Welcome Guest ( Log In | Join )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Want to ask a question, reply to a topic, or remove all advertising? It's easy, fast and free. Join today!
Spyware, virus, trojan, fake security or privacy alerts? Please start with our malware cleaning guide.
     
2 Pages V   1 2 >  
 Closed TopicStart new topic
Assortment of Problems: Trend Micro [RESOLVED], Constant malware no matter what I do
nicolethompson11
post Nov 8 2007, 12:41 AM
Post #1


Member
**
Posts: 11
OS: Windows XP
I'm having an assortment of ongoing malware problems that I can't seem to get on top of. I will do my best to keep this as brief and to the point as possible.

Stupid me: attempted to download trial software from LimeWire without Anti-Virus software (don't slaughter me, I've had punishment enough! *LOL*). It didn't come with my leased Dell and I hadn't had the finane to buy it. Needless to say, when I got a virus, I went immediately out and bought it. Trend Micro Internet Security Pro.

I installed it. It took me a number of days to get the right combination of settings, etc but eventually things were working well. Since then though, I still seem to be inundated with malware, SpyWare especially. I am constantly (sometimes more than thrice a day) running scans which apparently remove the problems, yet minutes later I open my browser, get ads, run another scan and there's adware back again! Here's caps of one of the many summary reports after a scan.




Sometimes there's even more malware found than this! It seems to be pretty much the same stuff every time though.

Please help me, what the [bleep] is going on? Can you tell me what I can do? What setting am I overlooking?

One thing I must especially mention that might be a hint to you experts is that I cannot "Examine Quarantine Files" under the "Virus & Spyware" tab. I click the link to open it and the window comes up, but it won't load past this, then it crashes:




An additional problem I have noticed when the malware is at it's worst is that when I type, letters go missing...? I am no anti-virus expert and am seriously desperate! Any help you guys can give, I would deeply appreciate.

Many MANY thanks!
Nicole
Go to the top of the page
 
+Quote Post
Stamper19
post Nov 8 2007, 11:00 AM
Post #2


Trusted Helper
Group Icon
Posts: 1,990
OS: Windows XP
Hi nicolethompson11,

Welcome to Geeks to Go!

My name is Stamper19 and I will be helping you with your Malware problem. During the course of our interactions please be sure to follow all instructions carefully, and ask questions if you are unsure of how to proceed at any point. wink.gif

----------------------------------------------------------------

Click here to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop.
  • Doubleclick on the HJTinstall.exe icon on your desktop.
  • By default it will install to C:\Program Files\TrendMicro\Hijack This.
  • Accept the licensing agreement
  • HiJack This will launch
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

----------------------------------------------------------------

Information to include in your next post:
  • HiJack This Log


This post has been edited by Stamper19: Nov 8 2007, 11:08 AM
Go to the top of the page
 
+Quote Post
nicolethompson11
post Nov 8 2007, 04:59 PM
Post #3


Member
**
Posts: 11
OS: Windows XP
Hi Stamper,

Thank you sooooo much for your help, your quick and efficient reply is highly appreciated smile.gif Here's the log:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:57:50 AM, on 9/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\WINDOWS\system32\nnrsshvj.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\DOCUME~1\Nic\APPLIC~1\DOBE~1\ati2evxx.exe
C:\Documents and Settings\Nic\Application Data\??sembly\?vchost.exe
C:\Program Files\AOL 7.0\aoltray.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\Dependent\HSChkProxyExe.exe
C:\WINDOWS\system32\kdfmgr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=5070306
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.yahoo.com/config/mail?.intl=au
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=5070306
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.bigpond.com/mybigpond/welcome/
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [54cc42fd] rundll32.exe "C:\WINDOWS\system32\brnblyec.dll",b
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [Sen] "C:\DOCUME~1\Nic\APPLIC~1\DOBE~1\ati2evxx.exe" -vt yazb
O4 - HKCU\..\Run: [Ojgri] "C:\Documents and Settings\Nic\Application Data\??sembly\?vchost.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AOL 7.0 Tray Icon.lnk = C:\Program Files\AOL 7.0\aoltray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B7ACF958-032C-4C38-8791-C45F88708211}: Domain = nsw.bigpond.net.au
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00F623C.dat
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: dlcx_device - - C:\WINDOWS\system32\dlcxcoms.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\nnrsshvj.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 10152 bytes
Go to the top of the page
 
+Quote Post
Stamper19
post Nov 8 2007, 06:58 PM
Post #4


Trusted Helper
Group Icon
Posts: 1,990
OS: Windows XP
Hi nicolethompson11,

It is my pleasure to help out smile.gif

I see a couple of infections we will need to deal with, so lets get right to it.

