Member Panel

Remember me ?

Forgot password?   

Sponsors and Ads

Join the Team

Live Tag Cloud
PC Forum PC Help Forum » Security & Safety » [Fixed] Hijackthis! Logs » Please, can someone help me?

[Fixed] Hijackthis! Logs - Please, can someone help me? posted in the Security & Safety forums; Okay, I had Hijackthis fix those files and then I ran the Kaspersky online scanner. Here's the log... ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Monday, December 10, 2007 2:41:07 PM Operating ...

JOIN US NOW to remove these Ads

Post New Thread  Reply
Page 2 of 3 < 1 2 3 >
  #7  
Old 12-10-2007
LoPan's Avatar
Bronze Member
  
Join Date: Dec 2007
Posts: 10
PC Experience: Some Experience
LoPan - See this Members User comments on their Profile page
Default Re: Please, can someone help me?
Okay, I had Hijackthis fix those files and then I ran the Kaspersky online scanner. Here's the log...

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, December 10, 2007 2:41:07 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 10/12/2007
Kaspersky Anti-Virus database records: 479144
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
Scan Statistics:
Total number of scanned objects: 84907
Number of viruses found: 18
Number of infected objects: 77
Number of suspicious objects: 0
Duration of the scan process: 01:07:57
Infected Object Name / Virus Name / Last Action
C:\1236234 Infected: not-virus:Hoax.Win32.Renos.acj skipped
C:\13561812 Infected: Trojan-Proxy.Win32.Agent.sr skipped
C:\1657031 Infected: Trojan-Downloader.Win32.Agent.fis skipped
C:\17166265 Infected: Trojan-Proxy.Win32.Agent.sr skipped
C:\5511875/stream/data0004 Infected: Trojan-Downloader.Win32.Zlob.egn skipped
C:\5511875/stream Infected: Trojan-Downloader.Win32.Zlob.egn skipped
C:\5511875 NSIS: infected - 2 skipped
C:\6352046 Infected: Trojan-Proxy.Win32.Agent.sr skipped
C:\775625 Infected: Trojan-PSW.Win32.LdPinch.dxb skipped
C:\8248156 Infected: Trojan-Spy.Win32.Bancos.aam skipped
C:\888953 Infected: Trojan.Win32.Agent.cun skipped
C:\9957734 Infected: Trojan-Proxy.Win32.Agent.sr skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Clif\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
C:\Documents and Settings\Clif\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt_GTAc tions.log Object is locked skipped
C:\Documents and Settings\Clif\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\gdql_d_DSAg nt.log Object is locked skipped
C:\Documents and Settings\Clif\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\glog.log Object is locked skipped
C:\Documents and Settings\Clif\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Clif\Desktop\[4]-Submit_2007-12-09@23.08.zip/13561812.vir Infected: Trojan-Proxy.Win32.Agent.sr skipped
C:\Documents and Settings\Clif\Desktop\[4]-Submit_2007-12-09@23.08.zip/1657031.vir Infected: Trojan-Downloader.Win32.Agent.fis skipped
C:\Documents and Settings\Clif\Desktop\[4]-Submit_2007-12-09@23.08.zip/17166265.vir Infected: Trojan-Proxy.Win32.Agent.sr skipped
C:\Documents and Settings\Clif\Desktop\[4]-Submit_2007-12-09@23.08.zip/5511875.vir/stream/data0004 Infected: Trojan-Downloader.Win32.Zlob.egn skipped
C:\Documents and Settings\Clif\Desktop\[4]-Submit_2007-12-09@23.08.zip/5511875.vir/stream Infected: Trojan-Downloader.Win32.Zlob.egn skipped
C:\Documents and Settings\Clif\Desktop\[4]-Submit_2007-12-09@23.08.zip/5511875.vir Infected: Trojan-Downloader.Win32.Zlob.egn skipped
C:\Documents and Settings\Clif\Desktop\[4]-Submit_2007-12-09@23.08.zip/6352046.vir Infected: Trojan-Proxy.Win32.Agent.sr skipped
C:\Documents and Settings\Clif\Desktop\[4]-Submit_2007-12-09@23.08.zip/888953.vir Infected: Trojan.Win32.Agent.cun skipped
C:\Documents and Settings\Clif\Desktop\[4]-Submit_2007-12-09@23.08.zip/9957734.vir Infected: Trojan-Proxy.Win32.Agent.sr skipped
C:\Documents and Settings\Clif\Desktop\[4]-Submit_2007-12-09@23.08.zip ZIP: infected - 9 skipped
C:\Documents and Settings\Clif\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Clif\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Clif\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Clif\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Clif\Local Settings\History\History.IE5\MSHist012007121020071 211\index.dat Object is locked skipped
C:\Documents and Settings\Clif\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Clif\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Clif\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Clif\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Adobe\Adobe Version Cue CS2\config\configuration\org.eclipse.core.runtime\ .manager\.tmp44321.instance Object is locked skipped
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\ibdata1 Object is locked skipped
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\ib_logfile0 Object is locked skipped
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\ib_logfile1 Object is locked skipped
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\versioncue\bhasset.ibd Object is locked skipped
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\versioncue\bhlabel.ibd Object is locked skipped
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\versioncue\bhlabeltoversion .ibd Object is locked skipped
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\versioncue\bhpqentry.ibd Object is locked skipped
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\versioncue\bhserverglobals. ibd Object is locked skipped
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\versioncue\bhuser.ibd Object is locked skipped
C:\Program Files\Adobe\Adobe Version Cue CS2\logs\VersionCue.log Object is locked skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\223.tmp/data0001 Infected: Trojan.Win32.DNSChanger.adz skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\223.tmp NSIS: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\223.tmp CryptFF.b: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\C.tmp/data0001 Infected: Trojan.Win32.DNSChanger.adz skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\C.tmp NSIS: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\C.tmp CryptFF.b: infected - 1 skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\dialsv32.d ll.vir Infected: Trojan-Downloader.Win32.Agent.fis skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\LDRA.tmp.v ir/data1 Infected: Trojan.Win32.LinkReplacer.b skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\LDRA.tmp.v ir SIM: infected - 1 skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\md4hsh.dll .vir Infected: Trojan-Proxy.Win32.Agent.sr skipped
C:\SDFix\backups\backups.zip/backups/G3A33.tmp.exe/data1 Infected: Trojan.Win32.LinkReplacer.b skipped
C:\SDFix\backups\backups.zip/backups/G3A33.tmp.exe Infected: Trojan.Win32.LinkReplacer.b skipped
C:\SDFix\backups\backups.zip/backups/GA59C.tmp.exe/data1 Infected: Trojan.Win32.LinkReplacer.b skipped
C:\SDFix\backups\backups.zip/backups/GA59C.tmp.exe Infected: Trojan.Win32.LinkReplacer.b skipped
C:\SDFix\backups\backups.zip/backups/GBB31.tmp.exe Infected: Trojan.Win32.LowZones.er skipped
C:\SDFix\backups\backups.zip/backups/GBB60.tmp.exe/EXE-file Infected: Rootkit.Win32.Agent.qn skipped
C:\SDFix\backups\backups.zip/backups/GBB60.tmp.exe Infected: Rootkit.Win32.Agent.qn skipped
C:\SDFix\backups\backups.zip/backups/GC3EC.tmp.exe/data1 Infected: Trojan.Win32.LinkReplacer.b skipped
C:\SDFix\backups\backups.zip/backups/GC3EC.tmp.exe Infected: Trojan.Win32.LinkReplacer.b skipped
C:\SDFix\backups\backups.zip/backups/GD36.tmp.exe/EXE-file Infected: Rootkit.Win32.Agent.qn skipped
C:\SDFix\backups\backups.zip/backups/GD36.tmp.exe Infected: Rootkit.Win32.Agent.qn skipped
C:\SDFix\backups\backups.zip/backups/GD6B8.tmp.exe/data1 Infected: Trojan.Win32.LinkReplacer.d skipped
C:\SDFix\backups\backups.zip/backups/GD6B8.tmp.exe Infected: Trojan.Win32.LinkReplacer.d skipped
C:\SDFix\backups\backups.zip/backups/GFA7D.tmp.exe/EXE-file Infected: Rootkit.Win32.Agent.qn skipped
C:\SDFix\backups\backups.zip/backups/GFA7D.tmp.exe Infected: Rootkit.Win32.Agent.qn skipped
C:\SDFix\backups\backups.zip/backups/IEHelp.xml Infected: Trojan.Win32.LinkReplacer.a skipped
C:\SDFix\backups\backups.zip ZIP: infected - 16 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP220\A0186611.dll Infected: Trojan.Win32.LinkReplacer.a skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP220\A0187949.dll Infected: Trojan.Win32.LinkReplacer.a skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP221\A0189174.dll Infected: Trojan.Win32.LinkReplacer.a skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP225\A0191284.exe Infected: Trojan-Spy.Win32.Bancos.aam skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP226\A0192772.exe Infected: Rootkit.Win32.Agent.qn skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP226\A0192911.dll Infected: Trojan.Win32.Agent.*** skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP226\A0192961.exe Infected: Rootkit.Win32.Agent.qn skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP228\A0195837.exe Infected: not-virus:Hoax.Win32.Renos.wk skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP228\A0196213.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP229\A0196580.dll Infected: not-a-virus:FraudTool.Win32.BraveSentry.b skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP229\A0196582.dll Infected: not-a-virus:FraudTool.Win32.BraveSentry.b skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP229\A0196585.exe Infected: not-virus:Hoax.Win32.Renos.wk skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP229\A0196630.exe Infected: Trojan-PSW.Win32.LdPinch.dxb skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP229\A0196703.exe Infected: Rootkit.Win32.Agent.qn skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP229\A0196708.sys Infected: Rootkit.Win32.Agent.nf skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{21EBED 31-69DE-49EE-B111-F1E761A371E1}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\AcroIEHelper.dll Infected: Trojan.Win32.LinkReplacer.d skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\IEHelp.dll Infected: Trojan.Win32.LinkReplacer.a skipped
C:\WINDOWS\system32\LDR104.tmp/data1 Infected: Trojan.Win32.LinkReplacer.a skipped
C:\WINDOWS\system32\LDR104.tmp SIM: infected - 1 skipped
C:\WINDOWS\system32\LDR10D.tmp/data1 Infected: Trojan.Win32.LinkReplacer.a skipped
C:\WINDOWS\system32\LDR10D.tmp SIM: infected - 1 skipped
C:\WINDOWS\system32\LDR11F.tmp/data1 Infected: Trojan.Win32.LinkReplacer.a skipped
C:\WINDOWS\system32\LDR11F.tmp SIM: infected - 1 skipped
C:\WINDOWS\system32\LDR124.tmp/data1 Infected: Trojan.Win32.LinkReplacer.a skipped
C:\WINDOWS\system32\LDR124.tmp SIM: infected - 1 skipped
C:\WINDOWS\system32\LDR129.tmp/data1 Infected: Trojan.Win32.LinkReplacer.a skipped
C:\WINDOWS\system32\LDR129.tmp SIM: infected - 1 skipped
C:\WINDOWS\system32\nvnati.sys Infected: Trojan-Proxy.Win32.Agent.sr skipped
C:\WINDOWS\Temp\hsperfdata_SYSTEM\1936 Object is locked skipped
C:\WINDOWS\Temp\ib2 Object is locked skipped
C:\WINDOWS\Temp\ib3 Object is locked skipped
C:\WINDOWS\Temp\ib4 Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
  #8  
Old 12-10-2007
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 2,958
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: Please, can someone help me?
Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.
It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open *notepad* and copy/paste the text in the quotebox below into it:
KillAll::
File::
C:\9957734
C:\6352046
C:\17166265
C:\13561812
C:\1657031
C:\5511875
C:\888953
Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.


Refering to the picture above, drag CFScript.txt into ComboFix.exe
Restart your computer.
When finished, it shall produce a log for you at C:\ComboFix.txt
Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please.

*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall*
When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture a file to submit for analysis.
Ensure you are connected to the internet and click OK on the message box. A browser will open. Simply follow the instructions to copy/paste/send the requested file.


__________________
  • An Australian Member of
  • and
My real name is Eddy
  #9  
Old 12-10-2007
LoPan's Avatar
Bronze Member
  
Join Date: Dec 2007
Posts: 10
PC Experience: Some Experience
LoPan - See this Members User comments on their Profile page
Default Re: Please, can someone help me?
After Combofix rebooted my PC, the browser did not open to submit the report for analysis. It did produce a log...

ComboFix 07-12-09.1 - Clif 2007-12-10 16:41:26.3 - NTFSx86
Running from: C:\Documents and Settings\Clif\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Clif\Desktop\CFScript.txt
FILE
C:\13561812
C:\1657031
C:\17166265
C:\5511875
C:\6352046
C:\888953
C:\9957734
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\13561812
C:\1657031
C:\17166265
C:\5511875
C:\6352046
C:\888953
C:\9957734
.
((((((((((((((((((((((((( Files Created from 2007-11-10 to 2007-12-10 )))))))))))))))))))))))))))))))
.
2007-12-10 12:00 . 2007-12-10 12:00 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-10 12:00 . 2007-12-10 12:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-09 01:25 . 2007-12-09 01:25 <DIR> d-------- C:\WINDOWS\ERUNT
2007-12-07 21:17 . 2007-12-07 21:17 <DIR> d-------- C:\Program Files\CCleaner
2007-12-07 17:54 . 2007-12-07 17:54 <DIR> d-------- C:\Documents and Settings\Clif\Application Data\Grisoft
2007-12-07 17:53 . 2007-12-07 17:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-07 17:53 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-07 17:45 . 2007-12-07 21:14 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-12-07 17:45 . 2007-12-07 17:45 <DIR> d-------- C:\Documents and Settings\Clif\Application Data\SUPERAntiSpyware.com
2007-12-07 17:45 . 2007-12-07 17:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-07 11:14 . 2007-12-07 12:58 <DIR> d-------- C:\Documents and Settings\Clif\.housecall6.6
2007-12-07 03:04 . 2007-12-07 03:04 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-07 03:04 . 2007-12-07 03:04 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-07 01:41 . 2007-12-10 11:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-07 00:19 . 2007-12-07 00:19 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-07 00:19 . 2007-12-07 00:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-06 23:56 . 2007-12-07 17:43 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-04 08:56 . 2007-12-04 08:56 118,272 --a------ C:\1236234
2007-12-03 16:39 . 2007-12-03 16:39 528,896 --a------ C:\WINDOWS\system32\AcroIEHelper.dll
2007-11-30 20:14 . 2007-12-09 01:23 2,032 --a------ C:\WINDOWS\system32\nvnati.sys
2007-11-14 12:50 . 2007-11-14 12:50 127 --a------ C:\WINDOWS\system32\MRT.INI
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-12-07 19:21 --------- d-----w C:\Program Files\Trend Micro
2007-10-30 19:08 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Yahoo!
2007-10-18 18:23 24,064 ----a-w C:\info.exe
.
((((((((((((((((((((((((((((( snapshot@2007-12-09_ 1.51.54.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-10 19:48:12 3,306 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{21EBED 31-69DE-49EE-B111-F1E761A371E1}.bin
+ 2005-05-24 17:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 20:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 20:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8673347E-6D08-4B61-8794-E101DC448950}]
2007-10-13 10:50 528896 --a------ C:\WINDOWS\system32\IEHelp.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F3CFA533-7680-4943-A863-B8216390E847}]
2007-12-03 16:39 528896 --a------ C:\WINDOWS\system32\AcroIEHelper.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]
"OE_OEM"="C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [2006-04-11 18:39]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.ex e" [2006-07-21 16:19]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 20:42]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-30 17:30]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 21:12]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 08:35]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 08:36]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 08:32]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05]
"Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 18:58]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\M SConfig.exe" [2004-08-04 06:00]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
dlbcserv.lnk - C:\Program Files\Dell Photo Printer 720\dlbcserv.exe [2006-01-15 12:04:09]
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2004-12-14 02:12 483328 --a------ C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Version Cue CS2]
2005-04-04 18:58 856064 --a------ C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2005-08-31 12:06 106496 --a--c--- C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
2006-04-28 17:08 692224 -----c--- C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-02-23 17:19 53248 -----c--- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2005-04-08 14:09 102400 --------- C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2006-02-23 15:45 278528 --a--c--- C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
2005-09-08 20:20 8192 --a--c--- C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
C:\WINDOWS\system32\winupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2007-08-31 16:46 1460560 --a------ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2007-06-21 14:06 1318912 --a------ C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ymetray]
C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe -preload

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart

.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\DOCUME~1\Clif\LOCALS~1\Temp\rdrigeqwUTER.dll
.
************************************************** ************************
catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-10 16:47:05
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
Completion time: 2007-12-10 16:49:51 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-09 23:21
C:\ComboFix3.txt ... 2007-12-09 01:53
.
--- E O F ---






Here's the new Hijackthis log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:55:04 PM, on 12/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.f827.mail.yahoo.com/ym/log...=0mco4ksq4v261
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\PROGRA~1\Yahoo!\common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: IEHelp - {8673347E-6D08-4B61-8794-E101DC448950} - C:\WINDOWS\system32\IEHelp.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: AcroIEHelper - {F3CFA533-7680-4943-A863-B8216390E847} - C:\WINDOWS\system32\AcroIEHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKUS\S-1-5-21-2376690854-1529554363-2898095038-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-2376690854-1529554363-2898095038-1006\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" (User '?')
O4 - HKUS\S-1-5-21-2376690854-1529554363-2898095038-1006\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User '?')
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
--
End of file - 11060 bytes
  #10  
Old 12-10-2007
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 2,958
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: Please, can someone help me?
Whoops..missed this one.After this you should be good to go.



Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.
It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open *notepad* and copy/paste the text in the quotebox below into it:


KillAll::
File::
C:\1236234

Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.


Refering to the picture above, drag CFScript.txt into ComboFix.exe
Restart your computer.

*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall*
When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture a file to submit for analysis.
Ensure you are connected to the internet and click OK on the message box. A browser will open. Simply follow the instructions to copy/paste/send the requested file.

==============================
After youn have done the above this will clear away any of the files and folders that were created by ComboFix.
Go to :
Start > Run then copy and paste the following highlighted text below and click OK.

ComboFix /u


__________________
  • An Australian Member of
  • and
My real name is Eddy
Last edited by Pancake; 12-10-2007 at 11:50 PM.
  #11  
Old 12-11-2007
LoPan's Avatar
Bronze Member
  
Join Date: Dec 2007
Posts: 10
PC Experience: Some Experience
LoPan - See this Members User comments on their Profile page
Default Re: Please, can someone help me?
Okay, I finished those steps, but I'm getting a Trend Micro PC-cillin Internet Security 12 pop-up window that reads "Invalid registration information has been entered. Please contact the Trend Micro customer support center." Is that normal? When I open Trend Micro and click on Help and then customer care center, I get a message on their site that reads "The request cannot be processed because the Internet connection has become unstable. Please try again in a few minutes. (93000000)"

I also notice that when I open the Trend Micro and click on Network Security, the personal firewall, network virus emergency center, and wi-fi detection icons are grayed out and nothing happens when I click them.

I'm also still getting the error message "This application has failed to start because ATL.DLL was not found. Re-installing the application may fix this problem" when I try to run any program.

Thank you so much for your help on all this, I really appreciate it.


Last edited by LoPan; 12-11-2007 at 05:29 AM.
  #12  
Old 12-11-2007
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 2,958
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: Please, can someone help me?
Can't say I have come across this problem before.It may be a case if reinstalling Trend Micro.Try replacing the dll file...

ATL.DLL download - free dll files


__________________
  • An Australian Member of
  • and
My real name is Eddy

Reply
Satellite TV on your PC - over 3000 Channels! Click Here!
Page 2 of 3 < 1 2 3 >

Bookmarks