Member Avatar for nerdwithnikeson

so recently my computer has somehow been stacking up its virus' and spyware and all kinds of problems. i've cleaned up what i can and what not and let mcafee do what it can. there are several virus' that mcafee will not take care of. vundo.dll being one of them. heres a hijackthis log. let me know what i can do to get started.

Logfile of HijackThis v1.99.1
Scan saved at 11:34:23 PM, on 6/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Linksys\Wireless-B USB Network Adapter\NICServ.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\mstc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1124389741\ee\AOLHostManager.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\AOL\1124389741\ee\AOLServiceHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\AOL\1124389741\ee\AOLServiceHost.exe
C:\PROGRA~1\mcafee.com\agent\McDash.exe
c:\program files\mcafee.com\shared\mghtml.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\DOCUME~1\OWNER~1.UPP\LOCALS~1\Temp\Rar$EX00.859\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus9.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus9.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL (file missing)
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124389741\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Microsoft Domain Controller] C:\WINDOWS\system32\mstc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [{ZN}] C:\DOCUME~1\OWNER~1.UPP\LOCALS~1\Temp\thinksnet.exe CHD003
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: TA_Start.lnk = C:\Documents and Settings\Owner.UPPERPLAYGROUND\Local Settings\Temp\thinksnet.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Wireless-B USB Network Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-B USB Network Adapter\WUSB11Cfg.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\klolckmq.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: NICSer_WUSB11 - Unknown owner - C:\Program Files\Linksys\Wireless-B USB Network Adapter\NICServ.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\itklzzd.exe (file missing)

  • 2 Contributors
  • 10 Replies
  • 152 Views
  • 1 Week Discussion Span
  • Latest Post Latest Post by nerdwithnikeson

Recommended Answers

All 10 Replies

Member Avatar for gerbil

Hi, nerd, a few things to do.
First, we cannot work with hijackthis where it is - it's risky for you. Delete it from there and extract a new copy, install it to a new folder alongside your program files and then rename the Hijackthis.exe to imabunny.exe.
Done that? Good, now start hijackthis, select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked.

O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL (file missing)
O4 - HKLM\..\Run: [Microsoft Domain Controller] C:\WINDOWS\system32\mstc.exe
O4 - HKLM\..\Run: [{ZN}] C:\DOCUME~1\OWNER~1.UPP\LOCALS~1\Temp\thinksnet.exe CHD003
O4 - Startup: TA_Start.lnk = C:\Documents and Settings\Owner.UPPERPLAYGROUND\Local Settings\Temp\thinksnet.exe
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)

Browse to and delete these files:
C:\WINDOWS\system32\mstc.exe
C:\DOCUME~1\OWNER~1.UPP\LOCALS~1\Temp\thinksnet.exe
C:\Documents and Settings\Owner.UPPERPLAYGROUND\Local Settings\Temp\thinksnet.exe
-the last two are the same, just different ways of presenting the path....

Now go Start, run, type cmd -and press Enter, paste in these lines pressing enter after each:

sc stop DomainService
sc delete DomainService
sc stop Windows Overlay Components
sc delete Windows Overlay Components

Close the window.
CCleaner:
==Get CCleaner from http://www.ccleaner.com/ - and put it in a new folder. You should aim to keep this one for general use. I set it from the installation checkboxes to only open from the recycle bin. It's neater that way.
Now run CCleaner from the recycle bin rclick menu using its default settings [if you set up CCleaner as i suggested, rclicking the bin icon should give you the Open CCleaner option...]. Select the Cleaner icon, press Run Cleaner.
[For future quick temp file cleaning select the options you wish to use via the Windows and Applications tabs .. Note that CCleaner is also a free registry cleaner. Explore all its options, but skip the prefetch folder cleaning option. That one is unnecessary because windows automatically dumps old unused entries anyway, they can do no harm, and further, if there is no prefetch entry for an app you wish to load then your sys will just be a lil bit slower loading it. And an entry will then be generated anyway.]

Make a new hijackthis log.

Member Avatar for nerdwithnikeson

thank you very much for the reply! only problems were that thinksnet.exe was nowhere to be found so i could not delete it and when i tried to stop and delete windows overlay components it said that it failed and that the specified service does not exist as an installed service.

here is my hjt logfile since i've done everything you've said..