----------------------------------------------------------------

Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

----------------------------------------------------------------

Information to include in your next post:
  • Combofix Log
  • Fresh HiJack This Log
Go to the top of the page
 
+Quote Post
nicolethompson11
post Nov 8 2007, 11:25 PM
Post #5


Member
**
Posts: 11
OS: Windows XP
Excellent, thanks again Stamper.

Combofix log:

ComboFix 07-11-08.1 - Nic 2007-11-09 12:14:43.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.343 [GMT 11:00]
Running from: C:\Documents and Settings\Nic\Desktop\ComboFix.exe
* Created a new restore point
.

Unable to gain System Privileges

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\Nic\APPLIC~1\DOBE~1\?dobe\
C:\DOCUME~1\Nic\APPLIC~1\DOBE~1\ati2evxx.exe
C:\DOCUME~1\Nic\APPLIC~1\SEMBLY~1\?vchost.exe
C:\DOCUME~1\Nic\STARTM~1\Programs\Outerinfo\Terms.lnk
C:\DOCUME~1\Nic\STARTM~1\Programs\Outerinfo\Uninstall.lnk
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\Nic\Application Data\DOBE~1
C:\Documents and Settings\Nic\Application Data\DOBE~1\?dobe\
C:\Documents and Settings\Nic\Application Data\DOBE~1\ati2evxx.exe
C:\Documents and Settings\Nic\Application Data\SEMBLY~1
C:\Documents and Settings\Nic\Application Data\SEMBLY~1\?vchost.exe
C:\Documents and Settings\Nic\Application Data\STEM~1
C:\Documents and Settings\Nic\iexplorer.exe
C:\Documents and Settings\Nic\Start Menu\Programs\Outerinfo
C:\Documents and Settings\Nic\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\Nic\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Program Files\Common Files\Yazzle1560OinAdmin.exe
C:\Program Files\Common Files\Yazzle1560OinUninstaller.exe
C:\Program Files\inetget2
C:\Program Files\network monitor
C:\Program Files\network monitor\netmon.exe
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\FF.dll
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\Temporary
C:\Program Files\Temporary\wininstall.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\b122.exe
C:\WINDOWS\b128.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\__c0030090.dat
C:\WINDOWS\system32\__c00453F0.dat
C:\WINDOWS\system32\__c005690.dat
C:\WINDOWS\system32\__c005858A.dat
C:\WINDOWS\system32\__c0068E39.dat
C:\WINDOWS\system32\__c006B0DA.dat
C:\WINDOWS\system32\__c006E4BC.dat
C:\WINDOWS\system32\__c00A0D4E.dat
C:\WINDOWS\system32\__c00A20D1.dat
C:\WINDOWS\system32\__c00D5D45.dat
C:\WINDOWS\system32\__c00E8344.dat
C:\WINDOWS\system32\__c00F623C.dat
C:\WINDOWS\system32\aharo.dll
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\boeiwskm.dll
C:\WINDOWS\system32\cslbjfaj.dll
C:\WINDOWS\system32\fckokmeb.dll
C:\WINDOWS\system32\fnbevnyl.dll
C:\WINDOWS\system32\gebxuuv.dll
C:\WINDOWS\system32\hvvqwciq.dll
C:\WINDOWS\system32\jejhryls.dll
C:\WINDOWS\system32\kasrkefg.dll
C:\WINDOWS\system32\llhvqxft.dll
C:\WINDOWS\system32\m2
C:\WINDOWS\system32\mwynvijc.dll
C:\WINDOWS\system32\nbfdubte.dll
C:\WINDOWS\system32\nrinmbea.dll
C:\WINDOWS\system32\nvdgadei.dll
C:\WINDOWS\system32\nwewaobs.dll
C:\WINDOWS\system32\o1
C:\WINDOWS\system32\o1\wr31drs.exe
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pgnxbeln.dll
C:\WINDOWS\system32\prirkriu.dll
C:\WINDOWS\system32\prutv.bak1
C:\WINDOWS\system32\prutv.bak2
C:\WINDOWS\system32\prutv.ini
C:\WINDOWS\system32\prutv.ini2
C:\WINDOWS\system32\prutv.tmp
C:\WINDOWS\system32\qkclukxg.dll
C:\WINDOWS\system32\ukllarjv.dll
C:\WINDOWS\system32\v4
C:\WINDOWS\system32\vkacqwvi.dll
C:\WINDOWS\system32\vturp.dll
C:\WINDOWS\system32\wfpqakbi.dll
C:\WINDOWS\system32\wnstsicom32.exe
C:\WINDOWS\system32\wtrnyepv.dll
C:\WINDOWS\system32\xtftupef.dll
C:\WINDOWS\system32\xwvrtuwj.dll
C:\WINDOWS\system32\ydpdeiva.dll
C:\WINDOWS\uninstall_nmon.vbs
C:\z.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CMDSERVICE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-10-09 to 2007-11-09 )))))))))))))))))))))))))))))))
.

2007-11-09 12:11 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-09 09:56 80,448 --a------ C:\WINDOWS\system32\uprthbcd.dll
2007-11-09 09:53 86,080 --a------ C:\WINDOWS\system32\brnblyec.dll
2007-11-09 09:53 71,232 --a------ C:\WINDOWS\system32\ojwddxvg.exe
2007-11-08 21:55 38,224 --a------ C:\WINDOWS\system32\drivers\neokdss.sys
2007-11-08 08:07 79,936 --a------ C:\WINDOWS\system32\mfoegdwo.dll
2007-11-08 08:04 71,232 --a------ C:\WINDOWS\system32\hoqvtnyf.exe
2007-11-07 21:49 79,936 --a------ C:\WINDOWS\system32\ddcsajby.dll
2007-11-07 21:40 71,232 --a------ C:\WINDOWS\system32\nnrsshvj.exe
2007-11-06 21:46 81,472 --a------ C:\WINDOWS\system32\fmsjjvpn.dll
2007-11-06 17:52 81,472 --a------ C:\WINDOWS\system32\cthwqsog.dll
2007-11-06 16:51 81,472 --a------ C:\WINDOWS\system32\oxbvtycr.dll
2007-11-06 16:32 81,472 --a------ C:\WINDOWS\system32\vatkykwx.dll
2007-11-05 16:43 83,008 --a------ C:\WINDOWS\system32\skwudgvb.dll
2007-11-04 20:25 78,912 --a------ C:\WINDOWS\system32\jcfxhvhe.dll
2007-11-04 12:17 81,472 --a------ C:\WINDOWS\system32\disemfwp.dll
2007-11-03 11:48 82,496 --a------ C:\WINDOWS\system32\lpxhckcq.dll
2007-11-02 12:01 <DIR> d-------- C:\WINDOWS\pss
2007-11-01 18:53 <DIR> d-------- C:\WINDOWS\kdefense
2007-11-01 18:53 849,920 --a------ C:\WINDOWS\system32\kdfinj.dll
2007-11-01 18:53 726,568 --a------ C:\WINDOWS\system32\kdfmgr.exe
2007-11-01 18:53 192,512 --a------ C:\WINDOWS\system32\kdfvmgr.exe
2007-11-01 18:53 77,824 --a------ C:\WINDOWS\system32\kdfapi.dll
2007-11-01 18:53 53,248 --a------ C:\WINDOWS\system32\Kdfhok.dll
2007-11-01 18:43 <DIR> d-------- C:\WINDOWS\LocalSSL
2007-11-01 18:42 138,512 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-11-01 18:42 52,496 --a------ C:\WINDOWS\system32\drivers\tmactmon.sys
2007-11-01 18:42 52,368 --a------ C:\WINDOWS\system32\drivers\tmevtmgr.sys
2007-11-01 18:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trend Micro
2007-11-01 18:40 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-01 15:55 <DIR> d--hs---- C:\WINDOWS\Tmlj
2007-11-01 15:52 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-11-01 15:50 <DIR> d-------- C:\WINDOWS\system32\Mz18r
2007-11-01 15:50 <DIR> d-------- C:\Temp\mZOr
2007-11-01 15:50 <DIR> d-------- C:\Temp
2007-11-01 15:28 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-10-23 17:43 <DIR> d-------- C:\Documents and Settings\Nic\Shared
2007-10-23 17:43 <DIR> d-------- C:\Documents and Settings\Nic\Incomplete
2007-10-23 17:43 <DIR> d-------- C:\Documents and Settings\Nic\Application Data\LimeWire
2007-10-23 17:43 <DIR> d-------- C:\DOCUME~1\Nic\APPLIC~1\LimeWire
2007-10-10 17:46 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-09 01:31 --------- d-----w C:\Program Files\Dl_cats
2007-11-08 10:55 --------- d-----w C:\Documents and Settings\Nic\Application Data\AdobeUM
2007-11-08 10:55 --------- d-----w C:\DOCUME~1\Nic\APPLIC~1\AdobeUM
2007-11-08 08:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-07 21:04 --------- d-----w C:\Documents and Settings\Nic\Application Data\Skype
2007-11-07 21:04 --------- d-----w C:\DOCUME~1\Nic\APPLIC~1\Skype
2007-11-05 06:58 5,442 ----a-w C:\Documents and Settings\Nic\Application Data\wklnhst.dat
2007-11-05 06:58 5,442 ----a-w C:\DOCUME~1\Nic\APPLIC~1\wklnhst.dat
2007-11-01 22:34 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-01 11:40 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-10-16 07:22 --------- d-----w C:\Program Files\Java
2007-09-18 02:29 65,936 ----a-w C:\WINDOWS\system32\drivers\tmtdi.sys
2007-09-18 02:29 333,328 ----a-w C:\WINDOWS\system32\drivers\TM_CFW.sys
2007-09-17 03:40 35,856 ----a-w C:\WINDOWS\system32\drivers\tmpreflt.sys
2007-09-17 03:40 202,768 ----a-w C:\WINDOWS\system32\drivers\tmxpflt.sys
2007-09-17 03:31 1,126,072 ----a-w C:\WINDOWS\system32\drivers\vsapint.sys
2007-09-12 10:20 --------- d-----w C:\Program Files\MSN Messenger
2007-09-12 10:15 18,040,176 ----a-w C:\Program Files\Install_Messenger_nous.exe
2007-09-11 09:44 --------- d-----w C:\Documents and Settings\Nic\Application Data\FileZilla
2007-09-11 09:44 --------- d-----w C:\DOCUME~1\Nic\APPLIC~1\FileZilla
2007-09-04 07:17 336 ----a-w C:\Documents and Settings\Luke & Jenny\Application Data\wklnhst.dat
2007-09-03 07:21 21,859,360 ----a-w C:\Program Files\flexnetconnectsdk.exe
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 06:15 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-08-20 12:07 15,732,984 ----a-w C:\Program Files\Google_Earth_BZXD.exe
2007-08-20 10:04 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-20 10:04 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-20 10:04 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-08-20 10:04 6,058,496 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-08-20 10:04 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-08-20 10:04 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-20 10:04 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-08-20 10:04 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-08-20 10:04 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-08-20 10:04 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-08-20 10:04 3,584,512 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-20 10:04 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-20 10:04 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-08-20 10:04 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-08-20 10:04 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-08-20 10:04 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-20 10:04 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-20 10:04 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-08-20 10:04 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-20 10:04 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-08-20 10:04 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-08-20 10:04 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-08-20 10:04 1,152,000 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-17 23:21 50,005,304 ----a-w C:\Program Files\iTunesSetup.exe
2007-08-17 10:21 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-08-17 10:20 63,488 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-08-17 10:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-08-17 07:34 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 11:25 4,215,160 ----a-w C:\Program Files\dMC-r12.2.exe
2007-07-03 09:31:45 104 --sh--r C:\WINDOWS\system32\43BB4BC1BE.sys
2007-07-03 09:31:48 5,852 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2005-07-29 05:24:26 472 --sha-r C:\WINDOWS\Tmlj\nA53.vbs
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2a92fe10-7f72-45db-873f-7fbe900e3fb1}]
2007-11-09 09:56 80448 --a------ C:\WINDOWS\system32\uprthbcd.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{E7620C98-FCCC-40E5-92EC-C7685D2E1E40}"= C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll [2007-09-17 01:21 103760]

[HKEY_CLASSES_ROOT\CLSID\{E7620C98-FCCC-40E5-92EC-C7685D2E1E40}]
[HKEY_CLASSES_ROOT\TSToolbar.TSProtectorBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EC525605-2266-4775-8F78-A68A6446465C}]
[HKEY_CLASSES_ROOT\TSToolbar.TSProtectorBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-16 11:39]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 08:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 08:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 08:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 08:00]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 13:20 C:\WINDOWS\stsystra.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 10:15]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 08:20]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 05:56]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 05:56]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-30 17:46]
"FaxCenterServer"="C:\Program Files\Dell PC Fax\fm3032.exe" [2006-11-04 09:09]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-03-30 15:24]
"dlcxmon.exe"="C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe" [2006-11-04 09:04]
"MemoryCardManager"="C:\Program Files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-04 09:04]
"DLCXCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 16:31]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 04:12]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 07:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 19:44]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2007-09-18 13:25]
"54cc42fd"="C:\WINDOWS\system32\brnblyec.dll" [2007-11-09 09:53]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2006-08-29 00:57]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-13 19:57]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 13:31]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 05:56]
"OE"="C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2007-09-18 13:30]
"Sen"="C:\DOCUME~1\Nic\APPLIC~1\DOBE~1\ati2evxx.exe" []
"Ojgri"="C:\Documents and Settings\Nic\Application Data\??sembly\?vchost.exe" []

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\vturp.dll

R2 dlcx_device;dlcx_device;C:\WINDOWS\system32\dlcxcoms.exe -service
S3 Modbiray;Modbiray;C:\WINDOWS\system32\drivers\nikedrv.sys
S3 NAL;Nal Service ;\??\C:\WINDOWS\system32\Drivers\iqvw32.sys

.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-09 12:31:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-09 12:34:19 - machine was rebooted
.
--- E O F ---



HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:22:56 PM, on 9/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\AOL 7.0\aoltray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\Dependent\HSChkProxyExe.exe
C:\WINDOWS\system32\kdfmgr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.yahoo.com/config/mail?.intl=au
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=5070306
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.bigpond.com/mybigpond/welcome/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: {1bf3e009-ebf7-f378-bd54-27f701ef29a2} - {2a92fe10-7f72-45db-873f-7fbe900e3fb1} - C:\WINDOWS\system32\uprthbcd.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [54cc42fd] rundll32.exe "C:\WINDOWS\system32\brnblyec.dll",b
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [Sen] "C:\DOCUME~1\Nic\APPLIC~1\DOBE~1\ati2evxx.exe" -vt yazb
O4 - HKCU\..\Run: [Ojgri] "C:\Documents and Settings\Nic\Application Data\??sembly\?vchost.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AOL 7.0 Tray Icon.lnk = C:\Program Files\AOL 7.0\aoltray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B7ACF958-032C-4C38-8791-C45F88708211}: Domain = nsw.bigpond.net.au
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: dlcx_device - - C:\WINDOWS\system32\dlcxcoms.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 11030 bytes
Go to the top of the page
 
+Quote Post
Stamper19
post Nov 9 2007, 09:02 AM
Post #6


Trusted Helper
Group Icon
Posts: 1,990
OS: Windows XP
Hi nicolethompson11,

We are making progress smile.gif

----------------------------------------------------------------

Download and scan with SUPERAntiSypware Free for Home Users
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

----------------------------------------------------------------

Please download Deckard's System Scanner (DSS) to your Desktop.
  • Close all applications and windows.
  • Double-click on DSS.exe to run it, and follow the prompts.
  • The scan may take a minute. When the scan is complete, two text files will open - Main.txt and Extra.txt

Extra Note: When running DSS, some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so. Also, it may happen that your Antivirus flags DSS as suspicious. Please allow the Deckard's System Scanner to run and don't let your Antivirus delete it. (In this case, it may be better to temporary disable your Antivirus)

Post the main.txt and extra.txt from the C:\Deckard\System Scanner folder into your next reply.

----------------------------------------------------------------

Information to include in your next post:
  • SuperAntiSpyware Log
  • Main.txt and Extra.txt from DSS
Go to the top of the page
 
+Quote Post
nicolethompson11
post Nov 11 2007, 05:34 PM
Post #7


Member
**
Posts: 11
OS: Windows XP
I can't thank you enough for all your help Stamper! smile.gif

SUPERAntiSpyware Log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/10/2007 at 07:58 PM

Application Version : 3.9.1008

Core Rules Database Version : 3342
Trace Rules Database Version: 1343

Scan type : Complete Scan
Total Scan Time : 00:36:49

Memory items scanned : 553
Memory threats detected : 0
Registry items scanned : 4973
Registry threats detected : 4
File items scanned : 32936
File threats detected : 114

Adware.Vundo-Variant
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2a92fe10-7f72-45db-873f-7fbe900e3fb1}
HKCR\CLSID\{2A92FE10-7F72-45DB-873F-7FBE900E3FB1}
HKCR\CLSID\{2A92FE10-7F72-45DB-873F-7FBE900E3FB1}\InprocServer32
HKCR\CLSID\{2A92FE10-7F72-45DB-873F-7FBE900E3FB1}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\UPRTHBCD.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP203\A0020149.DLL
C:\WINDOWS\SYSTEM32\CTHWQSOG.DLL
C:\WINDOWS\SYSTEM32\DDCSAJBY.DLL
C:\WINDOWS\SYSTEM32\DISEMFWP.DLL
C:\WINDOWS\SYSTEM32\FMSJJVPN.DLL
C:\WINDOWS\SYSTEM32\JCFXHVHE.DLL
C:\WINDOWS\SYSTEM32\LPXHCKCQ.DLL
C:\WINDOWS\SYSTEM32\MFOEGDWO.DLL
C:\WINDOWS\SYSTEM32\OXBVTYCR.DLL
C:\WINDOWS\SYSTEM32\SKWUDGVB.DLL
C:\WINDOWS\SYSTEM32\VATKYKWX.DLL

Adware.Tracking Cookie
C:\Documents and Settings\Nic\Cookies\nic@statse.webtrendslive[2].txt
C:\Documents and Settings\Nic\Cookies\nic@mediaplex[1].txt
C:\Documents and Settings\Nic\Cookies\nic@sensismediasmart.com[1].txt
C:\Documents and Settings\Nic\Cookies\nic@www.googleadservices[1].txt
C:\Documents and Settings\Nic\Cookies\nic@media.adrevolver[2].txt
C:\Documents and Settings\Nic\Cookies\nic@media.sensis.com[2].txt
C:\Documents and Settings\Nic\Cookies\nic@hitz-r-us[3].txt
C:\Documents and Settings\Nic\Cookies\nic@e-2dj6wjlyejdzsdp.stats.esomniture[2].txt
C:\Documents and Settings\Nic\Cookies\nic@media.adrevolver[1].txt
C:\Documents and Settings\Nic\Cookies\nic@trafficvenuedirect[2].txt
C:\Documents and Settings\Nic\Cookies\nic@ad.zanox[1].txt
C:\Documents and Settings\Nic\Cookies\nic@zedo[1].txt
C:\Documents and Settings\Nic\Cookies\nic@ehg-ifilm.hitbox[1].txt
C:\Documents and Settings\Nic\Cookies\nic@incentreward.directtrack[1].txt
C:\Documents and Settings\Nic\Cookies\nic@ad.yieldmanager[2].txt
C:\Documents and Settings\Nic\Cookies\nic@112.2o7[2].txt
C:\Documents and Settings\Nic\Cookies\nic@doubleclick[2].txt
C:\Documents and Settings\Nic\Cookies\nic@adrevolver[1].txt
C:\Documents and Settings\Nic\Cookies\nic@optimost[1].txt
C:\Documents and Settings\Nic\Cookies\nic@ad.outerinfoads[11].txt
C:\Documents and Settings\Nic\Cookies\nic@perf.overture[1].txt
C:\Documents and Settings\Nic\Cookies\nic@counter.auctionworks[2].txt
C:\Documents and Settings\Nic\Cookies\nic@imrworldwide[2].txt
C:\Documents and Settings\Nic\Cookies\nic@e-2dj6wjkygncpgeo.stats.esomniture[2].txt
C:\Documents and Settings\Nic\Cookies\nic@adopt.euroclick[1].txt
C:\Documents and Settings\Nic\Cookies\nic@fdau.adbureau[1].txt
C:\Documents and Settings\Nic\Cookies\nic@2o7[2].txt
C:\Documents and Settings\Nic\Cookies\nic@casalemedia[1].txt
C:\Documents and Settings\Nic\Cookies\nic@serving-sys[1].txt
C:\Documents and Settings\Nic\Cookies\nic@indextools[2].txt
C:\Documents and Settings\Nic\Cookies\nic@apmebf[1].txt
C:\Documents and Settings\Nic\Cookies\nic@advertising[1].txt
C:\Documents and Settings\Nic\Cookies\nic@linksynergy[1].txt
C:\Documents and Settings\Nic\Cookies\nic@tradedoubler[1].txt
C:\Documents and Settings\Nic\Cookies\nic@partypoker[2].txt
C:\Documents and Settings\Nic\Cookies\nic@gettyimages.122.2o7[1].txt
C:\Documents and Settings\Nic\Cookies\nic@directtrack[1].txt
C:\Documents and Settings\Nic\Cookies\nic@ad.sensismediasmart.com[1].txt
C:\Documents and Settings\Nic\Cookies\nic@overture[1].txt
C:\Documents and Settings\Nic\Cookies\nic@atdmt[2].txt
C:\Documents and Settings\Nic\Cookies\nic@bs.serving-sys[1].txt
C:\Documents and Settings\Luke & Jenny\Cookies\luke_&_jenny@112.2o7[2].txt
C:\Documents and Settings\Luke & Jenny\Cookies\luke_&_jenny@2o7[1].txt
C:\Documents and Settings\Luke & Jenny\Cookies\luke_&_jenny@acvs.mediaonenetwork[1].txt
C:\Documents and Settings\Luke & Jenny\Cookies\luke_&_jenny@ad.yieldmanager[1].txt
C:\Documents and Settings\Luke & Jenny\Cookies\luke_&_jenny@adtech[2].txt
C:\Documents and Settings\Luke & Jenny\Cookies\luke_&_jenny@apmebf[1].txt
C:\Documents and Settings\Luke & Jenny\Cookies\luke_&_jenny@atdmt[2].txt
C:\Documents and Settings\Luke & Jenny\Cookies\luke_&_jenny@bs.serving-sys[1].txt
C:\Documents and Settings\Luke & Jenny\Cookies\luke_&_jenny@c5.zedo[2].txt
C:\Documents and Settings\Luke & Jenny\Cookies\luke_&_jenny@counter.hitslink[1].txt
C:\Documents and Settings\Luke & Jenny\Cookies\luke_&_jenny@doubleclick[1].txt
C:\Documents and Settings\Luke & Jenny\Cookies\luke_&_jenny@e-2dj6wjl4updpceo.stats.esomniture[2].txt
C:\Documents and Settings\Luke & Jenny\Cookies\luke_&_jenny@gmap.112.2o7[1].txt
C:\Documents and Settings\Luke & Jenny\Cookies\luke_&_jenny@imrworldwide[2].txt
C:\Documents and Settings\Luke & Jenny\Cookies\luke_&_jenny@media.sensis.com[2].txt
C:\Documents and Settings\Luke & Jenny\Cookies\luke_&_jenny@mediaonenetwork[2].txt
C:\Documents and Settings\Luke & Jenny\Cookies\luke_&_jenny@mediaplex[2].txt
C:\Documents and Settings\Luke & Jenny\Cookies\luke_&_jenny@msnportal.112.2o7[1].txt
C:\Documents and Settings\Luke & Jenny\Cookies\luke_&_jenny@overture[1].txt
C:\Documents and Settings\Luke & Jenny\Cookies\luke_&_jenny@paypal.112.2o7[1].txt
C:\Documents and Settings\Luke & Jenny\Cookies\luke_&_jenny@serving-sys[1].txt
C:\Documents and Settings\Luke & Jenny\Cookies\luke_&_jenny@specificclick[2].txt
C:\Documents and Settings\Luke & Jenny\Cookies\luke_&_jenny@statcounter[1].txt
C:\Documents and Settings\Luke & Jenny\Cookies\luke_&_jenny@zedo[1].txt
C:\Documents and Settings\Nic\Cookies\nic@ad.outerinfoads[10].txt
C:\Documents and Settings\Nic\Cookies\nic@ad.outerinfoads[1].txt
C:\Documents and Settings\Nic\Cookies\nic@ad.outerinfoads[2].txt
C:\Documents and Settings\Nic\Cookies\nic@ad.outerinfoads[3].txt
C:\Documents and Settings\Nic\Cookies\nic@ad.outerinfoads[4].txt
C:\Documents and Settings\Nic\Cookies\nic@ad.outerinfoads[5].txt
C:\Documents and Settings\Nic\Cookies\nic@ad.outerinfoads[6].txt
C:\Documents and Settings\Nic\Cookies\nic@ad.outerinfoads[7].txt
C:\Documents and Settings\Nic\Cookies\nic@ad.outerinfoads[9].txt
C:\Documents and Settings\Nic\Cookies\nic@bs.serving-sys[2].txt
C:\Documents and Settings\Nic\Cookies\nic@hitz-r-us[2].txt
C:\Documents and Settings\Nic\Cookies\nic@serving-sys[2].txt
C:\Documents and Settings\Nic\Cookies\nic@statse.webtrendslive[1].txt

Adware.ClickSpring-Variant
C:\QOOBOX\QUARANTINE\C\DOCUMENTS AND SETTINGS\NIC\APPLICATION DATA\DOBE~1\ATI2EVXX.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP203\A0020161.EXE

Adware.ClickSpring
C:\qoobox\Quarantine\C\Documents and Settings\Nic\Application Data\SEMBLY~1\VCHOST~1.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\AHARO.DLL.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP197\A0019644.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP197\A0019645.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP203\A0020131.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP203\A0020162.EXE

Adware.ClickSpring/Yazzle
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1560OINADMIN.EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1560OINUNINSTALLER.EXE.VIR

Trojan.NetMon/DNSChange
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\NETWORK MONITOR\NETMON.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP203\A0020158.EXE

Trojan.Downloader-Gen/Multi
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\GEBXUUV.DLL.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP203\A0020136.DLL

Trojan.Unknown Origin
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WNSTSICOM32.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\UNINSTALL_NMON.VBS.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP197\A0019648.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP203\A0020127.VBS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP203\A0020128.EXE
C:\WINDOWS\TMLJ\NA53.VBS

Trojan.Downloader-Gen/DDC
C:\WINDOWS\SYSTEM32\HOQVTNYF.EXE
C:\WINDOWS\SYSTEM32\NNRSSHVJ.EXE
C:\WINDOWS\SYSTEM32\OJWDDXVG.EXE

Trojan.Downloader-Gen/BundleBase
C:\WINDOWS\SYSTEM32\MZ18R\MZ18R2328.EXE



DSS Main.txt:

Deckard's System Scanner v20071014.68
Run by Nic on 2007-11-12 09:57:00
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
81: 2007-11-11 22:57:05 UTC - RP207 - Deckard's System Scanner Restore Point
80: 2007-11-11 10:50:15 UTC - RP206 - System Checkpoint
79: 2007-11-10 07:55:43 UTC - RP205 - Installed SUPERAntiSpyware Free Edition
78: 2007-11-10 02:28:27 UTC - RP204 - System Checkpoint
77: 2007-11-09 01:12:39 UTC - RP203 - ComboFix created restore point


-- First Restore Point --
1: 2007-11-01 04:58:00 UTC - RP127 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Nic.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:57:45 AM, on 12/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AOL 7.0\aoltray.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\Dependent\HSChkProxyExe.exe
C:\WINDOWS\system32\kdfmgr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Nic\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Nic.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =