Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: trashicon.exe and iomter.dll

  1. #1
    Member
    Join Date
    Feb 2008
    Location
    Livermore, CA
    Posts
    35

    Default trashicon.exe and iomter.dll

    The first problem that I noticed was that Internet Explorer was crashing very frequently. Then I received a bogus Windows Security alert that said something to the effect that spyware was detected and did I want to go a site to get the spyware removal software. A notepad session opened and text started being typed that said "I'm keeping an eye on you..." Then I found that if I clicked on any shortcut or tray icon Windows (XP Home SP2) would raise the dialog asking which application I wanted to use to open the file.

    Some error messages also appeared one mentioned the file iomtrer.dll.

    I opened the task manager and saw that several trashicon.exe processes were running. I killed them all and was able to delete trashicon.exe and iomter.dll. I still couldn't launch applications. So I did a search for "can't run exe file" and found this:
    http://windowsxp.mvps.org/exefile.htm
    After running the file I downloaded form there everything seems to be okay. However I want to be sure I've gotten rid of everything. Here are the logs. Thanks for your help.

  2. #2
    Member
    Join Date
    Feb 2008
    Location
    Livermore, CA
    Posts
    35

    Default kaspersky log

    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Friday, February 15, 2008 1:29:43 AM
    Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 15/02/2008
    Kaspersky Anti-Virus database records: 567337
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    A:\
    C:\
    D:\
    E:\

    Scan Statistics:
    Total number of scanned objects: 135509
    Number of viruses found: 1
    Number of infected objects: 1
    Number of suspicious objects: 0
    Duration of the scan process: 01:47:56

    Infected Object Name / Virus Name / Last Action
    C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{CF3A0C25-00B4-41BF-8721-97A5B3997FF7}.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR24.tmp Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\state\logs\sprtcmd.log Object is locked skipped
    C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\Michael\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
    C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\Michael\Local Settings\Application Data\Musicmatch\Jukebox\mmjbaltlog.txt Object is locked skipped
    C:\Documents and Settings\Michael\Local Settings\Application Data\Musicmatch\Jukebox\mmjblog.txt Object is locked skipped
    C:\Documents and Settings\Michael\Local Settings\Application Data\Musicmatch\MIM\Database\Default.ldb Object is locked skipped
    C:\Documents and Settings\Michael\Local Settings\Application Data\Musicmatch\MIM\Database\Default.mdb Object is locked skipped
    C:\Documents and Settings\Michael\Local Settings\Application Data\SupportSoft\DellSupportCenter\Michael\state\logs\sprtcmd.log Object is locked skipped
    C:\Documents and Settings\Michael\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Michael\Local Settings\History\History.IE5\MSHist012008021420080215\index.dat Object is locked skipped
    C:\Documents and Settings\Michael\Local Settings\Temp\JET8166.tmp Object is locked skipped
    C:\Documents and Settings\Michael\Local Settings\Temp\~DF915F.tmp Object is locked skipped
    C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
    C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Michael\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\Michael\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1095\change.log Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\EventCache\{FCBAEDA9-174B-4C78-BC33-1C1690AB64EC}.bin Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\Sti_Trace.log Object is locked skipped
    C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
    C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
    C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\Temp\mcmsc_l3ibPrMfSywzK83 Object is locked skipped
    C:\WINDOWS\Temp\mcmsc_t1Cml18so63igpY Object is locked skipped
    C:\WINDOWS\Temp\mcmsc_zfDBiHuF7oa5xgr Object is locked skipped
    C:\WINDOWS\Temp\mcu111.tmp\UpdReq.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu111.tmp\UpdResp.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu111.tmp\vso\49594960.upm Object is locked skipped
    C:\WINDOWS\Temp\mcu111.tmp\vso\mcdelta.ini Object is locked skipped
    C:\WINDOWS\Temp\mcu12C.tmp\UpdReq.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu12C.tmp\UpdResp.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu12C.tmp\vso\49995000.upm Object is locked skipped
    C:\WINDOWS\Temp\mcu12C.tmp\vso\50005001.upm Object is locked skipped
    C:\WINDOWS\Temp\mcu12C.tmp\vso\mcdelta.ini Object is locked skipped
    C:\WINDOWS\Temp\mcu16.tmp\McAppIns.exe Object is locked skipped
    C:\WINDOWS\Temp\mcu16.tmp\mcuninst.dll Object is locked skipped
    C:\WINDOWS\Temp\mcu16.tmp\UnInst.Dll Object is locked skipped
    C:\WINDOWS\Temp\mcu16.tmp\uninst.ini Object is locked skipped
    C:\WINDOWS\Temp\mcu16.tmp\UpdReq.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu16.tmp\UpdResp.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu16.tmp\vso\43804381.upd Object is locked skipped
    C:\WINDOWS\Temp\mcu16.tmp\vso\delta.ini Object is locked skipped
    C:\WINDOWS\Temp\mcu16.tmp\vso\en-us\us\aolcfg.cab Object is locked skipped
    C:\WINDOWS\Temp\mcu16.tmp\vsocfg.ini Object is locked skipped
    C:\WINDOWS\Temp\mcu16.tmp\vsoins.cab Object is locked skipped
    C:\WINDOWS\Temp\mcu16.tmp\vsoins.inf Object is locked skipped
    C:\WINDOWS\Temp\mcu16.tmp\vsoins.ui Object is locked skipped
    C:\WINDOWS\Temp\mcu16.tmp\VsoVer.ini Object is locked skipped
    C:\WINDOWS\Temp\mcu17.tmp\McAppIns.exe Object is locked skipped
    C:\WINDOWS\Temp\mcu17.tmp\mcuninst.dll Object is locked skipped
    C:\WINDOWS\Temp\mcu17.tmp\UnInst.Dll Object is locked skipped
    C:\WINDOWS\Temp\mcu17.tmp\uninst.ini Object is locked skipped
    C:\WINDOWS\Temp\mcu17.tmp\UpdReq.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu17.tmp\UpdResp.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu17.tmp\vso\43914392.upd Object is locked skipped
    C:\WINDOWS\Temp\mcu17.tmp\vso\43924393.upd Object is locked skipped
    C:\WINDOWS\Temp\mcu17.tmp\vso\delta.ini Object is locked skipped
    C:\WINDOWS\Temp\mcu17.tmp\vso\en-us\us\aolcfg.cab Object is locked skipped
    C:\WINDOWS\Temp\mcu17.tmp\vsocfg.ini Object is locked skipped
    C:\WINDOWS\Temp\mcu17.tmp\vsoins.cab Object is locked skipped
    C:\WINDOWS\Temp\mcu17.tmp\vsoins.inf Object is locked skipped
    C:\WINDOWS\Temp\mcu17.tmp\vsoins.ui Object is locked skipped
    C:\WINDOWS\Temp\mcu17.tmp\VsoVer.ini Object is locked skipped
    C:\WINDOWS\Temp\mcu18.tmp\McAppIns.exe Object is locked skipped
    C:\WINDOWS\Temp\mcu18.tmp\mcuninst.dll Object is locked skipped
    C:\WINDOWS\Temp\mcu18.tmp\UnInst.Dll Object is locked skipped
    C:\WINDOWS\Temp\mcu18.tmp\uninst.ini Object is locked skipped
    C:\WINDOWS\Temp\mcu18.tmp\UpdReq.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu18.tmp\UpdResp.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu18.tmp\vso\43774378.upd Object is locked skipped
    C:\WINDOWS\Temp\mcu18.tmp\vso\43784379.upd Object is locked skipped
    C:\WINDOWS\Temp\mcu18.tmp\vso\43794380.upd Object is locked skipped
    C:\WINDOWS\Temp\mcu18.tmp\vso\delta.ini Object is locked skipped
    C:\WINDOWS\Temp\mcu18.tmp\vso\en-us\us\aolcfg.cab Object is locked skipped
    C:\WINDOWS\Temp\mcu18.tmp\vsocfg.ini Object is locked skipped
    C:\WINDOWS\Temp\mcu18.tmp\vsoins.cab Object is locked skipped
    C:\WINDOWS\Temp\mcu18.tmp\vsoins.inf Object is locked skipped
    C:\WINDOWS\Temp\mcu18.tmp\vsoins.ui Object is locked skipped
    C:\WINDOWS\Temp\mcu18.tmp\VsoVer.ini Object is locked skipped
    C:\WINDOWS\Temp\mcu1A1.tmp\UpdReq.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu1A1.tmp\UpdResp.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu1A1.tmp\vso\49224923.upm Object is locked skipped
    C:\WINDOWS\Temp\mcu1A1.tmp\vso\mcdelta.ini Object is locked skipped
    C:\WINDOWS\Temp\mcu26.tmp\McAppIns.exe Object is locked skipped
    C:\WINDOWS\Temp\mcu26.tmp\mcuninst.dll Object is locked skipped
    C:\WINDOWS\Temp\mcu26.tmp\Uninst.dll Object is locked skipped
    C:\WINDOWS\Temp\mcu26.tmp\uninst.ini Object is locked skipped
    C:\WINDOWS\Temp\mcu26.tmp\UpdReq.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu26.tmp\UpdResp.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu26.tmp\VsCfgIns.dll Object is locked skipped
    C:\WINDOWS\Temp\mcu26.tmp\vso\45294530.upd Object is locked skipped
    C:\WINDOWS\Temp\mcu26.tmp\vso\45304531.upd Object is locked skipped
    C:\WINDOWS\Temp\mcu26.tmp\vso\45314532.upd Object is locked skipped
    C:\WINDOWS\Temp\mcu26.tmp\vso\45324533.upd Object is locked skipped
    C:\WINDOWS\Temp\mcu26.tmp\vso\45334534.upd Object is locked skipped
    C:\WINDOWS\Temp\mcu26.tmp\vso\delta.ini Object is locked skipped
    C:\WINDOWS\Temp\mcu26.tmp\vso\en-us\us\aolcfg.cab Object is locked skipped
    C:\WINDOWS\Temp\mcu26.tmp\vsocfg.ini Object is locked skipped
    C:\WINDOWS\Temp\mcu26.tmp\vsoins.cab Object is locked skipped
    C:\WINDOWS\Temp\mcu26.tmp\vsoins.inf Object is locked skipped
    C:\WINDOWS\Temp\mcu26.tmp\vsoins.ui Object is locked skipped
    C:\WINDOWS\Temp\mcu26.tmp\VsoVer.ini Object is locked skipped
    C:\WINDOWS\Temp\mcu29.tmp\UpdReq.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu29.tmp\UpdResp.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu29.tmp\vso\45734574.upm Object is locked skipped
    C:\WINDOWS\Temp\mcu29.tmp\vso\45744575.upm Object is locked skipped
    C:\WINDOWS\Temp\mcu29.tmp\vso\mcdelta.ini Object is locked skipped
    C:\WINDOWS\Temp\mcu39.tmp\UpdReq.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu39.tmp\UpdResp.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu39.tmp\vso\47204721.upm Object is locked skipped
    C:\WINDOWS\Temp\mcu39.tmp\vso\mcdelta.ini Object is locked skipped
    C:\WINDOWS\Temp\mcu3D4.tmp\UpdReq.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu3D4.tmp\UpdResp.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu3D4.tmp\vso\46804681.upm Object is locked skipped
    C:\WINDOWS\Temp\mcu3D4.tmp\vso\mcdelta.ini Object is locked skipped
    C:\WINDOWS\Temp\mcu48.tmp\UpdReq.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu48.tmp\UpdResp.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu48.tmp\vso\46254626.upm Object is locked skipped
    C:\WINDOWS\Temp\mcu48.tmp\vso\mcdelta.ini Object is locked skipped
    C:\WINDOWS\Temp\mcu4A.tmp\UpdReq.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu4A.tmp\UpdResp.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu4A.tmp\vso\46274628.upm Object is locked skipped
    C:\WINDOWS\Temp\mcu4A.tmp\vso\mcdelta.ini Object is locked skipped
    C:\WINDOWS\Temp\mcu51.tmp\UpdReq.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu51.tmp\UpdResp.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu51.tmp\vso\47324733.upm Object is locked skipped
    C:\WINDOWS\Temp\mcu51.tmp\vso\mcdelta.ini Object is locked skipped
    C:\WINDOWS\Temp\mcu56.tmp\UpdReq.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu56.tmp\UpdResp.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu56.tmp\vso\47374738.upm Object is locked skipped
    C:\WINDOWS\Temp\mcu56.tmp\vso\mcdelta.ini Object is locked skipped
    C:\WINDOWS\Temp\mcu56.tmp\vso\vsoexdt.cab Object is locked skipped
    C:\WINDOWS\Temp\mcu72.tmp\UpdReq.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu72.tmp\UpdResp.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu72.tmp\vso\47554756.upm Object is locked skipped
    C:\WINDOWS\Temp\mcu72.tmp\vso\mcdelta.ini Object is locked skipped
    C:\WINDOWS\Temp\mcu76.tmp\UpdReq.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu76.tmp\UpdResp.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu76.tmp\vso\47594760.upm Object is locked skipped
    C:\WINDOWS\Temp\mcu76.tmp\vso\mcdelta.ini Object is locked skipped
    C:\WINDOWS\Temp\mcu7A.tmp\UpdReq.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu7A.tmp\UpdResp.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu7A.tmp\vso\47624763.upm Object is locked skipped
    C:\WINDOWS\Temp\mcu7A.tmp\vso\mcdelta.ini Object is locked skipped
    C:\WINDOWS\Temp\mcu8B.tmp\UpdReq.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu8B.tmp\UpdResp.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu8B.tmp\vso\47814782.upm Object is locked skipped
    C:\WINDOWS\Temp\mcu8B.tmp\vso\mcdelta.ini Object is locked skipped
    C:\WINDOWS\Temp\mcu8C.tmp\UpdReq.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu8C.tmp\UpdResp.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu8C.tmp\vso\47834784.upm Object is locked skipped
    C:\WINDOWS\Temp\mcu8C.tmp\vso\mcdelta.ini Object is locked skipped
    C:\WINDOWS\Temp\mcu8D.tmp\UpdReq.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu8D.tmp\UpdResp.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu8D.tmp\vso\47844785.upm Object is locked skipped
    C:\WINDOWS\Temp\mcu8D.tmp\vso\mcdelta.ini Object is locked skipped
    C:\WINDOWS\Temp\mcu8E.tmp\UpdReq.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu8E.tmp\UpdResp.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu8E.tmp\vso\47854786.upm Object is locked skipped
    C:\WINDOWS\Temp\mcu8E.tmp\vso\mcdelta.ini Object is locked skipped
    C:\WINDOWS\Temp\mcu9E.tmp\UpdReq.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu9E.tmp\UpdResp.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu9E.tmp\vso\48114812.upm Object is locked skipped
    C:\WINDOWS\Temp\mcu9E.tmp\vso\mcdelta.ini Object is locked skipped
    C:\WINDOWS\Temp\mcuA1.tmp\UpdReq.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcuA1.tmp\UpdResp.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcuA1.tmp\vso\48144815.upm Object is locked skipped
    C:\WINDOWS\Temp\mcuA1.tmp\vso\mcdelta.ini Object is locked skipped
    C:\WINDOWS\Temp\mcuA3.tmp\UpdReq.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcuA3.tmp\UpdResp.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcuA3.tmp\vso\48164817.upm Object is locked skipped
    C:\WINDOWS\Temp\mcuA3.tmp\vso\mcdelta.ini Object is locked skipped
    C:\WINDOWS\Temp\mcuCB.tmp\UpdReq.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcuCB.tmp\UpdResp.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcuCB.tmp\vso\48714872.upm Object is locked skipped
    C:\WINDOWS\Temp\mcuCB.tmp\vso\mcdelta.ini Object is locked skipped
    C:\WINDOWS\Temp\mcuCC.tmp\UpdReq.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcuCC.tmp\UpdResp.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcuCC.tmp\vso\48724873.upm Object is locked skipped
    C:\WINDOWS\Temp\mcuCC.tmp\vso\mcdelta.ini Object is locked skipped
    C:\WINDOWS\Temp\mcuCE.tmp\UpdReq.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcuCE.tmp\UpdResp.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcuCE.tmp\vso\48754876.upm Object is locked skipped
    C:\WINDOWS\Temp\mcuCE.tmp\vso\mcdelta.ini Object is locked skipped
    C:\WINDOWS\Temp\mcuD4.tmp\UpdReq.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcuD4.tmp\UpdResp.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcuD4.tmp\vso\48814882.upm Object is locked skipped
    C:\WINDOWS\Temp\mcuD4.tmp\vso\mcdelta.ini Object is locked skipped
    C:\WINDOWS\Temp\mcuDD.tmp\UpdReq.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcuDD.tmp\UpdResp.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcuDD.tmp\vso\48904891.upm Object is locked skipped
    C:\WINDOWS\Temp\mcuDD.tmp\vso\mcdelta.ini Object is locked skipped
    C:\WINDOWS\Temp\mcuDF.tmp\UpdReq.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcuDF.tmp\UpdResp.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcuDF.tmp\vso\48914892.upm Object is locked skipped
    C:\WINDOWS\Temp\mcuDF.tmp\vso\mcdelta.ini Object is locked skipped
    C:\WINDOWS\Temp\mcuFD.tmp\UpdReq.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcuFD.tmp\UpdResp.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcuFD.tmp\vso\49424943.upm Object is locked skipped
    C:\WINDOWS\Temp\mcuFD.tmp\vso\mcdelta.ini Object is locked skipped
    C:\WINDOWS\Temp\Perflib_Perfdata_55c.dat Object is locked skipped
    C:\WINDOWS\trayex.exe Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
    C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
    C:\WINDOWS\WIASERVC.LOG Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped

    Scan process completed.

  3. #3
    Member
    Join Date
    Feb 2008
    Location
    Livermore, CA
    Posts
    35

    Default HJT log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:13:09 AM, on 2/15/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\Program Files\SiteAdvisor\6253\SAService.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\alg.exe
    C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\BCMSMMSG.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
    C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe
    C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
    C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
    C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
    C:\Program Files\FinePixViewer\QuickDCF.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [PDUiP6700DMon] C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe
    O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
    O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Exif Launcher.lnk = ?
    O4 - Global Startup: Forget Me Not.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
    O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab
    O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedIn...derControl.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...3/mcinsctl.cab
    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...20/mcgdmgr.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

    --
    End of file - 12403 bytes

  4. #4
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
    "BEFORE you POST" (READ this Procedure before Requesting Assistance)
    http://forums.spybot.info/showthread.php?t=288
    All advice given is taken at your own risk.
    Please make sure you have read this information so we are on the same page.

    iomtrer.dll <<< are you sure about the spelling? Google returns nothing and that is very unusual.

    trashicon.exe <<< this one is some junk, see what Prevx has to say:
    http://www.prevx.com/filenames/X9264...HICON.EXE.html

    This program is obsolete and I suggest you uninstall it.
    C:\Program Files\ewido\security suite\ewidoctrl.exe

    You have some stuff that needs to go and I would like a look at your uninstall list, proceed like this.

    1) We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:
    * Run Spybot-S&D in Advanced Mode.
    * If it is not already set to do this Go to the Mode menu select "Advanced Mode"
    * On the left hand side, Click on Tools
    * Then click on the Resident Icon in the List
    * Uncheck "Resident TeaTimer" and OK any prompts.
    * Restart your computer.

    2) How to make files and folders visible:
    Click Start > Open My Computer.
    Select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm. Click OK.
    You may reverse this for safety when we are finished.

    3) Tutorial if needed: http://www.nutnworks.com/forums/showthread.php?t=1925
    Please download ATF Cleaner by Atribune
    http://www.atribune.org/content/view/25/2/
    Save it to your Desktop. We will use this later.

    4) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

    (first two items are optional,if you use them,leave them)

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway

    (next three are not malware, but damaged, if you use them, reinstall)

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab
    Isearchtoolbar Isearch toolbar TROJ_IESER.A

    Close all programs but HJT and all browser windows, then click on "Fix Checked"

    5) Right click Start > Explore and navigate to these files/folders and delete them if there.

    C:\WINDOWS\trayex.exe <<< delete that file

    6) Run ATF Cleaner
    Double-click ATF-Cleaner.exe to run the program.
    Click Select All found at the bottom of the list.
    Click the Empty Selected button.
    Click Exit on the Main menu to close the program.

    Restart and post a new HJT log, your uninstall list and let me know how the computer runs.

    Thanks

    Uninstall List:
    Open Hijackthis.
    Click the "Open the Misc Tools" section Button.
    Click the "Open Uninstall Manager" Button.
    Click the "Save list..." Button.
    Save it to your desktop. Copy and paste the contents into your reply.
    (You may edit out Microsoft, Hotfixes, Security Update for Windows XP,
    Update for Windows XP and Windows XP Hotfix to shorten the list)
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

  5. #5
    Member
    Join Date
    Feb 2008
    Location
    Livermore, CA
    Posts
    35

    Default

    Thanks for your help. I think I followed all of your instructions correctly.

    I had a typo there. The suspicious file was iomter.dll

    When I was running ATF it hung. I opened the task manager and saw a process called "trashicon.exe and iomter.dll" running. I killed it. I then re-ran ATF.

    Here are the new logs:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:20:53 AM, on 2/16/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\SiteAdvisor\6253\SAService.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
    C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe
    C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
    C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
    C:\Program Files\FinePixViewer\QuickDCF.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [PDUiP6700DMon] C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe
    O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
    O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Exif Launcher.lnk = ?
    O4 - Global Startup: Forget Me Not.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
    O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedIn...derControl.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...3/mcinsctl.cab
    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...20/mcgdmgr.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

    --
    End of file - 9943 bytes

    Ad-Aware 2007
    Adobe Atmosphere Player for Acrobat and Adobe Reader
    Adobe Flash Player ActiveX
    Adobe Reader 7.0.5 Language Support
    Adobe Reader 7.0.9
    Adobe® Photoshop® Album Starter Edition 3.0
    American Greetings CreataCard
    AnswerWorks 4.0 Runtime - English
    Apple Mobile Device Support
    Apple Software Update
    Bazooka Spyware Scanner
    BCM V.92 56K Modem
    Canon Digital Camera USB WIA Driver
    Canon iP6700D
    Canon iP6700D Memory Card Utility
    Canon iP6700D User Registration
    Canon My Printer
    Canon PhotoRecord
    Canon Utilities Easy-PhotoPrint
    Canon Utilities PhotoStitch 3.1
    Canon Utilities RAW Image Converter
    Canon Utilities RemoteCapture 2.1
    Canon Utilities ZoomBrowser EX
    CCleaner (remove only)
    Cerberus FTP Server
    Classic PhoneTools
    Creative PC-CAM Center
    Creative WebCam Monitor
    Creative WebCam NX Pro Driver (1.00.06.0512)
    Creative WebCam NX Pro Manual (English)
    Curl RTE 6.0.0
    DD Tournament Poker 1.1
    Dell Digital Jukebox Driver
    Dell Media Experience
    Dell Solution Center
    Dell Support Center
    DVDSentry
    Easy-WebPrint
    Empire Earth
    FinePixViewer Ver.4.0
    FUJIFILM USB Driver
    Google Toolbar for Internet Explorer
    HijackThis 2.0.2
    Hotfix for Windows XP (KB906569)
    Hotfix for Windows XP (KB914440)
    Hotfix for Windows XP (KB915865)
    ImageMixer VCD for FinePix
    Intel(R) PRO Network Adapters and Drivers
    Intel(R) PROSet
    Internet Explorer Default Page
    iTunes
    Jasc Paint Shop Photo Album
    Jasc Paint Shop Pro 8 Dell Edition
    Java 2 Runtime Environment, SE v1.4.2
    Kaspersky Online Scanner
    King's Quest 1 VGA
    King's Quest 1 VGA Music Pack
    King's Quest 1 VGA Speech Pack
    Learn2 Player (Uninstall Only)
    McAfee SecurityCenter
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 2.0
    Microsoft Age of Empires II
    Microsoft Age of Empires II: The Conquerors Expansion
    Microsoft Data Access Components KB870669
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Money 2004
    Microsoft Money 2004 System Pack
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Basic Edition 2003
    Microsoft Web Publishing Wizard 1.52
    MicroStaff WINASPI NT
    Modem Helper
    Mozilla Firefox (2.0.0.12)
    MSN Gaming Zone
    MSN Music Assistant
    Musicmatch® Jukebox
    NVIDIA Windows 2000/XP Display Drivers
    OfferApp
    PokerStove version 1.20
    PowerDVD
    PyQt GPL v4.3.3
    Python 2.4.2
    Python 2.5.1
    QuickTime
    RAW FILE CONVERTER LE
    RealOne Player
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB883939)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896422)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896424)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB896688)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899588)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB903235)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB905915)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB908531)
    Security Update for Windows XP (KB911280)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911567)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB912812)
    Security Update for Windows XP (KB912919)
    Security Update for Windows XP (KB913446)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB916281)
    Security Update for Windows XP (KB917159)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB917422)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB918118)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB918899)
    Security Update for Windows XP (KB919007)
    Security Update for Windows XP (KB920213)
    Security Update for Windows XP (KB920214)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB920685)
    Security Update for Windows XP (KB921398)
    Security Update for Windows XP (KB921503)
    Security Update for Windows XP (KB921883)
    Security Update for Windows XP (KB922616)
    Security Update for Windows XP (KB922819)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923414)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923694)
    Security Update for Windows XP (KB923980)
    Security Update for Windows XP (KB924191)
    Security Update for Windows XP (KB924270)
    Security Update for Windows XP (KB924496)
    Security Update for Windows XP (KB924667)
    Security Update for Windows XP (KB925486)
    Security Update for Windows XP (KB925902)
    Security Update for Windows XP (KB926255)
    Security Update for Windows XP (KB926436)
    Security Update for Windows XP (KB927779)
    Security Update for Windows XP (KB927802)
    Security Update for Windows XP (KB928255)
    Security Update for Windows XP (KB928843)
    Security Update for Windows XP (KB929123)
    Security Update for Windows XP (KB930178)
    Security Update for Windows XP (KB931261)
    Security Update for Windows XP (KB931784)
    Security Update for Windows XP (KB932168)
    Security Update for Windows XP (KB933729)
    Security Update for Windows XP (KB935839)
    Security Update for Windows XP (KB935840)
    Security Update for Windows XP (KB936021)
    Security Update for Windows XP (KB938829)
    Security Update for Windows XP (KB941202)
    Security Update for Windows XP (KB941568)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB941644)
    Security Update for Windows XP (KB943055)
    Security Update for Windows XP (KB943460)
    Security Update for Windows XP (KB943485)
    Security Update for Windows XP (KB944653)
    Security Update for Windows XP (KB946026)
    Shockwave
    Sid Meier's Civilization 4
    Sid Meier's Railroad Tycoon
    SimCity 4 Deluxe
    Sonic DLA
    Sonic MyDVD
    Sonic RecordNow!
    Sonic Update Manager
    Sound Blaster Live!
    Spybot - Search & Destroy
    Spybot - Search & Destroy 1.5.2.20
    Spyware Doctor 5.5
    SpywareBlaster v3.5.1
    TurboTax ItsDeductible 2006
    TurboTax Premier 2007
    TurboTax Premier Investments 2006
    Update for Windows XP (KB894391)
    Update for Windows XP (KB896727)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB904942)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB916595)
    Update for Windows XP (KB920872)
    Update for Windows XP (KB922582)
    Update for Windows XP (KB927891)
    Update for Windows XP (KB929338)
    Update for Windows XP (KB930916)
    Update for Windows XP (KB931836)
    Update for Windows XP (KB933360)
    Update for Windows XP (KB936357)
    Update for Windows XP (KB938828)
    Update for Windows XP (KB942763)
    WexTech AnswerWorks
    Windows Installer 3.1 (KB893803)
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7
    Windows Media Format Runtime
    Windows Media Player 10
    Windows XP Hotfix - KB834707
    Windows XP Hotfix - KB867282
    Windows XP Hotfix - KB873333
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB885250
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB887742
    Windows XP Hotfix - KB888113
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890047
    Windows XP Hotfix - KB890175
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB890923
    Windows XP Hotfix - KB891781
    Windows XP Hotfix - KB893066
    Windows XP Hotfix - KB893086
    Windows XP Service Pack 2
    Xfire (remove only)
    Yahoo! Photos Easy Upload Tool
    Yahoo! Photos Print-at-Home Tool
    Yahoo! Toolbar for Internet Explorer

  6. #6
    Member
    Join Date
    Feb 2008
    Location
    Livermore, CA
    Posts
    35

    Default Computer performance

    At the moment I don't see any suspicious behavior.

    After rebooting and logging in it takes two or three minutes before the system becomes responsive. Launching IE for the first time after a reboot also takes two to three minutes.

    Other than this, things seem okay.

  7. #7
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    iomter.dll <<< http://www.prevx.com/filenames/17198...OTTEM.DLL.html
    The filename IOTTEM.DLL was first seen on Jan 25 2008 in The EUROPEAN UNION
    The filename TRASHICON.EXE was first seen on Jan 23 2008 in SPAIN.
    These are both so new that Kaspersky might not have them in the data base yet.

    Uninstall list:

    see this: http://forums.spybot.info/showpost.p...80&postcount=2
    Java 2 Runtime Environment, SE v1.4.2 <<< Java is BADLY out of date, only a matter of time befor that gets you infected. Download the newest version and uninstall the old version in Add Remove programs.

    I can not see any other problems, you should look and uninstall anything that does not belong there or is no longer needed.

    HJT is not showing anything, I suggest you delete those files manually:
    trashicon.exe and iomter.dll <<< use Search Companion to find all locations and navigate to them and delete them.

    If you wish to scan the files first, to be sure they are malware, here are free online scans:
    http://virusscan.jotti.org/
    http://www.kaspersky.com/scanforvirus
    http://www.virustotal.com/

    If you have any trouble deleting them, use this tool and instructions:
    How to use the Delete on Reboot tool
    http://www.bleepingcomputer.com/tuto...42.html#delreb

    Since you are seeing them in Task Manager, you may need to use these instructions:
    http://www.bleepingcomputer.com/tuto...ProcessManager

    To Kill the processes before deleting them. Let me know how it goes.

    Thanks...Phil
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

  8. #8
    Member
    Join Date
    Feb 2008
    Location
    Livermore, CA
    Posts
    35

    Default Kaspersky still shows infections

    I didn't find files of trashicon.exe of iomter.dll on my computer. But when I ran another kaspersky scan it still finds infections. Should I be concerned about these? Here are the Kaspersky and hjt reports:

    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Saturday, February 16, 2008 3:39:00 PM
    Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 16/02/2008
    Kaspersky Anti-Virus database records: 569531
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    A:\
    C:\
    D:\
    E:\

    Scan Statistics:
    Total number of scanned objects: 118985
    Number of viruses found: 2
    Number of infected objects: 5
    Number of suspicious objects: 0
    Duration of the scan process: 01:13:15

    Infected Object Name / Virus Name / Last Action
    C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\state\logs\sprtcmd.log Object is locked skipped
    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\Michael\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\Michael\Local Settings\Application Data\Musicmatch\Jukebox\mmjbaltlog.txt Object is locked skipped
    C:\Documents and Settings\Michael\Local Settings\Application Data\Musicmatch\Jukebox\mmjblog.txt Object is locked skipped
    C:\Documents and Settings\Michael\Local Settings\Application Data\Musicmatch\MIM\Database\Default.ldb Object is locked skipped
    C:\Documents and Settings\Michael\Local Settings\Application Data\Musicmatch\MIM\Database\Default.mdb Object is locked skipped
    C:\Documents and Settings\Michael\Local Settings\Application Data\SupportSoft\DellSupportCenter\Michael\state\logs\sprtcmd.log Object is locked skipped
    C:\Documents and Settings\Michael\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Michael\Local Settings\Temp\JETB169.tmp Object is locked skipped
    C:\Documents and Settings\Michael\Local Settings\Temp\~DFA16B.tmp Object is locked skipped
    C:\Documents and Settings\Michael\Local Settings\Temp\~DFA179.tmp Object is locked skipped
    C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
    C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Michael\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\Michael\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1094\A0091710.exe Infected: Trojan-Clicker.Win32.Agent.ss skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1097\A0092033.exe Infected: Trojan-Clicker.Win32.Agent.ss skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1097\A0092034.dll Infected: Trojan-Clicker.Win32.Agent.ss skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1097\A0092037.exe Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1100\change.log Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\Sti_Trace.log Object is locked skipped
    C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
    C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
    C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\Temp\mcmsc_40C21ZJZfA4l9nl Object is locked skipped
    C:\WINDOWS\Temp\mcmsc_qsSEtGXx9I3QAj6 Object is locked skipped
    C:\WINDOWS\Temp\mcu111.tmp\UpdReq.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu111.tmp\UpdResp.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu111.tmp\vso\49594960.upm Object is locked skipped
    C:\WINDOWS\Temp\mcu111.tmp\vso\mcdelta.ini Object is locked skipped
    C:\WINDOWS\Temp\mcu12C.tmp\UpdReq.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu12C.tmp\UpdResp.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu12C.tmp\vso\49995000.upm Object is locked skipped
    C:\WINDOWS\Temp\mcu12C.tmp\vso\50005001.upm Object is locked skipped
    C:\WINDOWS\Temp\mcu12C.tmp\vso\mcdelta.ini Object is locked skipped
    C:\WINDOWS\Temp\mcu16.tmp\McAppIns.exe Object is locked skipped
    C:\WINDOWS\Temp\mcu16.tmp\mcuninst.dll Object is locked skipped
    C:\WINDOWS\Temp\mcu16.tmp\UnInst.Dll Object is locked skipped
    C:\WINDOWS\Temp\mcu16.tmp\uninst.ini Object is locked skipped
    C:\WINDOWS\Temp\mcu16.tmp\UpdReq.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu16.tmp\UpdResp.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu16.tmp\vso\43804381.upd Object is locked skipped
    C:\WINDOWS\Temp\mcu16.tmp\vso\delta.ini Object is locked skipped
    C:\WINDOWS\Temp\mcu16.tmp\vso\en-us\us\aolcfg.cab Object is locked skipped
    C:\WINDOWS\Temp\mcu16.tmp\vsocfg.ini Object is locked skipped
    C:\WINDOWS\Temp\mcu16.tmp\vsoins.cab Object is locked skipped
    C:\WINDOWS\Temp\mcu16.tmp\vsoins.inf Object is locked skipped
    C:\WINDOWS\Temp\mcu16.tmp\vsoins.ui Object is locked skipped
    C:\WINDOWS\Temp\mcu16.tmp\VsoVer.ini Object is locked skipped
    C:\WINDOWS\Temp\mcu17.tmp\McAppIns.exe Object is locked skipped
    C:\WINDOWS\Temp\mcu17.tmp\mcuninst.dll Object is locked skipped
    C:\WINDOWS\Temp\mcu17.tmp\UnInst.Dll Object is locked skipped
    C:\WINDOWS\Temp\mcu17.tmp\uninst.ini Object is locked skipped
    C:\WINDOWS\Temp\mcu17.tmp\UpdReq.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu17.tmp\UpdResp.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu17.tmp\vso\43914392.upd Object is locked skipped
    C:\WINDOWS\Temp\mcu17.tmp\vso\43924393.upd Object is locked skipped
    C:\WINDOWS\Temp\mcu17.tmp\vso\delta.ini Object is locked skipped
    C:\WINDOWS\Temp\mcu17.tmp\vso\en-us\us\aolcfg.cab Object is locked skipped
    C:\WINDOWS\Temp\mcu17.tmp\vsocfg.ini Object is locked skipped
    C:\WINDOWS\Temp\mcu17.tmp\vsoins.cab Object is locked skipped
    C:\WINDOWS\Temp\mcu17.tmp\vsoins.inf Object is locked skipped
    C:\WINDOWS\Temp\mcu17.tmp\vsoins.ui Object is locked skipped
    C:\WINDOWS\Temp\mcu17.tmp\VsoVer.ini Object is locked skipped
    C:\WINDOWS\Temp\mcu18.tmp\McAppIns.exe Object is locked skipped
    C:\WINDOWS\Temp\mcu18.tmp\mcuninst.dll Object is locked skipped
    C:\WINDOWS\Temp\mcu18.tmp\UnInst.Dll Object is locked skipped
    C:\WINDOWS\Temp\mcu18.tmp\uninst.ini Object is locked skipped
    C:\WINDOWS\Temp\mcu18.tmp\UpdReq.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu18.tmp\UpdResp.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu18.tmp\vso\43774378.upd Object is locked skipped
    C:\WINDOWS\Temp\mcu18.tmp\vso\43784379.upd Object is locked skipped
    C:\WINDOWS\Temp\mcu18.tmp\vso\43794380.upd Object is locked skipped
    C:\WINDOWS\Temp\mcu18.tmp\vso\delta.ini Object is locked skipped
    C:\WINDOWS\Temp\mcu18.tmp\vso\en-us\us\aolcfg.cab Object is locked skipped
    C:\WINDOWS\Temp\mcu18.tmp\vsocfg.ini Object is locked skipped
    C:\WINDOWS\Temp\mcu18.tmp\vsoins.cab Object is locked skipped
    C:\WINDOWS\Temp\mcu18.tmp\vsoins.inf Object is locked skipped
    C:\WINDOWS\Temp\mcu18.tmp\vsoins.ui Object is locked skipped
    C:\WINDOWS\Temp\mcu18.tmp\VsoVer.ini Object is locked skipped
    C:\WINDOWS\Temp\mcu1A1.tmp\UpdReq.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu1A1.tmp\UpdResp.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu1A1.tmp\vso\49224923.upm Object is locked skipped
    C:\WINDOWS\Temp\mcu1A1.tmp\vso\mcdelta.ini Object is locked skipped
    C:\WINDOWS\Temp\mcu26.tmp\McAppIns.exe Object is locked skipped
    C:\WINDOWS\Temp\mcu26.tmp\mcuninst.dll Object is locked skipped
    C:\WINDOWS\Temp\mcu26.tmp\Uninst.dll Object is locked skipped
    C:\WINDOWS\Temp\mcu26.tmp\uninst.ini Object is locked skipped
    C:\WINDOWS\Temp\mcu26.tmp\UpdReq.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu26.tmp\UpdResp.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu26.tmp\VsCfgIns.dll Object is locked skipped
    C:\WINDOWS\Temp\mcu26.tmp\vso\45294530.upd Object is locked skipped
    C:\WINDOWS\Temp\mcu26.tmp\vso\45304531.upd Object is locked skipped
    C:\WINDOWS\Temp\mcu26.tmp\vso\45314532.upd Object is locked skipped
    C:\WINDOWS\Temp\mcu26.tmp\vso\45324533.upd Object is locked skipped
    C:\WINDOWS\Temp\mcu26.tmp\vso\45334534.upd Object is locked skipped
    C:\WINDOWS\Temp\mcu26.tmp\vso\delta.ini Object is locked skipped
    C:\WINDOWS\Temp\mcu26.tmp\vso\en-us\us\aolcfg.cab Object is locked skipped
    C:\WINDOWS\Temp\mcu26.tmp\vsocfg.ini Object is locked skipped
    C:\WINDOWS\Temp\mcu26.tmp\vsoins.cab Object is locked skipped
    C:\WINDOWS\Temp\mcu26.tmp\vsoins.inf Object is locked skipped
    C:\WINDOWS\Temp\mcu26.tmp\vsoins.ui Object is locked skipped
    C:\WINDOWS\Temp\mcu26.tmp\VsoVer.ini Object is locked skipped
    C:\WINDOWS\Temp\mcu29.tmp\UpdReq.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu29.tmp\UpdResp.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu29.tmp\vso\45734574.upm Object is locked skipped
    C:\WINDOWS\Temp\mcu29.tmp\vso\45744575.upm Object is locked skipped
    C:\WINDOWS\Temp\mcu29.tmp\vso\mcdelta.ini Object is locked skipped
    C:\WINDOWS\Temp\mcu39.tmp\UpdReq.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu39.tmp\UpdResp.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu39.tmp\vso\47204721.upm Object is locked skipped
    C:\WINDOWS\Temp\mcu39.tmp\vso\mcdelta.ini Object is locked skipped
    C:\WINDOWS\Temp\mcu3D4.tmp\UpdReq.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu3D4.tmp\UpdResp.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu3D4.tmp\vso\46804681.upm Object is locked skipped
    C:\WINDOWS\Temp\mcu3D4.tmp\vso\mcdelta.ini Object is locked skipped
    C:\WINDOWS\Temp\mcu48.tmp\UpdReq.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu48.tmp\UpdResp.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu48.tmp\vso\46254626.upm Object is locked skipped
    C:\WINDOWS\Temp\mcu48.tmp\vso\mcdelta.ini Object is locked skipped
    C:\WINDOWS\Temp\mcu4A.tmp\UpdReq.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu4A.tmp\UpdResp.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu4A.tmp\vso\46274628.upm Object is locked skipped
    C:\WINDOWS\Temp\mcu4A.tmp\vso\mcdelta.ini Object is locked skipped
    C:\WINDOWS\Temp\mcu51.tmp\UpdReq.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu51.tmp\UpdResp.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu51.tmp\vso\47324733.upm Object is locked skipped
    C:\WINDOWS\Temp\mcu51.tmp\vso\mcdelta.ini Object is locked skipped
    C:\WINDOWS\Temp\mcu56.tmp\UpdReq.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu56.tmp\UpdResp.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu56.tmp\vso\47374738.upm Object is locked skipped
    C:\WINDOWS\Temp\mcu56.tmp\vso\mcdelta.ini Object is locked skipped
    C:\WINDOWS\Temp\mcu56.tmp\vso\vsoexdt.cab Object is locked skipped
    C:\WINDOWS\Temp\mcu72.tmp\UpdReq.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu72.tmp\UpdResp.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu72.tmp\vso\47554756.upm Object is locked skipped
    C:\WINDOWS\Temp\mcu72.tmp\vso\mcdelta.ini Object is locked skipped
    C:\WINDOWS\Temp\mcu76.tmp\UpdReq.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu76.tmp\UpdResp.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu76.tmp\vso\47594760.upm Object is locked skipped
    C:\WINDOWS\Temp\mcu76.tmp\vso\mcdelta.ini Object is locked skipped
    C:\WINDOWS\Temp\mcu7A.tmp\UpdReq.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu7A.tmp\UpdResp.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu7A.tmp\vso\47624763.upm Object is locked skipped
    C:\WINDOWS\Temp\mcu7A.tmp\vso\mcdelta.ini Object is locked skipped
    C:\WINDOWS\Temp\mcu8B.tmp\UpdReq.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu8B.tmp\UpdResp.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu8B.tmp\vso\47814782.upm Object is locked skipped
    C:\WINDOWS\Temp\mcu8B.tmp\vso\mcdelta.ini Object is locked skipped
    C:\WINDOWS\Temp\mcu8C.tmp\UpdReq.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu8C.tmp\UpdResp.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu8C.tmp\vso\47834784.upm Object is locked skipped
    C:\WINDOWS\Temp\mcu8C.tmp\vso\mcdelta.ini Object is locked skipped
    C:\WINDOWS\Temp\mcu8D.tmp\UpdReq.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu8D.tmp\UpdResp.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu8D.tmp\vso\47844785.upm Object is locked skipped
    C:\WINDOWS\Temp\mcu8D.tmp\vso\mcdelta.ini Object is locked skipped
    C:\WINDOWS\Temp\mcu8E.tmp\UpdReq.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu8E.tmp\UpdResp.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu8E.tmp\vso\47854786.upm Object is locked skipped
    C:\WINDOWS\Temp\mcu8E.tmp\vso\mcdelta.ini Object is locked skipped
    C:\WINDOWS\Temp\mcu9E.tmp\UpdReq.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu9E.tmp\UpdResp.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcu9E.tmp\vso\48114812.upm Object is locked skipped
    C:\WINDOWS\Temp\mcu9E.tmp\vso\mcdelta.ini Object is locked skipped
    C:\WINDOWS\Temp\mcuA1.tmp\UpdReq.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcuA1.tmp\UpdResp.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcuA1.tmp\vso\48144815.upm Object is locked skipped
    C:\WINDOWS\Temp\mcuA1.tmp\vso\mcdelta.ini Object is locked skipped
    C:\WINDOWS\Temp\mcuA3.tmp\UpdReq.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcuA3.tmp\UpdResp.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcuA3.tmp\vso\48164817.upm Object is locked skipped
    C:\WINDOWS\Temp\mcuA3.tmp\vso\mcdelta.ini Object is locked skipped
    C:\WINDOWS\Temp\mcuCB.tmp\UpdReq.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcuCB.tmp\UpdResp.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcuCB.tmp\vso\48714872.upm Object is locked skipped
    C:\WINDOWS\Temp\mcuCB.tmp\vso\mcdelta.ini Object is locked skipped
    C:\WINDOWS\Temp\mcuCC.tmp\UpdReq.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcuCC.tmp\UpdResp.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcuCC.tmp\vso\48724873.upm Object is locked skipped
    C:\WINDOWS\Temp\mcuCC.tmp\vso\mcdelta.ini Object is locked skipped
    C:\WINDOWS\Temp\mcuCE.tmp\UpdReq.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcuCE.tmp\UpdResp.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcuCE.tmp\vso\48754876.upm Object is locked skipped
    C:\WINDOWS\Temp\mcuCE.tmp\vso\mcdelta.ini Object is locked skipped
    C:\WINDOWS\Temp\mcuD4.tmp\UpdReq.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcuD4.tmp\UpdResp.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcuD4.tmp\vso\48814882.upm Object is locked skipped
    C:\WINDOWS\Temp\mcuD4.tmp\vso\mcdelta.ini Object is locked skipped
    C:\WINDOWS\Temp\mcuDD.tmp\UpdReq.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcuDD.tmp\UpdResp.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcuDD.tmp\vso\48904891.upm Object is locked skipped
    C:\WINDOWS\Temp\mcuDD.tmp\vso\mcdelta.ini Object is locked skipped
    C:\WINDOWS\Temp\mcuDF.tmp\UpdReq.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcuDF.tmp\UpdResp.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcuDF.tmp\vso\48914892.upm Object is locked skipped
    C:\WINDOWS\Temp\mcuDF.tmp\vso\mcdelta.ini Object is locked skipped
    C:\WINDOWS\Temp\mcuFD.tmp\UpdReq.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcuFD.tmp\UpdResp.mcaf Object is locked skipped
    C:\WINDOWS\Temp\mcuFD.tmp\vso\49424943.upm Object is locked skipped
    C:\WINDOWS\Temp\mcuFD.tmp\vso\mcdelta.ini Object is locked skipped
    C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
    C:\WINDOWS\WIASERVC.LOG Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped
    C:\WINDOWS\wndsk.dll Infected: Trojan-Clicker.Win32.Agent.ss skipped

    Scan process completed.

  9. #9
    Member
    Join Date
    Feb 2008
    Location
    Livermore, CA
    Posts
    35

    Question new hjt log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:24:51 PM, on 2/16/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\BCMSMMSG.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
    C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe
    C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\SiteAdvisor\6253\SAService.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
    C:\Program Files\FinePixViewer\QuickDCF.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\McAfee\MSC\mcuimgr.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [PDUiP6700DMon] C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe
    O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
    O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Exif Launcher.lnk = ?
    O4 - Global Startup: Forget Me Not.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
    O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedIn...derControl.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...3/mcinsctl.cab
    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...20/mcgdmgr.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

    --
    End of file - 10370 bytes

  10. #10
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    Did you have System Restore turned off? Those infected SR files should have shown in the first Kaspersky scan also?

    http://www.prevx.com/filenames/17479...WNDSK.DLL.html

    You may need to unhide files and folder to see this one.
    http://www.xtra.co.nz/help/0,,4155-1916458,00.html

    1) C:\WINDOWS\wndsk.dll <<< delete that file
    Trojan-Clicker.Win32.Agent.ss

    2) Empty the Recycle Bin on the Desktop and restart the computer

    3) Follow these directions to clean the infected System Restore files:
    http://www.microsoft.com/windowsxp/u...s/mcgill1.mspx

    The next scan should be clean, do not post a clean scan. Keep an eye on things for a day, any more issues with that trojan we will run scans for rootkit infections.

    Thanks
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •