Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Programs Acting Odd


  • This topic is locked This topic is locked
7 replies to this topic

#1 annabackwards

annabackwards

  • Members
  • 1,381 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Sydney, Australia.
  • Local time:01:08 AM

Posted 04 August 2007 - 04:50 AM

1st thing i noticed, Comodo regularly pops up with the allow/deny message, asking me what to do when a program requests access to the internet. Now, i am a seasoned user of Comodo, and i never got these regular messages before!!! I have allowed all of the programs that need to access the net, and the programs that request acces never need to access it, or there are funny circumstances, for e.g msn messenger acting as a serve for Microsoft word to access the net through firefox or Internet explorer, or one of my game applications acting as a server for a random program like media player.

In all instances, the connection is either invisible or via using OLE automation, which Comodo says can be used to hijack other applications. Reading this, i clicked deny. But when it involves mozilla firefox, Comodo seems to go into some sort of lock down, and i can't access the net using mozilla :S

I have scanned my computer with Trend Micro Housecall, Pc-cillin, Spybot SD, a-squared and SuperAntispyware. These scans have found some adware, but nothing serious. I fixxed all problems, rescanned, and they all come up with nothing, but i am still having the problem from time to time.

I asked for help in the Am I infected? What do I do? forum and got referred here, so here i am!!!
The thread can be found here

Here's my HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:34:16 PM, on 4/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
O2 - BHO: Trend Micro Antifraud Toolbar - {06647158-359E-4D10-A8DE-E6145DA90BE9} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Dictionary.com - {11359F4A-B191-42d7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\lexbar.dll
O2 - BHO: CKeyScramblerBHO Object - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Dictionary.com - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\lexbar.dll
O3 - Toolbar: Trend Micro Antifraud Toolbar - {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm
O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://annabackwards.spaces.live.com//Phot...ad/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.reference.com/tools/toolbar/lexico.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 7566 bytes
Posted Image

Surf smarter, surf faster, surf safer, surf with Mozilla Firefox

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:03:08 PM

Posted 04 August 2007 - 08:08 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum annabackwards :thumbsup:
My name is Richie and i'll be helping you to fix your problems.

You have Comodo Firewall and Trend Micro Personal Firewall active and running on your system.
Its not a good idea to have more than one firewall,it can lead to connection issues and possibly other problems within the operating system due to conflicts.
I suggest you remove/uninstall Comodo Firewall via Add or Remove Programs,then restart your pc.

--------------------------------------------------

Please download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.

Also post a new Hijackthis log.
Posted Image
Posted Image

#3 annabackwards

annabackwards
  • Topic Starter

  • Members
  • 1,381 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Sydney, Australia.
  • Local time:01:08 AM

Posted 04 August 2007 - 09:34 PM

Trend Micro Firewall is active? Thats odd...
When my computer crashed, i had to re-install Trend Micro. When i installed it, The personal firewall, wifi-intrusion detection and real-time network protection became N/A for some reason...but i wasn't bothered in-installing and re-installing it.

So thats when i decided to use Comodo Firewall. I was thinking of not using Trend Micro all together, and using Comodo friewall and BOcleaner, AVG free, Spybot, SAS, Spywareguard and Spywareblaster. DO you think that will provide adequate protection?

Anyways, did what you said and here's the Combofix log:
ComboFix 07-08-05.3 - "annA" 2007-08-05 12:12:28.1 [GMT 10:00] - NTFS
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.True
* Created a new restore point


((((((((((((((((((((((((( Files Created from 2007-07-05 to 2007-08-05 )))))))))))))))))))))))))))))))


2007-08-05 12:11 51,200 --a--c--- C:\WINDOWS\nircmd.exe
2007-08-04 20:30 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\BOC424
2007-08-04 14:39 <DIR> d----c--- C:\Program Files\ePrompter
2007-08-04 14:30 185,824 --a------ C:\WINDOWS\system32\780A4.sys
2007-08-04 14:20 185,824 --a------ C:\WINDOWS\system32\30598.sys
2007-08-04 14:16 <DIR> d----c--- C:\Program Files\CCleaner
2007-08-04 13:47 113,128 --a------ C:\WINDOWS\system32\drivers\keyscrambler.sys
2007-08-04 13:47 <DIR> d----c--- C:\Program Files\KeyScrambler
2007-08-03 18:07 <DIR> d----c--- C:\Program Files\a-squared Free
2007-08-03 10:52 <DIR> d----c--- C:\DOCUME~1\MUM&DA~1\APPLIC~1\HouseCall 6.6
2007-08-03 09:47 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-08-03 09:45 <DIR> d----c--- C:\DOCUME~1\MUM&DA~1\.housecall6.6
2007-08-01 19:27 <DIR> d----c--- C:\Program Files\Lavasoft
2007-07-29 17:58 <DIR> d----c--- C:\Program Files\HJTHotkey
2007-07-29 08:58 <DIR> d----c--- C:\Program Files\Windows Live Safety Center
2007-07-26 20:03 <DIR> d-------- C:\WINDOWS\system32\SuperAdBlocker.com
2007-07-22 07:50 182,032 --a------ C:\WINDOWS\system32\dxtmsft3.dll
2007-07-22 07:46 <DIR> d----c--- C:\Program Files\Interplay
2007-07-22 07:46 <DIR> d----c--- C:\DOCUME~1\MUM&DA~1\WINDOWS
2007-07-21 14:33 <DIR> d----c--- C:\Program Files\Yahoo!
2007-07-19 17:36 <DIR> d----c--- C:\Program Files\Windows Installer Clean Up
2007-07-19 17:36 <DIR> d----c--- C:\Program Files\MSECACHE
2007-07-17 22:39 21,312 --a--c--- C:\WINDOWS\choice.exe
2007-07-17 16:54 <DIR> d----c--- C:\Program Files\SpywareGuard
2007-07-16 22:40 <DIR> d----c--- C:\Downloads
2007-07-15 21:29 99,865 --a--c--- C:\WINDOWS\system32\dllcache\xlog.exe
2007-07-15 21:29 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe
2007-07-15 21:29 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe
2007-07-15 21:29 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2007-07-15 21:29 19,455 --a--c--- C:\WINDOWS\system32\dllcache\wvchntxx.sys
2007-07-15 21:29 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
2007-07-15 21:29 16,970 --a--c--- C:\WINDOWS\system32\dllcache\xem336n5.sys
2007-07-15 21:29 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2007-07-15 21:28 87,040 --a--c--- C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2007-07-15 21:28 8,832 --a--c--- C:\WINDOWS\system32\dllcache\wmiacpi.sys
2007-07-15 21:28 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll
2007-07-15 21:28 771,581 --a--c--- C:\WINDOWS\system32\dllcache\winacisa.sys
2007-07-15 21:28 701,386 --a--c--- C:\WINDOWS\system32\dllcache\wdhaalba.sys
2007-07-15 21:28 53,760 --a--c--- C:\WINDOWS\system32\dllcache\wiamsmud.dll
2007-07-15 21:28 35,871 --a--c--- C:\WINDOWS\system32\dllcache\wbfirdma.sys
2007-07-15 21:28 34,890 --a--c--- C:\WINDOWS\system32\dllcache\wlandrv2.sys
2007-07-15 21:28 33,599 --a--c--- C:\WINDOWS\system32\dllcache\watv04nt.sys
2007-07-15 21:28 31,744 --a--c--- C:\WINDOWS\system32\dllcache\wceusbsh.sys
2007-07-15 21:28 23,615 --a--c--- C:\WINDOWS\system32\dllcache\wch7xxnt.sys
2007-07-15 21:28 19,551 --a--c--- C:\WINDOWS\system32\dllcache\watv02nt.sys
2007-07-15 21:28 154,624 --a--c--- C:\WINDOWS\system32\dllcache\wlluc48.sys
2007-07-15 21:28 12,063 --a--c--- C:\WINDOWS\system32\dllcache\wsiintxx.sys
2007-07-15 21:27 94,720 --a--c--- C:\WINDOWS\system32\dllcache\umaxud32.dll
2007-07-15 21:27 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2007-07-15 21:27 794,399 --a--c--- C:\WINDOWS\system32\dllcache\usr1806v.sys
2007-07-15 21:27 793,598 --a--c--- C:\WINDOWS\system32\dllcache\usr1806.sys
2007-07-15 21:27 765,884 --a--c--- C:\WINDOWS\system32\dllcache\usrti.sys
2007-07-15 21:27 7,556 --a--c--- C:\WINDOWS\system32\dllcache\usroslba.sys
2007-07-15 21:27 69,632 --a--c--- C:\WINDOWS\system32\dllcache\umaxu12.dll
2007-07-15 21:27 687,999 --a--c--- C:\WINDOWS\system32\dllcache\usrwdxjs.sys
2007-07-15 21:27 64,605 --a--c--- C:\WINDOWS\system32\dllcache\vvoice.sys
2007-07-15 21:27 604,253 --a--c--- C:\WINDOWS\system32\dllcache\vmodem.sys
2007-07-15 21:27 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2007-07-15 21:27 53,760 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2007-07-15 21:27 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll
2007-07-15 21:27 50,688 --a--c--- C:\WINDOWS\system32\dllcache\umaxscan.dll
2007-07-15 21:27 50,176 --a--c--- C:\WINDOWS\system32\dllcache\umaxp60.dll
2007-07-15 21:27 47,616 --a--c--- C:\WINDOWS\system32\dllcache\umaxcam.dll
2007-07-15 21:27 440,576 --a--c--- C:\WINDOWS\system32\dllcache\tridkb.dll
2007-07-15 21:27 42,496 --a--c--- C:\WINDOWS\system32\dllcache\tp4res.dll
2007-07-15 21:27 397,502 --a--c--- C:\WINDOWS\system32\dllcache\vpctcom.sys
2007-07-15 21:27 36,736 --a--c--- C:\WINDOWS\system32\dllcache\ultra.sys
2007-07-15 21:27 34,375 --a--c--- C:\WINDOWS\system32\dllcache\tpro4.sys
2007-07-15 21:27 32,384 --a--c--- C:\WINDOWS\system32\dllcache\usb101et.sys
2007-07-15 21:27 315,520 --a--c--- C:\WINDOWS\system32\dllcache\trid3d.dll
2007-07-15 21:27 29,311 --a--c--- C:\WINDOWS\system32\dllcache\watv01nt.sys
2007-07-15 21:27 28,160 --a--c--- C:\WINDOWS\system32\dllcache\umaxu40.dll
2007-07-15 21:27 26,624 --a--c--- C:\WINDOWS\system32\dllcache\umaxu22.dll
2007-07-15 21:27 249,402 --a--c--- C:\WINDOWS\system32\dllcache\vinwm.sys
2007-07-15 21:27 24,576 --a--c--- C:\WINDOWS\system32\dllcache\viairda.sys
2007-07-15 21:27 224,802 --a--c--- C:\WINDOWS\system32\dllcache\usr1807a.sys
2007-07-15 21:27 222,336 --a--c--- C:\WINDOWS\system32\dllcache\trid3dm.sys
2007-07-15 21:27 22,912 --a--c--- C:\WINDOWS\system32\dllcache\umaxpcls.sys
2007-07-15 21:27 216,064 --a--c--- C:\WINDOWS\system32\dllcache\um34scan.dll
2007-07-15 21:27 211,968 --a--c--- C:\WINDOWS\system32\dllcache\um54scan.dll
2007-07-15 21:27 19,528 --a--c--- C:\WINDOWS\system32\dllcache\w840nd.sys
2007-07-15 21:27 19,016 --a--c--- C:\WINDOWS\system32\dllcache\w926nd.sys
2007-07-15 21:27 17,024 --a--c--- C:\WINDOWS\system32\dllcache\usbohci.sys
2007-07-15 21:27 166,784 --a--c--- C:\WINDOWS\system32\dllcache\tridxpm.sys
2007-07-15 21:27 16,925 --a--c--- C:\WINDOWS\system32\dllcache\w940nd.sys
2007-07-15 21:27 159,232 --a--c--- C:\WINDOWS\system32\dllcache\tridkbm.sys
2007-07-15 21:27 12,415 --a--c--- C:\WINDOWS\system32\dllcache\wadv01nt.sys
2007-07-15 21:27 12,127 --a--c--- C:\WINDOWS\system32\dllcache\wadv02nt.sys
2007-07-15 21:27 113,762 --a--c--- C:\WINDOWS\system32\dllcache\usrpda.sys
2007-07-15 21:27 11,775 --a--c--- C:\WINDOWS\system32\dllcache\wadv05nt.sys
2007-07-15 21:27 11,520 --a--c--- C:\WINDOWS\system32\dllcache\twotrack.sys
2007-07-15 21:26 99,328 --a--c--- C:\WINDOWS\system32\dllcache\srusd.dll
2007-07-15 21:26 94,293 --a--c--- C:\WINDOWS\system32\dllcache\sxports.dll
2007-07-15 21:26 9,600 --a--c--- C:\WINDOWS\system32\dllcache\sonymc.sys
2007-07-15 21:26 82,432 --a--c--- C:\WINDOWS\system32\dllcache\tp4mon.exe
2007-07-15 21:26 81,408 --a--c--- C:\WINDOWS\system32\dllcache\tgiul50.dll
2007-07-15 21:26 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonyait.sys
2007-07-15 21:26 7,040 --a--c--- C:\WINDOWS\system32\dllcache\tandqic.sys
2007-07-15 21:26 7,040 --a--c--- C:\WINDOWS\system32\dllcache\snyaitmc.sys
2007-07-15 21:26 61,824 --a--c--- C:\WINDOWS\system32\dllcache\speed.sys


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-04 16:55 --------- d----c--- C:\Program Files\UltimateZip
2007-08-04 07:51 --------- d----c--- C:\Program Files\Macrogaming
2007-07-27 18:09 2544 --a--c--- C:\WINDOWS\mozver.dat
2007-07-26 22:01 --------- d----c--- C:\DOCUME~1\ANNA~1.ANN\APPLIC~1\Ahead
2007-07-26 21:49 --------- d-a--c--- C:\Program Files\Common Files\Ahead
2007-07-26 21:49 --------- d----c--- C:\Program Files\Ahead
2007-07-14 12:01 --------- d----c--- C:\Program Files\MSN Messenger
2007-07-12 19:08 --------- d----c--- C:\Program Files\Maxis
2007-07-09 20:38 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-06 23:49 --------- d----c--- C:\Program Files\Google
2007-07-05 19:19 2634 --a------ C:\WINDOWS\system32\tmp.reg
2007-07-05 13:48 --------- d----c--- C:\Program Files\SnIco Edit
2007-07-05 13:48 --------- d----c--- C:\Program Files\Movie Maker
2007-07-04 20:49 --------- d----c--- C:\Program Files\messenger
2007-07-04 20:49 --------- d----c--- C:\Program Files\LimeWire
2007-07-04 19:25 --------- d----c--- C:\Program Files\Enigma Software Group
2007-07-04 14:29 --------- d----c--- C:\Program Files\MSXML 4.0
2007-07-03 20:04 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-07-03 14:54 --------- d----c--- C:\Program Files\Windows NT
2007-07-02 13:25 --------- d----c--- C:\DOCUME~1\ANNA~1.ANN\APPLIC~1\uTorrent
2007-07-01 17:41 499712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-07-01 17:08 --------- d----c--- C:\Program Files\Incomplete
2007-07-01 16:58 --------- d----c--- C:\DOCUME~1\ANNA~1.ANN\APPLIC~1\LimeWire
2007-06-29 19:23 --------- d--h----- C:\Program Files\WindowsUpdate
2007-06-28 20:08 23348 --a--c--- C:\WINDOWS\system32\emptyregdb.dat
2007-06-27 21:06 --------- d----c--- C:\Program Files\AskTBar
2007-06-25 20:46 --------- d-a--c--- C:\Program Files\Common Files\InstallShield
2007-06-24 09:31 588 --a--c--- C:\WINDOWS\eReg.dat
2007-06-18 20:08 --------- d----c--- C:\Program Files\Realtek Sound Manager
2007-06-18 20:08 --------- d----c--- C:\Program Files\Realtek AC97
2007-06-18 20:08 --------- d----c--- C:\Program Files\AvRack
2007-06-12 19:00 36112 --a------ C:\WINDOWS\system32\drivers\tmpreflt.sys
2007-06-12 19:00 203024 --a------ C:\WINDOWS\system32\drivers\tmxpflt.sys
2007-06-12 18:52 1126328 --a------ C:\WINDOWS\system32\drivers\VsapiNT.sys
2007-06-07 17:35 --------- d----c--- C:\Program Files\YouTube Downloader
2007-06-07 16:43 --------- d----c--- C:\Program Files\Britannica
2007-06-03 11:56 0 --a--c--- C:\WINDOWS\nsreg.dat
2007-05-17 01:12 86528 --a--c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-17 01:12 85504 --a--c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-17 01:12 683520 --a--c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-17 01:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-17 01:12 510976 --a--c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-17 01:12 1314816 --a--c--- C:\WINDOWS\system32\dllcache\msoe.dll
2007-04-27 16:30 27128 --a--c--- C:\DOCUME~1\ANNA~1.ANN\APPLIC~1\GDIPFONTCACHEV1.DAT
2004-10-01 14:00 40960 --a--c--- C:\Program Files\Uninstall_CDS.exe
2004-08-04 00:56 1032192 --a--c--- C:\Program Files\explorer.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe" [2006-03-08 13:30]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2003-05-16 09:45]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-06-14 18:32]
"BOC-424"="C:\PROGRA~1\Comodo\CBOClean\BOC424.exe" [2007-06-14 09:28]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-08-04 23:16]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 17:56]

C:\Documents and Settings\annA.ANNA-1PQCY3C8D7\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-11-20 08:47:28]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoToolbarCustomize"=0 (0x0)
"NoToolbarsOnTaskbar"=0 (0x0)
"NoBandCustomize"=0 (0x0)
"NoSaveSettings"=0 (0x0)
"NoMovingBands"=0 (0x0)
"NoCloseDragDropBands"=0 (0x0)
"NoSetTaskbar"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SoundMan"=SOUNDMAN.EXE

R0 uagp35;Microsoft AGPv3.5 Filter;C:\WINDOWS\system32\DRIVERS\uagp35.sys
R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys
R1 SASDIFSV;SASDIFSV;\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
R1 SASKUTIL;SASKUTIL;\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
R1 tmtdi;Trend Micro TDI Driver;C:\WINDOWS\system32\Drivers\tmtdi.sys
R2 Sentinel;Sentinel;C:\WINDOWS\system32\Drivers\SENTINEL.SYS
R2 tm_cfw;Common Firewall Driver;C:\WINDOWS\system32\Drivers\tm_cfw.sys
R2 Tmfilter;Tmfilter;C:\WINDOWS\system32\drivers\TmXPFlt.sys
R2 Tmpreflt;Tmpreflt;C:\WINDOWS\system32\drivers\Tmpreflt.sys
R2 Vsapint;Vsapint;C:\WINDOWS\system32\drivers\VsapiNT.sys
R3 BOCDRIVE;BOClean Kernel Monitor.;\??\C:\Program Files\Comodo\CBOClean\BOCDRIVE.sys
R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5b.sys
R3 KeyScrambler;KeyScrambler;C:\WINDOWS\system32\drivers\keyscrambler.sys
R3 viagfx;viagfx;C:\WINDOWS\system32\DRIVERS\vtmini.sys
S3 30598;30598;\??\C:\WINDOWS\system32\30598.sys
S3 780A4;780A4;\??\C:\WINDOWS\system32\780A4.sys
S3 ctgame;Game Port;C:\WINDOWS\system32\DRIVERS\ctgame.sys
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\fetnd5.sys
S3 GMSIPCI;GMSIPCI;\??\E:\INSTALL\GMSIPCI.SYS
S3 oflpydin;oflpydin;\??\C:\DOCUME~1\MUM&DA~1\LOCALS~1\Temp\oflpydin.sys
S3 SABProcEnum;SABProcEnum;\??\C:\Program Files\Mozilla Firefox\SABProcEnum.sys
S3 SASENUM;SASENUM;\??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
S3 Sntnlusb;Rainbow USB SuperPro;C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS
S3 usbser;Motorola USB Modem Driver;C:\WINDOWS\system32\DRIVERS\usbser.sys


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-05 12:20:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:000006d7

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-05 12:23:14

--- E O F ---

Heres the HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:33:56 PM, on 5/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\Comodo\CBOClean\BOC424.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HJT\HijackThis.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCMAIN.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
O2 - BHO: Trend Micro Antifraud Toolbar - {06647158-359E-4D10-A8DE-E6145DA90BE9} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Dictionary.com - {11359F4A-B191-42d7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\lexbar.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\keyscramblerIE.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Dictionary.com - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\lexbar.dll
O3 - Toolbar: Trend Micro Antifraud Toolbar - {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [BOC-424] C:\PROGRA~1\Comodo\CBOClean\BOC424.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm
O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\keyscramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\keyscramblerIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://annabackwards.spaces.live.com//Phot...ad/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.reference.com/tools/toolbar/lexico.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 8237 bytes
Posted Image

Surf smarter, surf faster, surf safer, surf with Mozilla Firefox

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:03:08 PM

Posted 05 August 2007 - 08:25 AM

Find and delete:
C:\Program Files\AskTBar

I was thinking of not using Trend Micro all together, and using Comodo friewall and BOcleaner, AVG free, Spybot, SAS, Spywareguard and Spywareblaster.
DO you think that will provide adequate protection?

Yes you'll be just fine,i suggest you now uninstall/remove Trend Micro Internet Security 2006 via Start/Control Panel/Add or Remove Programs,then restart your pc.
If you don't it could lead to system slowdowns and/or other problems within the operating system.

Post a fresh Hijackthis log after you've done the above.
Let me know whats happening now.
Posted Image
Posted Image

#5 annabackwards

annabackwards
  • Topic Starter

  • Members
  • 1,381 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Sydney, Australia.
  • Local time:01:08 AM

Posted 06 August 2007 - 03:06 AM

If you don't mind asking, why did you get me to delete C:\Program Files\AskTBar?
I'm just curious and eager to learn is all :thumbsup:

Also, what is OLE automation (if you know) because Comodo used to popup all the time asking me whether or not to allow programs using this protocol. I've only had one odd popup so far from Comodo. It says that C:/Program Files/Msn Messenger/msnmsgr is trying to connect to the internet trough firefox using this protocol. The destinations are always to 2 locations, IP address 203.2.75.132(UDP out) and 216.213.19.27(TCP out). Comodo logs it as suspicious. Should i permanently allow or Deny? If i deny i cant use Mozilla to access the net, if i allow i can. Is this part of MSN or is it malware/a hacker? Would it be a good idea to use IE instead for now?

Followed your instructions, and uninstalled Trend Micro!!! Computer loads much faster now :flowers:

Heres the new HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:44:05 PM, on 6/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\Comodo\CBOClean\BOC424.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\HJT\HijackThis.exe
C:\Program Files\MSN Messenger\usnsvc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
O2 - BHO: Trend Micro Antifraud Toolbar - {06647158-359E-4D10-A8DE-E6145DA90BE9} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Dictionary.com - {11359F4A-B191-42d7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\lexbar.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\keyscramblerIE.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Dictionary.com - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\lexbar.dll
O3 - Toolbar: Trend Micro Antifraud Toolbar - {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll (file missing)
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [BOC-424] C:\PROGRA~1\Comodo\CBOClean\BOC424.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm
O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\keyscramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\keyscramblerIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://annabackwards.spaces.live.com//Phot...ad/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.reference.com/tools/toolbar/lexico.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Unknown owner - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe (file missing)

--
End of file - 7774 bytes
Posted Image

Surf smarter, surf faster, surf safer, surf with Mozilla Firefox

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:03:08 PM

Posted 06 August 2007 - 05:31 AM

Copy and paste the following bold blue text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: fix.bat to your desktop.
Then double click on the fix.bat file on your desktopPosted Image
You'll see a black screen flash,thats normal.

@echo off
sc stop TmPfw
sc delete TmPfw

Restart your pc.

------------------------------------------------------

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O2 - BHO: Trend Micro Antifraud Toolbar - {06647158-359E-4D10-A8DE-E6145DA90BE9} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll (file missing)
O3 - Toolbar: Trend Micro Antifraud Toolbar - {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll (file missing)


Find and delete:
C:\Program Files\Trend Micro

If you don't mind asking, why did you get me to delete C:\Program Files\AskTBar?

Seems i got my wires crossed and was thinking of ASKTBAR.EXE
http://spywarefiles.prevx.com/RRFDFE419999...SKTBAR.EXE.html

If you want to reinstall Ask Toolbar for Internet Explorer you can download it here:
http://wzeu.ask.com/r?t=a&d=eu&s=u...BarSetup_UK.exe

Also, what is OLE automation (if you know) because Comodo used to popup all the time asking me whether or not to allow programs using this protocol.

OLE Automation is the way that applications communicate "behind the scenes."
OLE Automation:
http://en.wikipedia.org/wiki/OLE_Automation

I've only had one odd popup so far from Comodo.
It says that C:/Program Files/Msn Messenger/msnmsgr is trying to connect to the internet trough firefox using this protocol.
The destinations are always to 2 locations, IP address 203.2.75.132(UDP out) and 216.213.19.27(TCP out).
Comodo logs it as suspicious.
Should i permanently allow or Deny?

You should allow it.

-----------------------------------------------------

Your log is clean :thumbsup:
If all's ok,please do the following.

Find and delete:
Combofix.exe
C:\QooBox

Click on Start/All Programs/Accessories/System Tools/System Restore.
In the 'System Restore' window,click on the 'Create a Restore Point' button,then click 'Next'.
In the window that appears,enter a description\name for the Restore Point,then click on 'Create',wait,then click 'Close'.
The date and time will be created automatically.

Next click on Start/All Programs/Accessories/System Tools/Disk Cleanup.
The 'Select Drive' box will appear,click on Ok.
The 'Disk Cleanup for [C:]' box will appear,click on the 'More Options' tab.
At the bottom in the 'System Restore' window,click on the 'Clean up...' button.
A box will pop up 'Are you sure you want to delete all but the most recent restore point?',click on 'Yes'.
Click on 'Yes' at 'Are you sure you want to perform these actions?'.
Now wait until 'Disk Cleanup' finishes and the box disappears.

Read through the information found here,to help you prevent any possible future infections.
'How to prevent Malware' by miekiemoes:
http://users.telenet.be/bluepatchy/miekiem...prevention.html
Posted Image
Posted Image

#7 annabackwards

annabackwards
  • Topic Starter

  • Members
  • 1,381 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Sydney, Australia.
  • Local time:01:08 AM

Posted 07 August 2007 - 01:32 AM

Yep, my computer seems fine and there are no more funny detections :flowers:

Thanks heaps for helping and giving me info, you rock :thumbsup:
Posted Image

Surf smarter, surf faster, surf safer, surf with Mozilla Firefox

#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:03:08 PM

Posted 07 August 2007 - 07:24 AM

You're most welcome.

This thread will now be closed.
If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this thread in your request.
If you should have a new issue, please start a new topic.
This applies only to the original topic starter.
Everyone else please begin a New Topic.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users