Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vundo.dll


  • Please log in to reply
9 replies to this topic

#1 TravelingTasha

TravelingTasha

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 25 October 2006 - 07:50 AM

I have the virus vundo.dll. I run McAfee all the time, as well as Spybot and AdAware, so I'm not sure how it happend. I'd love to get some insight on that. But first, I need help getting rid of the virus. I downloaded HijackThis. Here is what I got:

Logfile of HijackThis v1.99.1
Scan saved at 3:29:38 PM, on 10/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\keyhook.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Nikon\NkView\EvLstnr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\SYSTEM32\sistray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Tasha\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\4144\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\4144\SiteAdv.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [EVENTLISTENER] C:\Program Files\Nikon\NkView\EvLstnr.exe
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\SYSTEM32\sistray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.hotmail.com
O15 - Trusted Zone: http://www.jayloden.com
O15 - Trusted Zone: http://*.jayloden.com
O15 - Trusted Zone: http://loginnet.passport.com
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\4144\SiteAdv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

Thanks for the help!
Tasha

BC AdBot (Login to Remove)

 


#2 TravelingTasha

TravelingTasha
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 29 October 2006 - 07:58 AM

Please someone help me. My computer is really jacked up and I'm close to just admitting defeat and wiping the hard drive. Your help is very much appreciated!

#3 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:07:12 AM

Posted 29 October 2006 - 01:44 PM

vundo can hide from hijack - right click hijackthis.exe and rename it bleep,exe

=============

Please download http://www.atribune.org/ccount/click.php?id=4 to C:\
Double-click VundoFix.exe to run it.
click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES.
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Please post the contents of C:\vundofix.txt and a new HijackThis log.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot.
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#4 TravelingTasha

TravelingTasha
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 29 October 2006 - 11:14 PM

VundoFix:


VundoFix V6.2.6

Checking Java version...

Java version is 1.4.2.3

Java version is 1.4.2.6

Java version is 1.5.0.2

Java version is 1.5.0.4

Java version is 1.5.0.6

Scan started at 9:34:48 PM 10/27/2006

Listing files found while scanning....

C:\WINDOWS\SYSTEM32\nkejwol.dll

Beginning removal...

Attempting to delete C:\WINDOWS\SYSTEM32\nkejwol.dll
C:\WINDOWS\SYSTEM32\nkejwol.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\SYSTEM32\nkejwol.dll
C:\WINDOWS\SYSTEM32\nkejwol.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.2.6

Checking Java version...

Java version is 1.4.2.3

Java version is 1.4.2.6

Java version is 1.5.0.2

Java version is 1.5.0.4

Java version is 1.5.0.6

Scan started at 7:38:47 AM 10/28/2006

Listing files found while scanning....


VundoFix V6.2.6

Checking Java version...

Java version is 1.4.2.3

Java version is 1.4.2.6

Java version is 1.5.0.2

Java version is 1.5.0.4

Java version is 1.5.0.6

Scan started at 3:17:28 PM 10/29/2006

Listing files found while scanning....

C:\WINDOWS\SYSTEM32\awtrstu.dll
C:\WINDOWS\SYSTEM32\byxurss.dll
C:\WINDOWS\SYSTEM32\byxvuvs.dll
C:\WINDOWS\SYSTEM32\byxvwwx.dll
C:\WINDOWS\SYSTEM32\cbxutut.dll
C:\WINDOWS\SYSTEM32\cbxuvst.dll
C:\WINDOWS\SYSTEM32\cbxwtsp.dll
C:\WINDOWS\SYSTEM32\cbxxwwu.dll
C:\WINDOWS\SYSTEM32\cbxyayy.dll
C:\WINDOWS\SYSTEM32\ddcawtt.dll
C:\WINDOWS\SYSTEM32\ddccbax.dll
C:\WINDOWS\SYSTEM32\ddcdaxv.dll
C:\WINDOWS\SYSTEM32\efcabya.dll
C:\WINDOWS\SYSTEM32\efcyaaw.dll
C:\WINDOWS\SYSTEM32\efcyxyw.dll
C:\WINDOWS\SYSTEM32\fccayvt.dll
C:\WINDOWS\SYSTEM32\fccbabc.dll
C:\WINDOWS\SYSTEM32\fccccdd.dll
C:\WINDOWS\SYSTEM32\fccddbx.dll
C:\WINDOWS\SYSTEM32\hggdaab.dll
C:\WINDOWS\SYSTEM32\hggffdd.dll
C:\WINDOWS\SYSTEM32\hgggdca.dll
C:\WINDOWS\SYSTEM32\hgggfcc.dll
C:\WINDOWS\SYSTEM32\hgggfde.dll
C:\WINDOWS\SYSTEM32\iifccdb.dll
C:\WINDOWS\SYSTEM32\iifdbcy.dll
C:\WINDOWS\SYSTEM32\iifebxv.dll
C:\WINDOWS\SYSTEM32\iifecca.dll
C:\WINDOWS\SYSTEM32\iifeeca.dll
C:\WINDOWS\SYSTEM32\jkkheby.dll
C:\WINDOWS\SYSTEM32\jkkijhf.dll
C:\WINDOWS\SYSTEM32\jkklige.dll
C:\WINDOWS\SYSTEM32\jkklkkl.dll
C:\WINDOWS\SYSTEM32\khfdaaa.dll
C:\WINDOWS\SYSTEM32\khfedbc.dll
C:\WINDOWS\SYSTEM32\khfgdbx.dll
C:\WINDOWS\SYSTEM32\khfgffd.dll
C:\WINDOWS\SYSTEM32\ljjihfe.dll
C:\WINDOWS\SYSTEM32\nnnlkhf.dll
C:\WINDOWS\SYSTEM32\nnnmlkh.dll
C:\WINDOWS\SYSTEM32\opnlkhf.dll
C:\WINDOWS\SYSTEM32\opnnnkk.dll
C:\WINDOWS\SYSTEM32\pmnnolk.dll
C:\WINDOWS\SYSTEM32\pmnopqr.dll
C:\WINDOWS\SYSTEM32\qomjhec.dll
C:\WINDOWS\SYSTEM32\qomlife.dll
C:\WINDOWS\SYSTEM32\qomlkij.dll
C:\WINDOWS\SYSTEM32\rqromll.dll
C:\WINDOWS\SYSTEM32\rqrqpoo.dll
C:\WINDOWS\SYSTEM32\ssqnmkh.dll
C:\WINDOWS\SYSTEM32\ssqnopo.dll
C:\WINDOWS\SYSTEM32\ssqomjh.dll
C:\WINDOWS\SYSTEM32\ssqonnk.dll
C:\WINDOWS\SYSTEM32\ssqooll.dll
C:\WINDOWS\SYSTEM32\ssqronn.dll
C:\WINDOWS\SYSTEM32\tuvuuut.dll
C:\WINDOWS\SYSTEM32\tuvwtqo.dll
C:\WINDOWS\SYSTEM32\tuvwuro.dll
C:\WINDOWS\SYSTEM32\urqroml.dll
C:\WINDOWS\SYSTEM32\vtustus.dll
C:\WINDOWS\SYSTEM32\vtutqoo.dll
C:\WINDOWS\SYSTEM32\vtuurss.dll
C:\WINDOWS\SYSTEM32\vtuusro.dll
C:\WINDOWS\SYSTEM32\wvuronk.dll
C:\WINDOWS\SYSTEM32\wvurpmk.dll
C:\WINDOWS\SYSTEM32\xxyvsst.dll
C:\WINDOWS\SYSTEM32\xxyvusr.dll
C:\WINDOWS\SYSTEM32\xxywtqo.dll
C:\WINDOWS\SYSTEM32\yayvusp.dll
C:\WINDOWS\SYSTEM32\yaywvwu.dll
C:\WINDOWS\SYSTEM32\yaywwus.dll
C:\WINDOWS\SYSTEM32\yayxyyy.dll
C:\WINDOWS\SYSTEM32\yayywxw.dll
C:\WINDOWS\system32\iiihh.dll
C:\WINDOWS\system32\hhiii.ini
C:\WINDOWS\system32\hhiii.bak1

Beginning removal...

Attempting to delete C:\WINDOWS\SYSTEM32\awtrstu.dll
C:\WINDOWS\SYSTEM32\awtrstu.dll Could not be deleted.

Attempting to delete C:\WINDOWS\SYSTEM32\byxurss.dll
C:\WINDOWS\SYSTEM32\byxurss.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\byxvuvs.dll
C:\WINDOWS\SYSTEM32\byxvuvs.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\byxvwwx.dll
C:\WINDOWS\SYSTEM32\byxvwwx.dll Could not be deleted.

Attempting to delete C:\WINDOWS\SYSTEM32\cbxutut.dll
C:\WINDOWS\SYSTEM32\cbxutut.dll Could not be deleted.

Attempting to delete C:\WINDOWS\SYSTEM32\cbxuvst.dll
C:\WINDOWS\SYSTEM32\cbxuvst.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\cbxwtsp.dll
C:\WINDOWS\SYSTEM32\cbxwtsp.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\cbxxwwu.dll
C:\WINDOWS\SYSTEM32\cbxxwwu.dll Could not be deleted.

Attempting to delete C:\WINDOWS\SYSTEM32\cbxyayy.dll
C:\WINDOWS\SYSTEM32\cbxyayy.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\ddcawtt.dll
C:\WINDOWS\SYSTEM32\ddcawtt.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\ddccbax.dll
C:\WINDOWS\SYSTEM32\ddccbax.dll Could not be deleted.

Attempting to delete C:\WINDOWS\SYSTEM32\ddcdaxv.dll
C:\WINDOWS\SYSTEM32\ddcdaxv.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\efcabya.dll
C:\WINDOWS\SYSTEM32\efcabya.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\efcyaaw.dll
C:\WINDOWS\SYSTEM32\efcyaaw.dll Could not be deleted.

Attempting to delete C:\WINDOWS\SYSTEM32\efcyxyw.dll
C:\WINDOWS\SYSTEM32\efcyxyw.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\fccayvt.dll
C:\WINDOWS\SYSTEM32\fccayvt.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\fccbabc.dll
C:\WINDOWS\SYSTEM32\fccbabc.dll Could not be deleted.

Attempting to delete C:\WINDOWS\SYSTEM32\fccccdd.dll
C:\WINDOWS\SYSTEM32\fccccdd.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\fccddbx.dll
C:\WINDOWS\SYSTEM32\fccddbx.dll Could not be deleted.

Attempting to delete C:\WINDOWS\SYSTEM32\hggdaab.dll
C:\WINDOWS\SYSTEM32\hggdaab.dll Could not be deleted.

Attempting to delete C:\WINDOWS\SYSTEM32\hggffdd.dll
C:\WINDOWS\SYSTEM32\hggffdd.dll Could not be deleted.

Attempting to delete C:\WINDOWS\SYSTEM32\hgggdca.dll
C:\WINDOWS\SYSTEM32\hgggdca.dll Could not be deleted.

Attempting to delete C:\WINDOWS\SYSTEM32\hgggfcc.dll
C:\WINDOWS\SYSTEM32\hgggfcc.dll Could not be deleted.

Attempting to delete C:\WINDOWS\SYSTEM32\hgggfde.dll
C:\WINDOWS\SYSTEM32\hgggfde.dll Could not be deleted.

Attempting to delete C:\WINDOWS\SYSTEM32\iifccdb.dll
C:\WINDOWS\SYSTEM32\iifccdb.dll Could not be deleted.

Attempting to delete C:\WINDOWS\SYSTEM32\iifdbcy.dll
C:\WINDOWS\SYSTEM32\iifdbcy.dll Could not be deleted.

Attempting to delete C:\WINDOWS\SYSTEM32\iifebxv.dll
C:\WINDOWS\SYSTEM32\iifebxv.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\iifecca.dll
C:\WINDOWS\SYSTEM32\iifecca.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\iifeeca.dll
C:\WINDOWS\SYSTEM32\iifeeca.dll Could not be deleted.

Attempting to delete C:\WINDOWS\SYSTEM32\jkkheby.dll
C:\WINDOWS\SYSTEM32\jkkheby.dll Could not be deleted.

Attempting to delete C:\WINDOWS\SYSTEM32\jkkijhf.dll
C:\WINDOWS\SYSTEM32\jkkijhf.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\jkklige.dll
C:\WINDOWS\SYSTEM32\jkklige.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\jkklkkl.dll
C:\WINDOWS\SYSTEM32\jkklkkl.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\khfdaaa.dll
C:\WINDOWS\SYSTEM32\khfdaaa.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\khfedbc.dll
C:\WINDOWS\SYSTEM32\khfedbc.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\khfgdbx.dll
C:\WINDOWS\SYSTEM32\khfgdbx.dll Could not be deleted.

Attempting to delete C:\WINDOWS\SYSTEM32\khfgffd.dll
C:\WINDOWS\SYSTEM32\khfgffd.dll Could not be deleted.

Attempting to delete C:\WINDOWS\SYSTEM32\ljjihfe.dll
C:\WINDOWS\SYSTEM32\ljjihfe.dll Could not be deleted.

Attempting to delete C:\WINDOWS\SYSTEM32\nnnlkhf.dll
C:\WINDOWS\SYSTEM32\nnnlkhf.dll Could not be deleted.

Attempting to delete C:\WINDOWS\SYSTEM32\nnnmlkh.dll
C:\WINDOWS\SYSTEM32\nnnmlkh.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\opnlkhf.dll
C:\WINDOWS\SYSTEM32\opnlkhf.dll Could not be deleted.

Attempting to delete C:\WINDOWS\SYSTEM32\opnnnkk.dll
C:\WINDOWS\SYSTEM32\opnnnkk.dll Could not be deleted.

Attempting to delete C:\WINDOWS\SYSTEM32\pmnnolk.dll
C:\WINDOWS\SYSTEM32\pmnnolk.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\pmnopqr.dll
C:\WINDOWS\SYSTEM32\pmnopqr.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\qomjhec.dll
C:\WINDOWS\SYSTEM32\qomjhec.dll Could not be deleted.

Attempting to delete C:\WINDOWS\SYSTEM32\qomlife.dll
C:\WINDOWS\SYSTEM32\qomlife.dll Could not be deleted.

Attempting to delete C:\WINDOWS\SYSTEM32\qomlkij.dll
C:\WINDOWS\SYSTEM32\qomlkij.dll Could not be deleted.

Attempting to delete C:\WINDOWS\SYSTEM32\rqromll.dll
C:\WINDOWS\SYSTEM32\rqromll.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\rqrqpoo.dll
C:\WINDOWS\SYSTEM32\rqrqpoo.dll Could not be deleted.

Attempting to delete C:\WINDOWS\SYSTEM32\ssqnmkh.dll
C:\WINDOWS\SYSTEM32\ssqnmkh.dll Could not be deleted.

Attempting to delete C:\WINDOWS\SYSTEM32\ssqnopo.dll
C:\WINDOWS\SYSTEM32\ssqnopo.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\ssqomjh.dll
C:\WINDOWS\SYSTEM32\ssqomjh.dll Could not be deleted.

Attempting to delete C:\WINDOWS\SYSTEM32\ssqonnk.dll
C:\WINDOWS\SYSTEM32\ssqonnk.dll Could not be deleted.

Attempting to delete C:\WINDOWS\SYSTEM32\ssqooll.dll
C:\WINDOWS\SYSTEM32\ssqooll.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\ssqronn.dll
C:\WINDOWS\SYSTEM32\ssqronn.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\tuvuuut.dll
C:\WINDOWS\SYSTEM32\tuvuuut.dll Could not be deleted.

Attempting to delete C:\WINDOWS\SYSTEM32\tuvwtqo.dll
C:\WINDOWS\SYSTEM32\tuvwtqo.dll Could not be deleted.

Attempting to delete C:\WINDOWS\SYSTEM32\tuvwuro.dll
C:\WINDOWS\SYSTEM32\tuvwuro.dll Could not be deleted.

Attempting to delete C:\WINDOWS\SYSTEM32\urqroml.dll
C:\WINDOWS\SYSTEM32\urqroml.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\vtustus.dll
C:\WINDOWS\SYSTEM32\vtustus.dll Could not be deleted.

Attempting to delete C:\WINDOWS\SYSTEM32\vtutqoo.dll
C:\WINDOWS\SYSTEM32\vtutqoo.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\vtuurss.dll
C:\WINDOWS\SYSTEM32\vtuurss.dll Could not be deleted.

Attempting to delete C:\WINDOWS\SYSTEM32\vtuusro.dll
C:\WINDOWS\SYSTEM32\vtuusro.dll Could not be deleted.

Attempting to delete C:\WINDOWS\SYSTEM32\wvuronk.dll
C:\WINDOWS\SYSTEM32\wvuronk.dll Could not be deleted.

Attempting to delete C:\WINDOWS\SYSTEM32\wvurpmk.dll
C:\WINDOWS\SYSTEM32\wvurpmk.dll Could not be deleted.

Attempting to delete C:\WINDOWS\SYSTEM32\xxyvsst.dll
C:\WINDOWS\SYSTEM32\xxyvsst.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\xxyvusr.dll
C:\WINDOWS\SYSTEM32\xxyvusr.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\xxywtqo.dll
C:\WINDOWS\SYSTEM32\xxywtqo.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\yayvusp.dll
C:\WINDOWS\SYSTEM32\yayvusp.dll Could not be deleted.

Attempting to delete C:\WINDOWS\SYSTEM32\yaywvwu.dll
C:\WINDOWS\SYSTEM32\yaywvwu.dll Could not be deleted.

Attempting to delete C:\WINDOWS\SYSTEM32\yaywwus.dll
C:\WINDOWS\SYSTEM32\yaywwus.dll Could not be deleted.

Attempting to delete C:\WINDOWS\SYSTEM32\yayxyyy.dll
C:\WINDOWS\SYSTEM32\yayxyyy.dll Could not be deleted.

Attempting to delete C:\WINDOWS\SYSTEM32\yayywxw.dll
C:\WINDOWS\SYSTEM32\yayywxw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\iiihh.dll
C:\WINDOWS\system32\iiihh.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\hhiii.ini
C:\WINDOWS\system32\hhiii.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\hhiii.bak1
C:\WINDOWS\system32\hhiii.bak1 Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\SYSTEM32\awtrstu.dll
C:\WINDOWS\SYSTEM32\awtrstu.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\byxvwwx.dll
C:\WINDOWS\SYSTEM32\byxvwwx.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\cbxutut.dll
C:\WINDOWS\SYSTEM32\cbxutut.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\cbxxwwu.dll
C:\WINDOWS\SYSTEM32\cbxxwwu.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\ddccbax.dll
C:\WINDOWS\SYSTEM32\ddccbax.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\efcyaaw.dll
C:\WINDOWS\SYSTEM32\efcyaaw.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\fccbabc.dll
C:\WINDOWS\SYSTEM32\fccbabc.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\fccddbx.dll
C:\WINDOWS\SYSTEM32\fccddbx.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\hggdaab.dll
C:\WINDOWS\SYSTEM32\hggdaab.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\hggffdd.dll
C:\WINDOWS\SYSTEM32\hggffdd.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\hgggdca.dll
C:\WINDOWS\SYSTEM32\hgggdca.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\hgggfcc.dll
C:\WINDOWS\SYSTEM32\hgggfcc.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\hgggfde.dll
C:\WINDOWS\SYSTEM32\hgggfde.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\iifccdb.dll
C:\WINDOWS\SYSTEM32\iifccdb.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\iifdbcy.dll
C:\WINDOWS\SYSTEM32\iifdbcy.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\iifeeca.dll
C:\WINDOWS\SYSTEM32\iifeeca.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\jkkheby.dll
C:\WINDOWS\SYSTEM32\jkkheby.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\khfgdbx.dll
C:\WINDOWS\SYSTEM32\khfgdbx.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\khfgffd.dll
C:\WINDOWS\SYSTEM32\khfgffd.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\ljjihfe.dll
C:\WINDOWS\SYSTEM32\ljjihfe.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\nnnlkhf.dll
C:\WINDOWS\SYSTEM32\nnnlkhf.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\opnlkhf.dll
C:\WINDOWS\SYSTEM32\opnlkhf.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\opnnnkk.dll
C:\WINDOWS\SYSTEM32\opnnnkk.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\qomjhec.dll
C:\WINDOWS\SYSTEM32\qomjhec.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\qomlife.dll
C:\WINDOWS\SYSTEM32\qomlife.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\qomlkij.dll
C:\WINDOWS\SYSTEM32\qomlkij.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\rqrqpoo.dll
C:\WINDOWS\SYSTEM32\rqrqpoo.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\ssqnmkh.dll
C:\WINDOWS\SYSTEM32\ssqnmkh.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\ssqomjh.dll
C:\WINDOWS\SYSTEM32\ssqomjh.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\ssqonnk.dll
C:\WINDOWS\SYSTEM32\ssqonnk.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\tuvuuut.dll
C:\WINDOWS\SYSTEM32\tuvuuut.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\tuvwtqo.dll
C:\WINDOWS\SYSTEM32\tuvwtqo.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\tuvwuro.dll
C:\WINDOWS\SYSTEM32\tuvwuro.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\vtustus.dll
C:\WINDOWS\SYSTEM32\vtustus.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\vtuurss.dll
C:\WINDOWS\SYSTEM32\vtuurss.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\vtuusro.dll
C:\WINDOWS\SYSTEM32\vtuusro.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\wvuronk.dll
C:\WINDOWS\SYSTEM32\wvuronk.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\wvurpmk.dll
C:\WINDOWS\SYSTEM32\wvurpmk.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\yayvusp.dll
C:\WINDOWS\SYSTEM32\yayvusp.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\yaywvwu.dll
C:\WINDOWS\SYSTEM32\yaywvwu.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\yaywwus.dll
C:\WINDOWS\SYSTEM32\yaywwus.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\yayxyyy.dll
C:\WINDOWS\SYSTEM32\yayxyyy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\iiihh.dll
C:\WINDOWS\system32\iiihh.dll Has been deleted!

Performing Repairs to the registry.
Done!

#5 TravelingTasha

TravelingTasha
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 29 October 2006 - 11:18 PM

Logfile of HijackThis v1.99.1
Scan saved at 9:54:35 PM, on 10/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\fxssvc.exe
C:\DOCUME~1\Tasha\LOCALS~1\Temp\stdrun4.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\keyhook.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Nikon\NkView\EvLstnr.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\DOCUME~1\Tasha\LOCALS~1\Temp\stdrun4.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\DOCUME~1\Tasha\LOCALS~1\Temp\stdrun4.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Documents and Settings\Tasha\Desktop\Bleep.exe
C:\WINDOWS\SYSTEM32\sistray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\System32\alg.exe
c:\program files\mcafee\mpf\mc\mpfalert.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\dwwin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
F3 - REG:win.ini: run=C:\DOCUME~1\Tasha\LOCALS~1\Temp\stdrun4.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: Acrobat IE Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE083} - C:\WINDOWS\system\ctldlg32.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\4144\SiteAdv.dll
O2 - BHO: (no name) - {3F508AB1-6BBA-C983-6D11-032A0C7AF158} - C:\WINDOWS\system32\nkejwol.dll (file missing)
O2 - BHO: (no name) - {40A2988E-C954-4DDE-BD08-453191805BB9} - C:\WINDOWS\SYSTEM32\durvil1.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: (no name) - {850A05DF-D9D2-4224-9D20-0DD648B16B99} - C:\WINDOWS\system32\tuvwuro.dll (file missing)
O2 - BHO: (no name) - {96318668-C1A8-4641-94C3-918F7CBA9F47} - C:\WINDOWS\system32\iiihh.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\4144\SiteAdv.dll
O3 - Toolbar: Happytofind Toolbar - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - C:\WINDOWS\system32\gtool.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [EVENTLISTENER] C:\Program Files\Nikon\NkView\EvLstnr.exe
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [qykcscn.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\qykcscn.dll,ztrtgce
O4 - HKLM\..\Run: [xp_system] C:\DOCUME~1\Tasha\LOCALS~1\Temp\stdrun4.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [xp_system] C:\DOCUME~1\Tasha\LOCALS~1\Temp\stdrun4.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\SYSTEM32\sistray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Happytofind Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINDOWS\system32\gtool.dll
O9 - Extra 'Tools' menuitem: Happytofind Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINDOWS\system32\gtool.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.hotmail.com
O15 - Trusted Zone: http://www.jayloden.com
O15 - Trusted Zone: http://*.jayloden.com
O15 - Trusted Zone: http://loginnet.passport.com
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\4144\SiteAdv.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL c:\windows\system32\ldcore.dll
O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

#6 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:07:12 AM

Posted 01 November 2006 - 04:26 PM

REmove limewire and Ares as they are a likely source of your infections
=======================


DownLoad EasyCleaner http://www.majorgeeks.com/download414.html

Use the clear files and Unnecessary files buttons – I do not recommend
using the Duplicates files button
as many dupes are there on purpose.

Not all files will delete – that is normal.

In the unnecessary button I check the top 4 entries


====================
Download AVG Anti-Spyware from http://www.ewido.net/en/download/ and save that file to your desktop.

When the trial period expires it becomes feature-limited freeware but is still worth keeping as a good on-demand scanner.
1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double click it to launch the set up program.
2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
3. On the main screen select the icon "Update" then select the "Update now" link.
o Next select the "Start Update" button. The update will start and a progress bar will show the updates being installed.
4. Once the update has completed, select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
6. Under "Reports"
o Select "Automatically generate report after every scan"
o Un-Select "Only if threats were found"
Close AVG Anti-Spyware. Do Not run a scan just yet, we will run it in safe mode.
1. Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning as it may interfere with the scanning process:
2. Launch AVG Anti-Spyware by double clicking the icon on your desktop.
3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
4. AVG will now begin the scanning process. Please be patient as this may take a little time.
Once the scan is complete, do the following:
5. If you have any infections you will be prompted. Then select "Apply all actions."
6. Next select the "Reports" icon at the top.
7. Select the "Save report as" button in the lower lef- hand of the screen and save it to a text file on your system (make sure to remember where you saved that file. This is important).
8. Close AVG Anti-Spyware and reboot your system back into Normal Mode.
Post the log from AVG and a new HiJack log
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#7 TravelingTasha

TravelingTasha
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 02 November 2006 - 11:49 PM

Thank you for the help! Hopefully we're making progress.... Here we go:

VG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:03:28 PM 11/2/2006

+ Scan result:



C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun5.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun8.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun9.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun8.exe/AutoSearch.dll -> Adware.AutoSearch : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun14.exe/AutoSearch.dll -> Adware.AutoSearch : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun15.exe/AutoSearch.dll -> Adware.AutoSearch : Cleaned with backup (quarantined).
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2999553570-1447547685-617126753-1006\Dc86.tmp -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2999553570-1447547685-617126753-1006\Dc87.tmp -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2999553570-1447547685-617126753-1006\Dc88.tmp -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\gtool.dll -> Adware.TopInstalls : Cleaned with backup (quarantined).
C:\Documents and Settings\Tasha\Local Settings\Temp\stdrun2.exe -> Downloader.Adload.hm : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2999553570-1447547685-617126753-1006\Dc100.exe -> Downloader.Adload.hm : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2999553570-1447547685-617126753-1006\Dc142.exe -> Downloader.CWS.ae : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP543\A0075604.exe -> Downloader.CWS.ae : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP543\A0081335.exe -> Downloader.CWS.ae : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\wupdmgr.exe -> Downloader.Small.cis : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP523\A0057245.exe -> Downloader.Small.cis : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP523\snapshot\MFEX-1.DAT -> Downloader.Small.cis : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP524\A0058240.exe -> Downloader.Small.cis : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP524\snapshot\MFEX-1.DAT -> Downloader.Small.cis : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP525\snapshot\MFEX-1.DAT -> Downloader.Small.cis : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP526\A0059239.exe -> Downloader.Small.cis : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP526\A0060239.exe -> Downloader.Small.cis : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP526\snapshot\MFEX-1.DAT -> Downloader.Small.cis : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP527\A0061239.exe -> Downloader.Small.cis : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP527\snapshot\MFEX-1.DAT -> Downloader.Small.cis : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP528\A0061285.exe -> Downloader.Small.cis : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP528\A0061306.exe -> Downloader.Small.cis : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP528\snapshot\MFEX-1.DAT -> Downloader.Small.cis : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP529\snapshot\MFEX-1.DAT -> Downloader.Small.cis : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP530\snapshot\MFEX-1.DAT -> Downloader.Small.cis : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP531\snapshot\MFEX-1.DAT -> Downloader.Small.cis : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP532\A0062510.exe -> Downloader.Small.cis : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP532\A0062522.exe -> Downloader.Small.cis : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP532\snapshot\MFEX-1.DAT -> Downloader.Small.cis : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP533\A0062556.exe -> Downloader.Small.cis : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP533\snapshot\MFEX-1.DAT -> Downloader.Small.cis : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP534\snapshot\MFEX-1.DAT -> Downloader.Small.cis : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP535\snapshot\MFEX-1.DAT -> Downloader.Small.cis : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP536\snapshot\MFEX-1.DAT -> Downloader.Small.cis : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\A0063556.exe -> Downloader.Small.cis : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP537\snapshot\MFEX-1.DAT -> Downloader.Small.cis : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP538\A0066556.exe -> Downloader.Small.cis : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP538\snapshot\MFEX-1.DAT -> Downloader.Small.cis : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP539\snapshot\MFEX-1.DAT -> Downloader.Small.cis : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP540\A0067556.exe -> Downloader.Small.cis : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP540\snapshot\MFEX-1.DAT -> Downloader.Small.cis : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP541\A0068558.exe -> Downloader.Small.cis : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP541\A0069558.exe -> Downloader.Small.cis : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP541\snapshot\MFEX-1.DAT -> Downloader.Small.cis : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP542\A0069589.exe -> Downloader.Small.cis : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP542\snapshot\MFEX-1.DAT -> Downloader.Small.cis : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP543\A0070588.exe -> Downloader.Small.cis : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP543\A0073596.exe -> Downloader.Small.cis : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP543\A0074597.exe -> Downloader.Small.cis : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP543\A0075598.exe -> Downloader.Small.cis : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP543\A0077275.exe -> Downloader.Small.cis : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP543\A0078278.exe -> Downloader.Small.cis : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP543\A0079283.exe -> Downloader.Small.cis : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP543\A0080281.exe -> Downloader.Small.cis : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP543\A0081277.exe -> Downloader.Small.cis : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP543\snapshot\MFEX-1.DAT -> Downloader.Small.cis : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP538\A0063654.dll -> Downloader.Small.crd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP543\A0077101.exe -> Downloader.Small.dxm : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\ldcore.dll -> Downloader.Small.dxm : Cleaned with backup (quarantined).
[1024] c:\windows\system32\ldcore.dll -> Downloader.Small.dxm : Cleaned with backup (quarantined).
[1052] c:\windows\system32\ldcore.dll -> Downloader.Small.dxm : Cleaned with backup (quarantined).
[1124] c:\windows\system32\ldcore.dll -> Downloader.Small.dxm : Cleaned with backup (quarantined).
[112] c:\windows\system32\ldcore.dll -> Downloader.Small.dxm : Cleaned with backup (quarantined).
[1168] c:\windows\system32\ldcore.dll -> Downloader.Small.dxm : Cleaned with backup (quarantined).
[1424] c:\windows\system32\ldcore.dll -> Downloader.Small.dxm : Cleaned with backup (quarantined).
[392] c:\windows\system32\ldcore.dll -> Downloader.Small.dxm : Cleaned with backup (quarantined).
[604] c:\windows\system32\ldcore.dll -> Downloader.Small.dxm : Cleaned with backup (quarantined).
[652] c:\windows\system32\ldcore.dll -> Downloader.Small.dxm : Cleaned with backup (quarantined).
[664] c:\windows\system32\ldcore.dll -> Downloader.Small.dxm : Cleaned with backup (quarantined).
[816] c:\windows\system32\ldcore.dll -> Downloader.Small.dxm : Cleaned with backup (quarantined).
[900] c:\windows\system32\ldcore.dll -> Downloader.Small.dxm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP530\A0061436.exe -> Downloader.Tibs.if : Cleaned with backup (quarantined).
C:\WINDOWS\px5.exe -> Downloader.Tibs.if : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun11.exe -> Dropper.Agent.ata : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun19.exe -> Dropper.Agent.ata : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun22.exe -> Dropper.Agent.ata : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2999553570-1447547685-617126753-1006\Dc131.exe -> Dropper.Agent.ata : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun1.exe -> Dropper.Agent.atm : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun7.exe -> Dropper.Agent.atm : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun1.exe -> Dropper.Agent.atm : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun12.exe -> Dropper.Agent.atm : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun13.exe -> Dropper.Agent.atm : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun16.exe -> Dropper.Agent.atm : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun18.exe -> Dropper.Agent.atm : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun2.exe -> Dropper.Agent.atm : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun6.exe -> Dropper.Agent.hl : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun10.exe -> Dropper.Agent.hl : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun11.exe -> Dropper.Agent.hl : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun10.exe -> Dropper.Agent.mu : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun20.exe -> Dropper.Agent.mu : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun2.exe -> Hijacker.IntelliAdvert : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun3.exe -> Hijacker.IntelliAdvert : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun12.exe -> Logger.Agent.io : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun21.exe -> Logger.Agent.io : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun24.exe -> Logger.Agent.io : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE083} -> Logger.Agent.io : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE083} -> Logger.Agent.io : Cleaned with backup (quarantined).
HKU\S-1-5-21-2999553570-1447547685-617126753-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{06849E9F-C8D7-4D59-B87D-784B7D6BE083} -> Logger.Agent.io : Cleaned with backup (quarantined).
C:\WINDOWS\vmmlog32.dll -> Rootkit.Agent.cg : Cleaned with backup (quarantined).
:mozilla.13:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.15:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.16:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.17:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.18:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.19:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.20:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.21:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.22:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.24:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.25:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.291:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.238:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.239:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.240:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.241:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.242:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.243:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.216:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.217:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.45:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.46:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.47:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.50:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.58:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\RECYCLER\S-1-5-21-2999553570-1447547685-617126753-1006\Dc451.txt -> TrackingCookie.Advertising : Cleaned.
C:\RECYCLER\S-1-5-21-2999553570-1447547685-617126753-1006\Dc501.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.7:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Tasha\Cookies\tasha@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
C:\RECYCLER\S-1-5-21-2999553570-1447547685-617126753-1006\Dc719.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.183:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.184:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.185:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.175:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.176:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.177:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.178:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.179:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.236:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.232:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\RECYCLER\S-1-5-21-2999553570-1447547685-617126753-1006\Dc739.txt -> TrackingCookie.Com : Cleaned.
:mozilla.109:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.12:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\RECYCLER\S-1-5-21-2999553570-1447547685-617126753-1006\Dc750.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\RECYCLER\S-1-5-21-2999553570-1447547685-617126753-1006\Dc751.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.292:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.293:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.294:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
C:\RECYCLER\S-1-5-21-2999553570-1447547685-617126753-1006\Dc452.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.90:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.91:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.237:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.168:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.261:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.262:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.263:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.264:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.296:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.297:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.336:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.78:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.106:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.107:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.108:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.258:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.100:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.101:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.102:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.98:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.99:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.213:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.214:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.215:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.37:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.38:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.39:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.40:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.180:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.181:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.309:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.310:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.311:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.312:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.313:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.171:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.172:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.173:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\RECYCLER\S-1-5-21-2999553570-1447547685-617126753-1006\Dc628.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.193:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.194:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.195:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.196:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.197:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.198:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.199:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.200:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.10:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.11:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.27:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.8:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.9:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.191:C:\Documents and Settings\Tasha\Application Data\Mozilla\Firefox\Profiles\hhklrzln.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\LocalService\Local Settings\Temp\DXC8.x.exe -> Trojan.Kolweb.b : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temp\TISED001.exe -> Trojan.Kolweb.b : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temp\eltfuntarg.exe -> Trojan.Kolweb.b : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temp\mmxp2passion.exe -> Trojan.Kolweb.b : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temp\sc.exe -> Trojan.Kolweb.b : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\DXC8.x.exe -> Trojan.Kolweb.b : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\TISED001.exe -> Trojan.Kolweb.b : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\eltfuntarg.exe -> Trojan.Kolweb.b : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\mmxp2passion.exe -> Trojan.Kolweb.b : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\sc.exe -> Trojan.Kolweb.b : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2999553570-1447547685-617126753-1006\Dc28.tmp -> Trojan.Kolweb.b : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2999553570-1447547685-617126753-1006\Dc29.tmp -> Trojan.Kolweb.b : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\durvil1.dll -> Trojan.Kolweb.b : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\durvil1.exe -> Trojan.Kolweb.b : Cleaned with backup (quarantined).


::Report end

#8 TravelingTasha

TravelingTasha
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 02 November 2006 - 11:54 PM

I couldn't find Ares to erase. I thought I did that a long time ago. There is a music folder called ares. I deleted Limewire. Also, when I go to click on anything on the control panel it gives me this error message: "Windows cannot find 'C:\WINDOWS\system32\rundll32.exe.' Make sure you typed the name coorectly, and then try again. To search for a file, click the Start button, and then click Search." I deleted some files from the System32 folder a few days ago because they said that they were all created on the same couple of days in October and they were all random letters.dll. I'm afraid I deleted something important. Is that what this error message is indicating or is that something that the virus could be causing?

Here's the Hijack log:

Logfile of HijackThis v1.99.1
Scan saved at 10:47:50 PM, on 11/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\keyhook.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Nikon\NkView\EvLstnr.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\WINDOWS\SYSTEM32\sistray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Tasha\Desktop\Bleep.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\4144\SiteAdv.dll
O2 - BHO: (no name) - {3F508AB1-6BBA-C983-6D11-032A0C7AF158} - (no file)
O2 - BHO: (no name) - {40A2988E-C954-4DDE-BD08-453191805BB9} - C:\WINDOWS\SYSTEM32\durvil1.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: (no name) - {850A05DF-D9D2-4224-9D20-0DD648B16B99} - (no file)
O2 - BHO: (no name) - {96318668-C1A8-4641-94C3-918F7CBA9F47} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\4144\SiteAdv.dll
O3 - Toolbar: Happytofind Toolbar - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - C:\WINDOWS\system32\gtool.dll (file missing)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [EVENTLISTENER] C:\Program Files\Nikon\NkView\EvLstnr.exe
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [qykcscn.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\qykcscn.dll,ztrtgce
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\system32\kernels8.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\SYSTEM32\sistray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Happytofind Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINDOWS\system32\gtool.dll (file missing)
O9 - Extra 'Tools' menuitem: Happytofind Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINDOWS\system32\gtool.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.hotmail.com
O15 - Trusted Zone: http://www.jayloden.com
O15 - Trusted Zone: http://*.jayloden.com
O15 - Trusted Zone: http://loginnet.passport.com
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\4144\SiteAdv.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL c:\windows\system32\ldcore.dll
O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

#9 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:07:12 AM

Posted 03 November 2006 - 09:28 AM

Please click here http://www.majorgeeks.com/Sun_Java_Runtime...ment_d4648.html to download the latest version of JAVA Install the application, then go to the Add/Remove Programs options in the Control Panel and Remove ALL previous versions of JAVA.
======================
Add remove programs – remove Viewpoint

======================
You may want to print this or save it to notepad as we will go to safe mode.

Fix these with HiJackThis – mark them, close IE, click fix checked

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,

O2 - BHO: (no name) - {3F508AB1-6BBA-C983-6D11-032A0C7AF158} - (no file)

O2 - BHO: (no name) - {40A2988E-C954-4DDE-BD08-453191805BB9} - C:\WINDOWS\SYSTEM32\durvil1.dll (file missing)

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

O2 - BHO: (no name) - {850A05DF-D9D2-4224-9D20-0DD648B16B99} - (no file)

O2 - BHO: (no name) - {96318668-C1A8-4641-94C3-918F7CBA9F47} - (no file)

O3 - Toolbar: Happytofind Toolbar - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - C:\WINDOWS\system32\gtool.dll (file missing)

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 –u

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k

O4 - HKLM\..\Run: [qykcscn.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\qykcscn.dll,ztrtgce

O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\system32\kernels8.exe

O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" –h

O9 - Extra button: Happytofind Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINDOWS\system32\gtool.dll (file missing)

O9 - Extra 'Tools' menuitem: Happytofind Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINDOWS\system32\gtool.dll (file missing)

O15 - Trusted Zone: http://*.hotmail.com

O15 - Trusted Zone: http://www.jayloden.com

O15 - Trusted Zone: http://*.jayloden.com

O15 - Trusted Zone: http://loginnet.passport.com

O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll

DownLoad http://www.downloads.subratam.org/KillBox.zip or
http://www.thespykiller.co.uk/files/killbox.exe

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\WINDOWS\system32\rpcc.dll
C:\WINDOWS\system32\ntos.exe
C:\Program Files\Viewpoint
C:\WINDOWS\system32\qykcscn.dll
C:\WINDOWS\system32\kernels8.exe
C:\Program Files\Ares

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Not all temp files will delete and that is normal
Empty the recycle bin
Boot and post a new log from normal NOT safe mode

Please give feedback on what worked/didn’t work and the current status of your system
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#10 TravelingTasha

TravelingTasha
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 09 November 2006 - 08:48 PM

Thank you for all of your help. I still am having a problems though. I still have vundo.dll and I still can't get into add/remove programs or anything on the control panel. It says that it can't find rundll.exe. I think I'm just going to wipe my computer. Thank you though.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users