Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Winfixer

Started by mollyb16465 , Nov 16 2006 01:20 PM

  • Please log in to reply

#1
mollyb16465
Posted 16 November 2006 - 01:20 PM

mollyb16465

    New Member

  • Member
  • Pip
  • 2 posts
Hi!

I've had a problem with trojans on this computer for awhile. I've run adaware and things, but nothing seems to get rid of them.

Also, I have a message saying that windows explorer has encountered and error and needs to close, and it does this at every start up.

Here's my HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 2:19:20 PM, on 11/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\svchost.exe
C:\progra~1\scansoft\paperp~1\pptd40nt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Program Files\Common Files\AOL\1122639952\EE\AOLHostManager.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\1122639952\EE\AOLServiceHost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O4 - HKLM\..\Run: [_AntiSpyware] C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PaperPort PTD] c:\progra~1\scansoft\paperp~1\pptd40nt.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1122639952\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [UltimateBuddy] C:\Program Files\UltimateBuddy\UltimateBuddy.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab40641.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/...dy.cab32846.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab32846.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1136224231140
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/...xy.cab41227.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by109fd.bay10...ex/HMAtchmt.ocx
O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object) - http://zone.msn.com/...PA.cab40641.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SpywareCleanerService - Unknown owner - C:\Program Files\Spyware Cleaner\SCService.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Thanks in advance for any help!

Molly
  • 0

Advertisements

#2
Wizard
Posted 16 November 2006 - 03:07 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Hi Molly and Welcome to GeekstoGo!


Please download Combofix to your Root Drive C:
http://download.blee...Bs/combofix.exe

Doubleclick combofix.exe to launch the application.

Follow the prompts that will be displayed on the screen.

Don't click on the window while the fix is running, because that will cause your system to hang.

When finished, it should produce a log, combofix.txt

Please post that log in the next reply.
  • 0

#3
mollyb16465
Posted 16 November 2006 - 07:01 PM

mollyb16465

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Done!

Owner - 06-11-16 19:56:56.40 Service Pack 2
ComboFix 06.11.9 - Running from: "C:\Program Files\Mozilla Firefox"

((((((((((((((((((((((((((((((( Files Created from 2006-10-16 to 2006-11-16 ))))))))))))))))))))))))))))))))))


2006-11-14 20:53 815,828 ---hs---- C:\WINDOWS\system32\edeeg.ini2
2006-11-11 22:05 766,657 ---hs---- C:\WINDOWS\system32\edeeg.bak2
2006-11-10 22:05 851,894 ---hs---- C:\WINDOWS\system32\edeeg.bak1
2006-11-10 22:03 692,276 ---hs---- C:\WINDOWS\system32\pmkjj.dll
2006-11-10 22:03 692,276 ---hs---- C:\WINDOWS\system32\mljgg.dll
2006-11-10 22:03 692,276 ---hs---- C:\WINDOWS\system32\mljgf.dll
2006-11-10 22:03 692,276 ---hs---- C:\WINDOWS\system32\geede.dll
2006-11-07 08:23 118,804 --a------ C:\WINDOWS\system32\jglhkbro.dll
2006-11-06 12:38 86,036 --a------ C:\WINDOWS\system32\wsjcuhvo.dll
2006-11-05 23:09 110,612 --a------ C:\WINDOWS\system32\lehljfob.exe
2006-11-05 23:08 60,436 --a------ C:\WINDOWS\system32\peljlnav.dll
2006-11-01 23:37 118,804 --a------ C:\WINDOWS\system32\sboufken.dll
2006-11-01 07:54 118,804 --a------ C:\WINDOWS\system32\coeabaep.dll
2006-10-24 08:10 67,604 --a------ C:\WINDOWS\system32\moteogrm.exe
2006-10-24 07:10 45,525 --a------ C:\WINDOWS\system32\ajobostc.dll
2006-10-17 07:11 45,525 --a------ C:\WINDOWS\system32\xxdqcqec.dll
2006-10-16 07:19 45,525 --a------ C:\WINDOWS\system32\ioewxqbg.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-16 19:54 -------- d-------- C:\Program Files\Mozilla Firefox
2006-11-14 22:53 -------- d-------- C:\Documents and Settings\Owner\Application Data\OpenOffice.org2
2006-11-14 20:43 -------- d-------- C:\Program Files\Anyplace Control
2006-11-14 09:02 -------- d-------- C:\Program Files\Full Tilt Poker.Net
2006-11-11 22:47 -------- d-------- C:\Program Files\iTunes
2006-11-11 22:47 -------- d-------- C:\Program Files\iPod
2006-11-11 21:57 -------- d-------- C:\Program Files\QuickTime
2006-11-05 23:09 -------- d-------- C:\Program Files\VSAdd-in
2006-11-04 14:05 -------- d-------- C:\Program Files\Apple Software Update
2006-10-30 17:01 -------- d-------- C:\Program Files\MSN Messenger
2006-10-22 11:08 3786 --a------ C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2006-10-21 12:25 -------- d-------- C:\Program Files\OpenOffice.org 2.0
2006-10-15 02:28 86036 --a------ C:\WINDOWS\system32\prmfyban.dll
2006-10-15 02:02 -------- d-------- C:\Program Files\MSXML 4.0
2006-10-14 17:12 -------- d-------- C:\Program Files\UltimateBet
2006-10-12 06:47 98324 --a------ C:\WINDOWS\system32\mhqjkkyl.dll
2006-10-09 07:20 45525 --a------ C:\WINDOWS\system32\ngejcgde.dll
2006-10-06 02:46 45525 --a------ C:\WINDOWS\system32\ghncarei.dll
2006-10-06 02:46 143380 --a------ C:\WINDOWS\system32\cvchlcba.exe
2006-10-04 14:57 106516 --a------ C:\WINDOWS\system32\qumpyhao.dll
2006-10-03 13:55 86036 --a------ C:\WINDOWS\system32\ttpdpxuw.dll
2006-10-03 13:54 106516 --a------ C:\WINDOWS\system32\qilshwap.dll
2006-10-02 12:51 106516 --a------ C:\WINDOWS\system32\sptabngb.dll
2006-10-01 12:49 106516 --a------ C:\WINDOWS\system32\obhfdikx.dll
2006-09-30 12:47 106516 --a------ C:\WINDOWS\system32\jagorghn.dll
2006-09-29 12:46 106516 --a------ C:\WINDOWS\system32\gxmxlbqn.dll
2006-09-28 12:43 106516 --a------ C:\WINDOWS\system32\nrlvgciw.dll
2006-09-27 12:42 106516 --a------ C:\WINDOWS\system32\lrjvlref.dll
2006-09-26 11:44 -------- d-------- C:\Documents and Settings\Owner\Application Data\SearchToolbarCorp
2006-09-26 11:39 143380 --a------ C:\WINDOWS\system32\qwgchxcg.exe
2006-09-26 11:39 106516 --a------ C:\WINDOWS\system32\wixprqyx.dll
2006-09-26 11:39 -------- d-------- C:\Program Files\VSToolbar
2006-09-25 03:54 106516 --a------ C:\WINDOWS\system32\qnmisnqp.dll
2006-09-24 19:47 -------- d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2006-09-24 03:53 106516 --a------ C:\WINDOWS\system32\gjknsljn.dll
2006-09-23 03:51 106516 --a------ C:\WINDOWS\system32\gciteyec.dll
2006-09-22 02:49 106516 --a------ C:\WINDOWS\system32\gwsfjagc.dll
2006-09-21 01:45 106516 --a------ C:\WINDOWS\system32\caiyfkda.dll
2006-09-20 01:43 106516 --a------ C:\WINDOWS\system32\gvturxnb.dll
2006-09-19 15:44 15664 --a------ C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2006-09-19 15:43 109360 --a------ C:\WINDOWS\system32\GEARAspi.dll
2006-09-19 01:41 86068 --a------ C:\WINDOWS\system32\wkmcfxif.dll
2006-09-19 01:41 106516 --a------ C:\WINDOWS\system32\ewobuplv.dll
2006-09-18 03:54 -------- d-------- C:\Program Files\Google
2006-09-18 02:46 -------- d-------- C:\Program Files\DivX
2006-09-18 02:45 -------- d-------- C:\Documents and Settings\Owner\Application Data\Google
2006-09-18 01:39 106516 --a------ C:\WINDOWS\system32\twnsacpa.dll
2006-09-17 16:53 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-17 01:37 106516 --a------ C:\WINDOWS\system32\gsoxankj.dll
2006-09-16 01:36 106516 --a------ C:\WINDOWS\system32\nlfdmkok.dll
2006-09-15 01:32 106516 --a------ C:\WINDOWS\system32\lohndifi.dll
2006-09-14 00:30 106516 --a------ C:\WINDOWS\system32\ulmoiwjs.dll
2006-09-13 00:28 106516 --a------ C:\WINDOWS\system32\irmjmbms.dll
2006-09-13 00:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-12 16:51 1245184 --a------ C:\WINDOWS\system32\msxml4.dll
2006-09-11 23:23 106516 --a------ C:\WINDOWS\system32\lwlqjjhm.dll
2006-09-10 23:21 106516 --a------ C:\WINDOWS\system32\yrdusnlc.dll
2006-09-09 23:20 106516 --a------ C:\WINDOWS\system32\velswrjc.dll
2006-09-08 22:18 106516 --a------ C:\WINDOWS\system32\ndojwwkg.dll
2006-09-07 22:16 106516 --a------ C:\WINDOWS\system32\tawcbinl.dll
2006-09-06 21:12 106516 --a------ C:\WINDOWS\system32\ewlmnjvo.dll
2006-09-05 21:10 106516 --a------ C:\WINDOWS\system32\eatpeaiu.dll
2006-09-04 21:08 106516 --a------ C:\WINDOWS\system32\ltmojafk.dll
2006-09-03 20:05 102420 --a------ C:\WINDOWS\system32\ohnqltkr.dll
2006-09-02 20:05 102420 --a------ C:\WINDOWS\system32\sevflpwk.dll
2006-09-01 19:01 102420 --a------ C:\WINDOWS\system32\higdkgkd.dll
2006-08-25 10:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-22 02:47 13844 --a------ C:\WINDOWS\system32\xyuwfirf.exe
2006-08-21 07:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 04:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-18 02:43 13844 --a------ C:\WINDOWS\system32\tyuonttg.exe
2006-08-17 02:42 12820 --a------ C:\WINDOWS\system32\tcvuuyfa.exe
2006-08-17 02:42 12308 --a------ C:\WINDOWS\system32\rrdvsiub.exe
2006-08-17 02:42 12308 --a------ C:\WINDOWS\system32\najuriqv.exe
2006-08-16 06:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-08-16 02:42 12308 --a------ C:\WINDOWS\system32\gbjgyott.exe
2006-08-14 16:08 976020 --a------ C:\Program Files\BDAXP.cab
2006-08-14 16:08 917318 --a------ C:\Program Files\Apr2006_MDX1_x86.cab
2006-08-14 16:08 88102 --a------ C:\Program Files\AUG2006_xinput_x64.cab
2006-08-14 16:08 87989 --a------ C:\Program Files\Apr2006_xinput_x64.cab
2006-08-14 16:08 86925 --a------ C:\Program Files\Oct2005_xinput_x64.cab
2006-08-14 16:08 82338 --a------ C:\Program Files\dxupdate.cab
2006-08-14 16:08 74520 --a------ C:\Program Files\DSETUP.dll
2006-08-14 16:08 703080 --a------ C:\Program Files\BDA.cab
2006-08-14 16:08 484632 --a------ C:\Program Files\DXSETUP.exe
2006-08-14 16:08 47018 --a------ C:\Program Files\AUG2006_xinput_x86.cab
2006-08-14 16:08 46898 --a------ C:\Program Files\Apr2006_xinput_x86.cab
2006-08-14 16:08 46247 --a------ C:\Program Files\Oct2005_xinput_x86.cab
2006-08-14 16:08 41995 --a------ C:\Program Files\dxdllreg_x86.cab
2006-08-14 16:08 4163518 --a------ C:\Program Files\Apr2006_MDX1_x86_Archive.cab
2006-08-14 16:08 2248984 --a------ C:\Program Files\dsetup32.dll
2006-08-14 16:08 183863 --a------ C:\Program Files\AUG2006_XACT_x64.cab
2006-08-14 16:08 181745 --a------ C:\Program Files\JUN2006_XACT_x64.cab
2006-08-14 16:08 180021 --a------ C:\Program Files\Apr2006_XACT_x64.cab
2006-08-14 16:08 179247 --a------ C:\Program Files\Feb2006_XACT_x64.cab
2006-08-14 16:08 15493481 --a------ C:\Program Files\DirectX.cab
2006-08-14 16:08 1398718 --a------ C:\Program Files\Apr2006_d3dx9_30_x64.cab
2006-08-14 16:08 138195 --a------ C:\Program Files\AUG2006_XACT_x86.cab
2006-08-14 16:08 1363684 --a------ C:\Program Files\Feb2006_d3dx9_29_x64.cab
2006-08-14 16:08 1358864 --a------ C:\Program Files\Dec2005_d3dx9_28_x64.cab
2006-08-14 16:08 1351430 --a------ C:\Program Files\Aug2005_d3dx9_27_x64.cab
2006-08-14 16:08 1348242 --a------ C:\Program Files\Apr2005_d3dx9_25_x64.cab
2006-08-14 16:08 134631 --a------ C:\Program Files\JUN2006_XACT_x86.cab
2006-08-14 16:08 133991 --a------ C:\Program Files\Apr2006_XACT_x86.cab
2006-08-14 16:08 1336890 --a------ C:\Program Files\Jun2005_d3dx9_26_x64.cab
2006-08-14 16:08 133297 --a------ C:\Program Files\Feb2006_XACT_x86.cab
2006-08-14 16:08 13265040 --a------ C:\Program Files\dxnt.cab
2006-08-14 16:08 1248387 --a------ C:\Program Files\Feb2005_d3dx9_24_x64.cab
2006-08-14 16:08 1156363 --a------ C:\Program Files\BDANT.cab
2006-08-14 16:08 1116109 --a------ C:\Program Files\Apr2006_d3dx9_30_x86.cab
2006-08-14 16:08 1085608 --a------ C:\Program Files\Feb2006_d3dx9_29_x86.cab
2006-08-14 16:08 1080344 --a------ C:\Program Files\Dec2005_d3dx9_28_x86.cab
2006-08-14 16:08 1079850 --a------ C:\Program Files\Apr2005_d3dx9_25_x86.cab
2006-08-14 16:08 1078532 --a------ C:\Program Files\Aug2005_d3dx9_27_x86.cab
2006-08-14 16:08 1065813 --a------ C:\Program Files\Jun2005_d3dx9_26_x86.cab
2006-08-14 16:08 1014113 --a------ C:\Program Files\Feb2005_d3dx9_24_x86.cab


