Free Malware Removal Forum

[clean_me]

I am recently new to this computer thing and would like to check that I have a clean computer and I have done everything I need to to protect myself. thanks in advance for the help.
My log,

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:51:53 p.m., on 4/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\\WINDOWS\\System32\\smss.exe
C:\\WINDOWS\\system32\\winlogon.exe
C:\\WINDOWS\\system32\\services.exe
C:\\WINDOWS\\system32\\lsass.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\Program Files\\Alwil Software\\Avast4\\aswUpdSv.exe
C:\\Program Files\\Alwil Software\\Avast4\\ashServ.exe
C:\\WINDOWS\\system32\\spoolsv.exe
C:\\WINDOWS\\Explorer.EXE
C:\\Program Files\\Dell\\Media Experience\\DMXLauncher.exe
C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE
C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe
C:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Apache Tomcat 4.0\\webapps\\Toolbox\\StatusClient\\StatusClient.exe
C:\\WINDOWS\\stsystra.exe
C:\\Program Files\\VMware\\VMware Workstation\\vmware-tray.exe
C:\\Program Files\\VMware\\VMware Workstation\\hqtray.exe
C:\\WINDOWS\\system32\\RUNDLL32.EXE
C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe
C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe
C:\\Program Files\\Bonjour\\mDNSResponder.exe
C:\\Program Files\\COMODO\\Firewall\\cfp.exe
C:\\Program Files\\TrojanHunter 5.0\\THGuard.exe
C:\\Program Files\\COMODO\\Firewall\\cmdagent.exe
C:\\Program Files\\Java\\jre1.6.0_05\\bin\\jusched.exe
C:\\Program Files\\iTunes\\iTunesHelper.exe
C:\\WINDOWS\\system32\\ctfmon.exe
C:\\Program Files\\Common Files\\Microsoft Shared\\VS7Debug\\mdm.exe
C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe
C:\\Program Files\\DAEMON Tools Lite\\daemon.exe
C:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe
C:\\Program Files\\NVIDIA Corporation\\nTune\\nTuneService.exe
C:\\WINDOWS\\system32\\nvsvc32.exe
c:\\Program Files\\Microsoft SQL Server\\90\\Shared\\sqlwriter.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe
C:\\Program Files\\Common Files\\VMware\\VMware Virtual Image Editing\\vmount2.exe
C:\\WINDOWS\\system32\\vmnat.exe
C:\\WINDOWS\\system32\\vmnetdhcp.exe
C:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe
C:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe
C:\\Program Files\\iPod\\bin\\iPodService.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe
C:\\Program Files\\Windows Live\\Messenger\\usnsvc.exe
C:\\Program Files\\Windows Media Player\\wmplayer.exe
C:\\PROGRA~1\\MOZILL~1\\FIREFOX.EXE
C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE
C:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WLLoginProxy.exe
C:\\Program Files\\Trend Micro\\HijackThis\\HijackThis.exe

R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://www.google.co.nz
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\\PROGRA~1\\SPYBOT~1\\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\\WINDOWS\\System32\\DLA\\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\\Program Files\\Java\\jre1.6.0_05\\bin\\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\\program files\\google\\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\\Program Files\\Google\\GoogleToolbarNotifier\\2.1.1119.1736\\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\\program files\\google\\googletoolbar2.dll
O4 - HKLM\\..\\Run: [IMJPMIG8.1] \"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32
O4 - HKLM\\..\\Run: [PHIME2002ASync] C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC
O4 - HKLM\\..\\Run: [PHIME2002A] C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName
O4 - HKLM\\..\\Run: [NvCplDaemon] RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup
O4 - HKLM\\..\\Run: [DMXLauncher] C:\\Program Files\\Dell\\Media Experience\\DMXLauncher.exe
O4 - HKLM\\..\\Run: [DLA] C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE
O4 - HKLM\\..\\Run: [ISUSPM Startup] C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup
O4 - HKLM\\..\\Run: [ISUSScheduler] \"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start
O4 - HKLM\\..\\Run: [NeroFilterCheck] C:\\WINDOWS\\system32\\NeroCheck.exe
O4 - HKLM\\..\\Run: [StatusClient] C:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Apache Tomcat 4.0\\webapps\\Toolbox\\StatusClient\\StatusClient.exe /auto
O4 - HKLM\\..\\Run: [TomcatStartup] C:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\hpbpsttp.exe
O4 - HKLM\\..\\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\\..\\Run: [vmware-tray] C:\\Program Files\\VMware\\VMware Workstation\\vmware-tray.exe
O4 - HKLM\\..\\Run: [VMware hqtray] \"C:\\Program Files\\VMware\\VMware Workstation\\hqtray.exe\"
O4 - HKLM\\..\\Run: [CloneCDElbyCDFL] \"C:\\Program Files\\Elaborate Bytes\\CloneCD\\ElbyCheck.exe\" /L ElbyCDFL
O4 - HKLM\\..\\Run: [Adobe Reader Speed Launcher] \"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\"
O4 - HKLM\\..\\Run: [nwiz] nwiz.exe /install
O4 - HKLM\\..\\Run: [NvMediaCenter] RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\\..\\Run: [avast!] C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe
O4 - HKLM\\..\\Run: [COMODO Firewall Pro] \"C:\\Program Files\\COMODO\\Firewall\\cfp.exe\" -h
O4 - HKLM\\..\\Run: [THGuard] \"C:\\Program Files\\TrojanHunter 5.0\\THGuard.exe\"
O4 - HKLM\\..\\Run: [SunJavaUpdateSched] \"C:\\Program Files\\Java\\jre1.6.0_05\\bin\\jusched.exe\"
O4 - HKLM\\..\\Run: [QuickTime Task] \"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime
O4 - HKLM\\..\\Run: [iTunesHelper] \"C:\\Program Files\\iTunes\\iTunesHelper.exe\"
O4 - HKCU\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\ctfmon.exe
O4 - HKCU\\..\\Run: [NBJ] \"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\"
O4 - HKCU\\..\\Run: [NVIDIA nTune] \"C:\\Program Files\\NVIDIA Corporation\\nTune\\nTuneCmd.exe\" clear
O4 - HKCU\\..\\Run: [SpybotSD TeaTimer] C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe
O4 - HKCU\\..\\Run: [DAEMON Tools Lite] \"C:\\Program Files\\DAEMON Tools Lite\\daemon.exe\" -autorun
O4 - HKUS\\S-1-5-19\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'LOCAL SERVICE\')
O4 - HKUS\\S-1-5-20\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'NETWORK SERVICE\')
O4 - HKUS\\S-1-5-18\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'SYSTEM\')
O4 - HKUS\\S-1-5-18\\..\\RunOnce: [RunNarrator] Narrator.exe (User \'SYSTEM\')
O4 - HKUS\\.DEFAULT\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'Default user\')
O4 - HKUS\\.DEFAULT\\..\\RunOnce: [RunNarrator] Narrator.exe (User \'Default user\')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\\PROGRA~1\\MICROS~3\\Office10\\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\Program Files\\Java\\jre1.6.0_05\\bin\\ssv.dll
O9 - Extra \'Tools\' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\Program Files\\Java\\jre1.6.0_05\\bin\\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\\Program Files\\PokerStars\\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\\PROGRA~1\\SPYBOT~1\\SDHelper.dll
O9 - Extra \'Tools\' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\\PROGRA~1\\SPYBOT~1\\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O9 - Extra \'Tools\' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/St ... b55579.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZP ... b55579.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O20 - AppInit_DLLs: C:\\WINDOWS\\system32\\guard32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\\Program Files\\Common Files\\Adobe Systems Shared\\Service\\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\\WINDOWS\\Microsoft.NET\\Framework\\v1.1.4322\\aspnet_state.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\\Program Files\\Alwil Software\\Avast4\\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\\Program Files\\Alwil Software\\Avast4\\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\\Program Files\\Bonjour\\mDNSResponder.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\\Program Files\\COMODO\\Firewall\\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\\Program Files\\Common Files\\InstallShield\\Driver\\1050\\Intel 32\\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\\Program Files\\iPod\\bin\\iPodService.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\\PROGRA~1\\McAfee\\VIRUSS~1\\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\\PROGRA~1\\McAfee\\VIRUSS~1\\mcsysmon.exe (file missing)
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\\Program Files\\NVIDIA Corporation\\nTune\\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\\WINDOWS\\system32\\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\\WINDOWS\\system32\\HPZipm12.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\\Program Files\\VMware\\VMware Workstation\\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\\WINDOWS\\system32\\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\\Program Files\\Common Files\\VMware\\VMware Virtual Image Editing\\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\\WINDOWS\\system32\\vmnat.exe

--
End of file - 11948 bytes

[Katana]

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those three things, everything should go smoothly

----------------------------------------------------------------------------------------
There is nothing dramatic showing in your log, but there are a couple of things that need tidying up
Have you uninstalled McAfee ?
Also, do you need VMWare running all the time ?

Installed Programs

Please could you give me a list of the programs that are installed.

• Start HijackThis
• Click on the Misc Tools button
• Click on the Open Uninstall Manager button.

You will see a list with the programs installed in your computer.
Click on save list button and specify where you would like to save this file.
When you press Save button a notepad will open with the contents of that file.
Simply copy and paste the contents of that notepad into your next post.

[Gary R]

Due to lack of response this topic is now closed.

If you still need help open a new thread in the Malware Removal forum and wait for a new helper.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read Donations For Malware Removal

Gary R