Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Virus/vundo?


  • This topic is locked This topic is locked
8 replies to this topic

#1 GrlRacer

GrlRacer

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bronx, NY
  • Local time:01:41 AM

Posted 07 July 2007 - 02:11 PM

Hi,

Please help me!
I have some problems on my other computer. I have Norton that detected a trojan virus Vundo and it cannot access the file. I downloaded Hijackthis and this is what I got in the scan:

StartupList report, 7/7/2007, 2:41:02 PM
StartupList version: 1.52.2
Started from : C:\Program Files\Trend
Micro\HijackThis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.16473)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec
Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec
Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec
Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec
Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec
Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common
Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program
Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common
Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft
Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton
AntiVirus\navapsvc.exe
C:\Program Files\Common Files\New
Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Common Files\Symantec
Shared\ccApp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Common
Files\AOL\1146709668\ee\AOLSoftware.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common
Files\Real\Update_OB\realsched.exe
C:\Program Files\Viewpoint\Viewpoint
Manager\ViewMgr.exe
C:\windows\system32\prmrsr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\200777135858_mcinfo.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program
Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program
Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\NETGEAR\WG111 Configuration
Utility\WG111CFG.exe
C:\Program Files\WinZip\WZQKPICK.EXE
c:\program files\common
files\aol\1146709668\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP
Scheduler.exe
c:\program files\common
files\aol\1146709668\ee\aolsoftware.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
c:\program files\aim6\anotify.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Messenger\msmsgs.exe
c:\program files\common
files\aol\1146709668\ee\anotify.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start
Menu\Programs\Startup]
Adobe Gamma Loader.lnk = C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
Adobe Reader Speed Launch.lnk = C:\Program
Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Smart Wizard Wireless Settings.lnk = ?
WinZip Quick Pick.lnk = C:\Program
Files\WinZip\WZQKPICK.EXE

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SunKistEM = C:\Program Files\Digital Media
Reader\shwiconem.exe
(Default) =
ccApp = "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
RemoteControl = "C:\Program
Files\CyberLink\PowerDVD\PDVDServ.exe"
VTTimer = VTTimer.exe
VTTrayp = VTtrayp.exe
HostManager = C:\Program Files\Common
Files\AOL\1146709668\ee\AOLSoftware.exe
SoundMan = SOUNDMAN.EXE
AVG7_CC = C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
Pure Networks Port Magic =
"C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
Symantec NetDriver Monitor =
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
TkBellExe = "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
PermissionResearch = c:\windows\system32\prmrsr.exe
-boot
AOLDialer = C:\Program Files\Common
Files\AOL\ACS\AOLDial.exe
QuickTime Task = "C:\Program
Files\QuickTime\qttask.exe" -atboottime
iTunesHelper = "C:\Program
Files\iTunes\iTunesHelper.exe"
SunJavaUpdateSched = "C:\Program
Files\Java\jre1.6.0_01\bin\jusched.exe"
msci =
C:\DOCUME~1\Owner\LOCALS~1\Temp\200777135858_mcinfo.exe
/insfin

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Yahoo! Pager =
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
Creative Detector = C:\Program
Files\Creative\MediaSource\Detector\CTDetect.exe /R
Spyware Doctor = "C:\Program Files\Spyware
Doctor\swdoctor.exe" /Q
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
Aim6 = "C:\Program Files\AIM6\aim6.exe" /d
locale=en-US ee://aol/imApp
swg = C:\Program
Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
updateMgr = "C:\Program Files\Adobe\Acrobat
7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot
1
BitTorrent = "C:\Program
Files\BitTorrent\bittorrent.exe"
--force_start_minimized
AOL Fast Start = "C:\Program Files\America Online
9.0\AOL.EXE" -b

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\system32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

IE7Pro - C:\Program Files\IE7Pro\IE7Pro.dll -
{00011268-E188-40DF-A514-835FCD78B1BF}
(no name) - C:\Program
Files\Yahoo!\Companion\Installs\cpn\yt.dll -
{02478D38-C3F9-4EFB-9B51-7695ECA05670}
(no name) - C:\Program Files\Adobe\Acrobat
7.0\ActiveX\AcroIEHelper.dll -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\WINDOWS\system32\mciseq32.dll (file
missing) - {0F02A6D1-E028-4A02-ADA7-4B7DD6F738AD}
(no name) - C:\Program Files\Yahoo!\Common\yiesrvc.dll
- {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
(no name) - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll -
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}
(no name) - C:\WINDOWS\system32\awvvt.dll (file
missing) - {6C9B172B-5BC2-4051-9868-2C441F695A08}
(no name) - C:\Program
Files\Java\jre1.6.0_01\bin\ssv.dll -
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - C:\Program Files\Common Files\Symantec
Shared\AdBlocking\NISShExt.dll -
{9ECB9560-04F9-4bbc-943D-298DDF1699E1}
(no name) - c:\program files\google\googletoolbar3.dll
- {AA58ED58-01DD-4d91-8333-CF10577473F7}
(no name) - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll -
{B56A7D7D-6927-48C8-A975-17DF180C71AC}
(no name) - C:\Program Files\Norton Internet
Security\Norton AntiVirus\NavShExt.dll -
{BDF3E430-B101-42AD-A544-FADC6B084872}

--------------------------------------------------

Enumerating Task Scheduler jobs:

AppleSoftwareUpdate.job
LemonWire.job
Norton AntiVirus - Scan my computer - Owner.job

--------------------------------------------------

Enumerating Download Program Files:

[Microsoft VM]
CODEBASE =
http://jetty-help.nuphone.afford.com/Collab/msjavx86.exe

[Shockwave ActiveX Control]
InProcServer32 =
C:\WINDOWS\system32\macromed\Director\SwDir.dll
CODEBASE =
http://download.macromedia.com/pub/shockwa...director/sw.cab

[YInstStarter Class]
InProcServer32 = C:\Program
Files\Yahoo!\Common\yinsthelper.dll
CODEBASE = C:\Program
Files\Yahoo!\Common\yinsthelper.dll

[{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}]
CODEBASE =
http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

[Slide Image Uploader Control]
InProcServer32 = C:\WINDOWS\Downloaded Program
Files\ImageUploader3.ocx
CODEBASE =
http://www.slide.com/uploader/SlideImageUploader.cab

[{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}]
CODEBASE =
http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations:
C:\DOCUME~1\Owner\LOCALS~1\Temp\20077713592_mcappins.exe||C:\WINDOWS\system32\nsosscfg.exe


--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
WPDShServiceObj:
C:\WINDOWS\system32\WPDShServiceObj.dll

--------------------------------------------------
End of report, 10,537 bytes
Report generated in 0.235 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and
unsuspicious data
/full - to include several rarely-important
sections
/force9x - to include Win9x-only startups even if
running on WinNT
/forcent - to include WinNT-only startups even if
running on Win9x
/forceall - to include all Win9x and WinNT
startups, regardless of platform
/history - to list version history only

BC AdBot (Login to Remove)

 


#2 didom

didom

  • Members
  • 1,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:41 AM

Posted 09 July 2007 - 04:56 AM

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log (not a startuplist!).


#3 GrlRacer

GrlRacer
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bronx, NY
  • Local time:01:41 AM

Posted 09 July 2007 - 08:57 PM

I did all of the steps requested in the starting topic...AdAware, Bit Defender, and even Spybot.

I am posting a new Hijackthis log but now Norton tells me a new virus found on my computer:

c:\windows\system32\gmcbftod.exe (TROJAN HORSE)

No Vundo files found now


What should I do now?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:38:35 PM, on 7/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Common Files\AOL\1146709668\ee\AOLSoftware.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\200777135858_mcinfo.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
c:\program files\common files\aol\1146709668\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1146709668\ee\aolsoftware.exe
C:\Program Files\America Online 9.0\shellmon.exe
c:\program files\common files\aol\1146709668\ee\anotify.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
c:\program files\softwin\bitdefender8\bdmcon.exe
C:\Program Files\Softwin\BitDefender8\vsserv.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 168.94.74.68:8080
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: comments (such as these) may be inserted on individual
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7Pro\IE7Pro.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0F02A6D1-E028-4A02-ADA7-4B7DD6F738AD} - C:\WINDOWS\system32\mciseq32.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {6C9B172B-5BC2-4051-9868-2C441F695A08} - C:\WINDOWS\system32\awvvt.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1146709668\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PermissionResearch] c:\windows\system32\prmrsr.exe -boot
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\Owner\LOCALS~1\Temp\200777135858_mcinfo.exe /insfin
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - http://jetty-help.nuphone.afford.com/Collab/msjavx86.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O20 - AppInit_DLLs: sockspy.dll
O20 - Winlogon Notify: wintdg32 - wintdg32.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender8\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 17281 bytes

#4 didom

didom

  • Members
  • 1,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:41 AM

Posted 10 July 2007 - 06:27 AM

Go to start > controlpanel > software > add/remove programs and uninstall next if present:

Ipwindows / ipwins
Oin
Outerinfo
Yazzle by Oin
YazzleActiveX By OIN
Purityscan by Oin
MediaTickets by OIN
Snowballwars by Oin
Cowabanga by OIN
or anything similar with Oin in it.


If OIN not listed, download and run this uninstaller.

Reboot when done! Really important!

Download Combofix to your desktop.
Doubleclick combofix.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.
Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.

#5 GrlRacer

GrlRacer
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bronx, NY
  • Local time:01:41 AM

Posted 10 July 2007 - 05:42 PM

When I went to start>control panel>, there was no
software tab. Nothing showing OIN and I even did a search. I tried to download the Uninstaller, but a popup said "my current security settings will not allow this download" so i proceeded onto the next step.

SIDEBAR: Before I post the logs, I have other issues going on with my son's computer. When Windows is loading, I am getting this message in a warning box:

WG111CFG

A sharing violation occurred while accessing about.rtf

What does that mean?

Also, after doing what you said to do, Norton is picking up this virus again like before and its showing as a Virus Alert:

Trojan Horse c:\windows\system32\gmebftod.exe
Access to the file was denied

Then I clicked OK and then it said the same as above but instead of access denied, it said:
Unable to repair this file.

I don't know what to do anymore! This is so frustrating since the computer is sooooooooooo slow to load anything right now.

Here are the logs:

Combofix Log:


"Owner" - 2007-07-10 17:12:48 - ComboFix 07-07-10.1 -
Service Pack 2


((((((((((((((((((((((((( Files Created from
2007-06-10 to 2007-07-10
)))))))))))))))))))))))))))))))


2007-07-10 15:48 51,200 --a------
C:\WINDOWS\nircmd.exe
2007-07-09 20:21 14 --a------
C:\DOCUME~1\Owner\getfile.dat
2007-07-07 17:34 <DIR> d--------
C:\WINDOWS\system32\ActiveScan
2007-07-07 16:58 14 --a------
C:\WINDOWS\system32\getfile.dat
2007-07-07 15:47 <DIR> d--------
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-07-07 15:46 <DIR> d-------- C:\Program
Files\Common Files\Wise Installation Wizard
2007-07-07 14:13 <DIR> d----c--- C:\VundoFix Backups
2007-07-07 14:08 <DIR> d-------- C:\Program
Files\Trend Micro
2007-07-07 12:56 53,248 --a------
C:\WINDOWS\system32\Process.exe
2007-07-07 12:56 51,200 --a------
C:\WINDOWS\system32\dumphive.exe
2007-07-07 12:56 288,417 --a------
C:\WINDOWS\system32\SrchSTS.exe
2007-07-07 12:56 <DIR> d--------
C:\DOCUME~1\Owner\SmitfraudFix
2007-06-28 18:52 <DIR> d-------- C:\Program
Files\Industrial Audio Software
2007-06-24 20:58 <DIR> d----c--- C:\Downloads
2007-06-24 20:58 <DIR> d--------
C:\DOCUME~1\Owner\APPLIC~1\Orbit
2007-06-24 20:54 <DIR> d--------
C:\DOCUME~1\Owner\dwhelper
2007-06-24 16:55 4,672 --a------
C:\WINDOWS\system32\gmebftod.exe
2007-06-16 15:37 <DIR> d-------- C:\Program
Files\IE7Pro
2007-06-16 15:37 <DIR> d--------
C:\DOCUME~1\Owner\APPLIC~1\IE7pro
2007-06-16 00:01 <DIR> d-------- C:\Program
Files\Neoretix
2007-06-10 16:51 <DIR> d-------- C:\Program
Files\DVDVIDEOSOFT
2007-06-10 16:25 <DIR> d--------
C:\DOCUME~1\Owner\APPLIC~1\BitTorrent
2007-06-10 16:22 <DIR> d-------- C:\Program
Files\BitTorrent


