Results 1 to 4 of 4

Thread: Help With Removal of Virtumonde and others.

  1. 2007-09-17, 19:57 #1
    JonathanY8
    JonathanY8 is offline
    Junior Member
    Join Date
    Sep 2007
    Posts
    2

    Default Help With Removal of Virtumonde and others.

    Hello, yeh, ive tried scanning it with all my scanners yet none of them ar able to delete any of these so please help.

    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Monday, September 17, 2007 1:32:57 PM
    Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.93.1
    Kaspersky Anti-Virus database last update: 17/09/2007
    Kaspersky Anti-Virus database records: 419621
    -------------------------------------------------------------------------------
    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true
    Scan Target - My Computer:
    A:\
    C:\
    D:\
    Scan Statistics:
    Total number of scanned objects: 135657
    Number of viruses found: 6
    Number of infected objects: 13
    Number of suspicious objects: 0
    Duration of the scan process: 02:40:46
    Infected Object Name / Virus Name / Last Action
    C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\ph Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\variable Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\FLEXnet\adobe_00080000_tsf.data Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Logs\TaskScheduler\McTskshd002.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\McAfee.com\VSO\OASLogs\OAS.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
    C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\3ev6mkmm.default\cert8.db Object is locked skipped
    C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\3ev6mkmm.default\formhistory.dat Object is locked skipped
    C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\3ev6mkmm.default\GoogleToolbarData\googlesafebrowsing.db Object is locked skipped
    C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\3ev6mkmm.default\history.dat Object is locked skipped
    C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\3ev6mkmm.default\key3.db Object is locked skipped
    C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\3ev6mkmm.default\search.sqlite Object is locked skipped
    C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\3ev6mkmm.default\urlclassifier2.sqlite Object is locked skipped
    C:\Documents and Settings\Jonathan\Cookies\INDEX.DAT Object is locked skipped
    C:\Documents and Settings\Jonathan\Desktop\Finished Site\xampplite\apache\logs\access.log Object is locked skipped
    C:\Documents and Settings\Jonathan\Desktop\Finished Site\xampplite\apache\logs\error.log Object is locked skipped
    C:\Documents and Settings\Jonathan\Desktop\Finished Site\xampplite\apache\logs\ssl_request.log Object is locked skipped
    C:\Documents and Settings\Jonathan\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
    C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
    C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_219.wmdb Object is locked skipped
    C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\lithia.l@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
    C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\lithia.l@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
    C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\lithia.l@hotmail.com\SharingMetadata\Working\database_A2CC_DAD8_CCDA_A5B7\dfsr.db Object is locked skipped
    C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\lithia.l@hotmail.com\SharingMetadata\Working\database_A2CC_DAD8_CCDA_A5B7\fsr.log Object is locked skipped
    C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\lithia.l@hotmail.com\SharingMetadata\Working\database_A2CC_DAD8_CCDA_A5B7\fsrtmp.log Object is locked skipped
    C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Messenger\lithia.l@hotmail.com\SharingMetadata\Working\database_A2CC_DAD8_CCDA_A5B7\tmp.edb Object is locked skipped
    C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Windows Live Contacts\lithia.l@hotmail.com\real\members.stg Object is locked skipped
    C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Windows Live Contacts\lithia.l@hotmail.com\shadow\members.stg Object is locked skipped
    C:\Documents and Settings\Jonathan\Local Settings\Application Data\Mozilla\Firefox\Profiles\3ev6mkmm.default\Cache\_CACHE_001_ Object is locked skipped
    C:\Documents and Settings\Jonathan\Local Settings\Application Data\Mozilla\Firefox\Profiles\3ev6mkmm.default\Cache\_CACHE_002_ Object is locked skipped
    C:\Documents and Settings\Jonathan\Local Settings\Application Data\Mozilla\Firefox\Profiles\3ev6mkmm.default\Cache\_CACHE_003_ Object is locked skipped
    C:\Documents and Settings\Jonathan\Local Settings\Application Data\Mozilla\Firefox\Profiles\3ev6mkmm.default\Cache\_CACHE_MAP_ Object is locked skipped
    C:\Documents and Settings\Jonathan\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
    C:\Documents and Settings\Jonathan\Local Settings\History\History.IE5\MSHist012007091720070918\index.dat Object is locked skipped
    C:\Documents and Settings\Jonathan\Local Settings\Temp\amt.log Object is locked skipped
    C:\Documents and Settings\Jonathan\Local Settings\Temp\cgxjyuhy.exe Infected: Trojan.Win32.Agent.bck skipped
    C:\Documents and Settings\Jonathan\Local Settings\Temp\goaadudv.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
    C:\Documents and Settings\Jonathan\Local Settings\Temp\oexmlaop.exe Infected: Trojan.Win32.Agent.bck skipped
    C:\Documents and Settings\Jonathan\Local Settings\Temp\olwyumje.exe Infected: Trojan.Win32.Agent.bck skipped
    C:\Documents and Settings\Jonathan\Local Settings\Temp\udpeagur.exe Infected: Trojan.Win32.Agent.bck skipped
    C:\Documents and Settings\Jonathan\Local Settings\Temp\~DF7D80.tmp Object is locked skipped
    C:\Documents and Settings\Jonathan\Local Settings\Temp\~DF7D8D.tmp Object is locked skipped
    C:\Documents and Settings\Jonathan\Local Settings\Temp\~DFD9C1.tmp Object is locked skipped
    C:\Documents and Settings\Jonathan\Local Settings\Temp\~DFDA79.tmp Object is locked skipped
    C:\Documents and Settings\Jonathan\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Jonathan\Local Settings\Temporary Internet Files\Content.IE5\Z65VEIM0\100328_1954302921_Invisibleengine_ComicCon2007533[1].flv Object is locked skipped
    C:\Documents and Settings\Jonathan\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\Jonathan\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\Program Files\Common Files\Adobe\Adobe PCD\cache\cache.db Object is locked skipped
    C:\Program Files\Common Files\Adobe\Adobe PCD\pcd.db Object is locked skipped
    C:\Program Files\Common Files\Adobe\caps\caps.db Object is locked skipped
    C:\Program Files\Common Files\AOL\ACS\US\forms.fdb Object is locked skipped
    C:\Program Files\Common Files\AOL\ACS\US\static Object is locked skipped
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\BWKDLogs\BWTargetInf.log Object is locked skipped
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\cache.dat Object is locked skipped
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.dat Object is locked skipped
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.idx Object is locked skipped
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.dat Object is locked skipped
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.idx Object is locked skipped
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\D0000000.FCS Object is locked skipped
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\FileRep.log Object is locked skipped
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\inuse.txt Object is locked skipped
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\L0000001.FCS Object is locked skipped
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\main.log Object is locked skipped
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.dat Object is locked skipped
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.idx Object is locked skipped
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.dat Object is locked skipped
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.idx Object is locked skipped
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.dat Object is locked skipped
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.idx Object is locked skipped
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.dat Object is locked skipped
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.idx Object is locked skipped
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.dat Object is locked skipped
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.idx Object is locked skipped
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.dat Object is locked skipped
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.idx Object is locked skipped
    C:\Program Files\MySQL\MySQL Server 5.0\data\D300J561.err Object is locked skipped
    C:\Program Files\MySQL\MySQL Server 5.0\data\ibdata1 Object is locked skipped
    C:\Program Files\MySQL\MySQL Server 5.0\data\ib_logfile0 Object is locked skipped
    C:\Program Files\MySQL\MySQL Server 5.0\data\ib_logfile1 Object is locked skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP996\A0157969.exe/data.rar/keygen.exe Infected: Trojan-Downloader.Win32.LoadAdv.gen skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP996\A0157969.exe/data.rar/crack.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.ql skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP996\A0157969.exe/data.rar/serial.exe Infected: Trojan.Win32.Dialer.uu skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP996\A0157969.exe/data.rar Infected: Trojan.Win32.Dialer.uu skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP996\A0157969.exe RarSFX: infected - 4 skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP996\A0157972.exe Infected: Trojan.Win32.Dialer.uu skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP998\change.log Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\Sti_Trace.log Object is locked skipped
    C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
    C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
    C:\WINDOWS\SYSTEM32\efyatukp.exe Infected: Trojan.Win32.Agent.bck skipped
    C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
    C:\WINDOWS\SYSTEM32\ssqqqqo.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\Temp\Cookies\index.dat Object is locked skipped
    C:\WINDOWS\Temp\History\History.IE5\index.dat Object is locked skipped
    C:\WINDOWS\Temp\s4o4.8j9 Object is locked skipped
    C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
    C:\WINDOWS\WIASERVC.LOG Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped
    Scan process completed.
  2. 2007-09-17, 19:58 #2
    JonathanY8
    JonathanY8 is offline
    Junior Member
    Join Date
    Sep 2007
    Posts
    2

    Default And my Hijack This Scan

    MY HIJACK THIS SCAN

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:52:47 PM, on 9/17/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\system32\efyatukp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\Program Files\Common Files\AOL\1139188325\ee\AOLSoftware.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Documents and Settings\Jonathan\Desktop\Finished Site\xampplite\apache\bin\apache.exe
    C:\Documents and Settings\Jonathan\Desktop\Finished Site\xampplite\apache\bin\apache.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\explorer.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
    C:\Dev-Cpp\DevCpp.exe
    C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://superrose.no-ip.org/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
    R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [removecpl] RemoveCpl.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1139188325\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [SD1] C:\Documents and Settings\Jonathan\Desktop\serverdoc.exe /SD1 C:\Documents and Settings\Jonathan\Desktop\Super Server\WorldServer.exe
    O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\poiymeto.dll",forkonce
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
    O4 - Global Startup: iTunes.lnk = ?
    O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
    O17 - HKLM\System\CCS\Services\Tcpip\..\{71B05BE8-0017-47BE-BAEB-D1C8E0FA3F90}: NameServer = 192.168.1.254,205.152.144.23
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Apache2.2 - Unknown owner - C:\Documents and Settings\Jonathan\Desktop\Site\xampplite\apache\bin\apache.exe (file missing)
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    --
    End of file - 11852 bytes
  3. 2007-09-29, 01:14 #3
    teacup61
    teacup61 is offline
    In Memoriam -Always in our heart teacup61's Avatar
    Join Date
    Jun 2006
    Location
    Texas
    Posts
    759

    Default

    Hello JonathanY8,

    Welcome to Safer Networking Forums

    Sorry for the delay. :( If you still need help, please post a new HiajckThis log and I'll be happy to look at it.

    Thanks,
    tea
    teacup61
  4. 2007-10-09, 05:51 #4
    tashi
    tashi is offline
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,961

    Default

    This topic has been moved to archives.

    If you need the thread re-opened, please send me a private message (pm) and provide a link.

    Applies only to the original poster, anyone else with similar problems please start your own topic.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules