Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

Multiple IE windows when I open one window

This is a discussion on Multiple IE windows when I open one window within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. Hi, yesterday i installed adobe updater and after that i got this issue. when i open IE or mozilla some


Reply
 
Thread Tools Search this Thread
Old 12-02-2008, 07:09 AM   #1
Registered Member
 
Join Date: Dec 2008
Posts: 4
OS: xp


Cry

Hi, yesterday i installed adobe updater and after that i got this issue. when i open IE or mozilla some more IE windows are opening up and some websites like search.com are automatically getting loaded. the taskbar is flickering when i open a application, like notepad or IE or anything ...
I have panda antivirus installed and yesterday it showed some spyware named adware/antivirus 2009. when i scan it again today , it didnt show anything.
as this is my office laptop, i cannot login in safemode.
Please help me fix this virus.
Here is the HJT file

======================================================
Logfile of HijackThis v1.99.1
Scan saved at 10:08:59 AM, on 12/2/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\State Of Michigan\VPN Client\cvpnd.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\oracle\ora92\bin\omtsreco.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\TIREMOTE\wuser32.exe
C:\WINDOWS\TIREMOTE\TIRemoteService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\apvxdwin.exe
c:\program files\panda software\panda antivirus 2007\WebProxy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\TIREMOTE\TIServiceMonitor.exe
C:\WINDOWS\system32\EXSHOW95.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Bachus\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Bachus\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {4f0c4ac8-71ab-48b3-963f-562042bd2677} - C:\WINDOWS\system32\gefuvura.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Track-It! Workstation Manager Service Monitor] C:\WINDOWS\TIREMOTE\TIServiceMonitor.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [EXSHOW95.EXE] EXSHOW95.EXE
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [9049602f] rundll32.exe "C:\WINDOWS\system32\ronolata.dll",b
O4 - HKLM\..\Run: [vuyadaroya] Rundll32.exe "C:\WINDOWS\system32\mozulavo.dll",s
O4 - HKLM\..\Run: [CPM937a53b3] Rundll32.exe "c:\windows\system32\vufosesa.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Bachus\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [BPS Spyware Remover] C:\Program Files\BPS Remover\BPSRem.exe /STARTUP
O4 - Global Startup: State Of Michigan VPN Client.lnk = C:\Program Files\State Of Michigan\VPN Client\vpngui.exe
O8 - Extra context menu item: Download with YouTube Video Converter - C:\Xilisoft\YouTube Video Converter\upod_link.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://*.gmail.com
O15 - Trusted IP range: http://208.49.76.141
O16 - DPF: {03A89EFD-E023-8600-A22D-45F77558EB4C} (ILINCInstall86 Class) - https://content.ilinc.com/clientdown...d/ilinci86.dll
O16 - DPF: {03A89EFD-E023-A000-A22D-45F77558EB4C} (ILINCInstall100 Class) - https://content10.ilinc.com/download/AXCltInstall.dll
O16 - DPF: {03A89EFD-E023-A100-A22D-45F77558EB4C} (ILINCInstall101 Class) - https://content10.ilinc.com/download/AXCltInstall.dll
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {35B0504D-F257-4E56-ACE1-B52E39B7C4F2} (ICSWeb Class) - https://ednet.wachovia.com/ics_EDNet...ents/icsax.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {48D5324D-D593-47DF-AAE4-18CB09F1F86F} (Siebel High Interactivity Framework) - http://208.49.76.141/fins_enu/19224/..._HI_Client.cab
O16 - DPF: {5852F5ED-8BF4-11D4-A245-0080C6F74284} (isInstalled Class) - http://javadl-esd.sun.com/update/1.5...ndows-i586.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1158673682625
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://webmail.worldbank.org/dwa7W.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://cognossupport.webex.com/clie...rt/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cns-inc.com
O17 - HKLM\Software\..\Telephony: DomainName = cns-inc.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cns-inc.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = cns-inc.com
O18 - Protocol: qrev - {9DE24BAC-FC3C-42C4-9FC4-76B3FAFDBD90} - C:\PROGRA~1\QUESTS~1\TOADFO~1\RNetPin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\buyoyena.dll c:\windows\system32\vufosesa.dll
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\vufosesa.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\State Of Michigan\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Rational ClearQuest Mail Service (MailService) - IBM Corporation - C:\Program Files\Rational\ClearQuest\mailservice.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oracle\ora92\bin\omtsreco.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe
O23 - Service: Track-It! Remote Control (TIRmtCtl) - Intuit Track-It! - C:\WINDOWS\TIREMOTE\wuser32.exe
O23 - Service: Track-It! Workstation Manager (TIRmtSvc) - Numara Software, Inc. - C:\WINDOWS\TIREMOTE\TIRemoteService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

==================================================
Thanks in Advance

__________________
desperado123 is offline   Reply With Quote
Old 12-02-2008, 02:39 PM   #2
TSF Team, Emeritus
 
Angelfire777's Avatar
 
Join Date: Oct 2006
Posts: 4,580
OS: Vista



Hi, welcome to TSF!

Before we continue, please follow the instructions presented in this thread: http://www.techsupportforum.com/secu...oval-help.html then post the requested logs.

__________________
UNITE and ASAP since 2006


If we have helped you, please consider donating.

The past won't be able to hurt you unless you keep on looking back at it.
Angelfire777 is offline   Reply With Quote
Old 12-03-2008, 07:25 AM   #3
Registered Member
 
Join Date: Dec 2008
Posts: 4
OS: xp



Hi,

Thank you for the response.
here is the DDS.txt output:


DDS (Version 1.0) - NTFSx86
Run by Bachus at 10:16:58.69 on Wed 12/03/2008
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1500 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\State Of Michigan\VPN Client\cvpnd.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\oracle\ora92\bin\omtsreco.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\TIREMOTE\wuser32.exe
C:\WINDOWS\TIREMOTE\TIRemoteService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\TIREMOTE\TIServiceMonitor.exe
C:\WINDOWS\system32\EXSHOW95.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Bachus\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Bachus\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {4f0c4ac8-71ab-48b3-963f-562042bd2677} - c:\windows\system32\gefuvura.dll
BHO: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: {D0943516-5076-4020-A3B5-AEFAF26AB263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Google Update] "c:\documents and settings\bachus\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [BPS Spyware Remover] c:\program files\bps remover\BPSRem.exe /STARTUP
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Track-It! Workstation Manager Service Monitor] c:\windows\tiremote\TIServiceMonitor.exe
mRun: [APVXDWIN] "c:\program files\panda software\panda antivirus 2007\APVXDWIN.EXE" /s
mRun: [EXSHOW95.EXE] EXSHOW95.EXE
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [snpstd3] c:\windows\vsnpstd3.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [vuyadaroya] Rundll32.exe "c:\windows\system32\mozulavo.dll",s
mRun: [9049602f] rundll32.exe "c:\windows\system32\garowori.dll",b
mRun: [CPM937a53b3] Rundll32.exe "c:\windows\system32\yapipije.dll",a
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\stateo~1.lnk - c:\program files\state of michigan\vpn client\vpngui.exe
IE: Download with YouTube Video Converter - c:\xilisoft\youtube video converter\upod_link.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
LSP: c:\program files\panda software\panda antivirus 2007\pavlsp.dll
Handler: qrev - {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - c:\progra~1\quests~1\toadfo~1\RNetPin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avldr - avldr.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\buyoyena.dll c:\windows\system32\vufosesa.dll c:\windows\system32\yapipije.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli c:\windows\system32\buyoyena.dll

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;\??\c:\program files\superantispyware\SASDIFSV.SYS [2008-8-19 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\SASKUTIL.sys [2008-8-19 55024]
R2 LogWatch;Event Log Watch;"c:\program files\ca\sharedcomponents\ca_lic\LogWatNT.exe" [2006-10-17 69632]
R2 PAVDRV;pavdrv;c:\windows\system32\drivers\pavdrv51.sys [2006-2-22 71552]
R2 PAVSRV;Panda anti-virus service;"c:\program files\panda software\panda antivirus 2007\pavsrv51.exe" [2007-5-9 151552]
R2 TIRmtCtl;Track-It! Remote Control;c:\windows\tiremote\wuser32.exe [2007-5-9 311374]
R2 TIRmtSvc;Track-It! Workstation Manager;c:\windows\tiremote\TIRemoteService.exe [2007-5-9 213504]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\ViewpointService.exe" [2007-6-26 24652]
R3 SASENUM;SASENUM;\??\c:\program files\superantispyware\SASENUM.SYS [2008-8-19 7408]
S0 qwdovka;qwdovka;c:\windows\system32\drivers\vosxwl.sys []
S2 MailService;Rational ClearQuest Mail Service;"c:\program files\rational\clearquest\mailservice.exe" [2005-6-8 70240]
S3 lredbooo;lredbooo;\??\c:\docume~1\bachus\locals~1\temp\lredbooo.sys [2004-6-17 15872]
S3 OracleOraHome92ClientCache;OracleOraHome92ClientCache;c:\oracle\ora92\bin\ONRSD.EXE [2002-4-26 242328]
S3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys []
S3 vsdatant;vsdatant;\??\c:\windows\system32\vsdatant.sys [2008-1-31 280344]

=============== Created Last 30 ================

2008-12-03 09:54 250 a------- c:\windows\gmer.ini
2008-12-03 09:12 1,356,887 ---sh--- c:\windows\system32\iroworag.ini
2008-12-02 13:06 1,358,336 ---sh--- c:\windows\system32\otonenaf.ini
2008-12-02 10:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2008-12-02 10:18 <DIR> --d----- c:\program files\SUPERAntiSpyware
2008-12-02 10:18 <DIR> --d----- c:\docume~1\bachus\applic~1\SUPERAntiSpyware.com
2008-12-02 10:18 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2008-12-02 01:05 1,358,337 ---sh--- c:\windows\system32\atalonor.ini
2008-12-01 23:50 <DIR> --d----- C:\VundoFix Backups
2008-12-01 23:35 <DIR> --d----- c:\program files\Spyware Doctor
2008-12-01 23:24 512,688 a------- c:\windows\system32\XceedCry.dll
2008-12-01 23:24 423,784 a------- c:\windows\system32\XceedBkp.dll
2008-12-01 23:24 389,120 a------- c:\windows\system32\ACTSKN43.OCX
2008-12-01 23:24 89,088 a------- c:\windows\system32\ProgressBar4.ocx
2008-12-01 23:24 11,012 a------- c:\windows\system32\threadapi.tlb
2008-12-01 22:49 <DIR> --d----- c:\program files\Enigma Software Group
2008-12-01 13:05 1,327,372 ---sh--- c:\windows\system32\ulahabaf.ini

==================== Find3M ====================

2008-12-03 09:11 85,557 a--sh--- c:\windows\system32\garowori.dll
2008-12-02 16:10 <DIR> --d----- c:\program files\Bonjour
2008-12-02 16:10 <DIR> --d----- c:\program files\iTunes
2008-12-02 13:05 93,749 a--sh--- c:\windows\system32\ronuruso.dll
2008-12-02 13:05 86,581 a--sh--- c:\windows\system32\fanenoto.dll
2008-12-02 07:17 <DIR> --d----- c:\program files\Messenger
2008-12-02 01:05 64,564 a--sh--- c:\windows\system32\zelokore.dll
2008-12-01 16:53 <DIR> --d----- c:\program files\EditPlus 2
2008-12-01 16:52 <DIR> --d----- c:\docume~1\bachus\applic~1\CoreFTP
2008-12-01 13:05 95,284 a--sh--- c:\windows\system32\yomunagu.dll
2008-10-24 14:43 <DIR> --d----- c:\program files\iPod
2008-10-16 14:12 <DIR> --d----- c:\program files\iLinc
2008-09-28 18:11 <DIR> --d----- c:\docume~1\bachus\applic~1\webex
2008-09-15 07:12 1,846,400 a------- c:\windows\system32\win32k.sys
2008-08-09 15:06 <DIR> --d----- c:\docume~1\bachus\applic~1\YouSendIt
2008-04-08 15:30 <DIR> --d----- c:\docume~1\bachus\applic~1\Uniblue
2008-03-31 21:32 <DIR> --d----- c:\docume~1\bachus\applic~1\Atari
2008-03-03 11:21 <DIR> --d----- c:\docume~1\bachus\applic~1\TeamViewer
2008-02-24 14:22 <DIR> --d----- c:\docume~1\bachus\applic~1\ICAClient
2008-02-05 13:36 <DIR> --d----- c:\docume~1\bachus\applic~1\My Games
2008-02-04 22:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Age of Empires 3 YPack Trial
2007-10-16 11:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\MSScanAppDataDir
2007-10-05 10:38 <DIR> --d----- c:\docume~1\bachus\applic~1\Nuotex
2007-09-05 15:19 <DIR> --d----- c:\docume~1\bachus\applic~1\CA
2007-08-27 14:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\River Past G5
2007-08-26 17:12 <DIR> --d----- c:\docume~1\alluse~1\applic~1\vsosdk
2007-08-26 16:17 <DIR> --d----- c:\docume~1\bachus\applic~1\River Past G5
2007-07-08 15:11 <DIR> --d----- c:\docume~1\bachus\applic~1\Xilisoft Corporation
2007-06-28 20:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Pure Networks
2007-06-26 10:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Viewpoint
2007-05-24 16:13 <DIR> --d----- c:\docume~1\bachus\applic~1\EditPlus 2
2007-05-23 11:13 <DIR> --d----- c:\docume~1\bachus\applic~1\Quest Software
2007-05-23 11:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Quest Software
2007-05-22 13:54 <DIR> --d----- c:\docume~1\bachus\applic~1\Software
2008-09-02 01:05 64,564 a--sh--- c:\windows\system32\buyoyena.dll
2008-09-02 01:05 64,564 a--sh--- c:\windows\system32\gefuvura.dll
2008-09-02 01:05 64,564 a--sh--- c:\windows\system32\mozulavo.dll
2008-08-18 09:17 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008081820080819\index.dat

============= FINISH: 10:17:48.73 ===============


Please find the attached gmer.txt and attach.txt files
Attached Files
File Type: txt gmer.txt (16.8 KB, 5 views)
File Type: txt Attach.txt (8.9 KB, 4 views)
__________________
desperado123 is offline   Reply With Quote
Old 12-03-2008, 09:33 AM   #4
TSF Team, Emeritus
 
Angelfire777's Avatar
 
Join Date: Oct 2006
Posts: 4,580
OS: Vista



Hi,

You attached the wrong gmer log.

Make sure you do the scan in the Rootkit/Malware tab not in the Autostart tab.
__________________
UNITE and ASAP since 2006


If we have helped you, please consider donating.

The past won't be able to hurt you unless you keep on looking back at it.
Angelfire777 is offline   Reply With Quote
Old 12-03-2008, 12:09 PM   #5
Registered Member
 
Join Date: Dec 2008
Posts: 4
OS: xp



Sorry.

Please find the attached gmer.txt file
Attached Files
File Type: txt gmer.txt (8.7 KB, 4 views)
__________________
desperado123 is offline   Reply With Quote
Old 12-03-2008, 12:49 PM   #6
TSF Team, Emeritus
 
Angelfire777's Avatar
 
Join Date: Oct 2006
Posts: 4,580
OS: Vista



Please visit this webpage for download links, and instructions for running combofix:

http://www.bleepingcomputer.com/comb...o-use-combofix

Note: Please rename combofix.exe to cfix.exe

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.
__________________
UNITE and ASAP since 2006


If we have helped you, please consider donating.

The past won't be able to hurt you unless you keep on looking back at it.
Angelfire777 is offline   Reply With Quote
Old 12-03-2008, 02:21 PM   #7
Registered Member
 
Join Date: Dec 2008
Posts: 4
OS: xp



Hi,

I'm trying to drag and drop the windows-xp-kb310994-sp2-home-bootdisk-ENU on combofixicon, but it didnt install anything for me. i even restarted the machine and checked it . but nothing happened. when i drag and drop it on combofix icon, it's actually trying to start the combo fix. it didnt install the boot disk-ENU.
Please let me know how to do this step.
do i need to take a backup of all the data before proceeding with this step?
Thanks in Advance.
__________________
desperado123 is offline   Reply With Quote
Old 12-03-2008, 02:38 PM   #8
TSF Team, Emeritus
 
Angelfire777's Avatar
 
Join Date: Oct 2006
Posts: 4,580
OS: Vista



Just drag and drop the the setup file to combofix then allow it to continue till its done. We'll proceed from there.

__________________
UNITE and ASAP since 2006


If we have helped you, please consider donating.

The past won't be able to hurt you unless you keep on looking back at it.
Angelfire777 is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 12:20 PM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts