Free Malware Removal Forum

[wjstape]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:48:30 AM, on 6/1/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
F:\XP2\System32\smss.exe
F:\XP2\system32\winlogon.exe
F:\XP2\system32\services.exe
F:\XP2\system32\lsass.exe
F:\XP2\system32\svchost.exe
F:\Program Files\Windows Defender\MsMpEng.exe
F:\XP2\System32\svchost.exe
F:\XP2\system32\spoolsv.exe
F:\XP2\system32\nvsvc32.exe
F:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
F:\XP2\System32\svchost.exe
F:\XP2\system32\SearchIndexer.exe
F:\XP2\system32\wscntfy.exe
F:\XP2\Explorer.EXE
F:\Program Files\Trend Micro\Internet Security\TmProxy.exe
F:\XP2\system32\RunDll32.exe
F:\XP2\system32\RUNDLL32.EXE
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\Program Files\Windows Defender\MSASCui.exe
F:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
F:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
F:\XP2\system32\ctfmon.exe
F:\Program Files\HP Wireless Printer Adapter\ConnectMgr.exe
F:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
F:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
F:\Program Files\Windows Desktop Search\WindowsSearch.exe
F:\Program Files\Microsoft Office\Office10\msoffice.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe
F:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - F:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - F:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\XP2\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Defender] "F:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\XP2\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [OE] "F:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] F:\XP2\system32\ctfmon.exe
O4 - Startup: Epson scanner Registration.lnk = E:\E_reg\EPSONREG.EXE
O4 - Global Startup: connection manager.lnk = ?
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Search.lnk = F:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3696250796
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/ ... s-i586.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1ED8CD20-7D5E-4F37-9861-74290D6E1D7C}: NameServer = 85.255.112.89,85.255.112.201
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3B49116-3068-4F69-B94D-932D1C4A361B}: NameServer = 85.255.112.89,85.255.112.201
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.89,85.255.112.201
O17 - HKLM\System\CS1\Services\Tcpip\..\{1ED8CD20-7D5E-4F37-9861-74290D6E1D7C}: NameServer = 85.255.112.89,85.255.112.201
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.89,85.255.112.201
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\XP2\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - F:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - F:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - F:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - F:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 5952 bytes

[MWR 3 day Mod]

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.

[Shaba]

Due to lack of response this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.