Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Can't reach Trend Micro for update, slow internet

Started by Techchica , Nov 19 2009 04:55 PM

  • Please log in to reply

#1
Techchica
Posted 19 November 2009 - 04:55 PM

Techchica

    Member

  • Member
  • PipPip
  • 14 posts
[font="Century Gothic"]Cannot reach Trend Micro for Update, get the error that it cannot connect, check proxy etc.
This is a home PC so not using a proxy server, have disabled Firewalls, have made sure web sites are not blocked, cleared cache, tried to run Trend Micro scan thru DOS and shows no infections. Cannot even get onto Trend Micro's website, internet is now very slow-sites only appear correctly if I use HTTPS vs HTTP.
Reverted back to Firefox 3 instead of 3.5, also get the same errors on IE.

Ran Combofix and Malwarebytes, tried to use Kaspersky online scan, but it shuts down the internet while trying to do an update so I haven't gotten as far to actually do a scan. Also note when I tried to install recovery console thru Combofix the download failed.

Here are the logs:

ComboFix 09-11-18.07 - Administrator 11/19/2009 5:16.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.308 [GMT -6:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Trend Micro Internet Security Pro *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro Personal Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-1708537768-602609370-725345543-500
c:\recycler\S-1-5-21-2365496819-4166413638-1067580280-500
E:\Autorun.inf

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe

.
((((((((((((((((((((((((( Files Created from 2009-10-19 to 2009-11-19 )))))))))))))))))))))))))))))))
.

2009-11-19 11:35 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-11-19 11:35 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2009-11-19 08:16 . 2009-11-19 08:16 -------- d-----w- c:\documents and settings\Administrator\Application Data\MSNInstaller
2009-11-19 08:12 . 2009-11-19 08:12 -------- d-----w- c:\windows\LastGood
2009-11-19 07:28 . 2009-11-19 07:28 -------- d-----w- c:\documents and settings\Administrator\log
2009-11-19 07:20 . 2009-11-19 10:38 77824 ----a-w- c:\windows\system32\kdfapi.dll
2009-11-19 07:20 . 2009-11-19 10:38 53248 ----a-w- c:\windows\system32\Kdfhok.dll
2009-11-19 07:20 . 2009-11-19 10:38 387288 ----a-w- c:\windows\system32\kdfmgr.exe
2009-11-19 07:20 . 2009-11-19 10:38 192512 ----a-w- c:\windows\system32\kdfvmgr.exe
2009-11-19 07:20 . 2009-11-19 07:20 475872 ----a-w- c:\windows\system32\kdfinj.dll
2009-11-19 07:20 . 2009-11-19 07:20 -------- d-----w- c:\windows\kdefense
2009-11-19 03:52 . 2009-11-19 04:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-19 03:52 . 2009-11-19 03:57 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-19 01:47 . 2009-11-19 01:47 -------- d-----w- c:\windows\system32\scripting
2009-11-19 01:47 . 2009-11-19 01:47 -------- d-----w- c:\windows\system32\en
2009-11-19 01:47 . 2009-11-19 01:47 -------- d-----w- c:\windows\system32\bits
2009-11-19 01:15 . 2009-11-19 01:15 -------- d-----w- c:\windows\LocalSSL
2009-11-19 01:14 . 2009-11-19 00:35 50192 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2009-11-19 01:14 . 2009-11-19 00:35 150032 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-11-19 01:14 . 2009-11-19 00:35 50192 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2009-11-19 01:12 . 2009-11-19 01:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Trend Micro
2009-11-19 01:12 . 2009-11-19 01:14 -------- d-----w- c:\program files\Trend Micro
2009-11-19 00:35 . 2009-11-19 00:35 1195512 ----a-w- c:\windows\system32\drivers\vsapint.sys
2009-11-19 00:35 . 2009-11-19 00:35 80400 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2009-11-19 00:35 . 2009-11-19 00:35 36368 ----a-w- c:\windows\system32\drivers\tmpreflt.sys
2009-11-19 00:35 . 2009-11-19 00:35 335376 ----a-w- c:\windows\system32\drivers\TM_CFW.sys
2009-11-19 00:35 . 2009-11-19 00:35 205328 ----a-w- c:\windows\system32\drivers\tmxpflt.sys
2009-11-18 22:21 . 2008-10-21 19:59 46456 ----a-r- c:\windows\system32\exitwx.exe
2009-11-18 21:56 . 2009-11-18 21:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-18 10:16 . 2009-11-18 10:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-18 08:53 . 2009-11-18 08:53 -------- d-----w- c:\windows\system32\wbem\Repository
2009-11-08 10:44 . 2009-11-08 10:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\InterVideo
2009-11-05 11:46 . 2009-11-05 11:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\Sonic
2009-11-03 09:00 . 2009-11-03 09:00 -------- d-----w- c:\program files\MSXML 6.0
2009-11-03 05:12 . 2009-11-03 05:29 -------- d-----w- c:\documents and settings\Administrator\.housecall6.6
2009-11-03 00:36 . 2009-11-19 01:47 -------- d-----w- c:\windows\l2schemas
2009-11-03 00:35 . 2008-04-14 00:12 69120 ----a-w- c:\windows\system32\wlanapi.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-19 11:37 . 2009-08-20 01:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype
2009-11-19 07:34 . 2009-08-20 01:59 -------- d-----w- c:\documents and settings\Administrator\Application Data\skypePM
2009-11-19 01:51 . 2004-08-07 13:12 91823 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-11-11 23:21 . 2009-08-20 01:49 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-11-11 23:21 . 2009-08-20 01:49 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2009-11-03 01:24 . 2007-01-02 02:46 -------- d-----w- c:\program files\Google
2009-10-19 01:15 . 2006-08-18 08:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-25 05:37 . 2004-08-04 08:00 667136 ----a-w- c:\windows\system32\wininet.dll
2009-09-25 05:37 . 2004-08-04 08:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-11 14:18 . 2004-08-04 08:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-04 08:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-28 01:42 . 2009-08-28 01:42 124240 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\06ED42BE6F4547CA8A0F980D12F891AE\SkypeXtrsbridg.dll
2009-08-26 08:00 . 2004-08-04 08:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2008-09-06 01:39 . 2008-09-06 01:39 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-15 68856]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]
"OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2009-11-19 492808]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PTHOSTTR"="c:\program files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2006-02-14 122880]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 454656]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2005-11-08 184320]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-10 761945]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 49263]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-02-15 892928]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-01-23 802816]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-02 131072]
"Ovt Wia"="c:\windows\OV550EM.exe" [2008-01-28 36864]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-06-28 270648]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-06 29744]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-31 122940]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-02-22 40960]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-10-10 203264]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-11-19 995528]
"MsmqIntCert"="mqrt.dll" - c:\windows\system32\mqrt.dll [2009-06-25 177152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2009-11-19 492808]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
2WireSetup.lnk - c:\program files\2Wire\WebWorks.exe [2007-4-12 638976]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2007-1-1 184320]
HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
HP Image Zone Fast Start.lnk - c:\program files\Hp\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Trend Micro\\BM\\TMBMSRV.exe"=
"c:\\Program Files\\Trend Micro\\Internet Security\\UfSeAgnt.exe"=
"c:\\Program Files\\Mozilla Firefox\\updater.exe"=
"c:\\Program Files\\Adobe\\Photoshop Elements 7.0\\Photoshop Elements 7.0.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Trend Micro\\Internet Security\\TmPfw.exe"=
"c:\\Program Files\\Trend Micro\\Internet Security\\TisScan.exe"=
"c:\\Program Files\\Trend Micro\\TrendSecure\\TSCFCommander.exe"=
"c:\\Program Files\\Trend Micro\\TrendSecure\\TSCFCmdrLauncher.exe"=
"c:\\Program Files\\Trend Micro\\TrendSecure\\ActiveUpdate\\patch.exe"=
"c:\\Program Files\\Trend Micro\\Internet Security\\SfCtlCom.exe"=
"c:\\Program Files\\Trend Micro\\Internet Security\\TISPthTl.exe"=

R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [9/16/2008 11:03 AM 169312]
R2 Security Activity Dashboard Service;Security Activity Dashboard Service;c:\program files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe [11/18/2009 7:15 PM 181584]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [11/18/2009 7:14 PM 50192]
R2 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [11/18/2009 7:14 PM 497008]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [11/18/2009 6:35 PM 36368]
R2 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [11/18/2009 7:14 PM 677128]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [11/18/2009 6:35 PM 335376]
S3 APL531;CRS Photo Scanner;c:\windows\system32\drivers\ov550i.sys [1/28/2008 7:53 AM 580992]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2/4/2007 1:51 PM 29744]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*NewlyCreated* - PROCEXP113
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Contents of the 'Scheduled Tasks' folder

2009-11-19 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-06 03:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ptej65z2.default\
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Trend Micro\TrendSecure\TISProToolbar\FirefoxExtension\components\FFTMUFEHelper.dll
FF - component: c:\program files\Trend Micro\TrendSecure\TISProToolbar\FirefoxExtension\components\FFToolbarComm.dll
FF - plugin: c:\documents and settings\Administrator\Application Data\Move Networks\plugins\npqmp071504000001.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJPI150_10.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-McENUI - c:\progra~1\McAfee\MHN\McENUI.exe
HKLM-Run-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe
HKLM-Run-McAfee Backup - c:\program files\McAfee\MBK\McAfeeDataBackup.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-{F46BF5EA-0B4E-4A41-8C4B-3B127346E30F} - c:\documents and settings\Administrator\Local Settings\Application Data\{F9ABF6FF-B068-4877-9373-3B5353A65A36}\NBCDirectInstaller.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-19 05:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ???(T??????(?@???????@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4127520727-2500884696-2601050156-500\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2009-11-19 05:41
ComboFix-quarantined-files.txt 2009-11-19 11:41

Pre-Run: 76,839,051,264 bytes free
Post-Run: 76,706,545,664 bytes free

- - End Of File - - 6D117E87F3827BCA7C1F1DB507576B49


Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 3

11/19/2009 4:03:16 PM
mbam-log-2009-11-19 (16-03-16).txt

Scan type: Quick Scan
Objects scanned: 95705
Time elapsed: 3 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP