Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Apparent Virtumonde variant - removal tool finds/removes nothing [RESO


  • This topic is locked This topic is locked

#1
Lyssia

Lyssia

    Member

  • Member
  • PipPip
  • 19 posts
I have run all the specified scans, updated Windows, etc. I am still getting positives on Panda Scan and the rest. I am also getting periodic warnings from AVG when opening Internet Explorer and getting popup advertisements. Scans are specifying Virtumonde, but the removal tool does not find anything or fix anything. Any help would be greatly appreciated!

My scan logs are as follows:

Malwarbites Anti-Malware:

Malwarebytes' Anti-Malware 1.19
Database version: 907
Windows 5.1.2600 Service Pack 2

9:09:18 PM 6/30/2008
mbam-log-6-30-2008 (21-09-10).txt

Scan type: Quick Scan
Objects scanned: 40142
Time elapsed: 10 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



Super AntiSpyware:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/01/2008 at 01:09 AM

Application Version : 4.15.1000

Core Rules Database Version : 3493
Trace Rules Database Version: 1484

Scan type : Complete Scan
Total Scan Time : 03:58:22

Memory items scanned : 168
Memory threats detected : 0
Registry items scanned : 8283
Registry threats detected : 0
File items scanned : 107563
File threats detected : 0

Adware.Tracking Cookie
.atdmt.com [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
.adrevolver.com [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
.doubleclick.net [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
.adrevolver.com [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
.adrevolver.com [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
.adrevolver.com [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
media.adrevolver.com [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
media.adrevolver.com [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
media.adrevolver.com [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
media.adrevolver.com [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
.tribalfusion.com [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
.dynamic.media.adrevolver.com [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
ad.yieldmanager.com [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
ad.yieldmanager.com [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
ad.yieldmanager.com [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
ad.yieldmanager.com [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
.dynamic.media.adrevolver.com [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
.fastclick.net [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
.fastclick.net [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
.advertising.com [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
.advertising.com [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
.advertising.com [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
.advertising.com [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
.advertising.com [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
.apmebf.com [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
.ads.pointroll.com [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
.ads.pointroll.com [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
.ads.pointroll.com [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
.ads.pointroll.com [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
.ads.pointroll.com [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
.ads.pointroll.com [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
.ads.pointroll.com [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
.ads.pointroll.com [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
.sonyonlineentertainment.112.2o7.net [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
.cgm.adbureau.net [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
.cgm.adbureau.net [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
.cgm.adbureau.net [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
.cgm.adbureau.net [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
.cgm.adbureau.net [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
.cgm.adbureau.net [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
.media6degrees.com [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
server.cpmstar.com [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
.insightexpressai.com [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
.insightexpressai.com [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
.insightexpressai.com [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
.insightexpressai.com [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
.insightexpressai.com [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
.insightexpressai.com [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
.insightexpressai.com [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
.insightexpressai.com [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
.insightexpressai.com [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
.insightexpressai.com [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
.insightexpressai.com [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
.insightexpressai.com [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
.insightexpressai.com [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
.insightexpressai.com [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
.insightexpressai.com [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
.insightexpressai.com [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
.insightexpressai.com [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
.insightexpressai.com [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
.insightexpressai.com [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
.insightexpressai.com [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
.insightexpressai.com [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
.insightexpressai.com [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
.insightexpressai.com [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
.insightexpressai.com [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
.insightexpressai.com [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
.insightexpressai.com [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
.insightexpressai.com [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
.insightexpressai.com [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
.insightexpressai.com [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
.specificclick.net [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
.adopt.specificclick.net [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
.specificclick.net [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
.specificclick.net [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
.specificclick.net [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
.specificclick.net [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
.specificclick.net [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
.specificclick.net [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
.atwola.com [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
tremor.adbureau.net [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
.tremor.adbureau.net [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
.interclick.com [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
.adlegend.com [ C:\Program Files\Sony\Everquest II\mozilla\cookies.txt ]
media.adrevolver.com [ C:\Program Files\Sony\Everquest II\TestServer\mozilla\cookies.txt ]
.adrevolver.com [ C:\Program Files\Sony\Everquest II\TestServer\mozilla\cookies.txt ]
.adrevolver.com [ C:\Program Files\Sony\Everquest II\TestServer\mozilla\cookies.txt ]
.adrevolver.com [ C:\Program Files\Sony\Everquest II\TestServer\mozilla\cookies.txt ]
.adrevolver.com [ C:\Program Files\Sony\Everquest II\TestServer\mozilla\cookies.txt ]
.dynamic.media.adrevolver.com [ C:\Program Files\Sony\Everquest II\TestServer\mozilla\cookies.txt ]
.dynamic.media.adrevolver.com [ C:\Program Files\Sony\Everquest II\TestServer\mozilla\cookies.txt ]
media.adrevolver.com [ C:\Program Files\Sony\Everquest II\TestServer\mozilla\cookies.txt ]
media.adrevolver.com [ C:\Program Files\Sony\Everquest II\TestServer\mozilla\cookies.txt ]
media.adrevolver.com [ C:\Program Files\Sony\Everquest II\TestServer\mozilla\cookies.txt ]
.atdmt.com [ C:\Program Files\Sony\Everquest II\TestServer\mozilla\cookies.txt ]
.tribalfusion.com [ C:\Program Files\Sony\Everquest II\TestServer\mozilla\cookies.txt ]
.doubleclick.net [ C:\Program Files\Sony\Everquest II\TestServer\mozilla\cookies.txt ]
tremor.adbureau.net [ C:\Program Files\Sony\Everquest II\TestServer\mozilla\cookies.txt ]
.cgm.adbureau.net [ C:\Program Files\Sony\Everquest II\TestServer\mozilla\cookies.txt ]
.tremor.adbureau.net [ C:\Program Files\Sony\Everquest II\TestServer\mozilla\cookies.txt ]
.cgm.adbureau.net [ C:\Program Files\Sony\Everquest II\TestServer\mozilla\cookies.txt ]
.cgm.adbureau.net [ C:\Program Files\Sony\Everquest II\TestServer\mozilla\cookies.txt ]
.tremor.adbureau.net [ C:\Program Files\Sony\Everquest II\TestServer\mozilla\cookies.txt ]
.advertising.com [ C:\Program Files\Sony\Everquest II\TestServer\mozilla\cookies.txt ]
.advertising.com [ C:\Program Files\Sony\Everquest II\TestServer\mozilla\cookies.txt ]
.advertising.com [ C:\Program Files\Sony\Everquest II\TestServer\mozilla\cookies.txt ]
.advertising.com [ C:\Program Files\Sony\Everquest II\TestServer\mozilla\cookies.txt ]
.apmebf.com [ C:\Program Files\Sony\Everquest II\TestServer\mozilla\cookies.txt ]
.sonyonlineentertainment.112.2o7.net [ C:\Program Files\Sony\Everquest II\TestServer\mozilla\cookies.txt ]
.adopt.specificclick.net [ C:\Program Files\Sony\Everquest II\TestServer\mozilla\cookies.txt ]
.specificclick.net [ C:\Program Files\Sony\Everquest II\TestServer\mozilla\cookies.txt ]
.specificclick.net [ C:\Program Files\Sony\Everquest II\TestServer\mozilla\cookies.txt ]
.specificclick.net [ C:\Program Files\Sony\Everquest II\TestServer\mozilla\cookies.txt ]
.specificclick.net [ C:\Program Files\Sony\Everquest II\TestServer\mozilla\cookies.txt ]
.specificclick.net [ C:\Program Files\Sony\Everquest II\TestServer\mozilla\cookies.txt ]
.specificclick.net [ C:\Program Files\Sony\Everquest II\TestServer\mozilla\cookies.txt ]
.specificclick.net [ C:\Program Files\Sony\Everquest II\TestServer\mozilla\cookies.txt ]
.ads.pointroll.com [ C:\Program Files\Sony\Everquest II\TestServer\mozilla\cookies.txt ]
.ads.pointroll.com [ C:\Program Files\Sony\Everquest II\TestServer\mozilla\cookies.txt ]
.ads.pointroll.com [ C:\Program Files\Sony\Everquest II\TestServer\mozilla\cookies.txt ]
.insightexpressai.com [ C:\Program Files\Sony\Everquest II\TestServer\mozilla\cookies.txt ]
.insightexpressai.com [ C:\Program Files\Sony\Everquest II\TestServer\mozilla\cookies.txt ]

(all cookies removed)

Panda ActiveScan:

;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-07-01 09:57:13
PROTECTIONS: 1
MALWARE: 3
SUSPECTS: 1
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
AVG Anti-Virus Free 8.0 Yes Yes
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00139535 Application/Processor HackTools No 0 No No C:\Documents and Settings\Owner\Desktop\VirtumundoBeGone.exe[]
00139535 Application/Processor HackTools No 0 Yes No C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\nsj77.tmp
00519333 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Owner\Desktop\VirtumundoBeGone.exe
03162636 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP3\A0000072.dll
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location
;===============================================================================
=================================================================================
===================
No C:\WINDOWS\SYSTEM32\VMNANQ.DLL
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================


HiJack This:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:19:23 AM, on 7/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\BigFix\BigFix.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\Ahead\Nero\nero.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: {d11d39ab-b444-da6b-3ac4-fb1b42839f02} - {20f93824-b1bf-4ca3-b6ad-444bba93d11d} - C:\WINDOWS\system32\vmnanq.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: RefresherBand Class - {B24BA06E-FB7B-4757-95C2-DC01125F750E} - C:\PROGRA~1\YREFRE~1\YREFRE~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O15 - Trusted Zone: http://www.bluemountain.com
O16 - DPF: 89F5242A-1C1E-4AA9-ACB4-9DCBD93F9927 - https://set2.mqconf....cmW32client.cab
O16 - DPF: {264AED84-12F1-4CA1-8AA7-EB939AE58D8D} (STCWeb Control) - https://webvpn.speec...ries/stcweb.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish...fishActivia.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - http://h30155.www3.h...nosticsxp2k.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1186624079826
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.c...loadControl.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LWWLicenseService - WoltersKluwerLWW - C:\Program Files\Common Files\WoltersKluwerLWW Shared\Service\LWWLicenseService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Cisco Systems, Inc. STC Agent (STCAgent) - Unknown owner - C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe (file missing)

--
End of file - 11002 bytes
  • 0

Advertisements


#2
Lyssia

Lyssia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
After reading a few other posts by people that appear to be having the same problem I am, I decided to be proactive. I've downloaded Runscanner and ran the program. I would like to attach the zipped .run file but the size is 132 mb and I am limited to 100 mb attachments. :)
  • 0

#3
Lyssia

Lyssia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Issue has been resolved. Please close this thread. Thanks!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP