Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help Me I Have Privacy In Danger Red Screen


  • This topic is locked This topic is locked
12 replies to this topic

#1 vinmart

vinmart

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:17 PM

Posted 01 November 2007 - 03:44 PM

I have installed trend micro internet security on my computer. I had the IE defender on my computer but I was able to get rid of that. I have gone through all the scans with this program and used housecall and hijackthis. When I use housecall it messes up my computer and does not allow my trend micro to activate my firewall.

I have had to reinstall the software two times. I have cleaned all the temp files as suggested by trend micro along with doing housecall and hijackthis. When I did hijackthis i went ahead and fix all of it or deleted everything whatever it does. I don't remember. Got rid of ie defender but still have the privacy in danger screen that pops up. Have run repeated scans and this screen hijacker seems to go particulary crazy when I do this.

I found the folder where the info was stored under windows/private_danger and deleted folder. When the hijaced tryed to reload the screen I got another say path not found be sure of path. Well It eventually reinstalled itself somehow.

Have run more scans and it seems to catch one or two each time. I want to send a hijack log so you can recommend what I should do and also tell me what else you see on this log that I should take care of. There are probably other things taking resources away from my computer.

I will send it with my next post as I am using a different computer to talk with you.

Thanks,

I have the hijack this log.

When it ran I got a screen that said I had a large amount of hijacked domains and i should delete these before doing a fix.

SOMEBODY PLEASE HELP ME!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!







Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:32:46 PM, on 11/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\Dependent\HSChkProxyExe.exe
C:\Documents and Settings\Vince Martinez\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mysa.com/
O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
O1 - Hosts: <html>
O1 - Hosts: <head>
O1 - Hosts: <HEAD><TITLE>Trend Micro Internet Security Pro</TITLE><!--
O1 - Hosts: sFq{~>O;-1ig.V&X
O1 - Hosts: Do not delete or modify this comment.
O1 - Hosts: -->
O1 - Hosts: <META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
O1 - Hosts: <META content="MSHTML 6.00.2900.3020" name=GENERATOR>
O1 - Hosts: <style type="text/css">
O1 - Hosts: <!--
O1 - Hosts: body {margin: 0px; font:12px Arial, Helvetica, sans-serif; color:#303030; background-color:#fff; }
O1 - Hosts: .block{width:100%; background-color:#FF0000; color:#FFFFFF; font-size:14px; font-weight:bold; padding:10px 0 10px 10px; vertical-align:middle;}
O1 - Hosts: .copyright{font-size:11px;}
O1 - Hosts: .title_white{color:#FFFFFF; font-size:12px; font-weight:bold;}
O1 - Hosts: .title{font-size:13px; font-weight:bold;}
O1 - Hosts: .title_red{font-size:14px; font-weight:bold; color:#FF0000; padding-left:22px}
O1 - Hosts: .content {font-size: xx-small; font-family: Verdana, Arial, Helvetica, sans-serif;}
O1 - Hosts: .contentbold {font-size: x-small; font-family: Verdana, Arial, Helvetica, sans-serif; font-weight: bold;}
O1 - Hosts: .contentboldred {font-size: x-small; font-family: Verdana, Arial, Helvetica, sans-serif; font-weight: bold; color: #FF0000;}
O1 - Hosts: .note {font-size: 11px; font-family: Arial, Helvetica, sans-serif;}
O1 - Hosts: .notetitle {color: #c00000; font-size: 11px; font-family: Arial, Helvetica, sans-serif; font-weight: bold;}
O1 - Hosts: .noteborder { padding:5px 5px; border: 1px #c00000 solid; background-color:#F0F0F0;}
O1 - Hosts: .btn {font-family: Arial, Helvetica, sans-serif; font-size: 12px; height: 20px;}
O1 - Hosts: -->
O1 - Hosts: </style>
O1 - Hosts: <script type="text/javascript">
O1 - Hosts: function UpdateValues()
O1 - Hosts: {
O1 - Hosts: if (document.all("credibilitylevel").innerText == "Unknown")
O1 - Hosts: document.all("credibilitylevel").innerText = document.all("szUnknown").innerHTML;
O1 - Hosts: else if (document.all("credibilitylevel").innerText == "Unsafe")
O1 - Hosts: document.all("credibilitylevel").innerText = document.all("szUnsafe").innerHTML;
O1 - Hosts: else if (document.all("credibilitylevel").innerText == "Suspicious")
O1 - Hosts: document.all("credibilitylevel").innerText = document.all("szSuspicious").innerHTML;
O1 - Hosts: else if (document.all("credibilitylevel").innerText == "Safe")
O1 - Hosts: document.all("credibilitylevel").innerText = document.all("szSafe").innerHTML;
O1 - Hosts: }
O1 - Hosts: </script>
O1 - Hosts: <base href="file://C:\PROGRA~1\TRENDM~1\INTERN~1\"></HEAD>
O1 - Hosts: <div id="l10n_strings" style="display:none">
O1 - Hosts: <span id="szUnknown">Unknown</span>
O1 - Hosts: <span id="szUnsafe">Unsafe</span>
O1 - Hosts: <span id="szSuspicious">Suspicious</span>
O1 - Hosts: <span id="szSafe">Safe</span>
O1 - Hosts: </div>
O1 - Hosts: <BODY onload="UpdateValues();">
O1 - Hosts: <div class="block" > Blocked by Trend Micro</div>
O1 - Hosts: <TABLE width="700" border=0 cellPadding=0 cellSpacing=0>
O1 - Hosts: <TR>
O1 - Hosts: <TD><table cellspacing="0" cellpadding="0" border="0">
O1 - Hosts: <tbody>
O1 - Hosts: <tr>
O1 - Hosts: <td width="10" height="15"></td>
O1 - Hosts: <td class="title"></td>
O1 - Hosts: </tr>
O1 - Hosts: <tr>
O1 - Hosts: <td rowspan="2" align="center">&nbsp;</td>
O1 - Hosts: <td class="title">Trend Micro Internet Security Pro has identified this Web page as undesirable.</td>
O1 - Hosts: </tr>
O1 - Hosts: <tr>
O1 - Hosts: <td><hr size="1" noshade="noshade" /></td>
O1 - Hosts: </tr>
O1 - Hosts: <tr>
O1 - Hosts: <td rowspan="13">&nbsp;</td>
O1 - Hosts: <td class="content"><table cellspacing="0" cellpadding="0" border="0">
O1 - Hosts: <tbody>
O1 - Hosts: <tr>
O1 - Hosts: <td height="22" class="contentbold">Address:</td>
O1 - Hosts: <td class="contentboldred">http://85.255.121.123/rotate/h.txt</td>
O1 - Hosts: </tr>
O1 - Hosts: <tr>
O1 - Hosts: <td height="22" class="contentbold">Credibility:</td>
O1 - Hosts: <td class="contentboldred" id="credibilitylevel">Unsafe</td>
O1 - Hosts: </tr>
O1 - Hosts: </tbody>
O1 - Hosts: </table></td>
O1 - Hosts: </tr>
O1 - Hosts: <tr>
O1 - Hosts: <td height="30"></td>
O1 - Hosts: </tr>
O1 - Hosts: <tr>
O1 - Hosts: <td class="content"><em>If you still want to see this blocked page:</em>
O1 - Hosts: <ol>
O1 - Hosts: <li>Click the Windows <strong>Start</strong> button and launch <strong>Trend Micro Internet Security Pro</strong> from the list under <strong>All Programs</strong>. </li>
O1 - Hosts: <br />
O1 - Hosts: <br />
O1 - Hosts: <li>Click <b>Internet & Email Controls</b>.</li>
O1 - Hosts: <br />
O1 - Hosts: <br />
O1 - Hosts: <li>Click the <strong>Settings...</strong> button under <strong>Parental Controls</strong> or <strong>Protection Against Web Threats</strong>.</li>
O1 - Hosts: <br />
O1 - Hosts: <br />
O1 - Hosts: <li>Click the <strong>List of Approved Web Sites</strong> link in the next window that opens.</li>
O1 - Hosts: <br />
O1 - Hosts: <br />
O1 - Hosts: <li>Copy and paste the address of the blocked Web site into the list. </li>
O1 - Hosts: </ol></td>
O1 - Hosts: </tr>
O1 - Hosts: <tr>
O1 - Hosts: <td>&nbsp;</td>
O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [TrendSecure Remote File Lock] C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe
O21 - SSODL: msmhost - {6C621BE4-6F7E-4726-BC8C-9C5BD3A82B9E} - C:\WINDOWS\msmhost.dll
O21 - SSODL: msmdev - {7C3DA6F4-2736-403A-806E-556874F32A74} - C:\WINDOWS\msmdev.dll (file missing)
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Bluetooth Service (btwdins) - Unknown owner - C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 9273 bytes


BC AdBot (Login to Remove)

 


#2 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 02 November 2007 - 03:39 PM

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today.

When I did hijackthis i went ahead and fix all of it or deleted everything whatever it does. I don't remember.

Before we begin, what do you mean by this? You fixed all of the entries?

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#3 vinmart

vinmart
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:17 PM

Posted 03 November 2007 - 11:58 AM

I need to thank quietman7 for everything he told me to do. My computer seems to be fixed but I still need a opinion on my hijack log. After i did everything quietman7 said i ran another log. Here it is . Please tell me what I should fix. It still said i had a large amount of hijacked hosts. and maybe i should go to a certain folder and delete it . Not quite sure. Maybe you can tell me.

Thanks for all the help this site has been and This is probably one of the last things I need to do since everything else seems back to normal and running good.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:53:46 AM, on 11/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe
C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\Dependent\HSChkProxyExe.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\kdfmgr.exe
C:\Documents and Settings\Vince Martinez\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mysa.com/
O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
O1 - Hosts: <html>
O1 - Hosts: <head>
O1 - Hosts: <HEAD><TITLE>Trend Micro Internet Security Pro</TITLE><!--
O1 - Hosts: sFq{~>O;-1ig.V&X
O1 - Hosts: Do not delete or modify this comment.
O1 - Hosts: -->
O1 - Hosts: <META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
O1 - Hosts: <META content="MSHTML 6.00.2900.3020" name=GENERATOR>
O1 - Hosts: <style type="text/css">
O1 - Hosts: <!--
O1 - Hosts: body {margin: 0px; font:12px Arial, Helvetica, sans-serif; color:#303030; background-color:#fff; }
O1 - Hosts: .block{width:100%; background-color:#FF0000; color:#FFFFFF; font-size:14px; font-weight:bold; padding:10px 0 10px 10px; vertical-align:middle;}
O1 - Hosts: .copyright{font-size:11px;}
O1 - Hosts: .title_white{color:#FFFFFF; font-size:12px; font-weight:bold;}
O1 - Hosts: .title{font-size:13px; font-weight:bold;}
O1 - Hosts: .title_red{font-size:14px; font-weight:bold; color:#FF0000; padding-left:22px}
O1 - Hosts: .content {font-size: xx-small; font-family: Verdana, Arial, Helvetica, sans-serif;}
O1 - Hosts: .contentbold {font-size: x-small; font-family: Verdana, Arial, Helvetica, sans-serif; font-weight: bold;}
O1 - Hosts: .contentboldred {font-size: x-small; font-family: Verdana, Arial, Helvetica, sans-serif; font-weight: bold; color: #FF0000;}
O1 - Hosts: .note {font-size: 11px; font-family: Arial, Helvetica, sans-serif;}
O1 - Hosts: .notetitle {color: #c00000; font-size: 11px; font-family: Arial, Helvetica, sans-serif; font-weight: bold;}
O1 - Hosts: .noteborder { padding:5px 5px; border: 1px #c00000 solid; background-color:#F0F0F0;}
O1 - Hosts: .btn {font-family: Arial, Helvetica, sans-serif; font-size: 12px; height: 20px;}
O1 - Hosts: -->
O1 - Hosts: </style>
O1 - Hosts: <script type="text/javascript">
O1 - Hosts: function UpdateValues()
O1 - Hosts: {
O1 - Hosts: if (document.all("credibilitylevel").innerText == "Unknown")
O1 - Hosts: document.all("credibilitylevel").innerText = document.all("szUnknown").innerHTML;
O1 - Hosts: else if (document.all("credibilitylevel").innerText == "Unsafe")
O1 - Hosts: document.all("credibilitylevel").innerText = document.all("szUnsafe").innerHTML;
O1 - Hosts: else if (document.all("credibilitylevel").innerText == "Suspicious")
O1 - Hosts: document.all("credibilitylevel").innerText = document.all("szSuspicious").innerHTML;
O1 - Hosts: else if (document.all("credibilitylevel").innerText == "Safe")
O1 - Hosts: document.all("credibilitylevel").innerText = document.all("szSafe").innerHTML;
O1 - Hosts: }
O1 - Hosts: </script>
O1 - Hosts: <base href="file://C:\PROGRA~1\TRENDM~1\INTERN~1\"></HEAD>
O1 - Hosts: <div id="l10n_strings" style="display:none">
O1 - Hosts: <span id="szUnknown">Unknown</span>
O1 - Hosts: <span id="szUnsafe">Unsafe</span>
O1 - Hosts: <span id="szSuspicious">Suspicious</span>
O1 - Hosts: <span id="szSafe">Safe</span>
O1 - Hosts: </div>
O1 - Hosts: <BODY onload="UpdateValues();">
O1 - Hosts: <div class="block" > Blocked by Trend Micro</div>
O1 - Hosts: <TABLE width="700" border=0 cellPadding=0 cellSpacing=0>
O1 - Hosts: <TR>
O1 - Hosts: <TD><table cellspacing="0" cellpadding="0" border="0">
O1 - Hosts: <tbody>
O1 - Hosts: <tr>
O1 - Hosts: <td width="10" height="15"></td>
O1 - Hosts: <td class="title"></td>
O1 - Hosts: </tr>
O1 - Hosts: <tr>
O1 - Hosts: <td rowspan="2" align="center">&nbsp;</td>
O1 - Hosts: <td class="title">Trend Micro Internet Security Pro has identified this Web page as undesirable.</td>
O1 - Hosts: </tr>
O1 - Hosts: <tr>
O1 - Hosts: <td><hr size="1" noshade="noshade" /></td>
O1 - Hosts: </tr>
O1 - Hosts: <tr>
O1 - Hosts: <td rowspan="13">&nbsp;</td>
O1 - Hosts: <td class="content"><table cellspacing="0" cellpadding="0" border="0">
O1 - Hosts: <tbody>
O1 - Hosts: <tr>
O1 - Hosts: <td height="22" class="contentbold">Address:</td>
O1 - Hosts: <td class="contentboldred">http://85.255.121.123/rotate/h.txt</td>
O1 - Hosts: </tr>
O1 - Hosts: <tr>
O1 - Hosts: <td height="22" class="contentbold">Credibility:</td>
O1 - Hosts: <td class="contentboldred" id="credibilitylevel">Unsafe</td>
O1 - Hosts: </tr>
O1 - Hosts: </tbody>
O1 - Hosts: </table></td>
O1 - Hosts: </tr>
O1 - Hosts: <tr>
O1 - Hosts: <td height="30"></td>
O1 - Hosts: </tr>
O1 - Hosts: <tr>
O1 - Hosts: <td class="content"><em>If you still want to see this blocked page:</em>
O1 - Hosts: <ol>
O1 - Hosts: <li>Click the Windows <strong>Start</strong> button and launch <strong>Trend Micro Internet Security Pro</strong> from the list under <strong>All Programs</strong>. </li>
O1 - Hosts: <br />
O1 - Hosts: <br />
O1 - Hosts: <li>Click <b>Internet & Email Controls</b>.</li>
O1 - Hosts: <br />
O1 - Hosts: <br />
O1 - Hosts: <li>Click the <strong>Settings...</strong> button under <strong>Parental Controls</strong> or <strong>Protection Against Web Threats</strong>.</li>
O1 - Hosts: <br />
O1 - Hosts: <br />
O1 - Hosts: <li>Click the <strong>List of Approved Web Sites</strong> link in the next window that opens.</li>
O1 - Hosts: <br />
O1 - Hosts: <br />
O1 - Hosts: <li>Copy and paste the address of the blocked Web site into the list. </li>
O1 - Hosts: </ol></td>
O1 - Hosts: </tr>
O1 - Hosts: <tr>
O1 - Hosts: <td>&nbsp;</td>
O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [TrendSecure Remote File Lock] C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Bluetooth Service (btwdins) - Unknown owner - C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 9587 bytes


#4 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 03 November 2007 - 02:53 PM

You haven't answered my question ...

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#5 vinmart

vinmart
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:17 PM

Posted 04 November 2007 - 09:17 PM

I believe I hit the button that said fix checked items. But I am not sure if I had any checked when I hit the fix button. So this is the most current log after doing all the other things which actually got rid of my other problems. But when i ran the hijack this log it said I had a lot of hijacked domains or web pages or something.

sorry for the confusion. If i did check them all and then click fix button would it of screwed up my computer

Edited by vinmart, 04 November 2007 - 09:18 PM.


#6 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 05 November 2007 - 12:08 PM

Okay, I don't think you fixed anything then; that can seriously mess up your computer.
Download Combofix to your Desktop.
Double click combofix.exe
Follow the prompts that are displayed.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt.

Post that in your next reply.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#7 vinmart

vinmart
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:17 PM

Posted 05 November 2007 - 05:58 PM

Here is a copy of my combofixlog. Thanks for your help

ComboFix 07-11-05.2 - Vince Martinez 2007-11-05 13:44:16.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.333 [GMT -6:00]
Running from: C:\Documents and Settings\Vince Martinez\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\myglobalsearch
C:\Program Files\myglobalsearch\bar\History\search
C:\WINDOWS\dat.txt
C:\WINDOWS\rs.txt
C:\WINDOWS\search_res.txt
C:\WINDOWS\system32\sysinit32

.
((((((((((((((((((((((((( Files Created from 2007-10-05 to 2007-11-05 )))))))))))))))))))))))))))))))
.

2007-11-05 13:39 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-02 16:50 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2007-11-02 13:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-02 13:02 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-11-02 13:02 <DIR> d-------- C:\Documents and Settings\Vince Martinez\Application Data\SUPERAntiSpyware.com
2007-11-02 12:56 <DIR> d-------- C:\Program Files\RogueRemover FREE
2007-11-02 12:50 <DIR> d-------- C:\WINDOWS\SYSTEM32\ASPRO
2007-11-02 12:50 69,632 --a------ C:\WINDOWS\SYSTEM32\asprouni.exe
2007-11-02 11:03 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2007-11-02 10:35 1,470 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2007-11-02 10:32 289,144 --a------ C:\WINDOWS\SYSTEM32\VCCLSID.exe
2007-11-02 10:32 288,417 --a------ C:\WINDOWS\SYSTEM32\SrchSTS.exe
2007-11-02 10:32 53,248 --a------ C:\WINDOWS\SYSTEM32\Process.exe
2007-11-02 10:32 25,600 --a------ C:\WINDOWS\SYSTEM32\WS2Fix.exe
2007-10-30 23:52 <DIR> d-------- C:\WINDOWS\kdefense
2007-10-30 23:52 849,920 --a------ C:\WINDOWS\SYSTEM32\kdfinj.dll
2007-10-30 23:52 726,568 --a------ C:\WINDOWS\SYSTEM32\kdfmgr.exe
2007-10-30 23:52 192,512 --a------ C:\WINDOWS\SYSTEM32\kdfvmgr.exe
2007-10-30 23:52 77,824 --a------ C:\WINDOWS\SYSTEM32\kdfapi.dll
2007-10-30 23:52 53,248 --a------ C:\WINDOWS\SYSTEM32\Kdfhok.dll
2007-10-30 23:28 <DIR> d-------- C:\WINDOWS\LocalSSL
2007-10-30 23:26 138,512 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys
2007-10-30 23:26 52,496 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmactmon.sys
2007-10-30 23:26 52,368 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmevtmgr.sys
2007-10-30 23:23 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-30 11:56 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-10-29 18:16 <DIR> d-------- C:\Documents and Settings\Administrator\.housecall6.6
2007-10-29 15:48 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\HouseCall 6.6
2007-10-29 12:36 <DIR> d-------- C:\WINDOWS\l2schemas
2007-10-29 12:35 1,705,472 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\netshell.dll
2007-10-29 12:35 474,624 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\wzcsvc.dll
2007-10-29 12:35 381,440 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\wzcdlg.dll
2007-10-29 12:35 69,120 --------- C:\WINDOWS\SYSTEM32\wlanapi.dll
2007-10-29 12:35 52,736 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\wzcsapi.dll
2007-10-29 12:35 14,592 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ndisuio.sys
2007-10-29 12:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2007-10-26 15:55 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-10-26 15:01 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-26 14:59 626,688 --a------ C:\WINDOWS\SYSTEM32\msvcr80.dll
2007-10-10 05:53 582,656 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\rpcrt4.dll
2007-10-07 21:37 <DIR> d-------- C:\Program Files\iTunes
2007-10-07 21:34 <DIR> d-------- C:\Program Files\QuickTime
2007-10-07 21:33 <DIR> d----c--- C:\WINDOWS\SYSTEM32\DRVSTORE
2007-10-07 21:32 <DIR> d-------- C:\Program Files\Common Files\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-02 19:02 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-31 04:45 --------- d-----w C:\Program Files\Google
2007-10-29 18:03 --------- d-----w C:\Documents and Settings\Vince Martinez\Application Data\BearShare
2007-10-29 17:56 --------- d-----w C:\Program Files\Yahoo!
2007-10-29 17:56 --------- d-----w C:\Program Files\Common Files\Scanner
2007-10-29 17:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-29 17:45 --------- d-----w C:\Program Files\Eraser
2007-10-26 22:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-26 20:47 --------- d-----w C:\Program Files\Common Files\AOL
2007-10-26 20:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-10-26 20:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-10-23 18:58 --------- d-----w C:\Program Files\Java
2007-10-11 00:10 --------- d-----w C:\Program Files\DivX
2007-10-08 03:38 --------- d-----w C:\Program Files\iPod
2007-10-06 18:07 319 ----a-w C:\drmHeader.bin
2007-09-28 16:08 156,992 ----a-w C:\WINDOWS\SYSTEM32\DivXCodecVersionChecker.exe
2007-09-28 16:07 524,288 ----a-w C:\WINDOWS\SYSTEM32\DivXsm.exe
2007-09-28 16:07 3,596,288 ----a-w C:\WINDOWS\SYSTEM32\qt-dx331.dll
2007-09-28 16:07 200,704 ----a-w C:\WINDOWS\SYSTEM32\ssldivx.dll
2007-09-28 16:07 1,044,480 ----a-w C:\WINDOWS\SYSTEM32\libdivx.dll
2007-09-28 16:05 823,296 ----a-w C:\WINDOWS\SYSTEM32\divx_xx0c.dll
2007-09-28 16:05 823,296 ----a-w C:\WINDOWS\SYSTEM32\divx_xx07.dll
2007-09-28 16:05 81,920 ----a-w C:\WINDOWS\SYSTEM32\dpl100.dll
2007-09-28 16:05 802,816 ----a-w C:\WINDOWS\SYSTEM32\divx_xx11.dll
2007-09-28 16:05 739,840 ----a-w C:\WINDOWS\SYSTEM32\DivX.dll
2007-09-28 16:05 593,920 ----a-w C:\WINDOWS\SYSTEM32\dpuGUI11.dll
2007-09-28 16:05 57,344 ----a-w C:\WINDOWS\SYSTEM32\dpv11.dll
2007-09-28 16:05 53,248 ----a-w C:\WINDOWS\SYSTEM32\dpuGUI10.dll
2007-09-28 16:05 344,064 ----a-w C:\WINDOWS\SYSTEM32\dpus11.dll
2007-09-28 16:05 294,912 ----a-w C:\WINDOWS\SYSTEM32\dpu11.dll
2007-09-28 16:05 294,912 ----a-w C:\WINDOWS\SYSTEM32\dpu10.dll
2007-09-28 16:05 196,608 ----a-w C:\WINDOWS\SYSTEM32\dtu100.dll
2007-09-28 16:05 12,288 ----a-w C:\WINDOWS\SYSTEM32\DivXWMPExtType.dll
2007-09-26 20:04 --------- d-----w C:\Program Files\ZipForm Desktop
2007-09-25 20:13 --------- d-----w C:\Program Files\Dell
2007-09-17 20:40 35,856 ----a-w C:\WINDOWS\system32\drivers\tmpreflt.sys
2007-09-17 20:40 202,768 ----a-w C:\WINDOWS\system32\drivers\tmxpflt.sys
2007-09-17 20:31 1,126,072 ----a-w C:\WINDOWS\system32\drivers\vsapint.sys
2007-09-17 18:29 65,936 ----a-w C:\WINDOWS\system32\drivers\tmtdi.sys
2007-09-17 18:29 333,328 ----a-w C:\WINDOWS\system32\drivers\TM_CFW.sys
2007-09-12 17:53 --------- d-----w C:\Program Files\Apple Software Update
2007-09-12 17:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-09-05 16:58 --------- d-----w C:\Program Files\REFN
2007-09-05 16:35 472 ----a-w C:\Program Files\INSTALL.LOG
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\SYSTEM32\inetcomm.dll
2007-08-21 06:15 683,520 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\inetcomm.dll
2007-08-20 10:04 824,832 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
2007-08-20 10:04 671,232 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
2007-08-20 10:04 63,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
2007-08-20 10:04 6,058,496 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2007-08-20 10:04 52,224 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
2007-08-20 10:04 477,696 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
2007-08-20 10:04 459,264 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
2007-08-20 10:04 44,544 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
2007-08-20 10:04 384,512 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
2007-08-20 10:04 383,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
2007-08-20 10:04 3,584,512 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2007-08-20 10:04 27,648 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
2007-08-20 10:04 267,776 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
2007-08-20 10:04 232,960 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
2007-08-20 10:04 230,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
2007-08-20 10:04 214,528 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
2007-08-20 10:04 193,024 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
2007-08-20 10:04 153,088 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
2007-08-20 10:04 132,608 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
2007-08-20 10:04 124,928 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
2007-08-20 10:04 105,984 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
2007-08-20 10:04 102,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
2007-08-20 10:04 1,152,000 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
2007-08-17 10:21 625,152 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2007-08-17 10:20 63,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2007-08-17 10:20 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2007-08-17 07:34 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2007-08-13 19:11 112,808 ----a-w C:\Documents and Settings\Vince Martinez\Application Data\GDIPFONTCACHEV1.DAT
2004-08-18 16:09 462,919 ----a-w C:\Documents and Settings\Vince Martinez\gotomypc.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{E7620C98-FCCC-40E5-92EC-C7685D2E1E40}"= C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll [2007-09-16 08:21 103760]

[HKEY_CLASSES_ROOT\CLSID\{E7620C98-FCCC-40E5-92EC-C7685D2E1E40}]
[HKEY_CLASSES_ROOT\TSToolbar.TSProtectorBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EC525605-2266-4775-8F78-A68A6446465C}]
[HKEY_CLASSES_ROOT\TSToolbar.TSProtectorBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-26 12:01]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2007-09-17 12:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]
"OE"="C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2007-09-17 12:30]
"TrendSecure Remote File Lock"="C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe" [2007-09-17 02:15]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"SpecifyDefaultButtons"=0 (0x0)
"Btn_Search"=0 (0x0)
"NoBandCustomize"=0 (0x0)
"NoToolbarCustomize"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
PCANotify.dll 2003-10-31 10:01 8704 C:\WINDOWS\SYSTEM32\PCANotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
backup=C:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks 2002 Delivery Agent.lnk]
backup=C:\WINDOWS\pss\QuickBooks 2002 Delivery Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Vince Martinez^Start Menu^Programs^Startup^HotSync Manager.lnk]
backup=C:\WINDOWS\pss\HotSync Manager.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adstartup]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdTools Service]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullsEye Network]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell AIO Printer A920]
"C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWHeartbeatMonitor]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
C:\Program Files\Eraser\eraser.exe -hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iPodManager]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mswspl]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia Tray Application]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyKiller]
C:\Program Files\SpyKiller\spykiller.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STOPzilla]
"C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebRebates0]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSearch]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA]
RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Winad Client]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zango]
"c:\program files\zango\zango.exe"

S2 PINNMB;MovieBox USB_B;C:\WINDOWS\system32\Drivers\pinnmb.sys
S3 2WIREPCP;2Wire USB;C:\WINDOWS\system32\DRIVERS\2WirePCP.sys
S4 Seagate Sync Service;Seagate Sync Service;"C:\Program Files\Seagate\Sync\SeaSyncServices.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3002d5c0-9fd7-11da-8c20-0010c625e59f}]
\Shell\AutoRun\command - rundll32.exe url.dll,FileProtocolHandler LapNetWizard.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{349fd600-e120-11da-8c80-0010c625e59f}]
\Shell\AutoRun\command - rundll32.exe url.dll,FileProtocolHandler LapNetWizard.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4000060-e674-11db-8de7-0010c625e59f}]
\Shell\AutoRun\command - D:\Autorun.exe /run
\Shell\Shell00\Command - D:\Autorun.exe /run
\Shell\Shell01\Command - D:\Autorun.exe /action
\Shell\Shell02\Command - D:\Autorun.exe /uninstall

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-10-31 01:01:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-05 13:52:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-05 13:54:34
.
--- E O F ---


Thanks, Vince

#8 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 06 November 2007 - 04:14 PM

Please run Panda's ActiveScan.
Once you are on the Panda site click the Scan your PC button
A new window will open, click the Check Now button.
Enter your personal details.
Click the big Scan Now button.
It will ask to install various content - please allow this.
It will start downloading the files it requires for the scan, which may take a while.
When download is complete, click on Local Disks to start the scan.
When the scan has finished - if anything malicious is found - click the See Report button.
Click Save Report and save the file to your Desktop, so you can post this log in your next reply.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#9 vinmart

vinmart
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:17 PM

Posted 08 November 2007 - 01:08 PM

Incident Status Location

Spyware:Cookie/Gator Not disinfected C:\Documents and Settings\Vince Martinez\Application Data\Mozilla\Profiles\default\retayt6d.slt\cookies.txt[.gator.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Vince Martinez\Application Data\Mozilla\Profiles\default\retayt6d.slt\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Vince Martinez\Application Data\Mozilla\Profiles\default\retayt6d.slt\cookies.txt[.zedo.com/]
Spyware:Cookie/Gorillanation Not disinfected C:\Documents and Settings\Vince Martinez\Application Data\Phoenix\Profiles\default\i4l4r68a.slt\cookies.txt[ads.gorillanation.com/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Vince Martinez\Application Data\Phoenix\Profiles\default\i4l4r68a.slt\cookies.txt[stat.onestat.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Vince Martinez\Cookies\vince_martinez@ad.yieldmanager[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Vince Martinez\Cookies\vince_martinez@realmedia[1].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Vince Martinez\Cookies\vince_martinez@yadro[1].txt
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Vince Martinez\Desktop\ComboFix.exe[nircmd.exe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Vince Martinez\Desktop\ComboFix.exe[nircmd.cfexe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Vince Martinez\Desktop\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\Vince Martinez\Desktop\SmitfraudFix\restart.exe
Adware:adware/delfinmedia Not disinfected C:\keys.ini
Potentially unwanted tool:Application/Pskill.A Not disinfected C:\Program Files\Seagate\Utilities\pkill.exe
Potentially unwanted tool:Application/Pskill.A Not disinfected C:\WINDOWS\Installer\5abd3.msi[unk_0050]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\NirCmd.exe
Adware:adware/keenvalue Not disinfected C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.bho
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\SYSTEM32\Process.exe


Sorry for the delay,

Vince

#10 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 09 November 2007 - 03:49 PM

The following file can be deleted: C:\keys.ini
Then please let me know how things seem to be running now.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#11 vinmart

vinmart
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:17 PM

Posted 12 November 2007 - 07:50 PM

How do i delete it. I can't find it. Panda doesn't let me .................. I don't know what to do

#12 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 13 November 2007 - 03:22 PM

Okay, nevermind. It has gone by itself.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#13 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 07 December 2007 - 03:06 PM

Due to lack of feedback, this topic is now closed.
If you need this topic reopened, please request this by sending me a Personal Message including a link to your thread.
This applies only to the original topic starter. Everyone else please begin a New Topic.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users