Logfile of HijackThis v1.99.1
Scan saved at 1:40:50 AM, on 7/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Linksys\Wireless-B USB Network Adapter\NICServ.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1124389741\ee\AOLHostManager.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\AOL\1124389741\ee\AOLServiceHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\AIM\aim.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\AOL\1124389741\ee\AOLServiceHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Common Files\AOL\1124389741\ee\AOLServiceHost.exe
C:\Program Files\Common Files\AOL\1124389741\ee\AOLServiceHost.exe
C:\Program Files\hijackthis\imabunny.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus9.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus9.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: (no name) - {2432F099-F8E2-43C9-B765-3AF002FFC6A7} - C:\WINDOWS\system32\ljjjkhh.dll (file missing)
O2 - BHO: (no name) - {4B646AFB-9341-4330-8FD1-C32485AEE619} - C:\WINDOWS\system32\ktkcheay.dll
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\kyhbsdro.dll
O2 - BHO: (no name) - {9DD2677F-8D63-4F31-9157-896095B728DD} - C:\WINDOWS\system32\awvvs.dll
O2 - BHO: (no name) - {B00FF85D-54E8-4F2C-8455-6067D369271E} - C:\Program Files\Internet Explorer\hokem43855.dll
O2 - BHO: CDLPObj Object - {BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA} - C:\WINDOWS\DLP.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124389741\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Wireless-B USB Network Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-B USB Network Adapter\WUSB11Cfg.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O20 - Winlogon Notify: awvvs - C:\WINDOWS\system32\awvvs.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: ljjjkhh - ljjjkhh.dll (file missing)
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: NICSer_WUSB11 - Unknown owner - C:\Program Files\Linksys\Wireless-B USB Network Adapter\NICServ.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\itklzzd.exe (file missing)

Member Avatar for gerbil

We will tackle this lot another way later...
sc stop Windows Overlay Components
sc delete Windows Overlay Components

Anyway, the name change did its work, so...:
==Please download VundoFix.exe to your desktop from http://www.atribune.org/ccount/click.php?id=4
Double-click VundoFix.exe to start it, click the Scan for Vundo button.
When the scan completes click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files - click YES
Your desktop will then go blank as the process of removing Vundo starts.
When completed it will prompt that it will restart your computer - click OK.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the
Scan for Vundo button." when VundoFix appears at reboot.
Post the contents of C:\vundofix.txt plus a new HijackThis log.

Member Avatar for nerdwithnikeson

everything worked and things are running a little bit better
--------------------------------------------------
heres the contents of vundofix.txt

VundoFix V6.5.4

Checking Java version...

Scan started at 10:39:19 AM 7/2/2007

Listing files found while scanning....

C:\windows\system32\atspglof.exe
C:\WINDOWS\system32\awvvs.dll
C:\windows\system32\bwprvnwq.dll
C:\windows\system32\cewnvbjq.dll
C:\windows\system32\cnxuejgw.ini
C:\WINDOWS\system32\cqpksnhw.dll
C:\windows\system32\docbveaj.ini
C:\windows\system32\irytquxx.dll
C:\windows\system32\j1271333.dll
C:\windows\system32\jaevbcod.dll
C:\windows\system32\jlhxisdu.dll
C:\WINDOWS\system32\ktkcheay.dll
C:\windows\system32\kxllnrnr.dll
C:\WINDOWS\system32\kyhbsdro.dll
C:\WINDOWS\system32\ljjjkhh.dll
C:\windows\system32\ljyqfpwa.exe
C:\windows\system32\nkqttmex.exe
C:\windows\system32\nnnkiig.dll
C:\windows\system32\orutv.ini
C:\windows\system32\padfhwqt.dll
C:\WINDOWS\system32\pgrcisci.dll
C:\windows\system32\piyobysg.exe
C:\windows\system32\pjrwljfi.exe
C:\windows\system32\qvamqsvd.exe
C:\windows\system32\qwnvrpwb.ini
C:\windows\system32\qxdxucnq.exe
C:\windows\system32\rakiubkv.exe
C:\windows\system32\rdgvcnnx.exe
C:\windows\system32\rpleetje.exe
C:\windows\system32\rqqccqii.exe
C:\windows\system32\ryqfjaoi.exe
C:\windows\system32\scbxeffo.exe
C:\windows\system32\svvwa.bak1
C:\windows\system32\svvwa.bak2
C:\WINDOWS\system32\svvwa.ini
C:\windows\system32\svvwa.tmp
C:\windows\system32\tcfuqdlr.exe
C:\windows\system32\tfutqygk.dll
C:\windows\system32\udsixhlj.ini
C:\windows\system32\vturo.dll
C:\windows\system32\wgjeuxnc.dll
C:\windows\system32\whksjkjf.exe
C:\windows\system32\wpbyvcco.dll

Beginning removal...

Attempting to delete C:\windows\system32\atspglof.exe
C:\windows\system32\atspglof.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\awvvs.dll
C:\WINDOWS\system32\awvvs.dll Could not be deleted.

Attempting to delete C:\windows\system32\bwprvnwq.dll
C:\windows\system32\bwprvnwq.dll Has been deleted!

Attempting to delete C:\windows\system32\cewnvbjq.dll
C:\windows\system32\cewnvbjq.dll Has been deleted!

Attempting to delete C:\windows\system32\cnxuejgw.ini
C:\windows\system32\cnxuejgw.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\cqpksnhw.dll
C:\WINDOWS\system32\cqpksnhw.dll Has been deleted!

Attempting to delete C:\windows\system32\docbveaj.ini
C:\windows\system32\docbveaj.ini Has been deleted!

Attempting to delete C:\windows\system32\irytquxx.dll
C:\windows\system32\irytquxx.dll Has been deleted!

Attempting to delete C:\windows\system32\j1271333.dll
C:\windows\system32\j1271333.dll Has been deleted!

Attempting to delete C:\windows\system32\jaevbcod.dll
C:\windows\system32\jaevbcod.dll Has been deleted!

Attempting to delete C:\windows\system32\jlhxisdu.dll
C:\windows\system32\jlhxisdu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ktkcheay.dll
C:\WINDOWS\system32\ktkcheay.dll Has been deleted!

Attempting to delete C:\windows\system32\kxllnrnr.dll
C:\windows\system32\kxllnrnr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\kyhbsdro.dll
C:\WINDOWS\system32\kyhbsdro.dll Has been deleted!

Attempting to delete C:\windows\system32\ljyqfpwa.exe
C:\windows\system32\ljyqfpwa.exe Has been deleted!

Attempting to delete C:\windows\system32\nkqttmex.exe
C:\windows\system32\nkqttmex.exe Has been deleted!

Attempting to delete C:\windows\system32\nnnkiig.dll
C:\windows\system32\nnnkiig.dll Has been deleted!

Attempting to delete C:\windows\system32\orutv.ini
C:\windows\system32\orutv.ini Has been deleted!

Attempting to delete C:\windows\system32\padfhwqt.dll
C:\windows\system32\padfhwqt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pgrcisci.dll
C:\WINDOWS\system32\pgrcisci.dll Has been deleted!

Attempting to delete C:\windows\system32\piyobysg.exe
C:\windows\system32\piyobysg.exe Has been deleted!

Attempting to delete C:\windows\system32\pjrwljfi.exe
C:\windows\system32\pjrwljfi.exe Has been deleted!

Attempting to delete C:\windows\system32\qvamqsvd.exe
C:\windows\system32\qvamqsvd.exe Has been deleted!

Attempting to delete C:\windows\system32\qwnvrpwb.ini
C:\windows\system32\qwnvrpwb.ini Has been deleted!

Attempting to delete C:\windows\system32\qxdxucnq.exe
C:\windows\system32\qxdxucnq.exe Has been deleted!

Attempting to delete C:\windows\system32\rakiubkv.exe
C:\windows\system32\rakiubkv.exe Has been deleted!

Attempting to delete C:\windows\system32\rdgvcnnx.exe
C:\windows\system32\rdgvcnnx.exe Has been deleted!

Attempting to delete C:\windows\system32\rpleetje.exe
C:\windows\system32\rpleetje.exe Has been deleted!

Attempting to delete C:\windows\system32\rqqccqii.exe
C:\windows\system32\rqqccqii.exe Has been deleted!

Attempting to delete C:\windows\system32\ryqfjaoi.exe
C:\windows\system32\ryqfjaoi.exe Has been deleted!

Attempting to delete C:\windows\system32\scbxeffo.exe
C:\windows\system32\scbxeffo.exe Has been deleted!

Attempting to delete C:\windows\system32\svvwa.bak1
C:\windows\system32\svvwa.bak1 Has been deleted!

Attempting to delete C:\windows\system32\svvwa.bak2
C:\windows\system32\svvwa.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\svvwa.ini
C:\WINDOWS\system32\svvwa.ini Has been deleted!

Attempting to delete C:\windows\system32\svvwa.tmp
C:\windows\system32\svvwa.tmp Has been deleted!

Attempting to delete C:\windows\system32\tcfuqdlr.exe
C:\windows\system32\tcfuqdlr.exe Has been deleted!

Attempting to delete C:\windows\system32\tfutqygk.dll
C:\windows\system32\tfutqygk.dll Has been deleted!

Attempting to delete C:\windows\system32\udsixhlj.ini
C:\windows\system32\udsixhlj.ini Has been deleted!

Attempting to delete C:\windows\system32\vturo.dll
C:\windows\system32\vturo.dll Has been deleted!

Attempting to delete C:\windows\system32\wgjeuxnc.dll
C:\windows\system32\wgjeuxnc.dll Has been deleted!

Attempting to delete C:\windows\system32\whksjkjf.exe
C:\windows\system32\whksjkjf.exe Has been deleted!

Attempting to delete C:\windows\system32\wpbyvcco.dll
C:\windows\system32\wpbyvcco.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.4

Checking Java version...

Scan started at 10:46:53 AM 7/2/2007

Listing files found while scanning....

C:\windows\system32\awvvs.dll

Beginning removal...

Attempting to delete C:\windows\system32\awvvs.dll
C:\windows\system32\awvvs.dll Has been deleted!

Performing Repairs to the registry.
Done!

----------------------------------------------------------------
and here is a new hjt log

Logfile of HijackThis v1.99.1
Scan saved at 11:09:10 AM, on 7/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Linksys\Wireless-B USB Network Adapter\NICServ.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\AOL\1124389741\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1124389741\ee\AOLServiceHost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Linksys\Wireless-B USB Network Adapter\WUSB11Cfg.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Common Files\AOL\1124389741\ee\AOLServiceHost.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\AOL\1124389741\ee\AOLServiceHost.exe
C:\Program Files\hijackthis\imabunny.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus9.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus9.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: (no name) - {9DD2677F-8D63-4F31-9157-896095B728DD} - C:\WINDOWS\system32\awvvs.dll (file missing)
O2 - BHO: (no name) - {B00FF85D-54E8-4F2C-8455-6067D369271E} - C:\Program Files\Internet Explorer\hokem43855.dll
O2 - BHO: CDLPObj Object - {BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA} - C:\WINDOWS\DLP.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124389741\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Wireless-B USB Network Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-B USB Network Adapter\WUSB11Cfg.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: ljjjkhh - ljjjkhh.dll (file missing)
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: NICSer_WUSB11 - Unknown owner - C:\Program Files\Linksys\Wireless-B USB Network Adapter\NICServ.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\itklzzd.exe (file missing)

Member Avatar for gerbil

Vundo certainly was busy in your sys! Just because it is easy, please delete c:\vundofix.txt and run it again.... to be sure.
Start hijackthis, select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked.

O2 - BHO: (no name) - {9DD2677F-8D63-4F31-9157-896095B728DD} - C:\WINDOWS\system32\awvvs.dll (file missing)
O2 - BHO: (no name) - {B00FF85D-54E8-4F2C-8455-6067D369271E} - C:\Program Files\Internet Explorer\hokem43855.dll
O2 - BHO: CDLPObj Object - {BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA} - C:\WINDOWS\DLP.dll (file missing)
O20 - Winlogon Notify: ljjjkhh - ljjjkhh.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

Delete this file:
C:\Program Files\Internet Explorer\hokem43855.dll
-you may have to do it in safe mode after a restart.
Good. Now got Start, all pgms, admin tools, services; scroll to Windows Overlay Components, rclick it and press Stop if available. You may need to go to Properties and disable it first, but I doubt it is running.
Write down the exact name. Now close Services, and in cmd window type:
sc delete exact name -don't be silly now!!