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"Spyware Cleaner"="\"C:\\Program Files\\Spyware Cleaner\\SpywareCleaner.Exe\" /boot"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"AOL Fast Start"="\"C:\\Program Files\\America Online 9.0\\AOL.EXE\" -b"
"UltimateBuddy"="C:\\Program Files\\UltimateBuddy\\UltimateBuddy.exe"
"DW4"="\"C:\\Program Files\\The Weather Channel FW\\Desktop Weather\\DesktopWeather.exe\""
"PhotoShow Deluxe Media Manager"="C:\\PROGRA~1\\SIMPLE~1\\PHOTOS~1\\data\\Xtras\\mssysmgr.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"_AntiSpyware"="C:\\Program Files\\McAfee\\McAfee AntiSpyware\\MssCli.exe"
"VTTrayp"="VTtrayp.exe"
"VTTimer"="VTTimer.exe"
"URLLSTCK.exe"="C:\\Program Files\\Norton Internet Security\\UrlLstCk.exe"
"SunKistEM"="C:\\Program Files\\Digital Media Reader\\shwiconem.exe"
"SoundMan"="SOUNDMAN.EXE"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"Reminder"="%WINDIR%\\Creator\\Remind_XP.exe"
"Recguard"="%WINDIR%\\SMINST\\RECGUARD.EXE"
"PaperPort PTD"="c:\\progra~1\\scansoft\\paperp~1\\pptd40nt.exe"
"MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1122639952\\EE\\AOLHostManager.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"AOL Spyware Protection"="\"C:\\PROGRA~1\\COMMON~1\\AOL\\AOLSPY~1\\AOLSP Scheduler.exe\""
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Elements 4.0\\apdproxy.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,12,03,00,00,23,00,00,00,dc,00,00,00,d2,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{F2A0229A-C4CA-4789-B606-973D24DCDD1C}"="McAfee AntiSpyware Shell Extension"
"{F2FA09FB-EE7A-46d8-9145-A1EEF7850052}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geede
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yssidsk

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\McAfee AntiSpyware.job
C:\WINDOWS\tasks\McAfee.com Update Check (YOUR-7C60552B9E-Molly).job
C:\WINDOWS\tasks\McAfee.com Update Check (YOUR-7C60552B9E-Owner).job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Owner.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: 06-11-16 20:00:48.89
C:\ComboFix.txt ... 06-11-16 20:00
  • 0

#4
Wizard
Posted 16 November 2006 - 08:28 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP