View Full Version : trashicon.exe and iomter.dll
Tractor7
2008-02-15, 19:25
The first problem that I noticed was that Internet Explorer was crashing very frequently. Then I received a bogus Windows Security alert that said something to the effect that spyware was detected and did I want to go a site to get the spyware removal software. A notepad session opened and text started being typed that said "I'm keeping an eye on you..." Then I found that if I clicked on any shortcut or tray icon Windows (XP Home SP2) would raise the dialog asking which application I wanted to use to open the file.
Some error messages also appeared one mentioned the file iomtrer.dll.
I opened the task manager and saw that several trashicon.exe processes were running. I killed them all and was able to delete trashicon.exe and iomter.dll. I still couldn't launch applications. So I did a search for "can't run exe file" and found this:
http://windowsxp.mvps.org/exefile.htm
After running the file I downloaded form there everything seems to be okay. However I want to be sure I've gotten rid of everything. Here are the logs. Thanks for your help.
Tractor7
2008-02-15, 19:26
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, February 15, 2008 1:29:43 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 15/02/2008
Kaspersky Anti-Virus database records: 567337
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 135509
Number of viruses found: 1
Number of infected objects: 1
Number of suspicious objects: 0
Duration of the scan process: 01:47:56
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{CF3A0C25-00B4-41BF-8721-97A5B3997FF7}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR24.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\state\logs\sprtcmd.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Michael\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\Application Data\Musicmatch\Jukebox\mmjbaltlog.txt Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\Application Data\Musicmatch\Jukebox\mmjblog.txt Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\Application Data\Musicmatch\MIM\Database\Default.ldb Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\Application Data\Musicmatch\MIM\Database\Default.mdb Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\Application Data\SupportSoft\DellSupportCenter\Michael\state\logs\sprtcmd.log Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\History\History.IE5\MSHist012008021420080215\index.dat Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\Temp\JET8166.tmp Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\Temp\~DF915F.tmp Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Michael\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Michael\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1095\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{FCBAEDA9-174B-4C78-BC33-1C1690AB64EC}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\mcmsc_l3ibPrMfSywzK83 Object is locked skipped
C:\WINDOWS\Temp\mcmsc_t1Cml18so63igpY Object is locked skipped
C:\WINDOWS\Temp\mcmsc_zfDBiHuF7oa5xgr Object is locked skipped
C:\WINDOWS\Temp\mcu111.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu111.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu111.tmp\vso\49594960.upm Object is locked skipped
C:\WINDOWS\Temp\mcu111.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\Temp\mcu12C.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu12C.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu12C.tmp\vso\49995000.upm Object is locked skipped
C:\WINDOWS\Temp\mcu12C.tmp\vso\50005001.upm Object is locked skipped
C:\WINDOWS\Temp\mcu12C.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\Temp\mcu16.tmp\McAppIns.exe Object is locked skipped
C:\WINDOWS\Temp\mcu16.tmp\mcuninst.dll Object is locked skipped
C:\WINDOWS\Temp\mcu16.tmp\UnInst.Dll Object is locked skipped
C:\WINDOWS\Temp\mcu16.tmp\uninst.ini Object is locked skipped
C:\WINDOWS\Temp\mcu16.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu16.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu16.tmp\vso\43804381.upd Object is locked skipped
C:\WINDOWS\Temp\mcu16.tmp\vso\delta.ini Object is locked skipped
C:\WINDOWS\Temp\mcu16.tmp\vso\en-us\us\aolcfg.cab Object is locked skipped
C:\WINDOWS\Temp\mcu16.tmp\vsocfg.ini Object is locked skipped
C:\WINDOWS\Temp\mcu16.tmp\vsoins.cab Object is locked skipped
C:\WINDOWS\Temp\mcu16.tmp\vsoins.inf Object is locked skipped
C:\WINDOWS\Temp\mcu16.tmp\vsoins.ui Object is locked skipped
C:\WINDOWS\Temp\mcu16.tmp\VsoVer.ini Object is locked skipped
C:\WINDOWS\Temp\mcu17.tmp\McAppIns.exe Object is locked skipped
C:\WINDOWS\Temp\mcu17.tmp\mcuninst.dll Object is locked skipped
C:\WINDOWS\Temp\mcu17.tmp\UnInst.Dll Object is locked skipped
C:\WINDOWS\Temp\mcu17.tmp\uninst.ini Object is locked skipped
C:\WINDOWS\Temp\mcu17.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu17.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu17.tmp\vso\43914392.upd Object is locked skipped
C:\WINDOWS\Temp\mcu17.tmp\vso\43924393.upd Object is locked skipped
C:\WINDOWS\Temp\mcu17.tmp\vso\delta.ini Object is locked skipped
C:\WINDOWS\Temp\mcu17.tmp\vso\en-us\us\aolcfg.cab Object is locked skipped
C:\WINDOWS\Temp\mcu17.tmp\vsocfg.ini Object is locked skipped
C:\WINDOWS\Temp\mcu17.tmp\vsoins.cab Object is locked skipped
C:\WINDOWS\Temp\mcu17.tmp\vsoins.inf Object is locked skipped
C:\WINDOWS\Temp\mcu17.tmp\vsoins.ui Object is locked skipped
C:\WINDOWS\Temp\mcu17.tmp\VsoVer.ini Object is locked skipped
C:\WINDOWS\Temp\mcu18.tmp\McAppIns.exe Object is locked skipped
C:\WINDOWS\Temp\mcu18.tmp\mcuninst.dll Object is locked skipped
C:\WINDOWS\Temp\mcu18.tmp\UnInst.Dll Object is locked skipped
C:\WINDOWS\Temp\mcu18.tmp\uninst.ini Object is locked skipped
C:\WINDOWS\Temp\mcu18.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu18.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu18.tmp\vso\43774378.upd Object is locked skipped
C:\WINDOWS\Temp\mcu18.tmp\vso\43784379.upd Object is locked skipped
C:\WINDOWS\Temp\mcu18.tmp\vso\43794380.upd Object is locked skipped
C:\WINDOWS\Temp\mcu18.tmp\vso\delta.ini Object is locked skipped
C:\WINDOWS\Temp\mcu18.tmp\vso\en-us\us\aolcfg.cab Object is locked skipped
C:\WINDOWS\Temp\mcu18.tmp\vsocfg.ini Object is locked skipped
C:\WINDOWS\Temp\mcu18.tmp\vsoins.cab Object is locked skipped
C:\WINDOWS\Temp\mcu18.tmp\vsoins.inf Object is locked skipped
C:\WINDOWS\Temp\mcu18.tmp\vsoins.ui Object is locked skipped
C:\WINDOWS\Temp\mcu18.tmp\VsoVer.ini Object is locked skipped
C:\WINDOWS\Temp\mcu1A1.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu1A1.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu1A1.tmp\vso\49224923.upm Object is locked skipped
C:\WINDOWS\Temp\mcu1A1.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\Temp\mcu26.tmp\McAppIns.exe Object is locked skipped
C:\WINDOWS\Temp\mcu26.tmp\mcuninst.dll Object is locked skipped
C:\WINDOWS\Temp\mcu26.tmp\Uninst.dll Object is locked skipped
C:\WINDOWS\Temp\mcu26.tmp\uninst.ini Object is locked skipped
C:\WINDOWS\Temp\mcu26.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu26.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu26.tmp\VsCfgIns.dll Object is locked skipped
C:\WINDOWS\Temp\mcu26.tmp\vso\45294530.upd Object is locked skipped
C:\WINDOWS\Temp\mcu26.tmp\vso\45304531.upd Object is locked skipped
C:\WINDOWS\Temp\mcu26.tmp\vso\45314532.upd Object is locked skipped
C:\WINDOWS\Temp\mcu26.tmp\vso\45324533.upd Object is locked skipped
C:\WINDOWS\Temp\mcu26.tmp\vso\45334534.upd Object is locked skipped
C:\WINDOWS\Temp\mcu26.tmp\vso\delta.ini Object is locked skipped
C:\WINDOWS\Temp\mcu26.tmp\vso\en-us\us\aolcfg.cab Object is locked skipped
C:\WINDOWS\Temp\mcu26.tmp\vsocfg.ini Object is locked skipped
C:\WINDOWS\Temp\mcu26.tmp\vsoins.cab Object is locked skipped
C:\WINDOWS\Temp\mcu26.tmp\vsoins.inf Object is locked skipped
C:\WINDOWS\Temp\mcu26.tmp\vsoins.ui Object is locked skipped
C:\WINDOWS\Temp\mcu26.tmp\VsoVer.ini Object is locked skipped
C:\WINDOWS\Temp\mcu29.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu29.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu29.tmp\vso\45734574.upm Object is locked skipped
C:\WINDOWS\Temp\mcu29.tmp\vso\45744575.upm Object is locked skipped
C:\WINDOWS\Temp\mcu29.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\Temp\mcu39.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu39.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu39.tmp\vso\47204721.upm Object is locked skipped
C:\WINDOWS\Temp\mcu39.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\Temp\mcu3D4.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu3D4.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu3D4.tmp\vso\46804681.upm Object is locked skipped
C:\WINDOWS\Temp\mcu3D4.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\Temp\mcu48.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu48.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu48.tmp\vso\46254626.upm Object is locked skipped
C:\WINDOWS\Temp\mcu48.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\Temp\mcu4A.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu4A.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu4A.tmp\vso\46274628.upm Object is locked skipped
C:\WINDOWS\Temp\mcu4A.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\Temp\mcu51.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu51.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu51.tmp\vso\47324733.upm Object is locked skipped
C:\WINDOWS\Temp\mcu51.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\Temp\mcu56.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu56.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu56.tmp\vso\47374738.upm Object is locked skipped
C:\WINDOWS\Temp\mcu56.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\Temp\mcu56.tmp\vso\vsoexdt.cab Object is locked skipped
C:\WINDOWS\Temp\mcu72.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu72.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu72.tmp\vso\47554756.upm Object is locked skipped
C:\WINDOWS\Temp\mcu72.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\Temp\mcu76.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu76.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu76.tmp\vso\47594760.upm Object is locked skipped
C:\WINDOWS\Temp\mcu76.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\Temp\mcu7A.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu7A.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu7A.tmp\vso\47624763.upm Object is locked skipped
C:\WINDOWS\Temp\mcu7A.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\Temp\mcu8B.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu8B.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu8B.tmp\vso\47814782.upm Object is locked skipped
C:\WINDOWS\Temp\mcu8B.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\Temp\mcu8C.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu8C.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu8C.tmp\vso\47834784.upm Object is locked skipped
C:\WINDOWS\Temp\mcu8C.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\Temp\mcu8D.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu8D.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu8D.tmp\vso\47844785.upm Object is locked skipped
C:\WINDOWS\Temp\mcu8D.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\Temp\mcu8E.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu8E.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu8E.tmp\vso\47854786.upm Object is locked skipped
C:\WINDOWS\Temp\mcu8E.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\Temp\mcu9E.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu9E.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu9E.tmp\vso\48114812.upm Object is locked skipped
C:\WINDOWS\Temp\mcu9E.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\Temp\mcuA1.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcuA1.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcuA1.tmp\vso\48144815.upm Object is locked skipped
C:\WINDOWS\Temp\mcuA1.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\Temp\mcuA3.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcuA3.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcuA3.tmp\vso\48164817.upm Object is locked skipped
C:\WINDOWS\Temp\mcuA3.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\Temp\mcuCB.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcuCB.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcuCB.tmp\vso\48714872.upm Object is locked skipped
C:\WINDOWS\Temp\mcuCB.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\Temp\mcuCC.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcuCC.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcuCC.tmp\vso\48724873.upm Object is locked skipped
C:\WINDOWS\Temp\mcuCC.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\Temp\mcuCE.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcuCE.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcuCE.tmp\vso\48754876.upm Object is locked skipped
C:\WINDOWS\Temp\mcuCE.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\Temp\mcuD4.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcuD4.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcuD4.tmp\vso\48814882.upm Object is locked skipped
C:\WINDOWS\Temp\mcuD4.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\Temp\mcuDD.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcuDD.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcuDD.tmp\vso\48904891.upm Object is locked skipped
C:\WINDOWS\Temp\mcuDD.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\Temp\mcuDF.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcuDF.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcuDF.tmp\vso\48914892.upm Object is locked skipped
C:\WINDOWS\Temp\mcuDF.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\Temp\mcuFD.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcuFD.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcuFD.tmp\vso\49424943.upm Object is locked skipped
C:\WINDOWS\Temp\mcuFD.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_55c.dat Object is locked skipped
C:\WINDOWS\trayex.exe Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
Tractor7
2008-02-15, 19:27
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:13:09 AM, on 2/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PDUiP6700DMon] C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Forget Me Not.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
--
End of file - 12403 bytes
pskelley
2008-02-16, 17:32
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.
iomtrer.dll <<< are you sure about the spelling? Google returns nothing and that is very unusual.
trashicon.exe <<< this one is some junk, see what Prevx has to say:
http://www.prevx.com/filenames/X926496140002767697-0/TRASHICON.EXE.html
This program is obsolete and I suggest you uninstall it.
C:\Program Files\ewido\security suite\ewidoctrl.exe
You have some stuff that needs to go and I would like a look at your uninstall list, proceed like this.
1) We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:
* Run Spybot-S&D in Advanced Mode.
* If it is not already set to do this Go to the Mode menu select "Advanced Mode"
* On the left hand side, Click on Tools
* Then click on the Resident Icon in the List
* Uncheck "Resident TeaTimer" and OK any prompts.
* Restart your computer.
2) How to make files and folders visible:
Click Start > Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm. Click OK.
You may reverse this for safety when we are finished.
3) Tutorial if needed: http://www.nutnworks.com/forums/showthread.php?t=1925
Please download ATF Cleaner by Atribune
http://www.atribune.org/content/view/25/2/
Save it to your Desktop. We will use this later.
4) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:
(first two items are optional,if you use them,leave them)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
(next three are not malware, but damaged, if you use them, reinstall)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab
Isearchtoolbar Isearch toolbar TROJ_IESER.A
Close all programs but HJT and all browser windows, then click on "Fix Checked"
5) Right click Start > Explore and navigate to these files/folders and delete them if there.
C:\WINDOWS\trayex.exe <<< delete that file
6) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.
Restart and post a new HJT log, your uninstall list and let me know how the computer runs.
Thanks
Uninstall List:
Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.
(You may edit out Microsoft, Hotfixes, Security Update for Windows XP,
Update for Windows XP and Windows XP Hotfix to shorten the list)
Tractor7
2008-02-16, 20:25
Thanks for your help. I think I followed all of your instructions correctly.
I had a typo there. The suspicious file was iomter.dll
When I was running ATF it hung. I opened the task manager and saw a process called "trashicon.exe and iomter.dll" running. I killed it. I then re-ran ATF.
Here are the new logs:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:20:53 AM, on 2/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PDUiP6700DMon] C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Forget Me Not.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
--
End of file - 9943 bytes
Ad-Aware 2007
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player ActiveX
Adobe Reader 7.0.5 Language Support
Adobe Reader 7.0.9
Adobe® Photoshop® Album Starter Edition 3.0
American Greetings CreataCard
AnswerWorks 4.0 Runtime - English
Apple Mobile Device Support
Apple Software Update
Bazooka Spyware Scanner
BCM V.92 56K Modem
Canon Digital Camera USB WIA Driver
Canon iP6700D
Canon iP6700D Memory Card Utility
Canon iP6700D User Registration
Canon My Printer
Canon PhotoRecord
Canon Utilities Easy-PhotoPrint
Canon Utilities PhotoStitch 3.1
Canon Utilities RAW Image Converter
Canon Utilities RemoteCapture 2.1
Canon Utilities ZoomBrowser EX
CCleaner (remove only)
Cerberus FTP Server
Classic PhoneTools
Creative PC-CAM Center
Creative WebCam Monitor
Creative WebCam NX Pro Driver (1.00.06.0512)
Creative WebCam NX Pro Manual (English)
Curl RTE 6.0.0
DD Tournament Poker 1.1
Dell Digital Jukebox Driver
Dell Media Experience
Dell Solution Center
Dell Support Center
DVDSentry
Easy-WebPrint
Empire Earth
FinePixViewer Ver.4.0
FUJIFILM USB Driver
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
ImageMixer VCD for FinePix
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet
Internet Explorer Default Page
iTunes
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java 2 Runtime Environment, SE v1.4.2
Kaspersky Online Scanner
King's Quest 1 VGA
King's Quest 1 VGA Music Pack
King's Quest 1 VGA Speech Pack
Learn2 Player (Uninstall Only)
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Edition 2003
Microsoft Web Publishing Wizard 1.52
MicroStaff WINASPI NT
Modem Helper
Mozilla Firefox (2.0.0.12)
MSN Gaming Zone
MSN Music Assistant
Musicmatch® Jukebox
NVIDIA Windows 2000/XP Display Drivers
OfferApp
PokerStove version 1.20
PowerDVD
PyQt GPL v4.3.3
Python 2.4.2
Python 2.5.1
QuickTime
RAW FILE CONVERTER LE
RealOne Player
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
Shockwave
Sid Meier's Civilization 4
Sid Meier's Railroad Tycoon
SimCity 4 Deluxe
Sonic DLA
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
Sound Blaster Live!
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
Spyware Doctor 5.5
SpywareBlaster v3.5.1
TurboTax ItsDeductible 2006
TurboTax Premier 2007
TurboTax Premier Investments 2006
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
WexTech AnswerWorks
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
Xfire (remove only)
Yahoo! Photos Easy Upload Tool
Yahoo! Photos Print-at-Home Tool
Yahoo! Toolbar for Internet Explorer
Tractor7
2008-02-16, 20:59
At the moment I don't see any suspicious behavior.
After rebooting and logging in it takes two or three minutes before the system becomes responsive. Launching IE for the first time after a reboot also takes two to three minutes.
Other than this, things seem okay.
pskelley
2008-02-16, 21:23
iomter.dll <<< http://www.prevx.com/filenames/171987466175684842-0/IOTTEM.DLL.html
The filename IOTTEM.DLL was first seen on Jan 25 2008 in The EUROPEAN UNION
The filename TRASHICON.EXE was first seen on Jan 23 2008 in SPAIN.
These are both so new that Kaspersky might not have them in the data base yet.
Uninstall list:
see this: http://forums.spybot.info/showpost.php?p=12880&postcount=2
Java 2 Runtime Environment, SE v1.4.2 <<< Java is BADLY out of date, only a matter of time befor that gets you infected. Download the newest version and uninstall the old version in Add Remove programs.
I can not see any other problems, you should look and uninstall anything that does not belong there or is no longer needed.
HJT is not showing anything, I suggest you delete those files manually:
trashicon.exe and iomter.dll <<< use Search Companion to find all locations and navigate to them and delete them.
If you wish to scan the files first, to be sure they are malware, here are free online scans:
http://virusscan.jotti.org/
http://www.kaspersky.com/scanforvirus
http://www.virustotal.com/
If you have any trouble deleting them, use this tool and instructions:
How to use the Delete on Reboot tool
http://www.bleepingcomputer.com/tutorials/tutorial42.html#delreb
Since you are seeing them in Task Manager, you may need to use these instructions:
http://www.bleepingcomputer.com/tutorials/tutorial42.html#HTProcessManager
To Kill the processes before deleting them. Let me know how it goes.
Thanks...Phil
Tractor7
2008-02-17, 02:24
I didn't find files of trashicon.exe of iomter.dll on my computer. But when I ran another kaspersky scan it still finds infections. Should I be concerned about these? Here are the Kaspersky and hjt reports:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, February 16, 2008 3:39:00 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 16/02/2008
Kaspersky Anti-Virus database records: 569531
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 118985
Number of viruses found: 2
Number of infected objects: 5
Number of suspicious objects: 0
Duration of the scan process: 01:13:15
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\state\logs\sprtcmd.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Michael\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\Application Data\Musicmatch\Jukebox\mmjbaltlog.txt Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\Application Data\Musicmatch\Jukebox\mmjblog.txt Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\Application Data\Musicmatch\MIM\Database\Default.ldb Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\Application Data\Musicmatch\MIM\Database\Default.mdb Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\Application Data\SupportSoft\DellSupportCenter\Michael\state\logs\sprtcmd.log Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\Temp\JETB169.tmp Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\Temp\~DFA16B.tmp Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\Temp\~DFA179.tmp Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Michael\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Michael\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1094\A0091710.exe Infected: Trojan-Clicker.Win32.Agent.ss skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1097\A0092033.exe Infected: Trojan-Clicker.Win32.Agent.ss skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1097\A0092034.dll Infected: Trojan-Clicker.Win32.Agent.ss skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1097\A0092037.exe Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1100\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\mcmsc_40C21ZJZfA4l9nl Object is locked skipped
C:\WINDOWS\Temp\mcmsc_qsSEtGXx9I3QAj6 Object is locked skipped
C:\WINDOWS\Temp\mcu111.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu111.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu111.tmp\vso\49594960.upm Object is locked skipped
C:\WINDOWS\Temp\mcu111.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\Temp\mcu12C.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu12C.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu12C.tmp\vso\49995000.upm Object is locked skipped
C:\WINDOWS\Temp\mcu12C.tmp\vso\50005001.upm Object is locked skipped
C:\WINDOWS\Temp\mcu12C.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\Temp\mcu16.tmp\McAppIns.exe Object is locked skipped
C:\WINDOWS\Temp\mcu16.tmp\mcuninst.dll Object is locked skipped
C:\WINDOWS\Temp\mcu16.tmp\UnInst.Dll Object is locked skipped
C:\WINDOWS\Temp\mcu16.tmp\uninst.ini Object is locked skipped
C:\WINDOWS\Temp\mcu16.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu16.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu16.tmp\vso\43804381.upd Object is locked skipped
C:\WINDOWS\Temp\mcu16.tmp\vso\delta.ini Object is locked skipped
C:\WINDOWS\Temp\mcu16.tmp\vso\en-us\us\aolcfg.cab Object is locked skipped
C:\WINDOWS\Temp\mcu16.tmp\vsocfg.ini Object is locked skipped
C:\WINDOWS\Temp\mcu16.tmp\vsoins.cab Object is locked skipped
C:\WINDOWS\Temp\mcu16.tmp\vsoins.inf Object is locked skipped
C:\WINDOWS\Temp\mcu16.tmp\vsoins.ui Object is locked skipped
C:\WINDOWS\Temp\mcu16.tmp\VsoVer.ini Object is locked skipped
C:\WINDOWS\Temp\mcu17.tmp\McAppIns.exe Object is locked skipped
C:\WINDOWS\Temp\mcu17.tmp\mcuninst.dll Object is locked skipped
C:\WINDOWS\Temp\mcu17.tmp\UnInst.Dll Object is locked skipped
C:\WINDOWS\Temp\mcu17.tmp\uninst.ini Object is locked skipped
C:\WINDOWS\Temp\mcu17.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu17.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu17.tmp\vso\43914392.upd Object is locked skipped
C:\WINDOWS\Temp\mcu17.tmp\vso\43924393.upd Object is locked skipped
C:\WINDOWS\Temp\mcu17.tmp\vso\delta.ini Object is locked skipped
C:\WINDOWS\Temp\mcu17.tmp\vso\en-us\us\aolcfg.cab Object is locked skipped
C:\WINDOWS\Temp\mcu17.tmp\vsocfg.ini Object is locked skipped
C:\WINDOWS\Temp\mcu17.tmp\vsoins.cab Object is locked skipped
C:\WINDOWS\Temp\mcu17.tmp\vsoins.inf Object is locked skipped
C:\WINDOWS\Temp\mcu17.tmp\vsoins.ui Object is locked skipped
C:\WINDOWS\Temp\mcu17.tmp\VsoVer.ini Object is locked skipped
C:\WINDOWS\Temp\mcu18.tmp\McAppIns.exe Object is locked skipped
C:\WINDOWS\Temp\mcu18.tmp\mcuninst.dll Object is locked skipped
C:\WINDOWS\Temp\mcu18.tmp\UnInst.Dll Object is locked skipped
C:\WINDOWS\Temp\mcu18.tmp\uninst.ini Object is locked skipped
C:\WINDOWS\Temp\mcu18.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu18.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu18.tmp\vso\43774378.upd Object is locked skipped
C:\WINDOWS\Temp\mcu18.tmp\vso\43784379.upd Object is locked skipped
C:\WINDOWS\Temp\mcu18.tmp\vso\43794380.upd Object is locked skipped
C:\WINDOWS\Temp\mcu18.tmp\vso\delta.ini Object is locked skipped
C:\WINDOWS\Temp\mcu18.tmp\vso\en-us\us\aolcfg.cab Object is locked skipped
C:\WINDOWS\Temp\mcu18.tmp\vsocfg.ini Object is locked skipped
C:\WINDOWS\Temp\mcu18.tmp\vsoins.cab Object is locked skipped
C:\WINDOWS\Temp\mcu18.tmp\vsoins.inf Object is locked skipped
C:\WINDOWS\Temp\mcu18.tmp\vsoins.ui Object is locked skipped
C:\WINDOWS\Temp\mcu18.tmp\VsoVer.ini Object is locked skipped
C:\WINDOWS\Temp\mcu1A1.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu1A1.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu1A1.tmp\vso\49224923.upm Object is locked skipped
C:\WINDOWS\Temp\mcu1A1.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\Temp\mcu26.tmp\McAppIns.exe Object is locked skipped
C:\WINDOWS\Temp\mcu26.tmp\mcuninst.dll Object is locked skipped
C:\WINDOWS\Temp\mcu26.tmp\Uninst.dll Object is locked skipped
C:\WINDOWS\Temp\mcu26.tmp\uninst.ini Object is locked skipped
C:\WINDOWS\Temp\mcu26.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu26.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu26.tmp\VsCfgIns.dll Object is locked skipped
C:\WINDOWS\Temp\mcu26.tmp\vso\45294530.upd Object is locked skipped
C:\WINDOWS\Temp\mcu26.tmp\vso\45304531.upd Object is locked skipped
C:\WINDOWS\Temp\mcu26.tmp\vso\45314532.upd Object is locked skipped
C:\WINDOWS\Temp\mcu26.tmp\vso\45324533.upd Object is locked skipped
C:\WINDOWS\Temp\mcu26.tmp\vso\45334534.upd Object is locked skipped
C:\WINDOWS\Temp\mcu26.tmp\vso\delta.ini Object is locked skipped
C:\WINDOWS\Temp\mcu26.tmp\vso\en-us\us\aolcfg.cab Object is locked skipped
C:\WINDOWS\Temp\mcu26.tmp\vsocfg.ini Object is locked skipped
C:\WINDOWS\Temp\mcu26.tmp\vsoins.cab Object is locked skipped
C:\WINDOWS\Temp\mcu26.tmp\vsoins.inf Object is locked skipped
C:\WINDOWS\Temp\mcu26.tmp\vsoins.ui Object is locked skipped
C:\WINDOWS\Temp\mcu26.tmp\VsoVer.ini Object is locked skipped
C:\WINDOWS\Temp\mcu29.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu29.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu29.tmp\vso\45734574.upm Object is locked skipped
C:\WINDOWS\Temp\mcu29.tmp\vso\45744575.upm Object is locked skipped
C:\WINDOWS\Temp\mcu29.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\Temp\mcu39.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu39.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu39.tmp\vso\47204721.upm Object is locked skipped
C:\WINDOWS\Temp\mcu39.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\Temp\mcu3D4.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu3D4.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu3D4.tmp\vso\46804681.upm Object is locked skipped
C:\WINDOWS\Temp\mcu3D4.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\Temp\mcu48.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu48.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu48.tmp\vso\46254626.upm Object is locked skipped
C:\WINDOWS\Temp\mcu48.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\Temp\mcu4A.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu4A.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu4A.tmp\vso\46274628.upm Object is locked skipped
C:\WINDOWS\Temp\mcu4A.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\Temp\mcu51.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu51.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu51.tmp\vso\47324733.upm Object is locked skipped
C:\WINDOWS\Temp\mcu51.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\Temp\mcu56.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu56.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu56.tmp\vso\47374738.upm Object is locked skipped
C:\WINDOWS\Temp\mcu56.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\Temp\mcu56.tmp\vso\vsoexdt.cab Object is locked skipped
C:\WINDOWS\Temp\mcu72.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu72.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu72.tmp\vso\47554756.upm Object is locked skipped
C:\WINDOWS\Temp\mcu72.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\Temp\mcu76.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu76.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu76.tmp\vso\47594760.upm Object is locked skipped
C:\WINDOWS\Temp\mcu76.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\Temp\mcu7A.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu7A.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu7A.tmp\vso\47624763.upm Object is locked skipped
C:\WINDOWS\Temp\mcu7A.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\Temp\mcu8B.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu8B.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu8B.tmp\vso\47814782.upm Object is locked skipped
C:\WINDOWS\Temp\mcu8B.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\Temp\mcu8C.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu8C.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu8C.tmp\vso\47834784.upm Object is locked skipped
C:\WINDOWS\Temp\mcu8C.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\Temp\mcu8D.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu8D.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu8D.tmp\vso\47844785.upm Object is locked skipped
C:\WINDOWS\Temp\mcu8D.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\Temp\mcu8E.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu8E.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu8E.tmp\vso\47854786.upm Object is locked skipped
C:\WINDOWS\Temp\mcu8E.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\Temp\mcu9E.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu9E.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcu9E.tmp\vso\48114812.upm Object is locked skipped
C:\WINDOWS\Temp\mcu9E.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\Temp\mcuA1.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcuA1.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcuA1.tmp\vso\48144815.upm Object is locked skipped
C:\WINDOWS\Temp\mcuA1.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\Temp\mcuA3.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcuA3.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcuA3.tmp\vso\48164817.upm Object is locked skipped
C:\WINDOWS\Temp\mcuA3.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\Temp\mcuCB.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcuCB.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcuCB.tmp\vso\48714872.upm Object is locked skipped
C:\WINDOWS\Temp\mcuCB.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\Temp\mcuCC.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcuCC.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcuCC.tmp\vso\48724873.upm Object is locked skipped
C:\WINDOWS\Temp\mcuCC.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\Temp\mcuCE.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcuCE.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcuCE.tmp\vso\48754876.upm Object is locked skipped
C:\WINDOWS\Temp\mcuCE.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\Temp\mcuD4.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcuD4.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcuD4.tmp\vso\48814882.upm Object is locked skipped
C:\WINDOWS\Temp\mcuD4.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\Temp\mcuDD.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcuDD.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcuDD.tmp\vso\48904891.upm Object is locked skipped
C:\WINDOWS\Temp\mcuDD.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\Temp\mcuDF.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcuDF.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcuDF.tmp\vso\48914892.upm Object is locked skipped
C:\WINDOWS\Temp\mcuDF.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\Temp\mcuFD.tmp\UpdReq.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcuFD.tmp\UpdResp.mcaf Object is locked skipped
C:\WINDOWS\Temp\mcuFD.tmp\vso\49424943.upm Object is locked skipped
C:\WINDOWS\Temp\mcuFD.tmp\vso\mcdelta.ini Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\wndsk.dll Infected: Trojan-Clicker.Win32.Agent.ss skipped
Scan process completed.
Tractor7
2008-02-17, 02:24
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:24:51 PM, on 2/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PDUiP6700DMon] C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Forget Me Not.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
--
End of file - 10370 bytes
pskelley
2008-02-17, 02:40
Did you have System Restore turned off? Those infected SR files should have shown in the first Kaspersky scan also?
http://www.prevx.com/filenames/1747987084962140366-0/WNDSK.DLL.html
You may need to unhide files and folder to see this one.
http://www.xtra.co.nz/help/0,,4155-1916458,00.html
1) C:\WINDOWS\wndsk.dll <<< delete that file
Trojan-Clicker.Win32.Agent.ss
2) Empty the Recycle Bin on the Desktop and restart the computer
3) Follow these directions to clean the infected System Restore files:
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx
The next scan should be clean, do not post a clean scan. Keep an eye on things for a day, any more issues with that trojan we will run scans for rootkit infections.
Thanks
Tractor7
2008-02-17, 19:07
My next scan was clean. I'll check again over the next few days and will let you know if I see any more problems.
Thanks very much for your help. I do appreciate it.