Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Badly Infected Machine...please Help Me


  • Please log in to reply
6 replies to this topic

#1 pbetz

pbetz

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 17 October 2007 - 01:10 PM

I've been running 2-3 virus/spy scans per day with Trend Micro PC-cillin(Internet Security 2007), and get no threats, but the quarantine file grows everytime I get hijacked, which is constantly, so I'm constantly deleting my quarantine. Everytime I open my browser, my privacy setting, (Cookies), reset to "Accept all cookies". I clear out my temp files before a scan, but within a minute or two it is full again.

I've been reading alot of topics on here very much like mine, and I've tried to take some of the steps. I ran Hijackthis, and am posting the log below.

The popups, warnings are constant. I don't know what to do...Please help me. Here is my HiJackThis log just in case someone will help me...Thank you very much.

I installed ComboFix, and ran a scan...followed by a fresh HijackThis scan. Combo fix log is here, and I'll immediately follow with the HJT log in next message. Please help. Thank you in advance for any help I may get.

ComboFix 07-10-17.8 - Owner 2007-10-17 12:45:09.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1849 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\check_LSA7.txt
C:\check_LSA7.txt
C:\Program Files\Temporary
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\awtqo.dll
C:\WINDOWS\system32\awtsp.dll
C:\WINDOWS\system32\awtss.dll
C:\WINDOWS\system32\awtst.dll
C:\WINDOWS\system32\awvtq.dll
C:\WINDOWS\system32\awvts.dll
C:\WINDOWS\system32\awvtt.dll
C:\WINDOWS\system32\awvtu.dll
C:\WINDOWS\system32\awvvv.dll
C:\WINDOWS\system32\awvvw.dll
C:\WINDOWS\system32\cbxxwww.dll
C:\WINDOWS\system32\cbxxwww.dll
C:\WINDOWS\system32\cbxxwww.dll
C:\WINDOWS\system32\ctgyfdjp.ini
C:\WINDOWS\system32\ctxrhqux.dll
C:\WINDOWS\system32\ddaba.dll
C:\WINDOWS\system32\ddabb.dll
C:\WINDOWS\system32\ddaby.dll
C:\WINDOWS\system32\ddayx.dll
C:\WINDOWS\system32\ddayy.dll
C:\WINDOWS\system32\ddcyw.dll
C:\WINDOWS\system32\ddcyx.dll
C:\WINDOWS\system32\fwektmkt.ini
C:\WINDOWS\system32\gasriynp.dll
C:\WINDOWS\system32\gebcc.dll
C:\WINDOWS\system32\gebcy.dll
C:\WINDOWS\system32\gebya.dll
C:\WINDOWS\system32\gebyv.dll
C:\WINDOWS\system32\gebyy.dll
C:\WINDOWS\system32\geebx.dll
C:\WINDOWS\system32\ivkkrgvl.ini
C:\WINDOWS\system32\jkhfc.dll
C:\WINDOWS\system32\jkhfe.dll
C:\WINDOWS\system32\jkhff.dll
C:\WINDOWS\system32\jkhhe.dll
C:\WINDOWS\system32\jkhhf.dll
C:\WINDOWS\system32\jkhhh.dll
C:\WINDOWS\system32\jkkjh.dll
C:\WINDOWS\system32\jkkjj.dll
C:\WINDOWS\system32\jkklj.dll
C:\WINDOWS\system32\jlnmp.bak1
C:\WINDOWS\system32\jlnmp.bak1
C:\WINDOWS\system32\jlnmp.bak1
C:\WINDOWS\system32\jlnmp.bak2
C:\WINDOWS\system32\jlnmp.bak2
C:\WINDOWS\system32\jlnmp.bak2
C:\WINDOWS\system32\jlnmp.ini
C:\WINDOWS\system32\jlnmp.ini
C:\WINDOWS\system32\jlnmp.ini
C:\WINDOWS\system32\jlnmp.ini2
C:\WINDOWS\system32\jlnmp.ini2
C:\WINDOWS\system32\jlnmp.ini2
C:\WINDOWS\system32\jlnmp.tmp
C:\WINDOWS\system32\jlnmp.tmp
C:\WINDOWS\system32\jlnmp.tmp
C:\WINDOWS\system32\lvgrkkvi.dll
C:\WINDOWS\system32\mljgd.dll
C:\WINDOWS\system32\mljjg.dll
C:\WINDOWS\system32\mljjj.dll
C:\WINDOWS\system32\mljjk.dll
C:\WINDOWS\system32\mllji.dll
C:\WINDOWS\system32\mlljk.dll
C:\WINDOWS\system32\mllmk.dll
C:\WINDOWS\system32\mllml.dll
C:\WINDOWS\system32\mllmn.dll
C:\WINDOWS\system32\mscmyble.exe
C:\WINDOWS\system32\pjdfygtc.dll
C:\WINDOWS\system32\pmkhe.dll
C:\WINDOWS\system32\pmkhi.dll
C:\WINDOWS\system32\pmkjg.dll
C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjk.dll
C:\WINDOWS\system32\pmnlj.dll
C:\WINDOWS\system32\pmnlj.dll
C:\WINDOWS\system32\pmnlj.dll
C:\WINDOWS\system32\pmnll.dll
C:\WINDOWS\system32\pmnno.dll
C:\WINDOWS\system32\pnyirsag.ini
C:\WINDOWS\system32\ssqpo.dll
C:\WINDOWS\system32\ssqpq.dll
C:\WINDOWS\system32\ssqrr.dll
C:\WINDOWS\system32\ssqrs.dll
C:\WINDOWS\system32\sstqp.dll
C:\WINDOWS\system32\ssttq.dll
C:\WINDOWS\system32\ssttt.dll
C:\WINDOWS\system32\sydeqkqt.dll
C:\WINDOWS\system32\tkmtkewf.dll
C:\WINDOWS\system32\tqkqedys.ini
C:\WINDOWS\system32\votjdysl.dll
C:\WINDOWS\system32\vtsqq.dll
C:\WINDOWS\system32\vtsqr.dll
C:\WINDOWS\system32\vtstq.dll
C:\WINDOWS\system32\vtstu.dll
C:\WINDOWS\system32\vturq.dll
C:\WINDOWS\system32\vturs.dll
C:\WINDOWS\system32\vtutq.dll
C:\WINDOWS\system32\vtutt.dll
C:\WINDOWS\system32\xuqhrxtc.ini
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE


((((((((((((((((((((((((( Files Created from 2007-09-17 to 2007-10-17 )))))))))))))))))))))))))))))))
.

2007-10-16 14:07 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Xfire
2007-10-16 14:07 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Xfire
2007-10-09 12:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trend Micro
2007-10-08 08:17 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-10-08 08:16 <DIR> d-------- C:\Program Files\Shockwave.com
2007-10-02 01:23 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\vlc
2007-10-02 01:23 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\vlc
2007-10-02 01:21 <DIR> d-------- C:\Program Files\VideoLAN
2007-09-28 22:43 <DIR> d-------- C:\Program Files\WinAVI Video Converter
2007-09-24 14:00 <DIR> d-------- C:\Cartoons

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-17 15:49 --------- d-----w C:\Program Files\Plaxo
2007-10-17 06:22 --------- d-----w C:\Program Files\Trend Micro
2007-10-17 03:38 --------- d-----w C:\Program Files\Uniblue
2007-10-17 03:38 --------- d-----w C:\Documents and Settings\Owner\Application Data\Uniblue
2007-10-17 03:38 --------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Uniblue
2007-10-16 19:07 --------- d-s---w C:\Program Files\Xfire
2007-10-16 19:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-16 19:04 --------- d-----w C:\Program Files\EPSON
2007-10-16 19:00 --------- d-----w C:\Program Files\Smart Panel
2007-09-30 03:49 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-09-26 14:18 --------- d-----w C:\Documents and Settings\Owner\Application Data\Apple Computer
2007-09-26 14:18 --------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Apple Computer
2007-09-24 03:54 --------- d-----w C:\Program Files\Common Files\Adobe
2007-08-20 00:32 --------- d-----w C:\Program Files\Virtools
2007-08-18 22:18 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Knowledge Adventure
2007-08-18 22:16 --------- d-----w C:\Program Files\JumpStart World
2007-08-18 21:36 --------- d-----w C:\Program Files\JumpStart
2007-08-18 21:36 --------- d-----w C:\Program Files\Common Files\Knowledge Adventure
2007-07-31 06:37 164 ----a-w C:\install.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-11-15 17:04]
"CHotkey"="zHotkey.exe" [2005-05-03 16:02 C:\WINDOWS\zHotkey.exe]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-25 12:29]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-14 22:05]
"IntelAudioStudio"="C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" [2005-07-20 02:55]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2006-10-16 20:40]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 14:16]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 13:45]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-05-19 00:03]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [2007-04-12 05:58]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-06-02 18:03]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DataViz Inc Messenger.lnk]
backup=C:\WINDOWS\pss\DataViz Inc Messenger.lnkCommon Startup
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DataViz Inc Messenger.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Install Pending Files.LNK]
backup=C:\WINDOWS\pss\Install Pending Files.LNKCommon Startup
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Install Pending Files.LNK


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Version Cue CS2]
"C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
"C:\Program Files\America Online 9.0\AOL.EXE" -b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1123889542\EE\AOLHostManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelAudioStudio]
"C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOT

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate]
C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
%WINDIR%\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
sttray.exe

R2 lowpp;Lowrance MMC Parallel Port Driver;\??\C:\WINDOWS\system32\Drivers\lowpp.sys
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys
S3 asbp2poa;asbp2poa;\??\C:\DOCUME~1\Owner\LOCALS~1\Temp\asbp2poa.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{72f96ccc-513c-11da-a086-0013209404e7}]
AutoRun\command - L:\GizmoSecure\Windows\GizmoSecure30.exe

.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-17 12:55:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-17 12:57:16 - machine was rebooted
.
--- E O F ---

BC AdBot (Login to Remove)

 


#2 pbetz

pbetz
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 17 October 2007 - 01:13 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:59:48 PM, on 10/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gofishingmissouri.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SunKistEM] "C:\Program Files\Digital Media Reader\shwiconem.exe"
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOT
O4 - HKLM\..\Run: [CanonMyPrinter] "C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.rapmls.com
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{CC73CB1F-E95D-4FA1-9154-58B23F5AF063}: NameServer = 192.168.1.1
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe

--
End of file - 8484 bytes

#3 pbetz

pbetz
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 17 October 2007 - 01:21 PM

Here is a fresh HJT log with HijackThis.exe renamed "anything.exe"


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:19:37 PM, on 10/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\anything.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gofishingmissouri.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SunKistEM] "C:\Program Files\Digital Media Reader\shwiconem.exe"
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOT
O4 - HKLM\..\Run: [CanonMyPrinter] "C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.rapmls.com
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{CC73CB1F-E95D-4FA1-9154-58B23F5AF063}: NameServer = 192.168.1.1
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe

--
End of file - 8520 bytes

#4 pbetz

pbetz
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 17 October 2007 - 01:48 PM

Until 45 minutes ago when I got the ComoFix log; ComboFix would not even run on my machine. I finally got it to run, and the machine is running considerably better now. I don't know that it is cured, I would guess not, but I wanted to make that point. Perhaps my log looks clean, I don't know. But, if it does, that may be why.

I had Shareaza (A P2P) installed on my machine. I uninstalled it, and suddenly ComboFix would run, so please just let me know if I'm on the right track, and what to do next.

Thank youvery much.

#5 pbetz

pbetz
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 17 October 2007 - 02:45 PM

A new run of PC-Cillin, after running ComboFix, has now turned up 21 pieces of spyware (Which didn't show up before. I'm deleting. Should I run ComboFix, and HJT again and post new logs??

Thanks

#6 pbetz

pbetz
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 17 October 2007 - 09:47 PM

My computer is running much better now. I have also run Uniblue's Registry Booster, and cleaned the registry up considerably...I had 750 errors in it. Now I have run a fresh scan of ComboFix, and HJT. The logs are below.

I know everyonwe is pretty busy, but if someone who knows what they are doing could read this, and give me some advice it would be very much appreciated. Thank you so much.

ComboFix 07-10-17.8 - Owner 2007-10-17 21:23:55.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1862 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-09-18 to 2007-10-18 )))))))))))))))))))))))))))))))
.

2007-10-17 12:42 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-16 14:07 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Xfire
2007-10-16 14:07 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Xfire
2007-10-09 19:23 582,656 --a--c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-09 12:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trend Micro
2007-10-09 12:40 1,126,328 --a------ C:\WINDOWS\system32\drivers\vsapint.sys
2007-10-09 12:40 300,816 --a------ C:\WINDOWS\system32\drivers\TM_CFW.sys
2007-10-09 12:40 203,024 --a------ C:\WINDOWS\system32\drivers\tmxpflt.sys
2007-10-09 12:40 112,400 --a------ C:\WINDOWS\system32\drivers\tm_mbd_c.sys
2007-10-09 12:40 75,792 --a------ C:\WINDOWS\system32\drivers\tmtdi.sys
2007-10-09 12:40 36,112 --a------ C:\WINDOWS\system32\drivers\tmpreflt.sys
2007-10-08 08:17 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-10-08 08:16 <DIR> d-------- C:\Program Files\Shockwave.com
2007-10-03 11:01 5,585 --a------ C:\WINDOWS\system32\ssqpn.dll
2007-10-03 02:00 5,585 --a------ C:\WINDOWS\system32\pmkji.dll
2007-10-02 15:00 5,585 --a------ C:\WINDOWS\system32\gebca.dll
2007-10-02 09:00 5,585 --a------ C:\WINDOWS\system32\mllmj.dll
2007-10-02 05:00 5,585 --a------ C:\WINDOWS\system32\mljgf.dll
2007-10-02 01:23 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\vlc
2007-10-02 01:23 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\vlc
2007-10-02 01:21 <DIR> d-------- C:\Program Files\VideoLAN
2007-10-01 20:00 5,585 --a------ C:\WINDOWS\system32\awtsr.dll
2007-10-01 09:00 5,585 --a------ C:\WINDOWS\system32\ssqrp.dll
2007-10-01 08:00 5,585 --a------ C:\WINDOWS\system32\ddcyv.dll
2007-10-01 06:00 5,585 --a------ C:\WINDOWS\system32\awtqr.dll
2007-09-30 23:00 5,585 --a------ C:\WINDOWS\system32\ssttr.dll
2007-09-30 10:09 5,585 --a------ C:\WINDOWS\system32\geeba.dll
2007-09-29 18:09 5,585 --a------ C:\WINDOWS\system32\sstqq.dll
2007-09-29 17:09 5,585 --a------ C:\WINDOWS\system32\pmnlk.dll
2007-09-29 15:09 5,585 --a------ C:\WINDOWS\system32\awtqq.dll
2007-09-29 13:09 5,585 --a------ C:\WINDOWS\system32\jkkjk.dll
2007-09-29 06:08 5,585 --a------ C:\WINDOWS\system32\mljji.dll
2007-09-29 05:08 5,585 --a------ C:\WINDOWS\system32\mljge.dll
2007-09-29 01:08 5,585 --a------ C:\WINDOWS\system32\pmnnn.dll
2007-09-28 22:43 <DIR> d-------- C:\Program Files\WinAVI Video Converter
2007-09-28 18:08 5,585 --a------ C:\WINDOWS\system32\pmnnl.dll
2007-09-28 12:08 5,585 --a------ C:\WINDOWS\system32\awtqn.dll
2007-09-28 10:08 5,585 --a------ C:\WINDOWS\system32\mljgh.dll
2007-09-28 08:08 5,585 --a------ C:\WINDOWS\system32\jkhhg.dll
2007-09-28 03:08 5,583 --a------ C:\WINDOWS\system32\ddayw.dll
2007-09-28 02:08 5,585 --a------ C:\WINDOWS\system32\mlljj.dll
2007-09-27 21:08 5,585 --a------ C:\WINDOWS\system32\ssqro.dll
2007-09-27 19:08 5,583 --a------ C:\WINDOWS\system32\geede.dll
2007-09-27 16:08 5,583 --a------ C:\WINDOWS\system32\mlljh.dll
2007-09-27 08:08 5,583 --a------ C:\WINDOWS\system32\pmkhh.dll
2007-09-27 07:08 5,583 --a------ C:\WINDOWS\system32\vtstr.dll
2007-09-27 05:08 5,585 --a------ C:\WINDOWS\system32\sstqr.dll
2007-09-27 03:08 5,585 --a------ C:\WINDOWS\system32\vtuts.dll
2007-09-27 01:08 5,585 --a------ C:\WINDOWS\system32\vtutr.dll
2007-09-27 00:07 5,583 --a------ C:\WINDOWS\system32\jkkli.dll
2007-09-26 22:07 5,585 --a------ C:\WINDOWS\system32\geebb.dll
2007-09-26 21:07 5,585 --a------ C:\WINDOWS\system32\ddccb.dll
2007-09-26 16:07 5,585 --a------ C:\WINDOWS\system32\awvvt.dll
2007-09-26 12:07 5,585 --a------ C:\WINDOWS\system32\gebcd.dll
2007-09-26 10:07 5,583 --a------ C:\WINDOWS\system32\jkhfd.dll
2007-09-26 09:07 5,583 --a------ C:\WINDOWS\system32\ssqpm.dll
2007-09-26 05:07 5,585 --a------ C:\WINDOWS\system32\ddcca.dll
2007-09-26 03:07 5,585 --a------ C:\WINDOWS\system32\jkhfg.dll
2007-09-25 22:07 5,583 --a------ C:\WINDOWS\system32\geedd.dll
2007-09-25 11:23 5,583 --a------ C:\WINDOWS\system32\pmnnm.dll
2007-09-25 00:23 5,583 --a------ C:\WINDOWS\system32\pmkhg.dll
2007-09-24 23:23 5,583 --a------ C:\WINDOWS\system32\awvtr.dll
2007-09-24 22:23 5,583 --a------ C:\WINDOWS\system32\ddayv.dll
2007-09-24 21:23 5,585 --a------ C:\WINDOWS\system32\sstqn.dll
2007-09-24 17:22 5,583 --a------ C:\WINDOWS\system32\vturo.dll
2007-09-24 15:22 5,583 --a------ C:\WINDOWS\system32\mljgg.dll
2007-09-24 14:00 <DIR> d-------- C:\Cartoons
2007-09-24 13:22 5,585 --a------ C:\WINDOWS\system32\ddccy.dll
2007-09-24 12:22 5,585 --a------ C:\WINDOWS\system32\mlljg.dll
2007-09-24 09:22 5,583 --a------ C:\WINDOWS\system32\sstts.dll
2007-09-24 06:22 5,585 --a------ C:\WINDOWS\system32\pmnlm.dll
2007-09-24 04:22 5,585 --a------ C:\WINDOWS\system32\awtqp.dll
2007-09-24 02:22 5,583 --a------ C:\WINDOWS\system32\vtsqo.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-18 01:49 --------- d-----w C:\Program Files\Plaxo
2007-10-17 06:22 --------- d-----w C:\Program Files\Trend Micro
2007-10-17 03:38 --------- d-----w C:\Program Files\Uniblue
2007-10-17 03:38 --------- d-----w C:\Documents and Settings\Owner\Application Data\Uniblue
2007-10-17 03:38 --------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Uniblue
2007-10-16 19:07 --------- d-s---w C:\Program Files\Xfire
2007-10-16 19:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-16 19:04 --------- d-----w C:\Program Files\EPSON
2007-10-16 19:00 --------- d-----w C:\Program Files\Smart Panel
2007-09-30 03:49 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-09-30 03:48 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-09-26 14:18 --------- d-----w C:\Documents and Settings\Owner\Application Data\Apple Computer
2007-09-26 14:18 --------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Apple Computer
2007-09-24 03:54 --------- d-----w C:\Program Files\Common Files\Adobe
2007-09-22 09:35 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-20 00:32 --------- d-----w C:\Program Files\Virtools
2007-08-18 22:18 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Knowledge Adventure
2007-08-18 22:16 --------- d-----w C:\Program Files\JumpStart World
2007-08-18 21:36 --------- d-----w C:\Program Files\JumpStart
2007-08-18 21:36 --------- d-----w C:\Program Files\Common Files\Knowledge Adventure
2007-07-31 06:37 164 ----a-w C:\install.dat
2007-07-31 00:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-31 00:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-31 00:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-31 00:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-31 00:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-31 00:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-31 00:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-31 00:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-11-15 17:04]
"CHotkey"="zHotkey.exe" [2005-05-03 16:02 C:\WINDOWS\zHotkey.exe]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-25 12:29]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-14 22:05]
"IntelAudioStudio"="C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" [2005-07-20 02:55]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2006-10-16 20:40]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 14:16]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 13:45]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-05-19 00:03]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [2007-04-12 05:58]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-06-02 18:03]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DataViz Inc Messenger.lnk]
backup=C:\WINDOWS\pss\DataViz Inc Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Install Pending Files.LNK]
backup=C:\WINDOWS\pss\Install Pending Files.LNKCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Version Cue CS2]
"C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
"C:\Program Files\America Online 9.0\AOL.EXE" -b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1123889542\EE\AOLHostManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelAudioStudio]
"C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOT

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate]
C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
%WINDIR%\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
sttray.exe

R2 lowpp;Lowrance MMC Parallel Port Driver;\??\C:\WINDOWS\system32\Drivers\lowpp.sys
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys
S3 asbp2poa;asbp2poa;\??\C:\DOCUME~1\Owner\LOCALS~1\Temp\asbp2poa.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{72f96ccc-513c-11da-a086-0013209404e7}]
AutoRun\command - L:\GizmoSecure\Windows\GizmoSecure30.exe

.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-17 21:26:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-17 21:27:22
C:\ComboFix2.txt ... 2007-10-17 12:57
.
--- E O F ---



END OF COMBOFIX LOG
============================================================================



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:32:20 PM, on 10/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\anything.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gofishingmissouri.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SunKistEM] "C:\Program Files\Digital Media Reader\shwiconem.exe"
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOT
O4 - HKLM\..\Run: [CanonMyPrinter] "C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.rapmls.com
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{CC73CB1F-E95D-4FA1-9154-58B23F5AF063}: NameServer = 192.168.1.1
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe

--
End of file - 8448 bytes

#7 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:01:57 PM

Posted 30 October 2007 - 05:05 AM

Hiand welcome,

If you still need help please post a fresh hijackthis log here.
Not Combofix please. If we use that again we'll need to get a new one.

let me know how system is running too please.

Thanks :thumbsup:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users