Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Have Sober Worm Need Help [RESOLVED]


  • This topic is locked This topic is locked

#1
WilliamA

WilliamA

    New Member

  • Member
  • Pip
  • 9 posts
I have Trend Micro Security and it found the Sober worm but could not quarentine it so any help would be appreciated i've followed the instructions posted on a similar topic and have saved a Hijack this log as well. Thanks for the help!!!
  • 0

Advertisements


#2
WilliamA

WilliamA

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Thanks for your help! I really appreciate you people who come home from work and help random people in your sparetime. It really means a lot to me.

Logfile of HijackThis v1.99.1
Scan saved at 8:29:03 PM, on 5/24/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCMAIN.EXE
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\YHWNQT25\HijackThis[1].exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccLog.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PTP Manager.lnk = C:\Program Files\PIXELA\PTP Manager\PixePtpManager.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

Edited by WilliamA, 28 May 2005 - 01:50 PM.

  • 0

#3
alsocom

alsocom

    Visiting Staff

  • Member
  • PipPip
  • 80 posts
Hello WilliamA and welcome to G2G. :tazz:

Move HijackThis to Permanent Folder:
You are running HijackThis from a Temp directory. These are cleaned up on a regular basis thus the program will be removed.
  • Go to Start > My Computer > and double click on C:.
  • Now right click an open area and click New > folder and change the folder name to HJT.
  • Move HijackThis from the Temp folder into this new folder.
Download and run Stinger
  • Download Stinger and save it to your desktop.
  • Reboot into safe mode (tap F8 during bootup, use arrow keys to select Safe Mode, then hit 'enter').
  • Double-click on s-t-i-n-g-e-r.exe to open the tool.
  • Choose your entire hard drive to scan.
  • Choose Scan Now.
  • Stinger will fix anything that it finds.
Run at least two of the following online virus scans making sure to reboot in between each one. Allow them to fix anything they find.You need to use Internet Explorer or Netscape browsers.
Bitdefender
Pandasoftware
Trend Micro << Click Auto Clean
Symantec Security Check << click scan for viruses
RAV Online Virus Scanner << Enter your e-mail address and click on To continue without subscribing
McAfee
Write down anything that can not be fixed. Include the file name and the path to the file.


Scan with HijackThis and post the new log as a reply to this thread. Include anything that can not be fixed by the online scans.
  • 0

#4
WilliamA

WilliamA

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Thank you very much I can't express how much relief I'm feeling just from starting the scan, because this worm has seriously interfered with my online gaming so thank you very much!!!!!!!!!
  • 0

#5
WilliamA

WilliamA

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
I let stinger scan and when it was finished it didn't say anything about infected files being fixed. Does that mean that it couldn't find any infected files?
  • 0

#6
alsocom

alsocom

    Visiting Staff

  • Member
  • PipPip
  • 80 posts
Did the online scans turn up anything or is Trend Micro still finding it?
  • 0

#7
WilliamA

WilliamA

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
I ran Trend house call and it didn't find anything. I also have symantec and when it updates its virus codes or whatever it does after it tells me that the quarentined files cannot be fixed with the update Trend Micro necer fails to pop up saying its found a Trojan.akf or smallakf in the Temp folder.
  • 0

#8
alsocom

alsocom

    Visiting Staff

  • Member
  • PipPip
  • 80 posts
You stated that you are using more than one antivirus program. This is very dangerous, as multiple AVs can interfere with one another and actually allow MORE viruses to get through. I strongly suggest you do one of the following :
(1) configure only one antivirus program to enable automatic realtime scanning, and leave the rest disabled most of the time
(2) go to Start -> Control Panel -> Add/Remove Programs and uninstall all but one antivirus program.


Download CCleaner from here to clean temp files from your computer.
  • Double click on the file to start the installation of the program.
  • Select your language and click OK, then next.
  • Read the license agreement and click I Agree.
  • Click next to use the default install location. Click Install then finish to complete installation.
  • Double click the CCleaner shortcut on the desktop to start the program.
  • Click Options < Advanced and uncheck "Only delete files in Windows Temp folders older than 48 hours".
  • Click Run Cleaner to run the program.
  • After it has completed it's process, click Exit.
Caution : It is not recommended to use the 'Issues' tab as it is known to find legitimate items.


Click here to download mwavscan.
  • Double-click it to run it.
  • Read then accept the agreement.
  • Check Drive, and select all local drives, scan all files, then press 'scan'. (This may take a while and will not fix anything)
  • Once it finds something, it will prompt you so click OK.
  • When it is completed, anything found will be displayed in the lower pane.
  • Highlight it, copy it (CTRL+C), and paste (CTRL+V) it in your next reply.
Scan with HijackThis and post the new log as a reply to this thread. Include the results of the mwavscan log.
  • 0

#9
WilliamA

WilliamA

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Object "ameopt Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "AltNet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINNT\Downloaded Program Files\AdManCtlX.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\REGOBJ.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\spool\DRIVERS\W32X86\LXBFDR5C.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\spool\DRIVERS\W32X86\LXBFUN5C.EXE". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\spool\DRIVERS\W32X86\LXBFUNRS.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\spool\DRIVERS\W32X86\LXBFFC5C.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\spool\DRIVERS\W32X86\LXBFICUR.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\spool\DRIVERS\W32X86\LXBFCLR1.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\spool\DRIVERS\W32X86\LXBFCLR2.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\spool\DRIVERS\W32X86\LXBFCLR3.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\spool\DRIVERS\W32X86\LXBFCLR4.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\spool\DRIVERS\W32X86\LXBFUI5C.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\spool\DRIVERS\W32X86\LXBFSTRN.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\spool\DRIVERS\W32X86\LXBFDRV.HLP". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\spool\DRIVERS\W32X86\LXBFLPA.HLP". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\spool\DRIVERS\W32X86\LXBFDRV.CNT". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\spool\DRIVERS\W32X86\LXBFLPA.CNT". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\spool\DRIVERS\W32X86\LXBFMA.CNT". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\spool\DRIVERS\W32X86\CONTACT.HTM". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\spool\DRIVERS\W32X86\LXBFJSWX.EXE". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\spool\DRIVERS\W32X86\LXBFPSWX.EXE". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\spool\DRIVERS\W32X86\LXBFJSW.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\spool\DRIVERS\W32X86\LXBFJSWR.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\spool\DRIVERS\W32X86\LXBFLPA.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\spool\DRIVERS\W32X86\LXBFLPAR.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\spool\DRIVERS\W32X86\LXBFPRP.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\spool\DRIVERS\W32X86\LXBFPRPR.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\spool\DRIVERS\W32X86\LXBFPSW.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\spool\DRIVERS\W32X86\LXBFPSWR.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\spool\DRIVERS\W32X86\LXBFUTIL.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\spool\DRIVERS\W32X86\LXBFUPD.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\spool\DRIVERS\W32X86\LXBFUPDR.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\spool\DRIVERS\W32X86\LXBFPP5C.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\spool\DRIVERS\W32X86\LEXEDF.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\spool\DRIVERS\W32X86\lexgo.EXE". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\spool\DRIVERS\W32X86\LXBFAUAL.OUT". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\spool\DRIVERS\W32X86\LXBFCLN.OUT". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\spool\DRIVERS\W32X86\LXBFALGN.OUT". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\spool\DRIVERS\W32X86\lxbfmcal.out". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\spool\DRIVERS\W32X86\lxbfsply.htm". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\spool\DRIVERS\W32X86\lxbflegl.htm". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\spool\DRIVERS\W32X86\lxbfsk0.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\spool\DRIVERS\W32X86\lxbfsk1.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\spool\DRIVERS\W32X86\lxbfsk2.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\spool\DRIVERS\W32X86\license.txt". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\spool\DRIVERS\W32X86\lexwww.htm". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\spool\DRIVERS\W32X86\ptzipw32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\spool\DRIVERS\W32X86\WAVS.EXE". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\spool\DRIVERS\W32X86\LXBFGF.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\spool\DRIVERS\W32X86\lxbfrme.doc". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\spool\DRIVERS\W32X86\lxbfweb.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\spool\DRIVERS\W32X86\HLP256.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\spool\DRIVERS\W32X86\LEXBCE.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\spool\DRIVERS\W32X86\LEXBCES.EXE". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\spool\DRIVERS\W32X86\lexlmpm.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\spool\DRIVERS\W32X86\LEXPPS.EXE". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\spool\DRIVERS\W32X86\LEXP2P32.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\spool\DRIVERS\W32X86\LEX2KUSB.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\spool\DRIVERS\W32X86\lxbfcomm.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\spool\DRIVERS\W32X86\lxbfw2k.ini". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\spool\DRIVERS\W32X86\lexdrvin.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\spool\DRIVERS\W32X86\lxbfver.web". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\spool\DRIVERS\W32X86\lxbfpwr.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\spool\DRIVERS\W32X86\LXBFPMNT.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\spool\DRIVERS\W32X86\LXBFLCNT.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\spool\DRIVERS\W32X86\LXBFLCNP.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\spool\DRIVERS\W32X86\LXBFLSNT.EXE". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\spool\DRIVERS\W32X86\LXBFIH.EXE". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\spool\DRIVERS\W32X86\LXBF.LOC". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\spool\DRIVERS\W32X86\LXBFCFG.EXE". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\spool\DRIVERS\W32X86\LXBFCU.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\spool\DRIVERS\W32X86\LXBFCUR.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\spool\DRIVERS\W32X86\LEXPING.EXE". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\spool\DRIVERS\W32X86\INSTMON.EXE". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\spool\DRIVERS\W32X86\lxbfcoin.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\spool\DRIVERS\W32X86\lxbfcoin.ini". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\spool\DRIVERS\W32X86\lxbfcinf.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\spool\DRIVERS\W32X86\lxbfvs.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\Downloaded Program Files\AdManCtlX.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_ISTMP1.DIR\_ISTMP0.DIR\FileGrp\drivers\UdfReadr.sys". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\DOCUME~1\Guest\LOCALS~1\Temp\_ISTMP1.DIR\_ISTMP0.DIR\FileGrp\Msvcrt10.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\DOCUME~1\Guest\LOCALS~1\Temp\_ISTMP1.DIR\_ISTMP0.DIR\FileGrp\MSVCP60.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Adobe\TypeSpt\MojiKumi\Photoshop6MojiKumi". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{00020D05-0000-0000-C000-000000000046}" refers to invalid object "outex.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{00021120-0000-0000-C000-000000000046}" refers to invalid object "C:\Program Files\Microsoft Office\Office\1033\fvfxs.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{00FAE562-DACA-11D6-AD30-0050DAD88A02}" refers to invalid object "C:\Program Files\Kodak\Kodak Easyshare Software\bin\Escom.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{00FAE568-DACA-11D6-AD30-0050DAD88A02}" refers to invalid object "C:\Program Files\Kodak\Kodak Easyshare Software\bin\Escom.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{08CE60DE-D425-11D3-891E-00104B9876B8}" refers to invalid object "C:\WINNT\system32\KODAKO~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{09101CAF-D527-11D6-AD30-0050DAD88A02}" refers to invalid object "C:\Program Files\Kodak\Kodak Easyshare Software\bin\Escom.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{09101CB7-D527-11D6-AD30-0050DAD88A02}" refers to invalid object "C:\Program Files\Kodak\Kodak Easyshare Software\bin\Escom.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{09101CBA-D527-11D6-AD30-0050DAD88A02}" refers to invalid object "C:\Program Files\Kodak\Kodak Easyshare Software\bin\Escom.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{09101CBE-D527-11D6-AD30-0050DAD88A02}" refers to invalid object "C:\Program Files\Kodak\Kodak Easyshare Software\bin\Escom.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0B6DC6EE-C4FD-11d1-819A-00C04FB69B4D}" refers to invalid object "C:\Program Files\Common Files\Adobe\Shell\PSICON.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0C5B0CED-206B-4c39-B615-0EB23C824612}" refers to invalid object "C:\Program Files\Common Files\Adobe\Shell\AIIcon.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1EFD6A40-3999-11CF-9150-00AA0059F70D}" refers to invalid object "E:\PROGRAM\32\mci32.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1FD8D838-74A9-4DF8-936F-0D87ED49AD3C}" refers to invalid object "C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\frcom-7288971.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2A426D47-51C3-4A79-B064-95FD87DAB5D1}" refers to invalid object "C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\frcom-7288971.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{341EE246-3B05-4C23-B21A-17F2D4831FC0}" refers to invalid object "C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\frext-7288971.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3775D2E0-7C5D-11CF-899E-00AA00688B10}" refers to invalid object "E:\PROGRAM\32\mci32.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3A091B81-8FAF-4B7D-85C7-7CB5D3FDD479}" refers to invalid object "C:\Program Files\Kodak\Kodak Easyshare Software\bin\Escom.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{45137563-F598-4574-A987-A25867AB7068}" refers to invalid object "C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\bwclext.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5F3E04C3-4612-11D0-A113-00A024B50363}" refers to invalid object "C:\PROGRA~1\COMMON~1\IRAREG.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5F3E04C4-4612-11D0-A113-00A024B50363}" refers to invalid object "C:\PROGRA~1\COMMON~1\IRAMDMTR.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5F3E04C6-4612-11D0-A113-00A024B50363}" refers to invalid object "C:\PROGRA~1\COMMON~1\IRAREG.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6100E360-BB4A-4025-95FB-69CA629E4180}" refers to invalid object "C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\vbfrext-7288971.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{649D583D-3401-11D1-8C47-0080C7C43E7F}" refers to invalid object "C:\Program Files\Microsoft Office\Office\1033\wfxrstrz.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{83730EE4-6C46-11CF-A524-0080C77A7786}" refers to invalid object "C:\WINNT\system32\MSMask32.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8DBFE843-D7DF-4cfc-B62C-05A6899139E2}" refers to invalid object "C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\BWTargetInf.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{99180163-DA16-101A-935C-444553540000}" refers to invalid object "recncl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A4845882-333F-11D0-B724-00AA0062CBB7}" refers to invalid object "C:\WINNT\system32\WBEM\WBEMSTUB.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{AB481080-796C-11D0-A113-00A024B50363}" refers to invalid object "C:\PROGRA~1\COMMON~1\IRAABOUT.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B0693766-5278-4ec6-B9E1-3CE40560EF5A}" refers to invalid object "CaPlgin.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}" refers to invalid object "C:\Program Files\WinRAR\rarext.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B6722BAB-2AD2-11D2-9D63-0040D000BD9D}" refers to invalid object "C:\PROGRA~1\Adaptec\Shared\CDGuide\CDGuide.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B6722BAC-2AD2-11D2-9D63-0040D000BD9D}" refers to invalid object "C:\PROGRA~1\Adaptec\Shared\CDGuide\CDGuide.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BB7CDE7C-5FB0-46E5-A3F4-EF118FACE08B}" refers to invalid object "C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\BWfiles-7288971.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C1172D01-751C-11D0-B6CF-00A024BF23EF}" refers to invalid object "C:\PROGRA~1\COMMON~1\IRASRIAL.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C1A8AF25-1257-101B-8FB0-0020AF039CA3}" refers to invalid object "E:\PROGRAM\32\mci32.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C932BA85-4374-101B-A56C-00AA003668DC}" refers to invalid object "C:\WINNT\system32\MSMask32.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{CAEF9D56-0816-4984-BE91-B1B2ED801BE5}" refers to invalid object "C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\BWCHelpr-7288971.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{CCDD9080-8100-11D0-B6CF-00A024BF23EF}" refers to invalid object "C:\PROGRA~1\COMMON~1\IRALPTTR.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{CF6067D7-D10C-4767-B04C-148E6EBB1574}" refers to invalid object "C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\BWfiles-7288971.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{DA6A85E0-05C7-11D1-B243-006097CAD7E2}" refers to invalid object "C:\PROGRA~1\COMMON~1\IRAABOUT.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E07D3492-32B5-11D0-B724-00AA0062CBB7}" refers to invalid object "C:\WINNT\system32\WBEM\WBEMSTUB.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E5B42981-67DC-11D0-8547-00A0240B50F0}" refers to invalid object "C:\PROGRA~1\COMMON~1\IRAWEBTR.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E8D83F00-CD78-11D0-B4D3-00A024BF23EF}" refers to invalid object "C:\PROGRA~1\COMMON~1\IRAABOUT.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{FB99C991-C5B4-11D1-AFFA-00A024E9CDB2}" refers to invalid object "C:\Program Files\Adaptec\Shared\ECDC Engine\acmwrapperserver.dll". Action Taken: No Action Taken.
Entry "HKCR\ComPlusMetaData.MsCorHost" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
Entry "HKCR\ComPlusMetaData.MsCorHost.2" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
Entry "HKCR\DAIE.DownloadAcceleratorIE" refers to invalid object "{5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E}". Action Taken: No Action Taken.
Entry "HKCR\DAIE.DownloadAcceleratorIE.1" refers to invalid object "{5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E}". Action Taken: No Action Taken.
Entry "HKCR\ImageReady.Application.1" refers to invalid object "{52F2F130-2BC5-11D2-8FB7-000000000000}". Action Taken: No Action Taken.
Entry "HKCR\ITIR.ThumbnailDiskCache" refers to invalid object "{FFC72616-8CB9-45B0-24DB-42F34AC30957}". Action Taken: No Action Taken.
Entry "HKCR\RegObj.Registry" refers to invalid object "{C55A1680-CD5A-11CF-8D29-444553540000}". Action Taken: No Action Taken.
Entry "HKCR\RegObj.Registry.1" refers to invalid object "{C55A1680-CD5A-11CF-8D29-444553540000}". Action Taken: No Action Taken.
Entry "HKCR\SearchRelevant" refers to invalid object "{1D7E3B41-23CE-469B-BE1B-A64B877923E1}". Action Taken: No Action Taken.
Entry "HKCR\SymWriter.pdb" refers to invalid object "{520DC67A-752E-11D3-8D56-00C04F680B2B}". Action Taken: No Action Taken.
File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\temp.frE70F\actalert.exe infected by "Trojan-Downloader.Win32.Dyfuca.dp" Virus! Action Taken: No Action Taken.
  • 0

#10
alsocom

alsocom

    Visiting Staff

  • Member
  • PipPip
  • 80 posts
I only see one bad file to fix from that scan. The rest of the items are orphaned registry entries.


Click on this link http://www.downloads...org/KillBox.zip to download Pocket Killbox by Option^Explicit. Extract it from the zip file then double-click on Killbox.exe to run it.
In the 'Paste Full Path of File to Delete' box, copy and paste this entry:
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\temp.frE70F\actalert.exe


Check the option for "Delete on Reboot". Click the button with the red circle with a white X in it. Click 'yes'. When asked to reboot choose 'yes'.
If you get a "PendingFileRenameOperations Registry Data has been Removed by External Process!" message then just restart manually.

After the computer reboots, delete the following folder:

C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\Temp\temp.frE70F

Scan with HijackThis and post a new log as a reply to this thread.
  • 0

#11
WilliamA

WilliamA

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Logfile of HijackThis v1.99.1
Scan saved at 9:05:51 PM, on 6/9/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\TDS3\TDS-3.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINNT\msagent\AgentSvr.exe
C:\Documents and Settings\Administrator\Desktop\HJT\HijackThis.exe

O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TDS3] C:\Program Files\TDS3\TDS-3.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PTP Manager.lnk = C:\Program Files\PIXELA\PTP Manager\PixePtpManager.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
  • 0

#12
alsocom

alsocom

    Visiting Staff

  • Member
  • PipPip
  • 80 posts
Log looks good.

How is the computer behaving now?
  • 0

#13
WilliamA

WilliamA

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
It's performing pretty well the only thing still bothering me is my online game play is still getting tied up and disrupted which should not be happening since I have DSL. Thanks a lot for your excellent help!!!
  • 0

#14
alsocom

alsocom

    Visiting Staff

  • Member
  • PipPip
  • 80 posts
For your gaming issue, I suggest posting about the problem in the gaming forum as they would be better suited to help there.

Reset and Re-enable your System Restore to remove bad files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected.)

1. Right-click My Computer, and then click Properties.
2. On the System Restore tab, put a check mark in the 'Turn Off System Restore' check box.
3. Click OK, and then click Yes.
4. Restart the computer.
5. Repeat steps 1 - 2, this time clearing the box beside 'Turn Off System Restore', click 'OK'.


I suggest that you get these programs to help keep the computer clean:

Spyware Blaster - Blocks bad ActiveX items from installing on your computer. Spyware Blaster runs silently in the background.
SpywareGuard - Real-time protection from spyware installation attempts
ie-spyad - Puts over 8,000 bad URLs into your restricted sites for Internet Explorer.
Google Toolbar - Blocks many unwanted pop-ups in Internet Explorer.

Here are three very good and free malware scanners:

Spybot Search and Destroy 1.4
AdAware SE v1.06
Set-up Instructions for Spybot S&D and Adaware SE
a² Free Trojan Remover

If you have them already, check to make sure that they are the newest version.

Update these regularly.

You may also want to read "How did I get infected in the first place" to learn how to better secure your computer.

Be sure to keep Windows and your Anti-virus updated.
  • 0

#15
alsocom

alsocom

    Visiting Staff

  • Member
  • PipPip
  • 80 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP