View Full Version : Drive Cleaner 2006/Virtumonde
jennison
2007-08-08, 21:11
Here is my report from Hijacker. Please Help!!
Logfile of HijackThis v1.99.1
Scan saved at 2:09:55 PM, on 8/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
C:\Program Files\Common Files\AOL\1168959480\ee\aolsoftware.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Documents and Settings\Jennifer Ison\Local Settings\Temporary Internet Files\Content.IE5\ALTZM8W7\HijackThis[1].exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myfamily.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {00000000-0000-4DA3-A7BB-53A4D2174746} - C:\Program Files\6z6fp83c\6z6fp83c.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: 0 - {27C16C36-1666-4017-748B-DA71559B4584} - C:\Program Files\MSN Gaming Zone\tefaw598.dll (file missing)
O2 - BHO: (no name) - {3D27E88E-10E1-47BF-8BB6-C097CACD8F23} - C:\WINDOWS\system32\pbrhvgvu.dll (file missing)
O2 - BHO: (no name) - {4A538F4C-71A0-4A48-9B66-14EA5D048BE9} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {5DDCD4BE-347A-4AF1-A4DC-BE0D9DFBBEB2} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {66D552AB-7369-4CEA-897E-C4B5DBFFB681} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {68EEB08F-33A0-4836-937C-6AB1628F9B5E} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {6A22EE72-4BBE-49F6-A61F-B8ED36F59815} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {72AE0D9F-5C4D-4AA6-BFBE-4F746B5BE6EA} - C:\WINDOWS\system32\ddabb.dll (file missing)
O2 - BHO: (no name) - {92401eaf-de30-4bc8-ad01-d90adf748e71} - C:\WINDOWS\system32\jjwwdfv.dll (file missing)
O2 - BHO: (no name) - {92F4AAD7-CA92-4FDB-892D-E05F7557E956} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {AE10D4B1-C18F-413D-BDD5-E0EBE77E6A6B} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {BE6918FC-25EA-40A0-A413-D9224F496B9C} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} - C:\WINDOWS\system32\otqduslg.dll (file missing)
O2 - BHO: (no name) - {E52ABA2F-10EC-43C5-879D-A3C94194BCB9} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {E822072C-DC71-4C63-9E70-9E3D9E279D88} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {EA0F1247-FAB7-491C-A9CD-5A139253106B} - C:\Program Files\Internet Explorer\qusodyfeq83122.dll (file missing)
O2 - BHO: (no name) - {f0d3251d-29a7-4c73-ada6-9c6c7b3a3444} - C:\WINDOWS\system32\jjwwdfv.dll (file missing)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1168959480\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [poolsv] "C:\WINDOWS\poolsv.exe"
O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\WINDOWS\system32\axyuxafc.dll",sitypnow
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/bejeweled2/popcaploader_v10.cab
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} (WildTangent Control) - file://D:\games\WebDriverFullInstall.exe
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O20 - Winlogon Notify: ddabb - C:\WINDOWS\system32\ddabb.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
pskelley
2007-08-09, 03:24
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.
1) Please see this: http://forums.spybot.info/showpost.php?p=12880&postcount=2
C:\Program Files\Java\j2re1.4.2_03\ <<< BADLY out of date and probably the reason you are infected. Download the newest version and uninstall all old versions in Add Remove programs.
2) You are running two antivirus programs at the same time and this is not a good thing. They conflict with each other and you will be less safe than if you ran one good program and maintained it properly.
http://service1.symantec.com/SUPPORT/nav.nsf/docid/2000031316555206
"Microsoft recommends that you have only one anti-virus program installed on your computer."
http://www.washingtonpost.com/wp-dyn/content/article/2005/12/03/AR2005120300087.html
http://www.smartcomputing.com/editorial/article.asp?article=articles/2003/s1407/38s07/38s07.asp
C:\PROGRAM FILES~1\Grisoft\AVG7\
C:\Program Files\Common Files\Symantec Shared\
Choose the one you wish to run and uninstall the other.
3) Thanks to sUBs and anyone else who helped with this fix.
Download ComboFix from Here (http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe) or Here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) to your Desktop.
Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log
in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
We will have more to do.
Thanks
jennison
2007-08-09, 16:25
First off, thanks so much for this help! I was able to fix the Java problem. I installed the new version and uninstalled the old. However, it will not let me remove AVG or Symantec or intall a new Symantec. I did not do the combofix yet because of this. Now what??
jennison
2007-08-09, 16:55
To elaborate a bit, I would prefer AVG and when trying to uninstall Symantec it gives me this: installation is missing the file instopts.dat. Setup will now exit.
But I tried to update and install Symantec and it will not allow that either.
pskelley
2007-08-09, 18:39
I can provide the removal tool that Symantec/Norton provides, please understand you use it at your own risk.
The alternative is to remove Symantec/Norton manually, I will post those instructions also if you wish.
Norton Removal Tool
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039?Open&src=&docid=2001092114452606&nsf=nav.nsf&view=docid&dtype=&prod=&ver=&osv=&osv_lvl=
Thanks
jennison
2007-08-09, 22:28
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:23:36 PM, on 8/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\1168959480\ee\AOLSoftware.exe
C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Jennifer Ison\Local Settings\Temporary Internet Files\Content.IE5\ALTZM8W7\HiJackThis[1].exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myfamily.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {00000000-0000-4DA3-A7BB-53A4D2174746} - C:\Program Files\6z6fp83c\6z6fp83c.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: 0 - {27C16C36-1666-4017-748B-DA71559B4584} - C:\Program Files\MSN Gaming Zone\tefaw598.dll (file missing)
O2 - BHO: (no name) - {3D27E88E-10E1-47BF-8BB6-C097CACD8F23} - C:\WINDOWS\system32\pbrhvgvu.dll (file missing)
O2 - BHO: (no name) - {4A538F4C-71A0-4A48-9B66-14EA5D048BE9} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {5DDCD4BE-347A-4AF1-A4DC-BE0D9DFBBEB2} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {66D552AB-7369-4CEA-897E-C4B5DBFFB681} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {68EEB08F-33A0-4836-937C-6AB1628F9B5E} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {6A22EE72-4BBE-49F6-A61F-B8ED36F59815} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {72AE0D9F-5C4D-4AA6-BFBE-4F746B5BE6EA} - C:\WINDOWS\system32\ddabb.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {92401eaf-de30-4bc8-ad01-d90adf748e71} - C:\WINDOWS\system32\jjwwdfv.dll (file missing)
O2 - BHO: (no name) - {92F4AAD7-CA92-4FDB-892D-E05F7557E956} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {AE10D4B1-C18F-413D-BDD5-E0EBE77E6A6B} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {BE6918FC-25EA-40A0-A413-D9224F496B9C} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {E52ABA2F-10EC-43C5-879D-A3C94194BCB9} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {E822072C-DC71-4C63-9E70-9E3D9E279D88} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {EA0F1247-FAB7-491C-A9CD-5A139253106B} - C:\Program Files\Internet Explorer\qusodyfeq83122.dll (file missing)
O2 - BHO: (no name) - {f0d3251d-29a7-4c73-ada6-9c6c7b3a3444} - C:\WINDOWS\system32\jjwwdfv.dll (file missing)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1168959480\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/bejeweled2/popcaploader_v10.cab
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} (WildTangent Control) - file://D:\games\WebDriverFullInstall.exe
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O20 - Winlogon Notify: ddabb - C:\WINDOWS\system32\ddabb.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
--
End of file - 9890 bytes
Okay, success with the removal of Norton, here is hijackthis log. I will post seperate reply for combofix as it is too long for one message. Thank you!
jennison
2007-08-09, 22:29
ComboFix 07-08-09.3 - "Jennifer Ison" 2007-08-09 14:49:32.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.50 [GMT -4:00]
* Created a new restore point
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitor
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\Abbr
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\ProductCode
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiSpyware 2007\Data\Abbr
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiSpyware 2007\Data\ProductCode
C:\DOCUME~1\JENNIF~1\APPLIC~1.\DriveCleaner Free
C:\DOCUME~1\JENNIF~1\APPLIC~1.\DriveCleaner Free\Logs\update.log
C:\DOCUME~1\JENNIF~1\APPLIC~1.\ecurit~1
C:\DOCUME~1\JENNIF~1\APPLIC~1.\macromedia\Flash Player\#SharedObjects\8Y4M39JC\www.broadcaster.com
C:\DOCUME~1\JENNIF~1\APPLIC~1.\macromedia\Flash Player\#SharedObjects\8Y4M39JC\www.broadcaster.com\played_list.sol
C:\DOCUME~1\JENNIF~1\APPLIC~1.\macromedia\Flash Player\#SharedObjects\8Y4M39JC\www.broadcaster.com\video_queue.sol
C:\DOCUME~1\JENNIF~1\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\JENNIF~1\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\DOCUME~1\JENNIF~1\APPLIC~1.\winantispyware 2007
C:\DOCUME~1\JENNIF~1\APPLIC~1.\winantispyware 2007 free
C:\DOCUME~1\JENNIF~1\APPLIC~1.\winantispyware 2007 free\DownloadUWAS7.url
C:\DOCUME~1\JENNIF~1\APPLIC~1.\winantispyware 2007\Logs\update.log
C:\DOCUME~1\JENNIF~1\APPLIC~1\..\err.log
C:\DOCUME~1\JENNIF~1\APPLIC~1\..\ResErrors.log
C:\DOCUME~1\JENNIF~1\APPLIC~1\DriveCleaner Free\Logs\update.log
C:\DOCUME~1\JENNIF~1\APPLIC~1\WinAntiSpyware 2007 Free\DownloadUWAS7.url
C:\DOCUME~1\JENNIF~1\APPLIC~1\WinAntiSpyware 2007\Logs\update.log
C:\DOCUME~1\JENNIF~1\MYDOCU~1.\racle~1
C:\Program Files\Common Files\winantispyware 2007
C:\Program Files\Common Files\winantispyware 2007\err.log
C:\Program Files\Common Files\WinAntiSpyware 2007\err.log
C:\Program Files\fnts~1
C:\Program Files\poolsv
C:\Program Files\poolsv\YazzleBundle-1549.exe
C:\Program Files\svhost
C:\temp\0b9
C:\temp\0b9\tmpTF.log
C:\temp\iee
C:\temp\iee\tmpZTF.log
C:\WINDOWS\mcroso~1
C:\WINDOWS\system32\drivers\fopn.sys
C:\WINDOWS\system32\o09PrEz
C:\WINDOWS\system32\win
C:\WINDOWS\system32\X2
C:\WINDOWS\system32\X3
C:\WINDOWS\system32\X4
C:\WINDOWS\system32\X5
C:\WINDOWS\system32\X9
C:\WINDOWS\wr.txt
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_FOPN
((((((((((((((((((((((((( Files Created from 2007-07-09 to 2007-08-09 )))))))))))))))))))))))))))))))
2007-08-09 14:48 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-30 20:10 <DIR> d-------- C:\VundoFix Backups
2007-07-30 15:29 9,216 --a------ C:\WINDOWS\SYSTEM32\avgwlntf.dll
2007-07-30 15:29 110,592 --a------ C:\WINDOWS\SYSTEM32\avgfwafu.dll
2007-07-28 21:38 33,792 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\custsat.dll
2007-07-28 21:38 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-07-28 20:42 <DIR> d-------- C:\Program Files\Safer Networking
2007-07-28 19:38 <DIR> d-------- C:\Program Files\WinDirStat
2007-07-12 16:13 <DIR> d-------- C:\DOCUME~1\MIKEIS~1\APPLIC~1\Viewpoint
2007-07-12 15:57 <DIR> d-------- C:\DOCUME~1\MIKEIS~1\APPLIC~1\Verizon
2007-07-10 16:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-31 10:50 --------- d-------- C:\Program Files\6z6fp83c
2007-07-29 00:21 --------- d-------- C:\Program Files\Verizon
2007-07-29 00:21 --------- d-------- C:\Program Files\QuickTime
2007-07-29 00:20 --------- d-------- C:\Program Files\MSN Gaming Zone
2007-07-29 00:17 --------- d-------- C:\Program Files\Digital Line Detect
2007-07-29 00:17 --------- d-------- C:\Program Files\DellSupport
2007-07-29 00:15 --------- d-------- C:\Program Files\Common Files\Motive
2007-07-29 00:15 --------- d-------- C:\Program Files\Common Files\Command Software
2007-07-29 00:15 --------- d-------- C:\Program Files\Common Files\aolshare
2007-07-29 00:13 --------- d-------- C:\Program Files\America Online 9.0
2007-07-10 19:01 --------- d-------- C:\Program Files\ArcSoft
2007-07-10 11:03 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-06-30 23:02 --------- d--h----- C:\DOCUME~1\JENNIF~1\APPLIC~1\GTek
2007-06-11 17:26 --------- d-------- C:\DOCUME~1\JENNIF~1\APPLIC~1\MSNInstaller
2007-06-11 17:20 --------- d-------- C:\Program Files\Common Files\AOL
2007-06-11 17:15 --------- d-------- C:\Program Files\Oberon Media
2007-06-09 12:56 --------- d-------- C:\DOCUME~1\JENNIF~1\APPLIC~1\Motive
2007-06-09 08:31 --------- d-------- C:\Program Files\MySpace
2007-05-16 11:12 86528 --------- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 11:12 85504 --------- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 11:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 11:12 683520 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 11:12 510976 --------- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 11:12 1314816 --------- C:\WINDOWS\system32\dllcache\msoe.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-0000-4DA3-A7BB-53A4D2174746}]
C:\Program Files\6z6fp83c\6z6fp83c.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{27C16C36-1666-4017-748B-DA71559B4584}]
C:\Program Files\MSN Gaming Zone\tefaw598.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3D27E88E-10E1-47BF-8BB6-C097CACD8F23}]
C:\WINDOWS\system32\pbrhvgvu.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4A538F4C-71A0-4A48-9B66-14EA5D048BE9}]
C:\Program Files\CSBB\CSBB.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5DDCD4BE-347A-4AF1-A4DC-BE0D9DFBBEB2}]
C:\Program Files\CSBB\CSBB.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66D552AB-7369-4CEA-897E-C4B5DBFFB681}]
C:\Program Files\CSBB\CSBB.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{68EEB08F-33A0-4836-937C-6AB1628F9B5E}]
C:\Program Files\CSBB\CSBB.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6A22EE72-4BBE-49F6-A61F-B8ED36F59815}]
C:\Program Files\CSBB\CSBB.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{72AE0D9F-5C4D-4AA6-BFBE-4F746B5BE6EA}]
C:\WINDOWS\system32\ddabb.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{92401eaf-de30-4bc8-ad01-d90adf748e71}]
C:\WINDOWS\system32\jjwwdfv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{92F4AAD7-CA92-4FDB-892D-E05F7557E956}]
C:\Program Files\CSBB\CSBB.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AE10D4B1-C18F-413D-BDD5-E0EBE77E6A6B}]
C:\Program Files\CSBB\CSBB.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BE6918FC-25EA-40A0-A413-D9224F496B9C}]
C:\Program Files\CSBB\CSBB.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E52ABA2F-10EC-43C5-879D-A3C94194BCB9}]
C:\Program Files\CSBB\CSBB.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E822072C-DC71-4C63-9E70-9E3D9E279D88}]
C:\Program Files\CSBB\CSBB.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EA0F1247-FAB7-491C-A9CD-5A139253106B}]
C:\Program Files\Internet Explorer\qusodyfeq83122.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f0d3251d-29a7-4c73-ada6-9c6c7b3a3444}]
C:\WINDOWS\system32\jjwwdfv.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-19 08:59]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-19 08:59]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 21:15]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-03-15 02:04]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 02:01]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2004-10-08 20:33]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-13 10:21]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 08:50]
"HostManager"="C:\Program Files\Common Files\AOL\1168959480\ee\AOLSoftware.exe" [2006-09-25 20:52]
"Motive SmartBridge"="C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe" [2006-06-23 12:33]
"VerizonServicepoint.exe"="C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe" [2006-02-01 19:33]
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [2007-03-11 17:37]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-07-30 15:29]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]
"AOL Fast Start"="C:\Program Files\America Online 9.0\AOL.exe" [2005-07-12 07:17]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Symantec NetDriver Warning"=C:\PROGRA~1\SYMNET~1\SNDWarn.exe
C:\Documents and Settings\Jennifer Ison\Start Menu\Programs\Startup\
DESKTOP.INI [2004-08-10 14:04:12]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [2004-08-10 14:04:12]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2004-10-08 20:29:59]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2004-08-11 03:22:40]
Kodak software updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 15:12:08]
Monitor.lnk - C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe [2005-12-26 13:30:24]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2007-07-30 15:29 9216 C:\WINDOWS\SYSTEM32\avgwlntf.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddabb]
C:\WINDOWS\system32\ddabb.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"svhost"="C:\WINDOWS\svhost.exe"
R1 AvgMfx86;AVG Minifilter x86 Resident Driver;C:\WINDOWS\system32\Drivers\avgmfx86.sys
R2 CSS DVP;CSS DVP;C:\WINDOWS\system32\DRIVERS\css-dvp.sys
R3 Afc;PPdus ASPI Shell;C:\WINDOWS\system32\drivers\Afc.sys
S3 hamachi_oem;PlayLinc Adapter;C:\WINDOWS\system32\DRIVERS\gan_adapter.sys
S3 MREMPR5;MREMPR5 NDIS Protocol Driver;\??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver;\??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
S3 SIWIO;SIWIO;\??\C:\WINDOWS\TEMP\SiwIo.sys
S3 USBCamera;DV 5100M(Still);C:\WINDOWS\system32\Drivers\Bulk536.sys
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-09 15:01:16
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-09 15:12:16 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-09 15:11
--- E O F ---
pskelley
2007-08-09, 23:01
Thanks for returning your information:
1) You are running HJT from a temporary file and we will have no backups for safety if needed in an emergency(Temporary Internet Files)
Please move HJT to a safe location on your C drive, I prefer C:\HJT\HijackThis.exe. If you need more instructions use these:
http://russelltexas.com/malware/createhjtfolder.htm
http://www.bleepingcomputer.com/forums/tutorial94.html
Please do not proceed past here until this is done.
__________________________________________________
1) Please download ATF Cleaner by Atribune
http://www.atribune.org/content/view/25/2/
Save it to your Desktop. We will use this later.
2) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {00000000-0000-4DA3-A7BB-53A4D2174746} - C:\Program Files\6z6fp83c\6z6fp83c.dll (file missing)
O2 - BHO: 0 - {27C16C36-1666-4017-748B-DA71559B4584} - C:\Program Files\MSN Gaming Zone\tefaw598.dll (file missing)
O2 - BHO: (no name) - {3D27E88E-10E1-47BF-8BB6-C097CACD8F23} - C:\WINDOWS\system32\pbrhvgvu.dll (file missing)
O2 - BHO: (no name) - {4A538F4C-71A0-4A48-9B66-14EA5D048BE9} - C:\Program Files\CSBB\CSBB.dll (file missing)
(the next toolbar is not bad but is damaged, if you use it download it again when we finish)
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll (file missing
O2 - BHO: (no name) - {5DDCD4BE-347A-4AF1-A4DC-BE0D9DFBBEB2} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {66D552AB-7369-4CEA-897E-C4B5DBFFB681} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {68EEB08F-33A0-4836-937C-6AB1628F9B5E} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {6A22EE72-4BBE-49F6-A61F-B8ED36F59815} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {72AE0D9F-5C4D-4AA6-BFBE-4F746B5BE6EA} - C:\WINDOWS\system32\ddabb.dll (file missing)
O2 - BHO: (no name) - {92401eaf-de30-4bc8-ad01-d90adf748e71} - C:\WINDOWS\system32\jjwwdfv.dll (file missing)
O2 - BHO: (no name) - {92F4AAD7-CA92-4FDB-892D-E05F7557E956} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {AE10D4B1-C18F-413D-BDD5-E0EBE77E6A6B} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {BE6918FC-25EA-40A0-A413-D9224F496B9C} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {E52ABA2F-10EC-43C5-879D-A3C94194BCB9} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {E822072C-DC71-4C63-9E70-9E3D9E279D88} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {EA0F1247-FAB7-491C-A9CD-5A139253106B} - C:\Program Files\Internet Explorer\qusodyfeq83122.dll (file missing)
O2 - BHO: (no name) - {f0d3251d-29a7-4c73-ada6-9c6c7b3a3444} - C:\WINDOWS\system32\jjwwdfv.dll (file missing)
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll (file missing)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/be...loader_v10.cab
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} (WildTangent Control) - file://D:\games\WebDriverFullInstall.exe
O20 - Winlogon Notify: ddabb - C:\WINDOWS\system32\ddabb.dll (file missing)
Close all programs but HJT and all browser windows, then click on "Fix Checked"
3) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.
Restart the computer and post a new HJT log and tell me how the computer is running now.
Thanks
jennison
2007-08-10, 00:40
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:39:26 PM, on 8/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\1168959480\ee\AOLSoftware.exe
C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myfamily.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: 0 - {27C16C36-1666-4017-748B-DA71559B4584} - C:\Program Files\MSN Gaming Zone\tefaw598.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1168959480\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
--
End of file - 7076 bytes
pskelley
2007-08-10, 01:07
Restart the computer and post a new HJT log and tell me how the computer is running now.
O2 - BHO: 0 - {27C16C36-1666-4017-748B-DA71559B4584} - C:\Program Files\MSN Gaming Zone\tefaw598.dll (file missing)
This BHO may or may not be bad, remember hackers call their junk what they want. Neither the CLSID number:
http://www.castlecops.com/CLSID.html >>> 27C16C36-1666-4017-748B-DA71559B4584 or the tefaw598.dll <<< file identify and the item is damaged with a missing file which was why I scheduled removal with HJT.
jennison
2007-08-10, 04:33
I did restart and the "Newest HJT Log" was after that. No Symantec warnings and no problems as of yet. Did still take about 8-10 minutes for everything to load after restart. It's been so long since this has run correctly that I don't remember if that's normal or not?? ;) The two items that you listed....did I forget to check those? Is that why you mentioned them? I was unclear. This is totally unbelieavable help. I am so appreciative.
Jenn
pskelley
2007-08-10, 13:07
Good morning from Florida:) Jenn, nothing is a problem, you had a lot to remove. Let me look at a new HJT log after you remove that BHO and if you are clean we will work on some of your other issues. I can much better advise you about how the computer is running if you will do this for me. Mentnion anthing you see that you think will help, like you did about the boot time.
Go here and run the free diagnostic: http://www.pcpitstop.com/
Tutorial: http://www.pcpitstop.com/techexpress/howto1.asp
Post for me a link to your report as described in the box in red at the end of the tutorial.
Thanks...Phil
jennison
2007-08-10, 15:28
Good morning Phil! I removed the BHO and did a restart. When shutting down, this popped up on screen *shellmon.exe app. failed to initialize because window station is shutting down*, took a little less time for everything to load (5-6 min), and my task manager is really messed up. There are no tabs at the top and it shows every program that is running??? Just one big screen, no options except to end task, then a warning pops up when you end task (I only ended the task manager). Here is HJT Log, next I will post from the link you gave me.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:19:46 AM, on 8/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\AOL\1168959480\ee\AOLSoftware.exe
C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myfamily.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1168959480\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
--
End of file - 7043 bytes
pskelley
2007-08-10, 15:58
Thanks Jenn, I have a feeling there are non-malware related issues also and that is why I requested the diagnostic. Please remember I am working with a lot of different folks, so write down your issues and be sure we resolve them one way or another before we finish. Error messages are so important, that is windows talking to you...I need those "word for word". Keep a tablet nearby to write them down or make screenshots when they occur until you can.
This: shellmon.exe app. failed to initialize because window station is shutting down
is not returning as many reponses as it should:
http://www.google.com/search?hl=en&q=shellmon.exe+app.+failed+to+initialize+because+window+station+is+shutting+down&btnG=Google+Search
are you positive you got it word for word?
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:19:46 AM, on 8/10/2007
Let me say that since I see no malware in the HJT log, unless we find other reason, we will then be looking for hidden malware. I wish to see what the diagnostic shows before proceeding. I can post some information for you. You have a load of stuff running at every boot that you probably do not need and can start manually when you do. Here is some information you can be looking at when time permits as we proceed.
http://netsquirrel.com/msconfig/index.html
http://netsquirrel.com/msconfig/msconfig_xp.html
http://www.castlecops.com/postitle175256-0-0-.html
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
http://www.microsoft.com/atwork/getstarted/speed.mspx?wt_svl=20292a&mg_id=20292b
I would like a look at your uninstall list like this:
Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.
(You may edit out Microsoft, Hotfixes, Security Update for Windows XP, Update for Windows XP and Windows XP Hotfix to shorten the list)
Would you also post that also.
Thanks...Phil
jennison
2007-08-10, 16:00
I feel a bit like a dummy. Had some trouble figuring out how to do this, but here is the link with my results (I THINK!! ha) ~Jenn
http://www.pcpitstop.com/techexpress.asp?id=HYKQHWUKHZVSU4RW
jennison
2007-08-10, 16:25
Adobe Acrobat - Reader 6.0.2 Update
Adobe Flash Player 9 ActiveX
Adobe Reader 6.0.1
Adobe Shockwave Player
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Deskbar
AOL Registration
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
ArcSoft Media Card Companion
AVG 7.5
Banctec Service Agreement
Broadcom Management Programs
CCHelp
CCScore
Conexant D850 56K V.9x DFVc Modem
Context Display
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Media Experience
DellSupport
Digital Line Detect
EarthLink Setup Files
ESSAdpt
ESSANUP
ESSCAM
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSSONIC
ESSvpaht
ESSvpot
FileAlyzer
HijackThis 2.0.2
HLPIndex
HLPRFO
Intel(R) Extreme Graphics Driver
Internet Explorer Default Page
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java(TM) 6 Update 2
Java(TM) SE Development Kit 6 Update 2
Kodak EasyShare software
KSU
Learn2 Player (Uninstall Only)
Mozilla Firefox (2.0.0.5)
MyLayout Profile Editor
NetWaiting
NetZeroInstallers
Notifier
OTtBP
OTtBPSDK
PCDADDIN
PCDHELP
PCDLNCH
PlayLinc
QuickTime
RealPlayer Basic
RON Display
Search Aid
SFR
SFR2
Shockwave
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
Spybot - Search & Destroy 1.4
URL Display
Verizon Broadband Toolbar
Verizon Online Help and Support
Verizon PC Security Checkup
Verizon Servicepoint 1.3.21
Viewpoint Media Player
Virtools 3D Life Player
VPRINTOL
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
WordPerfect Office 12
ok, the shellmon.exe was almost word for word *shellmon.exe application failed to initialize because window station is shutting down*
I am not sure how to show you my task manager. I forgot how to do the quickshot, if you need to see this, please remind me how to! Thanks Phil. I will read from those links you sent.
pskelley
2007-08-10, 16:33
Jenn...you are doing great, sometimes I get a half dozen different links before I get the right one and you posted it the first time. Have you had a chance to look yourself? This information is user friendly and I suggest you tear it apart clicking on every link to learn what you can from it. If you run into questions you can not answer, they even have a free user to user forum to help:
http://pcpitstop.invisionzone.com/index.php?showforum=6
Where the folks are much more knowledgeable about the report than I am.
First thing I see is not enough RAM. believe me I just added 1 gigabyte to my Dell computer and I was astounded at how much better it performs.
http://www.google.com/search?hl=en&q=how+much+ram+is+needed&btnG=Google+Search
click around those links when time permits. Understand that Windows XP will run on 256 MB's, but that is all it will do.
http://www.google.com/search?hl=en&q=how+much+ram+is+needed+for+XP&btnG=Search
I purchased from Dell and a gigabite cost $119.00 but you can get it cheaper if you shop around. Because you only have: Total RAM slots 2
and one has the 256 in it, you only get to add one stick. This is easy to do, if you have questions as you proceed let me know.
Drive C has 4140MB of space allocated for System Restore.I usually do not post this information until the end of cleanup when we clean the System Restore files, but you need it now for the information.
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx
Being the owner of two Dell, and I love them both but can not understand why Dell allows folks to start with no more RAM than that? They probably do "suggest" more but we avoid it thinking they are trying to "sell us something" and to keep our price down....WRONG! If you ever purchase a new computer, put in all of the RAM you can afford.
Internet Tips In the tips and the tables, red indicates a serious problem, yellow a minor problem, and blue a suggestion.
• Internet Explorer cache overflow
• Adjust IE browser cache size
• Adjust Receive Buffer Size
I would follow those instructions, PCPitStop is giving you valid information free and trying to make no $$ for it. I also help with logs here when time permits. If you have questions I may be able to answer, post them.
Thanks
jennison
2007-08-10, 16:48
When I click on these things and try to get them fixed, should I save or run (I ask because you told me to save Hijackthis). Thanks. ;)
pskelley
2007-08-10, 16:49
Uninstall list: I am looking for security issues and malware. It is a great chance for you to see stuff you do not need or no longer use.
Not seeing much, if you do not use this I would uninstall it:
Viewpoint Media Player
http://www.greatis.com/appdata/u/v/viewmgr.exe.htm
http://www.spywareinfo.com/newsletter/archives/2005/nov4.php#viewpoint
http://www.clickz.com/news/article.php/3561546
ok, the shellmon.exe was almost word for word *shellmon.exe application failed to initialize because window station is shutting down*
does not help, I get the same google: http://www.google.com/search?hl=en&q=shellmon.exe+application+failed+to+initialize+because+window+station+is+shutting+down&btnG=Google+Search
Look the links over in case it means anything, the error is news to me. Is you Dell still under warranty?
OOPS: shellmon.exe http://www.google.com/search?hl=en&q=shellmon.exe+&btnG=Search
I have had several computers go haywire recently because of aohell spyware software. Have a look at one link I recent completed:
http://forums.spybot.info/showthread.php?p=107506
http://forums.pcpitstop.com/index.php?showtopic=144548&pid=1400229&st=0&
There are others: http://www.google.com/search?hl=en&q=aol+spyware+problems&btnG=Google+Search
just in case any of that junk aol passes out is on your computer. The junk causes many problems.
Thanks
pskelley
2007-08-10, 16:55
When I click on these things and try to get them fixed, should I save or run (I ask because you told me to save Hijackthis). Thanks.
You would need to provide more details before I could answer this question. In a pinch, you can get questions to me quickly here:
http://forums.spybot.info/private.php?do=newpm&u=233
If I feel the information needs to be in the topic, I will post it there.
Hope that helps. Don't try to do too many things at the same time, this may take a while. I still have scans I wish to run but want to make sure these issues we are finding are taken care of first. Believe me, you need RAM and I understand you can not do that quickly, but you must understand this computer is not going to perform like it should until you do.
Thanks
jennison
2007-08-10, 17:12
I am going to have to stop for awhile. My 1 and 3 year olds are getting antsy with me! I will try to keep up with you and do as you say as soon as I'm able. THANKS A MILLION.
Still with us jennison? :)
pskelley
2007-08-28, 00:39
This topic is closed due to lack of a response.
If you need it re-opened please send me or a forum staff member a private message (pm) and provide a link to the thread; this applies only to the original topic starter.
Anyone else with similar problems please start a new topic.
Thanks