Unsolved
This post is more than 5 years old
18 Posts
0
14414
Computer crashes (blue screen) often; computer may have infected yesterday with a trojan. hijack this attached.
hello, i have an inspiron 1520. i have vista on my computer. I use firefox for browser. about once a week or so i get the blue screen. Yesterday, as i was on the internet, i had a screen pop up which said my files were infected. I didn't get a chance to see with what because i immediately shut down the computer. I ran a panda scan and it said i had some files infected. So i ran hijack this and posted here for help.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:12:43 PM, on 1/23/2011
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.17037)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\Windows Live\Family Safety\fssui.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Robin\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\msfeedssync.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Robin\Downloads\HijackThis(2).exe
C:\Windows\System32\wscript.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [EarthLink Installer] " /C
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe
O4 - HKLM\..\Run: [InstaLAN] "C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
O4 - HKLM\..\RunOnce: [DSUpdateLauncher] "C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
O4 - HKLM\..\RunOnce: [STToasterLauncher] C:\Program Files\Dell DataSafe Local Backup\toasterLauncher.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Simple Star PhotoShow Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [SansaDispatch] C:\Users\Robin\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10k_Plugin.exe -update plugin
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/default/TriJinx.1.0.0.87.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - http://zone.msn.com/bingame/zpagames/zpa_dmno.cab55579.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: AVGRSSTX.DLL C:\PROGRA~1\GOOGLE\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (file missing)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG8\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Stuffit Archive Name Service - Smith Micro Software, Inc. - C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 17660 bytes
kevinf80_1d0ac6
1.1K Posts
0
February 9th, 2011 16:00
The DDS logs look OK except for TrendMicro still being active on your system. A couple of other issues, Adobe reader and Java are outdated
From the DDS log the following entry is TM`s Antivirus program, the entry in brackets after "mRun" means that it runs in realtime and is started at boot.
mRun: [pccguide.exe] "c:\program files\trend micro\internet security 14\pccguide.exe"
Boot into Safe Mode and Uninstall Trend Micro via Start > Control Panel > Uninstall a Program applet. Re-boot when finished.
Next,
Please run the free online scan by Secunia, available Here Before clicking the Start scan button, please check the box for the option Enable thorough system inspection. Just below the "Scan Options:" section, you'll see the status of what's currently processing....
...when the scan completes, the message "Detection completed successfully" will appear in the Programs/Result section. For each problem detected, Secunia will offer a "Solution" option. Please follow those instructions to download updated versions of the programs as recommended by Secunia.
Regarding your Router, what happens when you try to connect? it should be OK now, If you select your wireless network connection icon next to the clock do you see your Network (router) if so what does it show, connected or disconnected.
Post a Fresh set DDS logs after uninstalling Trend Micro and running Secunia, also ahve you managed to get the router connected..
Kevin
catfish401
18 Posts
0
February 9th, 2011 17:00
Kevin,
Another roadblock...Tried uninstalling TM in safe mode but got the following message: "Windows installer service could not be accessed. This can occur if the installer is not correctly installed......" Will wait to hear from you before i continue on with the other steps. Have not worked on the router yet.
kevinf80_1d0ac6
1.1K Posts
0
February 10th, 2011 02:00
I feel the best way to remove the unwanted TM entries with the following tool.. we shouldn`t have any issues with the Internet connection this time because the firewall driver has already gone.
Please download OTM by OldTimer.
Alternative Mirror
Save it to your desktop.
Double click OTM.exe to start the tool. Vista or Windows 7 users right click and select Run as Administrator
-------------------------------------------------------------------
:Reg
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"pccguide.exe"=-
:Services
pavboot
Tmntsrv
:Files
c:\windows\system32\drivers\pavboot.sys
c:\program files\trend micro
:Commands
[EmptyTemp]
---------------------------------------------------------------------
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
If the machine reboots, the Results log can be found here:
c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log
Where mmddyyyy_hhmmss is the date of the tool run.
You should be able to run Secunia after OTM.
Let me see the OTM log in your reply, also any remaining issues/concerns that remain.
Kevin
catfish401
18 Posts
0
February 10th, 2011 17:00
Hi Kevin. Here is the OTM log. TM seems to be gone now. Currently running Secunia scan. Will let you know it goes. Also, still have not attempted to re-install router yet, maybe this weekend.
All processes killed
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\pccguide.exe deleted successfully.
========== SERVICES/DRIVERS ==========
Error: Unable to stop service pavboot!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pavboot deleted successfully.
Service Tmntsrv stopped successfully!
Service Tmntsrv deleted successfully!
========== FILES ==========
c:\windows\system32\drivers\pavboot.sys moved successfully.
c:\program files\Trend Micro\Internet Security 14\TmpxTmp folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aupcc\VsapiDriver\AU_Backup folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aupcc\VsapiDriver folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aupcc\VsapiDll\AU_Backup folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aupcc\VsapiDll folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aupcc\TscEngine64 folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aupcc\TscEngine\AU_Backup folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aupcc\TscEngine folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aupcc\TmufEngine folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aupcc\SsapiEngine folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aupcc\product\TMAS_OL64 folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aupcc\product\TMAS_OL32 folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aupcc\product\TMAS_OE64 folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aupcc\product\TMAS_OE32 folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aupcc\product\AU_Backup\1\125 folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aupcc\product\AU_Backup\1 folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aupcc\product\AU_Backup folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aupcc\product folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aupcc\CfwDriver\AU_Backup folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aupcc\CfwDriver folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aupcc\AntiSpamPattern\AU_Backup folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aupcc\AntiSpamPattern folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aupcc\AntiSpamEngine folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aupcc folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aubin\AU_Temp\5836_3256\AU_Down\pattern folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aubin\AU_Temp\5836_3256\AU_Down folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aubin\AU_Temp\5836_3256 folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aubin\AU_Temp\4108_2136\AU_Down\pattern folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aubin\AU_Temp\4108_2136\AU_Down folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aubin\AU_Temp\4108_2136 folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aubin\AU_Temp folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aubin\AU_Log folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aubin\AU_Data\AU_Temp folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aubin\AU_Data\AU_Log folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aubin\AU_Data\AU_Cache\pccdell14-p.activeupdate.trendmicro.com folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aubin\AU_Data\AU_Cache folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aubin\AU_Data folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aubin\AU_Cache\pccdell14-p.activeupdate.trendmicro.com folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aubin\AU_Cache folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp\aubin folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Temp folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\TASK folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\SpyBackup\{DDC6A8D4-1F77-46A6-8B37-E6C220760C45} folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\SpyBackup\{893B802D-8D83-45B8-A163-D483FAEE9BD2} folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\SpyBackup folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Quarantine\Backup folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Quarantine folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\Profile folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\PFW folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\NEW\2 folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\NEW\1 folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\NEW\0 folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\NEW folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\log folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\L10N folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\FastScan folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\drivers\VsapiDriver folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\drivers\TdiDriver folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\drivers\CfwDriver folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\drivers folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\AU_Backup\3\536875008 folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\AU_Backup\3\524288 folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\AU_Backup\3\4 folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\AU_Backup\3\2048 folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\AU_Backup\3\1048576 folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\AU_Backup\3 folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\AU_Backup folder moved successfully.
c:\program files\Trend Micro\Internet Security 14\AspmData folder moved successfully.
c:\program files\Trend Micro\Internet Security 14 folder moved successfully.
c:\program files\Trend Micro\HijackThis\backups folder moved successfully.
c:\program files\Trend Micro\HijackThis folder moved successfully.
c:\program files\Trend Micro folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temporary Internet Files folder emptied: 402 bytes
User: Default User
->Temporary Internet Files folder emptied: 0 bytes
User: Guest
->Temporary Internet Files folder emptied: 804 bytes
User: Public
User: Robin
->Temporary Internet Files folder emptied: 462633006 bytes
->Flash cache emptied: 1931844 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 276368 bytes
Windows Temp folder emptied: 676429 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 657692 bytes
RecycleBin emptied: 624128 bytes
Total Files Cleaned = 445.00 mb
OTM by OldTimer - Version 3.1.17.2 log created on 02102011_185833
Files moved on Reboot...
Registry entries deleted on Reboot...
kevinf80_1d0ac6
1.1K Posts
0
February 10th, 2011 23:00
OK, Let me know how you get on, also what issues/concerns remain...
kevinf80_1d0ac6
1.1K Posts
0
February 14th, 2011 18:00
Make sure you run Secunia as instructed in previous reply, carry out all suggested updates. Let me know if you have any remaining issues or concerns...
Kevin
catfish401
18 Posts
0
February 14th, 2011 18:00
Hi Kevin,
I am up and running wireless again. Had to update my drivers. So, am I looking OK or do we still have work to do. Did you detect anything malicious going on with my system? I haven't had any more system crashes.
Thanks.
catfish401
18 Posts
0
February 15th, 2011 15:00
I ran the OTL. And I made updates suggested by Secunia. I have no other issues so i guess this is the end of our journey. Thank you very much and I appreciate all your help.
Robin
kevinf80_1d0ac6
1.1K Posts
0
February 15th, 2011 23:00
Since this issue appears to be resolved the topic has been closed. Glad we could help.:emotion-21:
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
The fixes and advice in this thread are for this System only. Do not apply the instructions from this thread to your own System. Please start a new thread describing your issue and someone will be along to assist you.
ky331
3 Apprentice
3 Apprentice
•
15.2K Posts
0
May 14th, 2020 10:00
DDS is [or was] a program that will scan your computer and create logs that can be used to display various startup, configuration, and file information from your computer. This program is used in various security forums to provide a detailed overview of what programs are automatically starting when you start Windows. The program will also display information about the computer that will allow us to quickly ascertain whether or not malware may be running on your computer.
Please by advised that you are replying to (and asking questions about) a 9+ year old thread! Diagnostic programs which were used back then are, for the most part, no longer used to analyze modern systems. Moreover, any specific directions offered to help the original poster were intended to be applied only to that one particular system, and so people who try to "play" by applying the same technique to their system --- unsupervised --- are taking on a lot of risk.
ky331
3 Apprentice
3 Apprentice
•
15.2K Posts
0
May 18th, 2020 08:00
Dale,
I replied to this thread on 5/14, stressing its ancient nature.
I'm not sure if posts are showing up in chronological order...
dalem29
1 Rookie
1 Rookie
•
2.2K Posts
0
May 18th, 2020 08:00
Apparently not!
Your earlier post did not even appear on my system.
I miss the days of yore, when the Dell Forums were informative, fun, easy to navigate, and you didn't have to sign in every day.
Who was the guy who had the red convertible as his avatar, and where have all the old timers gone?
dalem29
1 Rookie
1 Rookie
•
2.2K Posts
0
May 18th, 2020 08:00
This ancient thread has been up for several days now with no apparent response. Just checking to see if the forum is functioning OK.
joe53
1 Rookie
1 Rookie
•
5.8K Posts
1
May 18th, 2020 19:00
I believe that a spammer resurrected this old thread, and was answered/reported as such by RoHe. Both the spammer post and Ron's were deleted, leaving only this obsolete thread.
I wish that those who moderate this forum would completely delete all resurrected HijackThis threads, as they have relevance only to the original poster, have no use to current readers, and generally just waste forum space.
speedstep
9 Legend
9 Legend
•
47K Posts
0
June 6th, 2020 23:00
Its a program/service that no longer exists.
DDS (Digital Data Storage)
https://www.dell.com/en-us/work/shop/dds-digital-data-storage/ar/5775