Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

please delete topic--went for full reinstall

Started by mjr , May 25 2010 05:27 PM

  • Please log in to reply

#1
mjr
Posted 25 May 2010 - 05:27 PM

mjr

    New Member

  • Member
  • Pip
  • 2 posts
Hi,

We had been experiencing strange redirects and mistyping in Firefox....didn't think much of it. Then on startup blue XP toolbar turned to gray and all windows have old win98-looking theme. The service status is always Stopped in the Themes Properties. I can start service, but on every restart--which does take longer than normal--it is stopped once again. But this is the least of my problems...

Because soon I was shocked to find that Trend Micro PCillin 14 had an unknown computer on network and Webmail Scan, Anti spam, Website filter, and Wi-Fi Intrusion Detection had all been turned off!!!

This really scares me because TM gave no notificaiton, we keep it regularly updated, if i hadn't poked around I wouldn't have even noticed that! I was able to turn these settings back on, but certainly still don't feel safe.


The past couple days I've run multiple TFC, Malwarebytes, SmitfraudFix, did a restore back a week, backed up and deleted most of my files, ran Trend Micro scans--but the only thing to ever turn up was a Hijack.Wallpaper that Malwarebytes found early on. Most of the time nothing turns up. I keep internet traffic halted all the time if its not in safe mode.

Thanks in advance for helping sort this out. I don't even know how to categorize what the problem might be, since there's no specific issue that these programs can identify. I still have the gray toolbar, but Firefox sort of still works and has normal blue bar at top.

Here are the most recent logs and thanks again!
Matt





MBAM:

Malwarebytes' Anti-Malware 1.42
Database version: 3435
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 7.0.5730.13

5/25/2010 2:17:22 PM
mbam-log-2010-05-25 (14-17-22).txt

Scan type: Quick Scan
Objects scanned: 114401
Time elapsed: 10 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



GMER

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-25 16:51:22
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\CYNTHI~1\LOCALS~1\Temp\fxtdqpob.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs tmpreflt.sys (Pre-Filter For XP/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

Device \FileSystem\Fastfat \Fat B39E9D20
Device \FileSystem\Fastfat \Fat B3A01631

AttachedDevice \FileSystem\Fastfat \Fat tmpreflt.sys (Pre-Filter For XP/Trend Micro Inc.)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)

---- EOF - GMER 1.0.15 ----




OTL (note: I copy and pasted in the custom scan but only got 1 txt file as result.)

OTL logfile created on: 5/25/2010 4:56:27 PM - Run 3
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Cynthia Robertson\Desktop\2 FIX VIRUSES
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.46 Gb Total Space | 121.24 Gb Free Space | 84.51% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CINDY
Current User Name: Cynthia Robertson
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/26 22:39:37 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cynthia Robertson\Desktop\2 FIX VIRUSES\OTL.exe
PRC - [2008/08/13 18:32:40 | 00,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/08/13 18:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/05/19 16:17:14 | 01,475,936 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 14\PcCtlCom.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/19 02:15:38 | 00,106,496 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
PRC - [2008/02/19 02:13:28 | 00,438,272 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
PRC - [2007/11/08 21:19:18 | 00,345,696 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 14\Tmntsrv.exe
PRC - [2007/09/07 11:40:34 | 00,132,392 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
PRC - [2007/09/07 11:40:04 | 01,373,480 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Wacom_Tablet.exe
PRC - [2007/07/10 00:21:56 | 00,851,968 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2007/07/10 00:03:06 | 00,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2007/07/03 15:57:38 | 01,228,800 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/06/06 17:35:02 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2007/05/09 16:59:48 | 00,020,480 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE
PRC - [2007/05/09 16:59:46 | 01,392,640 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\WLTRAY.EXE
PRC - [2007/05/09 16:59:38 | 01,253,376 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\BCMWLTRY.EXE
PRC - [2007/04/16 18:10:26 | 00,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/03/15 14:09:36 | 00,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2006/11/21 14:02:24 | 01,807,960 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
PRC - [2006/11/09 16:04:02 | 00,566,872 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 14\tmproxy.exe
PRC - [2006/11/09 16:03:42 | 00,923,216 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 14\TmPfw.exe
PRC - [2006/11/05 13:22:16 | 00,221,184 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2006/11/05 12:55:48 | 00,010,752 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
PRC - [2006/11/03 20:02:14 | 00,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2006/11/02 16:05:50 | 00,282,624 | ---- | M] (Knowles Acoustics) -- C:\WINDOWS\system32\KADxMain.exe
PRC - [2006/10/03 13:37:04 | 00,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2006/08/17 11:00:00 | 01,116,920 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
PRC - [2006/08/04 18:15:28 | 00,321,040 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe
PRC - [2004/11/17 16:48:40 | 00,090,112 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2003/11/12 03:05:00 | 00,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
PRC - [2003/02/14 04:08:00 | 00,099,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S10IC2.EXE


========== Modules (SafeList) ==========

MOD - [2009/12/26 22:39:37 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cynthia Robertson\Desktop\2 FIX VIRUSES\OTL.exe
MOD - [2007/07/03 15:56:56 | 00,098,304 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll

Edited by mjr, 26 May 2010 - 12:57 AM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP