The 2 problems I'm having are:
1) this warning message that I receive a few times every day from Trend Micro (PC-cillin):
"you have attempted to open a dangerous website":
http://209.167.111.1...1176279494.html
- the last part of it (the 10-digit number right before the second html) changes to a new number each time
2) sometimes as often as 60 times in one minute I will receive this other warning from Trend Micro:
c:\windows\system32\aut711.dll (infected file)
troj_conhook.cr
When I click on "more information", I get this:
"If unable to quarantine the file, try deleting the infected file if you do not need to keep it.
Your security software found a virus in one of your files & now needs your help"
"unable to quarantine the file - please delete the file if y don't need it"
I found this file in my system 32 folder, but when I tried to delete it, it would say that it can't be deleted because another person or program was using it -- but I didn't have any other program open, and I'm the only one who uses this personal computer.
Thanks for helping me on this.
Here's the log:
_______________________________________
Logfile of HijackThis v1.99.1
Scan saved at 8:47:01 AM, on 5/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\TPPALDR.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\pccguide
.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Internet Security
2007\TMAS_OE\TMAS_OEMon.exe
C:\Program
Files\Olympus\DSSPlayerPro\DevDtct.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\PcCtlCo
m.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\Tmntsrv.
exe
C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.e
xe
C:\PROGRA~1\TRENDM~1\INTERN~3\tmproxy.
exe
C:\Program Files\PowerQuest\Drive Image
7.0\Agent\PQV2iSvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\PcScnSr
v.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet
Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet
Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3
} - C:\Program Files\Adobe\Acrobat
7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) -
{da216364-990c-484e-92d7-a110b55bf259} -
C:\WINDOWS\system32\aut711.dll
O2 - BHO: (no name) -
{E3215F20-3212-11D6-9F8B-00D0B743919D} -
(no file)
O4 - HKLM\..\Run: [NvCplDaemon]
RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TPP Auto Loader]
C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [Omnipage] C:\Program
Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program
Files\Common Files\Scansoft
Shared\SSBkgdUpdate\SSBkgdupdate.exe"
-Embedding -boot
O4 - HKLM\..\Run: [WorkFlowTray] "C:\Program
Files\ScanSoft\OmniPagePro14.0\WorkFlowTray.e
xe"
O4 - HKLM\..\Run: [Opware14] "C:\Program
Files\ScanSoft\OmniPagePro14.0\Opware14.exe"
O4 - HKLM\..\Run: [OpScheduler] "C:\Program
Files\ScanSoft\OmniPagePro14.0\OpScheduler.ex
e"
O4 - HKLM\..\Run: [OP14 Reminder] "C:\Program
Files\ScanSoft\OmniPagePro14.0\EregEng\Ereg.ex
e" -r "C:\Program
Files\ScanSoft\OmniPagePro14.0\EregEng\ereg.ini
"
O4 - HKLM\..\Run: [BCMSMMSG]
BCMSMMSG.exe
O4 - HKLM\..\Run: [TraySantaCruz]
C:\WINDOWS\System32\tbctray.exe
O4 - HKLM\..\Run: [pccguide.exe]
C:\PROGRA~1\TRENDM~1\INTERN~3\pccguide
.exe
O4 - HKCU\..\Run: [NvMediaCenter]
RUNDLL32.EXE
C:\WINDOWS\System32\NVMCTRAY.DLL,NvT
askbarInit
O4 - HKCU\..\Run: [Mozilla Quick Launch]
"C:\Program
Files\mozilla.org\Mozilla\Mozilla.exe" -turbo
O4 - HKCU\..\Run: [ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend
Micro\Internet Security
2007\TMAS_OE\TMAS_OEMon.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk =
C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma
Loader.exe
O4 - Global Startup: Adobe Reader Speed
Launch.lnk = C:\Program Files\Adobe\Acrobat
7.0\Reader\reader_sl.exe
O4 - Global Startup: DeviceDetect.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk =
C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Highlight -
C:\WINDOWS\WEB\highlight.htm
O8 - Extra context menu item: &Links List -
C:\WINDOWS\WEB\urllist.htm
O8 - Extra context menu item: E&xport to
Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXC
EL.EXE/3000
O8 - Extra context menu item: I&mages List -
C:\WINDOWS\Web\imglist.htm
O8 - Extra context menu item: Open Frame in
&New Window -
C:\WINDOWS\WEB\frm2new.htm
O8 - Extra context menu item: StumbleUpon:
&Blog This -
res://C:\WINDOWS\DOWNLO~1\CONFLICT.1\S
TUMBL~1.DLL/blogimage
O8 - Extra context menu item: Zoom &In -
C:\WINDOWS\WEB\zoomin.htm
O8 - Extra context menu item: Zoom O&ut -
C:\WINDOWS\WEB\zoomout.htm
O9 - Extra button: Research -
{92780B25-18CC-41C8-B9BE-3C9C571A8263}
-
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBA
R.DLL
O9 - Extra button: (no name) -
{e2e2dd38-d088-4134-82b7-f2ba38496583} -
%windir%\Network Diagnostic\xpnetdiag.exe (file
missing)
O9 - Extra 'Tools' menuitem:
@xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} -
%windir%\Network Diagnostic\xpnetdiag.exe (file
missing)
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger
- {FB5F1910-F110-11d2-BB9E-00C04F795683}
- C:\WINDOWS\System32\shdocvw.dll
O11 - Options group: [INTERNATIONAL]
International*
O16 - DPF:
{62475759-9E84-458E-A1AB-5D2C442ADFDE
} -
http://a1540.g.akama.../52/20031216/qt
install.info.apple.com/mickey/us/win/QuickTimeIn
staller.exe
O16 - DPF:
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3
} (MUWebControl Class) -
http://update.micros...softupdate/v6/V
5Controls/en/x86/client/muweb_site.cab?1135970
673656
O16 - DPF:
{74C861A1-D548-4916-BC8A-FDE92EDFF62C
} -
http://mediaplayer.w...ller/install.ca
b
O16 - DPF:
{8EDAD21C-3584-4E66-A8AB-EB0E5584767D
} -
http://toolbar.googl...gleActivate.cab
O16 - DPF:
{95844941-7934-4693-92D9-8202EA7B20ED} -
http://www.stumbleupon.com/stumble.cab
O20 - AppInit_DLLs:
O20 - Winlogon Notify: aut711 -
C:\WINDOWS\SYSTEM32\aut711.dll
O20 - Winlogon Notify: WgaLogon -
C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj -
{AAA288BA-9A4C-45B0-95D7-94D524869DB5
} -
C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: GBPoll - Unknown owner -
C:\Program Files\Norton SystemWorks\Norton
GoBack\GBPoll.exe (file missing)
O23 - Service: InstallDriver Table Manager
(IDriverT) - Macrovision Corporation - C:\Program
Files\Common Files\InstallShield\Driver\11\Intel
32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service
(NVSvc) - NVIDIA Corporation -
C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control
Component (PcCtlCom) - Trend Micro Inc. -
C:\PROGRA~1\TRENDM~1\INTERN~3\PcCtlCo
m.exe
O23 - Service: Trend Micro Protection Against
Spyware (PcScnSrv) - Trend Micro Inc. -
C:\PROGRA~1\TRENDM~1\INTERN~3\PcScnSr
v.exe
O23 - Service: STOPzilla Local Service -
Unknown owner - C:\Program
Files\STOPzilla!\szntsvc.exe (file missing)
O23 - Service: Trend Micro Real-time Service
(Tmntsrv) - Trend Micro Inc. -
C:\PROGRA~1\TRENDM~1\INTERN~3\Tmntsrv.
exe
O23 - Service: Trend Micro Personal Firewall
(TmPfw) - Trend Micro Inc. -
C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.e
xe
O23 - Service: Trend Micro Proxy Service
(tmproxy) - Trend Micro Inc. -
C:\PROGRA~1\TRENDM~1\INTERN~3\tmproxy.
exe
O23 - Service: V2i Protector - PowerQuest
Corporation - C:\Program Files\PowerQuest\Drive
Image 7.0\Agent\PQV2iSvc.exe