(((((((((((((((((((((((((((((((((((((((( Find3M
Report
))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-10 20:55:44 -------- d-----w C:\Program
Files\Common Files\Symantec Shared
2007-07-10 20:37:21 -------- d-----w C:\Program
Files\Norton Internet Security
2007-07-07 23:15:16 -------- d-----w C:\Program
Files\Messenger
2007-07-07 23:09:26 -------- d-----w C:\Program
Files\iTunes
2007-07-07 22:57:28 -------- d-----w C:\Program
Files\Digital Media Reader
2007-07-07 22:55:19 -------- d-----w C:\Program
Files\Common Files\Scanner
2007-07-07 22:53:08 -------- d-----w C:\Program
Files\Common Files\aolshare
2007-07-07 22:52:57 -------- d-----w C:\Program
Files\Common Files\AOL
2007-07-07 22:50:55 -------- d-----w C:\Program
Files\Bitcollider
2007-07-07 22:48:36 -------- d-----w C:\Program
Files\America Online 9.0
2007-07-07 22:48:16 -------- d-----w C:\Program
Files\AIM6
2007-07-07 21:43:14 -------- d-----w C:\Program
Files\Spyware Doctor
2007-07-07 21:42:53 -------- d-----w C:\Program
Files\QuickTime
2007-07-07 20:58:33 61,440 ----a-w
C:\WINDOWS\system32\sockspy.dll
2007-07-07 19:47:34 -------- d-----w C:\Program
Files\Lavasoft
2007-06-25 00:02:47 -------- d-----w
C:\DOCUME~1\Owner\APPLIC~1\Apple Computer
2007-06-04 19:18:48 9,344 ----a-w
C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 19:17:02 8,320 ----a-w
C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 19:14:56 6,272 ----a-w
C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-05-16 15:12:02 683,520 ----a-w
C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:15 144,896 ----a-w
C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w
C:\WINDOWS\system32\msi.dll
2007-04-17 02:47:36 33,624 ----a-w
C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54 1,710,936 ----a-w
C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w
C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w
C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w
C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w
C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w
C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w
C:\WINDOWS\system32\wups2.dll
2007-04-13 19:19:52 7,680 ----a-w
C:\WINDOWS\system32\lsdelete.exe


((((((((((((((((((((((((((((((((((((( Reg Loading
Points
))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not
shown

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{00011268-E188-40DF-A514-835FCD78B1BF}]
2007-06-22 18:08 1048576 --a------ C:\Program
Files\IE7Pro\IE7Pro.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
2006-04-17 19:37 438848 --a------ C:\Program
Files\Yahoo!\Companion\Installs\cpn\yt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-01-12 21:38 63128 --a------ C:\Program
Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{0F02A6D1-E028-4A02-ADA7-4B7DD6F738AD}]
C:\WINDOWS\system32\mciseq32.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
2006-01-06 12:52 181752 --a------ C:\Program
Files\Yahoo!\Common\yiesrvc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}]
2006-05-05 13:55 803048 --a------
C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{6C9B172B-5BC2-4051-9868-2C441F695A08}]
C:\WINDOWS\system32\awvvt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a------ C:\Program
Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{9ECB9560-04F9-4bbc-943D-298DDF1699E1}]
2004-08-30 22:29 103568 --a------ C:\Program
Files\Common Files\Symantec
Shared\AdBlocking\NISShExt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-01-20 00:55 2403392 -ra------ c:\program
files\google\googletoolbar3.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{B56A7D7D-6927-48C8-A975-17DF180C71AC}]
2006-05-05 13:56 839920 --a------
C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
2005-10-19 12:54 218736 --a------ C:\Program
Files\Norton Internet Security\Norton
AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunKistEM"="C:\Program Files\Digital Media
Reader\shwiconem.exe" [2004-11-15 18:04]
"@"="" []
"ccApp"="C:\Program Files\Common Files\Symantec
Shared\ccApp.exe" [2007-01-09 18:32]
"RemoteControl"="C:\Program
Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02
23:24]
"VTTimer"="VTTimer.exe" [2005-03-08 06:33
C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-03-11 20:33
C:\WINDOWS\system32\VTTrayp.exe]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"HostManager"="C:\Program Files\Common
Files\AOL\1146709668\ee\AOLSoftware.exe" [2006-09-25
20:52]
"SoundMan"="SOUNDMAN.EXE" [2003-12-09 14:17
C:\WINDOWS\SOUNDMAN.EXE]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe"
[2007-06-16 14:51]
"Pure Networks Port
Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe"
[2004-04-05 17:33]
"Symantec NetDriver
Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-04-21
13:35]
"TkBellExe"="C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" [2006-09-16 13:01]
"AOLDialer"="C:\Program Files\Common
Files\AOL\ACS\AOLDial.exe" [2006-10-23 08:50]
"QuickTime Task"="C:\Program
Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"iTunesHelper"="C:\Program
Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]
"SunJavaUpdateSched"="C:\Program
Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14
03:43]
"BDMCon"="C:\Program
Files\Softwin\BitDefender8\bdmcon.exe" [2007-07-07
16:58]
"BDNewsAgent"="C:\Program
Files\Softwin\BitDefender8\bdnagent.exe" [2005-05-09
12:19]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo!
Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe"
[2006-05-02 15:51]
"Creative Detector"="C:\Program
Files\Creative\MediaSource\Detector\CTDetect.exe"
[2004-12-02 18:23]
"Spyware Doctor"="C:\Program Files\Spyware
Doctor\swdoctor.exe" [2006-05-18 16:22]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
[2004-08-04 15:00]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27
17:17]
"swg"="C:\Program
Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe"
[2007-03-04 19:33]
"updateMgr"="C:\Program Files\Adobe\Acrobat
7.0\Reader\AdobeUpdateManager.exe" [2005-10-24 16:53]
"BitTorrent"="C:\Program
Files\BitTorrent\bittorrent.exe" []
"AOL Fast Start"="C:\Program Files\America Online
9.0\AOL.exe" [2005-07-25 22:30]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="C:\Program Files\Spyware
Doctor\swdoctor.exe" /Q

[HKEY_LOCAL_MACHINE\software\microsoft\windows
nt\currentversion\winlogon\notify\wintdg32]
wintdg32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows
nt\currentversion\windows]
"appinit_dlls"= sockspy.dll sockspy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

*Newly Created Service* - CATCHME
*Newly Created Service* - PCANDIS5

Contents of the 'Scheduled Tasks' folder
2007-07-10 01:04:07
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-07-10 20:13:21 C:\WINDOWS\tasks\LemonWire.job
2007-06-16 00:03:20 C:\WINDOWS\tasks\Norton AntiVirus
- Scan my computer - Owner.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by
Gmer, http://www.gmer.net
Rootkit scan 2007-07-10 17:24:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-10 17:26:56
C:\ComboFix-quarantined-files.txt ... 2007-07-10 17:26
C:\ComboFix2.txt ... 2007-07-10 16:46

--- E O F ---

HiJack This Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:09, on 2007-07-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec
Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec
Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec
Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec
Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec
Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common
Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program
Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common
Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft
Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton
AntiVirus\navapsvc.exe
C:\Program Files\Common Files\New
Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Softwin\BitDefender
Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan
Server\bdss.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Common Files\Symantec
Shared\ccApp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Common
Files\AOL\1146709668\ee\AOLSoftware.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Viewpoint\Viewpoint
Manager\ViewMgr.exe
C:\Program Files\Common
Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Softwin\BitDefender8\vsserv.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Softwin\BitDefender8\bdmcon.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\Program
Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program
Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\NETGEAR\WG111 Configuration
Utility\WG111CFG.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
c:\program files\common
files\aol\1146709668\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP
Scheduler.exe
c:\program files\common
files\aol\1146709668\ee\aolsoftware.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet
Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Bar =
http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet
Explorer\Main,Start Page = about:blank
R1 -
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = 168.94.74.68:8080
R3 - URLSearchHook: Yahoo! Toolbar -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program
Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IE7Pro -
{00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program
Files\IE7Pro\IE7Pro.dll
O2 - BHO: Yahoo! Toolbar Helper -
{02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program
Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) -
{0F02A6D1-E028-4A02-ADA7-4B7DD6F738AD} -
C:\WINDOWS\system32\mciseq32.dll (file missing)
O2 - BHO: Yahoo! IE Services Button -
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program
Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard -
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} -
C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) -
{6C9B172B-5BC2-4051-9868-2C441F695A08} -
C:\WINDOWS\system32\awvvt.dll (file missing)
O2 - BHO: SSVHelper Class -
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: CNisExtBho Class -
{9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program
Files\Common Files\Symantec
Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
files\google\googletoolbar3.dll
O2 - BHO: PCTools Browser Monitor -
{B56A7D7D-6927-48C8-A975-17DF180C71AC} -
C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: CNavExtBho Class -
{BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton Internet Security\Norton
AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security -
{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program
Files\Common Files\Symantec
Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus -
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program
Files\Norton Internet Security\Norton
AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) -
{4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: Yahoo! Toolbar -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program
Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google -
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital
Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common
Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program
Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [Recguard]
%WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program
Files\Common Files\AOL\1146709668\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Pure Networks Port Magic]
"C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common
Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program
Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program
Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program
Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKCU\..\Run: [Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Creative Detector] C:\Program
Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program
Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program
Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [swg] C:\Program
Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program
Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe"
AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [BitTorrent] "C:\Program
Files\BitTorrent\bittorrent.exe"
--force_start_minimized
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program
Files\America Online 9.0\AOL.EXE" -b
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run]
C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User
'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run]
C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User
'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run]
C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User
'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run]
C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User
'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk =
C:\Program Files\Common Files\Adobe\Calibration\Adobe
Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk =
C:\Program Files\Adobe\Acrobat
7.0\Reader\reader_sl.exe
O4 - Global Startup: Smart Wizard Wireless
Settings.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk =
C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar search -
res://C:\Program Files\AOL
Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search -
file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to AMV Convert
Tool... - C:\Program Files\MP3 Player Utilities
4.00\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager...
- C:\Program Files\MP3 Player Utilities
4.00\MediaManager\grab.html
O8 - Extra context menu item: E&xport to Microsoft
Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary -
file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps -
file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS -
file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: IE7Pro Preferences -
{0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program
Files\IE7Pro\IE7Pro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences -
{0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program
Files\IE7Pro\IE7Pro.dll
O9 - Extra button: (no name) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Spyware Doctor -
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -
C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar -
{4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar -
{4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Yahoo! Services -
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program
Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research -
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM -
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -
C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com -
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU -
{d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents
and Settings\Owner\Start Menu\Programs\IMVU\Run
IMVU.lnk (file missing)
O9 - Extra button: (no name) -
{e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500}
(Microsoft VM) -
http://jetty-help.nuphone.afford.com/Collab/msjavx86.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}
(YInstStarter Class) - C:\Program
Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741}
(Slide Image Uploader Control) -
http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1}
(ActiveScan Installer Class) -
http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -
http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O20 - AppInit_DLLs: sockspy.dll sockspy.dll
O20 - Winlogon Notify: wintdg32 - wintdg32.dll (file
missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) -
Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware
2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner -
C:\Program Files\Common Files\Adobe Systems
Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) -
AOL LLC - C:\Program Files\Common
Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL
TopSpeedMonitor) - America Online, Inc - C:\Program
Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Automatic LiveUpdate Scheduler -
Symantec Corporation - C:\Program
Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) -
GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) -
GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT,
s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BitDefender Scan Server (bdss) -
Unknown owner - C:\Program Files\Common
Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) -
Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) -
Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc)
- Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) -
Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access -
Creative Technology Ltd -
C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google
- C:\Program Files\Google\Common\Google
Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT)
- Macrovision Corporation - C:\Program Files\Common
Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation -
C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation -
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxcf_device - -
C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: Norton AntiVirus Auto-Protect Service
(navapsvc) - Symantec Corporation - C:\Program
Files\Norton Internet Security\Norton
AntiVirus\navapsvc.exe
O23 - Service: PrismXL - New Boundary Technologies,
Inc. - C:\Program Files\Common Files\New
Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation -
C:\Program Files\Norton Internet Security\Norton
AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) -
Symantec Corporation -
C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC
Tools Research Pty Ltd - C:\Program Files\Spyware
Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service
(SNDSrvc) - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint
Corporation - C:\Program
Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) -
SOFTWIN S.R.L. - C:\Program
Files\Softwin\BitDefender8\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) -
Softwin - C:\Program Files\Common
Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 16982 bytes

Edited by GrlRacer, 10 July 2007 - 05:53 PM.


#6 didom

didom

  • Members
  • 1,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:41 AM

Posted 11 July 2007 - 05:50 AM

I need you to post a new log single spaced as it makes things easier to read:

To remove the double spacing in your log, please do the following:
  • Please go to Start >> Run... and type notepad.exe
  • Hit OK.
  • Now go to Format and uncheck WordWrap.
  • Close Notepad.
  • Then post a new Combofix and HijackThis log.


#7 GrlRacer

GrlRacer
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bronx, NY
  • Local time:01:41 AM

Posted 11 July 2007 - 10:04 AM

Sorry about that!
Here it is again:

When I went to start>control panel>, there was no
software tab. Nothing showing OIN and I even did a search. I tried to download the Uninstaller, but a popup said "my current security settings will not allow this download" so i proceeded onto the next step.

SIDEBAR: Before I post the logs, I have other issues going on with my son's computer. When Windows is loading, I am getting this message in a warning box:

WG111CFG

A sharing violation occurred while accessing about.rtf

What does that mean?

Also, after doing what you said to do, Norton is picking up this virus again like before and its showing as a Virus Alert:

Trojan Horse c:\windows\system32\gmebftod.exe
Access to the file was denied

Then I clicked OK and then it said the same as above but instead of access denied, it said:
Unable to repair this file.

I don't know what to do anymore! This is so frustrating since the computer is sooooooooooo slow to load anything right now.





Combofix Log:

"Owner" - 2007-07-10 17:12:48 - ComboFix 07-07-10.1 -
Service Pack 2


((((((((((((((((((((((((( Files Created from
2007-06-10 to 2007-07-10
)))))))))))))))))))))))))))))))


2007-07-10 15:48 51,200 --a------
C:\WINDOWS\nircmd.exe

2007-07-09 20:21 14 --a------
C:\DOCUME~1\Owner\getfile.dat

2007-07-07 17:34 <DIR> d--------
C:\WINDOWS\system32\ActiveScan

2007-07-07 16:58 14 --a------
C:\WINDOWS\system32\getfile.dat

2007-07-07 15:47 <DIR> d--------
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft

2007-07-07 15:46 <DIR> d-------- C:\Program
Files\Common Files\Wise Installation Wizard

2007-07-07 14:13 <DIR> d----c--- C:\VundoFix Backups

2007-07-07 14:08 <DIR> d-------- C:\Program
Files\Trend Micro

2007-07-07 12:56 53,248 --a------
C:\WINDOWS\system32\Process.exe

2007-07-07 12:56 51,200 --a------
C:\WINDOWS\system32\dumphive.exe

2007-07-07 12:56 288,417 --a------
C:\WINDOWS\system32\SrchSTS.exe

2007-07-07 12:56 <DIR> d--------
C:\DOCUME~1\Owner\SmitfraudFix

2007-06-28 18:52 <DIR> d-------- C:\Program
Files\Industrial Audio Software

2007-06-24 20:58 <DIR> d----c--- C:\Downloads

2007-06-24 20:58 <DIR> d--------
C:\DOCUME~1\Owner\APPLIC~1\Orbit

2007-06-24 20:54 <DIR> d--------
C:\DOCUME~1\Owner\dwhelper

2007-06-24 16:55 4,672 --a------
C:\WINDOWS\system32\gmebftod.exe

2007-06-16 15:37 <DIR> d-------- C:\Program
Files\IE7Pro

2007-06-16 15:37 <DIR> d--------
C:\DOCUME~1\Owner\APPLIC~1\IE7pro

2007-06-16 00:01 <DIR> d-------- C:\Program
Files\Neoretix

2007-06-10 16:51 <DIR> d-------- C:\Program
Files\DVDVIDEOSOFT

2007-06-10 16:25 <DIR> d--------
C:\DOCUME~1\Owner\APPLIC~1\BitTorrent

2007-06-10 16:22 <DIR> d-------- C:\Program
Files\BitTorrent


(((((((((((((((((((((((((((((((((((((((( Find3M
Report
))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-10 20:55:44 -------- d-----w C:\Program
Files\Common Files\Symantec Shared

2007-07-10 20:37:21 -------- d-----w C:\Program
Files\Norton Internet Security

2007-07-07 23:15:16 -------- d-----w C:\Program
Files\Messenger

2007-07-07 23:09:26 -------- d-----w C:\Program
Files\iTunes

2007-07-07 22:57:28 -------- d-----w C:\Program
Files\Digital Media Reader

2007-07-07 22:55:19 -------- d-----w C:\Program
Files\Common Files\Scanner

2007-07-07 22:53:08 -------- d-----w C:\Program
Files\Common Files\aolshare

2007-07-07 22:52:57 -------- d-----w C:\Program
Files\Common Files\AOL

2007-07-07 22:50:55 -------- d-----w C:\Program
Files\Bitcollider

2007-07-07 22:48:36 -------- d-----w C:\Program
Files\America Online 9.0

2007-07-07 22:48:16 -------- d-----w C:\Program
Files\AIM6

2007-07-07 21:43:14 -------- d-----w C:\Program
Files\Spyware Doctor

2007-07-07 21:42:53 -------- d-----w C:\Program
Files\QuickTime

2007-07-07 20:58:33 61,440 ----a-w
C:\WINDOWS\system32\sockspy.dll

2007-07-07 19:47:34 -------- d-----w C:\Program
Files\Lavasoft

2007-06-25 00:02:47 -------- d-----w
C:\DOCUME~1\Owner\APPLIC~1\Apple Computer

2007-06-04 19:18:48 9,344 ----a-w
C:\WINDOWS\system32\drivers\NSDriver.sys

2007-06-04 19:17:02 8,320 ----a-w
C:\WINDOWS\system32\drivers\AWRTRD.sys

2007-06-04 19:14:56 6,272 ----a-w
C:\WINDOWS\system32\drivers\AWRTPD.sys

2007-05-16 15:12:02 683,520 ----a-w
C:\WINDOWS\system32\inetcomm.dll

2007-04-25 14:21:15 144,896 ----a-w
C:\WINDOWS\system32\schannel.dll

2007-04-18 16:12:23 2,854,400 ----a-w
C:\WINDOWS\system32\msi.dll

2007-04-17 02:47:36 33,624 ----a-w
C:\WINDOWS\system32\wups.dll

2007-04-17 02:45:54 1,710,936 ----a-w
C:\WINDOWS\system32\wuaueng.dll

2007-04-17 02:45:48 549,720 ----a-w
C:\WINDOWS\system32\wuapi.dll

2007-04-17 02:45:42 325,976 ----a-w
C:\WINDOWS\system32\wucltui.dll

2007-04-17 02:45:36 203,096 ----a-w
C:\WINDOWS\system32\wuweb.dll

2007-04-17 02:45:28 92,504 ----a-w
C:\WINDOWS\system32\cdm.dll

2007-04-17 02:45:20 53,080 ----a-w
C:\WINDOWS\system32\wuauclt.exe

2007-04-17 02:45:20 43,352 ----a-w
C:\WINDOWS\system32\wups2.dll

2007-04-13 19:19:52 7,680 ----a-w
C:\WINDOWS\system32\lsdelete.exe


((((((((((((((((((((((((((((((((((((( Reg Loading
Points
))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not
shown

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{00011268-E188-40DF-A514-835FCD78B1BF}]
2007-06-22 18:08 1048576 --a------ C:\Program
Files\IE7Pro\IE7Pro.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
2006-04-17 19:37 438848 --a------ C:\Program
Files\Yahoo!\Companion\Installs\cpn\yt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-01-12 21:38 63128 --a------ C:\Program
Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{0F02A6D1-E028-4A02-ADA7-4B7DD6F738AD}]
C:\WINDOWS\system32\mciseq32.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
2006-01-06 12:52 181752 --a------ C:\Program
Files\Yahoo!\Common\yiesrvc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}]
2006-05-05 13:55 803048 --a------
C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{6C9B172B-5BC2-4051-9868-2C441F695A08}]
C:\WINDOWS\system32\awvvt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a------ C:\Program
Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{9ECB9560-04F9-4bbc-943D-298DDF1699E1}]
2004-08-30 22:29 103568 --a------ C:\Program
Files\Common Files\Symantec
Shared\AdBlocking\NISShExt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-01-20 00:55 2403392 -ra------ c:\program
files\google\googletoolbar3.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{B56A7D7D-6927-48C8-A975-17DF180C71AC}]
2006-05-05 13:56 839920 --a------
C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper
Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
2005-10-19 12:54 218736 --a------ C:\Program
Files\Norton Internet Security\Norton
AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunKistEM"="C:\Program Files\Digital Media
Reader\shwiconem.exe" [2004-11-15 18:04]
"@"="" []
"ccApp"="C:\Program Files\Common Files\Symantec
Shared\ccApp.exe" [2007-01-09 18:32]
"RemoteControl"="C:\Program
Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02
23:24]
"VTTimer"="VTTimer.exe" [2005-03-08 06:33
C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-03-11 20:33
C:\WINDOWS\system32\VTTrayp.exe]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"HostManager"="C:\Program Files\Common
Files\AOL\1146709668\ee\AOLSoftware.exe" [2006-09-25
20:52]
"SoundMan"="SOUNDMAN.EXE" [2003-12-09 14:17
C:\WINDOWS\SOUNDMAN.EXE]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe"
[2007-06-16 14:51]
"Pure Networks Port
Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe"
[2004-04-05 17:33]
"Symantec NetDriver
Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-04-21
13:35]
"TkBellExe"="C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" [2006-09-16 13:01]
"AOLDialer"="C:\Program Files\Common
Files\AOL\ACS\AOLDial.exe" [2006-10-23 08:50]
"QuickTime Task"="C:\Program
Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"iTunesHelper"="C:\Program
Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]
"SunJavaUpdateSched"="C:\Program
Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14
03:43]
"BDMCon"="C:\Program
Files\Softwin\BitDefender8\bdmcon.exe" [2007-07-07
16:58]
"BDNewsAgent"="C:\Program
Files\Softwin\BitDefender8\bdnagent.exe" [2005-05-09
12:19]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo!
Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe"
[2006-05-02 15:51]
"Creative Detector"="C:\Program
Files\Creative\MediaSource\Detector\CTDetect.exe"
[2004-12-02 18:23]
"Spyware Doctor"="C:\Program Files\Spyware
Doctor\swdoctor.exe" [2006-05-18 16:22]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
[2004-08-04 15:00]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27
17:17]
"swg"="C:\Program
Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe"
[2007-03-04 19:33]
"updateMgr"="C:\Program Files\Adobe\Acrobat
7.0\Reader\AdobeUpdateManager.exe" [2005-10-24 16:53]
"BitTorrent"="C:\Program
Files\BitTorrent\bittorrent.exe" []
"AOL Fast Start"="C:\Program Files\America Online
9.0\AOL.exe" [2005-07-25 22:30]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="C:\Program Files\Spyware
Doctor\swdoctor.exe" /Q

[HKEY_LOCAL_MACHINE\software\microsoft\windows
nt\currentversion\winlogon\notify\wintdg32]
wintdg32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows
nt\currentversion\windows]
"appinit_dlls"= sockspy.dll sockspy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

*Newly Created Service* - CATCHME
*Newly Created Service* - PCANDIS5

Contents of the 'Scheduled Tasks' folder
2007-07-10 01:04:07
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-07-10 20:13:21 C:\WINDOWS\tasks\LemonWire.job
2007-06-16 00:03:20 C:\WINDOWS\tasks\Norton AntiVirus
- Scan my computer - Owner.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by
Gmer, http://www.gmer.net
Rootkit scan 2007-07-10 17:24:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-10 17:26:56
C:\ComboFix-quarantined-files.txt ... 2007-07-10 17:26
C:\ComboFix2.txt ... 2007-07-10 16:46

--- E O F ---

HiJack This Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:09, on 2007-07-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec
Shared\ccProxy.exe

C:\Program Files\Common Files\Symantec
Shared\ccSetMgr.exe

C:\Program Files\Norton Internet Security\ISSVC.exe

C:\Program Files\Common Files\Symantec
Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec
Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec
Shared\ccEvtMgr.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\Common
Files\AOL\TopSpeed\2.0\aoltsmon.exe

C:\Program
Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Common
Files\AOL\TopSpeed\2.0\aoltpspd.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\Program Files\Common Files\Microsoft
Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Norton Internet Security\Norton
AntiVirus\navapsvc.exe

C:\Program Files\Common Files\New
Boundary\PrismXL\PRISMXL.SYS

C:\Program Files\Spyware Doctor\sdhelp.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Common Files\Softwin\BitDefender
Communicator\xcommsvr.exe

C:\Program Files\Common Files\Softwin\BitDefender Scan
Server\bdss.exe

C:\Program Files\Digital Media Reader\shwiconem.exe

C:\Program Files\Common Files\Symantec
Shared\ccApp.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\Program Files\Common
Files\AOL\1146709668\ee\AOLSoftware.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\Viewpoint\Viewpoint
Manager\ViewMgr.exe

C:\Program Files\Common
Files\Real\Update_OB\realsched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Softwin\BitDefender8\vsserv.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\Program Files\Softwin\BitDefender8\bdmcon.exe

C:\Program Files\Softwin\BitDefender8\bdnagent.exe

C:\Program
Files\Creative\MediaSource\Detector\CTDetect.exe

C:\Program Files\Spyware Doctor\swdoctor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program
Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\America Online 9.0\waol.exe

C:\Program Files\AIM6\aolsoftware.exe

C:\Program Files\NETGEAR\WG111 Configuration
Utility\WG111CFG.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\iPod\bin\iPodService.exe

c:\program files\common
files\aol\1146709668\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP
Scheduler.exe

c:\program files\common
files\aol\1146709668\ee\aolsoftware.exe

C:\Program Files\America Online 9.0\shellmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\msiexec.exe

C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet
Explorer\Main,Start Page = http://www.myspace.com/

R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Bar =
http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet
Explorer\Main,Start Page = about:blank

R1 -
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = 168.94.74.68:8080

R3 - URLSearchHook: Yahoo! Toolbar -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program
Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: IE7Pro -
{00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program
Files\IE7Pro\IE7Pro.dll

O2 - BHO: Yahoo! Toolbar Helper -
{02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program
Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) -
{0F02A6D1-E028-4A02-ADA7-4B7DD6F738AD} -
C:\WINDOWS\system32\mciseq32.dll (file missing)

O2 - BHO: Yahoo! IE Services Button -
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program
Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: PCTools Site Guard -
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} -
C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll

O2 - BHO: (no name) -
{6C9B172B-5BC2-4051-9868-2C441F695A08} -
C:\WINDOWS\system32\awvvt.dll (file missing)

O2 - BHO: SSVHelper Class -
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: CNisExtBho Class -
{9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program
Files\Common Files\Symantec
Shared\AdBlocking\NISShExt.dll

O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
files\google\googletoolbar3.dll

O2 - BHO: PCTools Browser Monitor -
{B56A7D7D-6927-48C8-A975-17DF180C71AC} -
C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O2 - BHO: CNavExtBho Class -
{BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton Internet Security\Norton
AntiVirus\NavShExt.dll

O3 - Toolbar: Norton Internet Security -
{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program
Files\Common Files\Symantec
Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus -
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program
Files\Norton Internet Security\Norton
AntiVirus\NavShExt.dll

O3 - Toolbar: (no name) -
{4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)

O3 - Toolbar: Yahoo! Toolbar -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program
Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google -
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar3.dll

O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital
Media Reader\shwiconem.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common
Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Program
Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [Recguard]
%WINDIR%\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [HostManager] C:\Program

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [Pure Networks Port Magic]
"C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run

O4 - HKLM\..\Run: [Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common
Files\AOL\ACS\AOLDial.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program
Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [BDMCon] "C:\Program
Files\Softwin\BitDefender8\bdmcon.exe"

O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program
Files\Softwin\BitDefender8\bdnagent.exe"

O4 - HKCU\..\Run: [Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

O4 - HKCU\..\Run: [Creative Detector] C:\Program
Files\Creative\MediaSource\Detector\CTDetect.exe /R

O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program
Files\Spyware Doctor\swdoctor.exe" /Q

O4 - HKCU\..\Run: [ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Aim6] "C:\Program
Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

O4 - HKCU\..\Run: [swg] C:\Program
Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Program
Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe"
AcRdB7_0_7 -reboot 1

O4 - HKCU\..\Run: [BitTorrent] "C:\Program
Files\BitTorrent\bittorrent.exe"
--force_start_minimized

O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program
Files\America Online 9.0\AOL.EXE" -b

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run]
C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User
'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run]
C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User
'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run]
C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User
'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run]
C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User
'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk =
C:\Program Files\Common Files\Adobe\Calibration\Adobe
Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk =
C:\Program Files\Adobe\Acrobat
7.0\Reader\reader_sl.exe

O4 - Global Startup: Smart Wizard Wireless
Settings.lnk = ?

