We had been experiencing strange redirects and mistyping in Firefox....didn't think much of it. Then on startup blue XP toolbar turned to gray and all windows have old win98-looking theme. The service status is always Stopped in the Themes Properties. I can start service, but on every restart--which does take longer than normal--it is stopped once again. But this is the least of my problems...
Because soon I was shocked to find that Trend Micro PCillin 14 had an unknown computer on network and Webmail Scan, Anti spam, Website filter, and Wi-Fi Intrusion Detection had all been turned off!!!
This really scares me because TM gave no notificaiton, we keep it regularly updated, if i hadn't poked around I wouldn't have even noticed that! I was able to turn these settings back on, but certainly still don't feel safe.
The past couple days I've run multiple TFC, Malwarebytes, SmitfraudFix, did a restore back a week, backed up and deleted most of my files, ran Trend Micro scans--but the only thing to ever turn up was a Hijack.Wallpaper that Malwarebytes found early on. Most of the time nothing turns up. I keep internet traffic halted all the time if its not in safe mode.
Thanks in advance for helping sort this out. I don't even know how to categorize what the problem might be, since there's no specific issue that these programs can identify. I still have the gray toolbar, but Firefox sort of still works and has normal blue bar at top.
Here are the most recent logs and thanks again!
Matt
MBAM:
Malwarebytes' Anti-Malware 1.42
Database version: 3435
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 7.0.5730.13
5/25/2010 2:17:22 PM
mbam-log-2010-05-25 (14-17-22).txt
Scan type: Quick Scan
Objects scanned: 114401
Time elapsed: 10 minute(s), 24 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
GMER
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-25 16:51:22
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\CYNTHI~1\LOCALS~1\Temp\fxtdqpob.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs tmpreflt.sys (Pre-Filter For XP/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
Device \FileSystem\Fastfat \Fat B39E9D20
Device \FileSystem\Fastfat \Fat B3A01631
AttachedDevice \FileSystem\Fastfat \Fat tmpreflt.sys (Pre-Filter For XP/Trend Micro Inc.)
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)
---- EOF - GMER 1.0.15 ----
OTL (note: I copy and pasted in the custom scan but only got 1 txt file as result.)
OTL logfile created on: 5/25/2010 4:56:27 PM - Run 3
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Cynthia Robertson\Desktop\2 FIX VIRUSES
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.46 Gb Total Space | 121.24 Gb Free Space | 84.51% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: CINDY
Current User Name: Cynthia Robertson
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2009/12/26 22:39:37 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cynthia Robertson\Desktop\2 FIX VIRUSES\OTL.exe
PRC - [2008/08/13 18:32:40 | 00,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/08/13 18:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/05/19 16:17:14 | 01,475,936 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 14\PcCtlCom.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/19 02:15:38 | 00,106,496 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
PRC - [2008/02/19 02:13:28 | 00,438,272 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
PRC - [2007/11/08 21:19:18 | 00,345,696 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 14\Tmntsrv.exe
PRC - [2007/09/07 11:40:34 | 00,132,392 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
PRC - [2007/09/07 11:40:04 | 01,373,480 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Wacom_Tablet.exe
PRC - [2007/07/10 00:21:56 | 00,851,968 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2007/07/10 00:03:06 | 00,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2007/07/03 15:57:38 | 01,228,800 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/06/06 17:35:02 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2007/05/09 16:59:48 | 00,020,480 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE
PRC - [2007/05/09 16:59:46 | 01,392,640 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\WLTRAY.EXE
PRC - [2007/05/09 16:59:38 | 01,253,376 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\BCMWLTRY.EXE
PRC - [2007/04/16 18:10:26 | 00,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/03/15 14:09:36 | 00,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2006/11/21 14:02:24 | 01,807,960 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
PRC - [2006/11/09 16:04:02 | 00,566,872 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 14\tmproxy.exe
PRC - [2006/11/09 16:03:42 | 00,923,216 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 14\TmPfw.exe
PRC - [2006/11/05 13:22:16 | 00,221,184 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2006/11/05 12:55:48 | 00,010,752 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
PRC - [2006/11/03 20:02:14 | 00,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2006/11/02 16:05:50 | 00,282,624 | ---- | M] (Knowles Acoustics) -- C:\WINDOWS\system32\KADxMain.exe
PRC - [2006/10/03 13:37:04 | 00,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2006/08/17 11:00:00 | 01,116,920 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
PRC - [2006/08/04 18:15:28 | 00,321,040 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe
PRC - [2004/11/17 16:48:40 | 00,090,112 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2003/11/12 03:05:00 | 00,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
PRC - [2003/02/14 04:08:00 | 00,099,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S10IC2.EXE
========== Modules (SafeList) ==========
MOD - [2009/12/26 22:39:37 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cynthia Robertson\Desktop\2 FIX VIRUSES\OTL.exe
MOD - [2007/07/03 15:56:56 | 00,098,304 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll
Edited by mjr, 26 May 2010 - 12:57 AM.