regularly check for updates.
===============
After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.
Logfile of HijackThis v1.99.1
Scan saved at 7:34:30 PM, on 8/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\SvcTools\1.0.15\bin\lnchr.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\MSC\McLogCln.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\nvsvc32.exe
c:\SvcTools\1.0.15\bin\lnchr.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.c
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://my.netzero.net/s/sp?r=al&cf=sp&mem=ewhite_98&key=ec5b0c870c61e694b3a8e036e3c6eadf&ts=3fdc0055&A=0&B=1070956800000&C=1070265600000&D=0&I=6.0B5&L=w%2321&M=1070265600000&N=PLHS&O=I
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SMA1.0.15] c:\SvcTools\1.0.15\bin\lnchr.exe --context=user --control-dir=c:\SvcTools\1.0.15\ctrl
O4 - HKLM\..\Run: [0153161154538158mcinstcleanup] C:\DOCUME~1\Owner\LOCALS~1\Temp\015316~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [McLogLch_exe] C:\Program Files\McAfee\MSC\McLogLch.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.everdream.com (HKLM)
O16 - DPF: {01118400-3E00-11D2-8470-0060089874ED} (SdcNetCheckCtl Class) - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1153684155484
O16 - DPF: {6EE39BFC-2FB6-4B69-9D05-CFC10E4F5B3E} (MavenBootInstallerAXControl Class) - http://client.maven.net/client/mavenBootInstaller.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.filelodge.com/ImageUploader3.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O16 - DPF: {BDF9A7C7-F4DC-455D-B5C2-045D74788295} (AOLRegistrationWizard Control) - https://objects.aol.com/filebackup/AOLRegistrationWizard.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4810/mcfscan.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MBackMonitor - - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Software Management Agent 1.0.15 (SMA1.0.15) - Everdream - c:\SvcTools\1.0.15\bin\lnchr.exe
===============
Now that your PC is clean you need to follow these easy steps to keeping it this way:
Download CCleaner and install, then run it. It will clear out your temp folders.
Secure your Internet Explorer by going here and following the instructions there.
Better yet, use an alternative browser! Download FireFox and give it a run. It is far more secure than Internet Explorer. Or, you can get Opera which in my opinion, is better still.
Use a firewall to help prevent your PC's control being usurped by undesireables. There is a link to a good, free firewall in my signature.
Install and keep updated, Ewido anti-malware, Ad-Aware SE and Spybot S&D.
Run them both on a regular basis, following the manufacturer's recommendations.
Install an anti-virus. There are some good, free AV's available today. Make sure that it is updated regularly and have it scan your system often.
Check for Windows Updates. Microsoft regularly post updates for your systems safe running. Make sure to take advantage of this. Reboot when installed and return to make sure there are no others.
Clear your Temp folders.
Clear out your Temporary internet files and other temp files.
Go to Start > Settings > Control Panel >Internet Options.
Under the General tab click the Delete temporary internet files,
delete all Offline content as well. Clear out Cookies.
Also, go to Start > Find/search > Files or folders > in the named box, type: *.tmp and choose Edit > select all -> File > delete.
Empty/delete the entire contents of the C:\Windows\temp folder and C:\temp folder, if you have one. (Contents but not the folder itself.)
C:\Documents and Settings\username\Local Settings\Temp\
In order to view these files you may have to select 'show hidden files/folders.' Instructions on how to here.
Empty the Recycle Bin.
For XP users.
After something like this it is a good idea to Flush the Restore Points and start fresh.
To flush the XP system Restore Points.
Go to Start>Run and type msconfig. Press enter.
When msconfig opens, click the Launch System Restore Button.
On the next page, click the System Restore Settings link on the left.
Check the box labelled 'Turn off System restore'.
Reboot. Go back in and Turn System Restore Back on. A new Restore Point will be created.
Note that all previous restore points will be lost.
===============
If you have any more problems, post back.
-
Happy surfing,
crunchie.