O4 - Global Startup: WinZip Quick Pick.lnk =
C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: &AOL Toolbar search -
res://C:\Program Files\AOL
Toolbar\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: &Yahoo! Search -
file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Add to AMV Convert
Tool... - C:\Program Files\MP3 Player Utilities
4.00\AMVConverter\grab.html

O8 - Extra context menu item: Add to Media Manager...
- C:\Program Files\MP3 Player Utilities
4.00\MediaManager\grab.html

O8 - Extra context menu item: E&xport to Microsoft
Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Yahoo! &Dictionary -
file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps -
file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS -
file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O9 - Extra button: IE7Pro Preferences -
{0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program
Files\IE7Pro\IE7Pro.dll

O9 - Extra 'Tools' menuitem: IE7Pro Preferences -
{0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program
Files\IE7Pro\IE7Pro.dll

O9 - Extra button: (no name) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Spyware Doctor -
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -
C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: AOL Toolbar -
{4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)

O9 - Extra 'Tools' menuitem: AOL Toolbar -
{4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)

O9 - Extra button: Yahoo! Services -
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program
Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Research -
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM -
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -
C:\PROGRA~1\AIM\aim.exe

O9 - Extra button: Real.com -
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Run IMVU -
{d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents
and Settings\Owner\Start Menu\Programs\IMVU\Run
IMVU.lnk (file missing)

O9 - Extra button: (no name) -
{e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe

O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500}
(Microsoft VM) -
http://jetty-help.nuphone.afford.com/Collab/msjavx86.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}
(YInstStarter Class) - C:\Program
Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741}
(Slide Image Uploader Control) -
http://www.slide.com/uploader/SlideImageUploader.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1}
(ActiveScan Installer Class) -
http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -
http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab

O20 - AppInit_DLLs: sockspy.dll sockspy.dll

O20 - Winlogon Notify: wintdg32 - wintdg32.dll (file
missing)

O23 - Service: Ad-Aware 2007 Service (aawservice) -
Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware
2007\aawservice.exe

O23 - Service: Adobe LM Service - Unknown owner -
C:\Program Files\Common Files\Adobe Systems
Shared\Service\Adobelmsvc.exe

O23 - Service: AOL Connectivity Service (AOL ACS) -
AOL LLC - C:\Program Files\Common
Files\AOL\ACS\AOLAcsd.exe

O23 - Service: AOL TopSpeed Monitor (AOL
TopSpeedMonitor) - America Online, Inc - C:\Program
Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

O23 - Service: Automatic LiveUpdate Scheduler -
Symantec Corporation - C:\Program
Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) -
GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) -
GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT,
s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: BitDefender Scan Server (bdss) -
Unknown owner - C:\Program Files\Common
Files\Softwin\BitDefender Scan Server\bdss.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) -
Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) -
Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc)
- Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) -
Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Creative Service for CDROM Access -
Creative Technology Ltd -
C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: Google Updater Service (gusvc) - Google
- C:\Program Files\Google\Common\Google
Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT)
- Macrovision Corporation - C:\Program Files\Common
Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program
Files\iPod\bin\iPodService.exe

O23 - Service: ISSvc (ISSVC) - Symantec Corporation -
C:\Program Files\Norton Internet Security\ISSVC.exe

O23 - Service: LiveUpdate - Symantec Corporation -
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: lxcf_device - -
C:\WINDOWS\system32\lxcfcoms.exe

O23 - Service: Norton AntiVirus Auto-Protect Service
(navapsvc) - Symantec Corporation - C:\Program
Files\Norton Internet Security\Norton
AntiVirus\navapsvc.exe

O23 - Service: PrismXL - New Boundary Technologies,
Inc. - C:\Program Files\Common Files\New
Boundary\PrismXL\PRISMXL.SYS

O23 - Service: SAVScan - Symantec Corporation -
C:\Program Files\Norton Internet Security\Norton
AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) -
Symantec Corporation -
C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC
Tools Research Pty Ltd - C:\Program Files\Spyware
Doctor\sdhelp.exe

O23 - Service: Symantec Network Drivers Service
(SNDSrvc) - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Viewpoint Manager Service - Viewpoint
Corporation - C:\Program
Files\Viewpoint\Common\ViewpointService.exe

O23 - Service: BitDefender Virus Shield (VSSERV) -
SOFTWIN S.R.L. - C:\Program
Files\Softwin\BitDefender8\vsserv.exe

O23 - Service: BitDefender Communicator (XCOMM) -
Softwin - C:\Program Files\Common
Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 16982 bytes

#8 didom

didom

  • Members
  • 1,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:41 AM

Posted 11 July 2007 - 11:27 AM

SIDEBAR: Before I post the logs, I have other issues going on with my son's computer. When Windows is loading, I am getting this message in a warning box:

WG111CFG

A sharing violation occurred while accessing about.rtf

What does that mean?

Let's handle things one by one. First we'll clean this computer.

When I went to start>control panel>, there was no
software tab. Nothing showing OIN and I even did a search. I tried to download the Uninstaller, but a popup said "my current security settings will not allow this download" so i proceeded onto the next step.

How do you mean there is no software tab? What if you go to Start -> Run and type: appwiz.cpl. Will it open?

You still posted your log in wordwrap... :thumbsup:

#9 didom

didom

  • Members
  • 1,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:41 AM

Posted 20 July 2007 - 07:04 AM

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users