CCleaner:

==Get CCleaner from here - and put it in a new folder. You should aim to keep this one for general use. I set it from the installation checkboxes to only open from the recycle bin. It's neater that way.

Now run CCleaner from the recycle bin rclick menu using its default settings [if you set up CCleaner as i suggested, rclicking the bin icon should give you the Open CCleaner option...]. Select the Cleaner icon, press Run Cleaner.

[For future quick temp file cleaning select the options you wish to use via the Windows and Applications tabs .. Note that CCleaner is also a free registry cleaner. Explore all its options, but skip the prefetch folder cleaning option. That one is unnecessary because windows automatically dumps old unused entries anyway, they can do no harm, and further, if there is no prefetch entry for an app you wish to load then your sys will just be a lil bit slower loading it. And an entry will then be generated anyway.]

Panda Online Scan:

==Please do an online scan at panda:-
-select a link to the scan... free online virus scan...., enter a valid? email and follow through, choosing My Computer for a full system scan.

Post the log it produces here.

Now for AVG - AS:

==GET AVG antispyware 7.5 here..
or here..
-the link is almost at the bottom of the page , avgas 7.5.0.50. Install it and UPDATE it.

Start AVG a-s 7.5;

-under Scanner/ Settings please set Recommended actions to QUARANTINE, and run the complete system scan.
-save the log file. Post the log file.

Edited by happygeek because: fixed formatting
Member Avatar for nerdwithnikeson

well C:\Program Files\Internet Explorer\hokem43855.dll was no where to be found so i could not delete
=============================================
and trying to delete windows overlay components resulted in an error again. windows overlay components is stopped, and its path to executbale is C:\WINDOWS\itklzzd.exe (don't know if that helps). but when trying to delete it in the cmd it still says that is does not exist as an installed service. i tried sc delete Windows Overlay Components as well as the executable name.
============================================
the panda active scan is taking too long to post results right now, but ill have everything by tomorrow

Member Avatar for gerbil

Groan!! I must be losing it.... I tell you to get the exact name and miss one lil word... service. My apologies... In this:
"Now got Start, all pgms, admin tools, services; scroll to Windows Overlay Components, rclick it and press Stop if available. You may need to go to Properties and disable it first, but I doubt it is running.
Write down the exact name. Now close Services, and in cmd window type:
sc delete exact name -don't be silly now!!"
Rewriting it: rclick Windows Overlay Components, open properties, and write down the exact SERVICE name. Sigh... it should have one there.. that is the name to use in the sc command.So:
sc delete exact service name.

Member Avatar for nerdwithnikeson

well the service name was Windows Overlay Components. I put sc delete Windows Overlay Components and still it says failed because it is not an installed service.
=============================================
now for the panda active scan, here is the log

Incident Status Location

Adware:adware/emediacodec Not disinfected c:\windows\system32\ncompat.tlb
Adware:adware/securityerror Not disinfected c:\windows\system32\ot.ico
Virus:trj/abwiz.a Disinfected Operating system
Adware:adware/adsmart Not disinfected c:\windows\system32\vx.tll
Adware:adware/azesearch Not disinfected c:\windows\system32\zlokdfs9.leo
Virus:trj/spamer.c Disinfected Operating system
Adware:adware/cws.searchmeup Not disinfected C:\Documents and Settings\Owner.UPPERPLAYGROUND\Favorites\Today's Specials.url
Adware:adware/spywarequake Not disinfected c:\windows\system32\1024\ldA7EC.tmp
Adware:adware/popper Not disinfected Windows Registry
Adware:adware/ist.sidefind Not disinfected Windows Registry
Adware:adware/wupd Not disinfected Windows Registry
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Guest\Cookies\guest@atwola[2].txt
Spyware:Cookie/64.62.232 Not disinfected C:\Documents and Settings\Owner\Cookies\owner@64.62.232[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Cookies\owner@atwola[1].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Owner\Cookies\owner@rightmedia[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@atwola[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@go[1].txt
Spyware:Cookie/Mircx Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@pop.mircx[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner.UPPERPLAYGROUND\Local Settings\Temp\Cookies\owner@ad.yieldmanager[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner.UPPERPLAYGROUND\Local Settings\Temp\Cookies\owner@advertising[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Owner.UPPERPLAYGROUND\Local Settings\Temp\Cookies\owner@atdmt[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner.UPPERPLAYGROUND\Local Settings\Temp\Cookies\owner@bs.serving-sys[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Owner.UPPERPLAYGROUND\Local Settings\Temp\Cookies\owner@casalemedia[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner.UPPERPLAYGROUND\Local Settings\Temp\Cookies\owner@doubleclick[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Owner.UPPERPLAYGROUND\Local Settings\Temp\Cookies\owner@fastclick[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Owner.UPPERPLAYGROUND\Local Settings\Temp\Cookies\owner@mediaplex[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Owner.UPPERPLAYGROUND\Local Settings\Temp\Cookies\owner@questionmarket[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner.UPPERPLAYGROUND\Local Settings\Temp\Cookies\owner@serving-sys[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Owner.UPPERPLAYGROUND\Local Settings\Temp\Cookies\owner@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Owner.UPPERPLAYGROUND\Local Settings\Temp\Cookies\owner@tribalfusion[2].txt
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
Adware:Adware/Yazzle Not disinfected C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
Adware:Adware/WebSearch Not disinfected C:\Program Files\hijackthis\backups\backup-20070702-233847-694.dll
Adware:Adware/TTC Not disinfected C:\Temp\maTUS.exe[dlltk67.exe]
Virus:Trj/Downloader.OJF Not disinfected C:\Temp\maTUS.exe[dlwr.exe]
Adware:Adware/DeluxeComunications Not disinfected C:\Temp\maTUS.exe[d5ll.exe]
Virus:Trj/Downloader.OZB Disinfected C:\VundoFix Backups\atspglof.exe.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\bwprvnwq.dll.bad
Adware:Adware/WinAntivirus2006 Not disinfected C:\VundoFix Backups\cewnvbjq.dll.bad
Spyware:Spyware/Vundo Not disinfected C:\VundoFix Backups\cqpksnhw.dll.bad
Adware:Adware/WinAntivirus2006 Not disinfected C:\VundoFix Backups\irytquxx.dll.bad
Virus:Trj/Clicker.ACO Disinfected C:\VundoFix Backups\j1271333.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\jaevbcod.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\jlhxisdu.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\ktkcheay.dll.bad
Adware:Adware/WinAntivirus2006 Not disinfected C:\VundoFix Backups\kxllnrnr.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\kyhbsdro.dll.bad
Virus:Trj/Downloader.OZB Disinfected C:\VundoFix Backups\ljyqfpwa.exe.bad
Virus:Trj/Downloader.OZB Disinfected C:\VundoFix Backups\nkqttmex.exe.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\nnnkiig.dll.bad
Adware:Adware/WinAntivirus2006 Not disinfected C:\VundoFix Backups\padfhwqt.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\pgrcisci.dll.bad
Virus:Trj/Downloader.OZB Disinfected C:\VundoFix Backups\piyobysg.exe.bad
Virus:Trj/Downloader.OZB Disinfected C:\VundoFix Backups\pjrwljfi.exe.bad
Virus:Trj/Downloader.OZB Disinfected C:\VundoFix Backups\qvamqsvd.exe.bad
Virus:Trj/Lowzones.TP Disinfected C:\VundoFix Backups\qxdxucnq.exe.bad
Virus:Trj/Downloader.OZB Disinfected C:\VundoFix Backups\rakiubkv.exe.bad
Virus:Trj/Lowzones.TP Disinfected C:\VundoFix Backups\rdgvcnnx.exe.bad
Virus:Trj/Lowzones.TP Disinfected C:\VundoFix Backups\rpleetje.exe.bad
Virus:Trj/Downloader.OZB Disinfected C:\VundoFix Backups\rqqccqii.exe.bad
Virus:Trj/Downloader.OZB Disinfected C:\VundoFix Backups\ryqfjaoi.exe.bad
Virus:Trj/Downloader.OZB Disinfected C:\VundoFix Backups\scbxeffo.exe.bad
Virus:Trj/Downloader.OZB Disinfected C:\VundoFix Backups\tcfuqdlr.exe.bad
Adware:Adware/WinAntivirus2006 Not disinfected C:\VundoFix Backups\tfutqygk.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\wgjeuxnc.dll.bad
Virus:Trj/Downloader.OZB Disinfected C:\VundoFix Backups\whksjkjf.exe.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\wpbyvcco.dll.bad
Virus:Trj/Clicker.XQ Not disinfected C:\WINDOWS\acdt68.exe[func.js]
Virus:Trj/Clicker.XQ Not disinfected C:\WINDOWS\acdt68.exe[func.exe]
Adware:Adware/DigInk Not disinfected C:\WINDOWS\rau001978.exe
Virus:Trj/Downloader.PCQ Disinfected C:\WINDOWS\system32\idvaisli.exe
=============================================
here is the avg anti-spyware log

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 1:41:27 PM 7/3/2007

+ Scan result:

C:\WINDOWS\cfg32.exe -> Adware.BookedSpace : No action taken.
C:\Program Files\hijackthis\backups\backup-20070702-233847-694.dll -> Adware.TTC : No action taken.
C:\Documents and Settings\All Users\Start Menu\PopUp Blocker.url -> Adware.UnwantedIcons : No action taken.
C:\Documents and Settings\All Users\Start Menu\Spyware Remover.url -> Adware.UnwantedIcons : No action taken.
C:\VundoFix Backups\nnnkiig.dll.bad -> Adware.Virtumonde : No action taken.
HKU\S-1-5-21-567519245-1751928096-2473643294-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA} -> Adware.WebDir : No action taken.
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe -> Downloader.PurityScan.eg : No action taken.
C:\WINDOWS\acdt68.exe -> Hijacker.Small.jf : No action taken.
C:\WINDOWS\system\DRIVER\h.exe -> Logger.Small.dx : No action taken.
C:\Documents and Settings\Owner.UPPERPLAYGROUND\Local Settings\Temp\Cookies\owner@2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Owner.UPPERPLAYGROUND\Local Settings\Temp\Cookies\owner@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Owner.UPPERPLAYGROUND\Local Settings\Temp\Cookies\owner@adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\Owner.UPPERPLAYGROUND\Local Settings\Temp\Cookies\owner@ads.adbrite[1].txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.106:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\mii861a3.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.17:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\mii861a3.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Owner.UPPERPLAYGROUND\Local Settings\Temp\Cookies\owner@advertising[1].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Owner.UPPERPLAYGROUND\Local Settings\Temp\Cookies\owner@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.15:C:\Documents and Settings\Owner.UPPERPLAYGROUND\Application Data\Mozilla\Firefox\Profiles\biu3vrmp.Default User\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.16:C:\Documents and Settings\Owner.UPPERPLAYGROUND\Application Data\Mozilla\Firefox\Profiles\biu3vrmp.Default User\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.17:C:\Documents and Settings\Owner.UPPERPLAYGROUND\Application Data\Mozilla\Firefox\Profiles\biu3vrmp.Default User\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.18:C:\Documents and Settings\Owner.UPPERPLAYGROUND\Application Data\Mozilla\Firefox\Profiles\biu3vrmp.Default User\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.19:C:\Documents and Settings\Owner.UPPERPLAYGROUND\Application Data\Mozilla\Firefox\Profiles\biu3vrmp.Default User\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\Owner.UPPERPLAYGROUND\Local Settings\Temp\Cookies\owner@casalemedia[2].txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\Owner.UPPERPLAYGROUND\Local Settings\Temp\Cookies\owner@doubleclick[2].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Owner.UPPERPLAYGROUND\Local Settings\Temp\Cookies\owner@fastclick[2].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\Owner.UPPERPLAYGROUND\Local Settings\Temp\Cookies\owner@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Owner.UPPERPLAYGROUND\Local Settings\Temp\Cookies\owner@questionmarket[2].txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.47:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\mii861a3.default\cookies.txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.48:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\mii861a3.default\cookies.txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.49:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\mii861a3.default\cookies.txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.50:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\mii861a3.default\cookies.txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.29:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\mii861a3.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
C:\Documents and Settings\Owner.UPPERPLAYGROUND\Local Settings\Temp\Cookies\owner@revsci[2].txt -> TrackingCookie.Revsci : No action taken.
C:\Documents and Settings\Owner.UPPERPLAYGROUND\Local Settings\Temp\Cookies\owner@edge.ru4[1].txt -> TrackingCookie.Ru4 : No action taken.
C:\Documents and Settings\Owner.UPPERPLAYGROUND\Local Settings\Temp\Cookies\owner@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\Owner.UPPERPLAYGROUND\Local Settings\Temp\Cookies\owner@serving-sys[2].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\Owner.UPPERPLAYGROUND\Local Settings\Temp\Cookies\owner@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\Owner.UPPERPLAYGROUND\Local Settings\Temp\Cookies\owner@specificclick[1].txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\Owner.UPPERPLAYGROUND\Local Settings\Temp\Cookies\owner@trafficmp[2].txt -> TrackingCookie.Trafficmp : No action taken.
C:\Documents and Settings\Owner.UPPERPLAYGROUND\Local Settings\Temp\Cookies\owner@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Owner.UPPERPLAYGROUND\Local Settings\Temp\Cookies\owner@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
HKU\S-1-5-21-567519245-1751928096-2473643294-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E0103CD4-D1CE-411A-B75B-4FEC072867F4} -> Trojan.Puper.ac : No action taken.
C:\WINDOWS\system32\1024 -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldA7EC.tmp -> Trojan.Small : No action taken.


::Report end

Member Avatar for gerbil

This is my very last shot on that service. Note that in this procedure the name may be abbreviated from Windows Overlay Components.
Go Start, run, regedit, navigate to HKLM\System\CurrentControlSet\, expand the Services key. Look down until you find the correct key representing Windows Overlay Components, lclick it, confirm in right pane if needs be. Go file, export, and follow through. Good. Now with the subkey still highlighted delete it [and its subkeys].
If it will not let you, rclick the key, permissions, grant the admin full permissions, and then delete it.
Phew.
=Please delete the folder C:\VundoFix Backups
=Go to add/remove pgms and remove any program that has Oin or Yazzle in its name, plus SurfSidekick and Deluxe Communications. Delete their folders from C:\Program files and from C:\Program files\Common Files.
==Download SmitfraudFix (by S!Ri) from http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract the content (a folder named SmitfraudFix) to your Desktop.
- Open the SmitfraudFix folder and double-click smitfraudfix.cmd, select option #2 - Search [type 2 and Enter]
You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer Y and Enter [which will remove the desktop background and clean registry keys associated with the infection].
The tool will next check if wininet.dll is infected- if it is you will be prompted to replace the file ; type Y and press "Enter".
A text file will appear which lists infected files (if present). It will also create a log named rapport.txt in the root of your drive, eg: Local Disk C:.. Please paste the report in your next reply.

For Owner you seem to have a lot of operating cookie folders... surely one location would suffice? Did you set up the last one?
C:\Documents and Settings\Owner\Cookies
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies
C:\Documents and Settings\Owner.UPPERPLAYGROUND\Local Settings\Temp\Cookies
-you can force IE cookies to one location if you follow my registry text at the bottom of this procedure.

=Delete these files [if any play hard do it in Safe mode]:
C:\WINDOWS\acdt68.exe
C:\WINDOWS\rau001978.exe
c:\windows\system32\ncompat.tlb
c:\windows\system32\vx.tll
c:\windows\system32\zlokdfs9.leo
C:\Documents and Settings\Owner.UPPERPLAYGROUND\Favorites\Today's Specials.url
C:\Temp\maTUS.exe

Run CCleaner.
Now please rescan with Panda online.
And finally with AVG AS - this time after the scan completes press Apply all Actions and Save the log.
Post the Smitfraudfix, Panda and AVG logs, plus a hijackthis log.
And I'd like your comments on how things are, also, please?

To move the cookie folder, first create a folder, and then modify these two registry keys to the desired location..... [also works for history].
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders; Cookies & History
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders; Cookies & History
"Cookies" = "C:\Documents and Settings\Owner\Local Settings\Temp\Cookies" ...for example, in both keys.

Member Avatar for nerdwithnikeson

hey sorry i've been on vacation. i will post everything tomorrow.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.