Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

1st TrendMicro Scan Please analyze and advise on what to fix

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

1st TrendMicro Scan Please analyze and advise on what to fix

Unread postby PatM » January 31st, 2009, 4:01 pm

TrendSecure
Trend Micro
Your current Web browser may not display this site properly.
TrendSecure performs best when opened with the latest version of either Microsoft Internet Explorer or Mozilla Firefox.

Comparison of your HijackThis log file items to others
The table below compares the items HijackThis found on your computer with those on other people's computers. The column "% of PCs with item" indicates what percent of other people's HijackThis log files contain the item in that row of the table. Additional information will be provided as more HijackThis log files are added to the AnalyzeThis database.

Each entry is coded to indicate the type of item it is on your computer. An explanation of these codes may be found at the bottom of this page.


Index % of PCs with item Code Data
1 0.0% O1 ::1 localhost
2 0.0% O13
3 0.0% O15 *.ameritrade.com
4 0.0% O15 *.netzero.com
5 0.0% O15 *.netzero.net
6 0.0% O15 *.tdameritrade.com
7 0.0% O16 {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
8 0.0% O16 {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
9 0.0% O16 {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
10 0.0% O16 {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send Class) - http://216.249.24.62/code/iPIX-ImageWell-ipix.cab
11 0.0% O16 {4788DE0A-3552-49EA-AC8C-233DA52523B9} (AxLoaderPassword Class) - http://www.blackberry.com/devicesoftware/AxLoader.cab
12 0.0% O16 {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://create.realestateshows.com/creat ... oader4.cab
13 0.0% O16 {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach ... .0.1.0.cab
14 0.0% O16 {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://create.realestateshows.com/creat ... oader5.cab
15 0.0% O16 PUFLITE - http://patriciamccorry.point2agent.com/ ... UFLITE.CAB
16 0.0% O16 {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} (HPDDClientExec Class) - http://h20264.www2.hp.com/ediags/dd/ins ... sVista.cab
17 0.0% O16 {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
18 0.0% O16 {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://create.realestateshows.com/creat ... oader5.cab
19 0.0% O18 linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
20 0.0% O2 Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
21 0.0% O2 (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
22 0.0% O2 SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
23 0.0% O2 AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
24 0.0% O2 Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
25 0.0% O2 Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
26 0.0% O2 Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
27 0.0% O2 WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
28 0.0% O20 avgrsstx.dll
29 0.0% O23 Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
30 0.0% O23 InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
31 0.0% O23 Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
32 0.0% O23 LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
33 0.0% O23 SQLAgent$MICROSOFTBCM - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE (file missing)
34 0.0% O23 MSSQL$MICROSOFTBCM - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe (file missing)
35 0.0% O23 My Web Search Service (MyWebSearchService) - Maxtor Corp. - (no file)
36 0.0% O23 lxbl_device - - C:\Windows\system32\lxblcoms.exe
37 0.0% O23 Intel(R) License Manager for FLEXlm - Macrovision Corporation - C:\Program Files\Common Files\Intel\FLEXlm\lmgrd.intel.exe
38 0.0% O23 Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
39 0.0% O23 AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
40 0.0% O3 (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
41 0.0% O3 AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
42 0.0% O3 &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
43 0.0% O4 [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
44 0.0% O4 [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
45 0.0% O4 [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
46 0.0% O4 [ehTray.exe] C:\Windows\ehome\ehTray.exe
47 0.0% O4 [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
48 0.0% O4 [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
49 0.0% O4 [CommCtr] C:\PROGRA~1\NET2PH~1\CommCtr.exe -auto
50 0.0% O4 [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
51 0.0% O4 [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
52 0.0% O4 [cdloader] "C:\Users\Pat\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
53 0.0% O4 NETGEAR WN111 Smart Wizard.lnk = C:\Program Files\NETGEAR\WN111\wn111.exe
54 0.0% O4 [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
55 0.0% O8 E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
56 0.0% O8 &Search - http://edits.mywebsearch.com/toolbaredi ... S_ZZzer000
57 0.0% O9 Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
58 0.0% O9 @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
59 0.0% O9 (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
60 0.0% O9 @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
61 0.0% O9 (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
62 0.0% O9 Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
63 0.0% P01 C:\WINDOWS\Explorer.EXE
64 0.0% P01 C:\Program Files\Internet Explorer\iexplore.exe
65 0.0% P01 C:\WINDOWS\system32\NOTEPAD.EXE
66 0.0% P01 C:\Program Files\Windows Defender\MSASCui.exe
67 0.0% P01 C:\Windows\ehome\ehtray.exe
68 0.0% P01 C:\Windows\ehome\ehmsas.exe
69 0.0% P01 C:\Windows\system32\taskeng.exe
70 0.0% P01 C:\Windows\system32\Dwm.exe
71 0.0% P01 C:\Program Files\Windows Sidebar\sidebar.exe
72 0.0% P01 C:\Program Files\Internet Explorer\ieuser.exe
73 0.0% P01 C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
74 0.0% P01 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
75 0.0% P01 C:\Windows\System32\mobsync.exe
76 0.0% P01 C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
77 0.0% P01 C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
78 0.0% P01 C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
79 0.0% P01 C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
80 0.0% P01 C:\Program Files\NETGEAR\WN111\wn111.exe
81 0.0% P01 C:\Program Files\Net2Phone CommCenter\CommCtr.exe
82 0.0% P01 C:\Program Files\AVG\AVG8\avgtray.exe
83 0.0% P01 C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
84 0.0% R0 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
85 0.0% R0 HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
86 0.0% R0 HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
87 0.0% R0 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www6.comcast.net/a/
88 0.0% R1 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
89 0.0% R1 HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
90 0.0% R1 HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
91 0.0% R1 HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
92 0.0% R1 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
93 0.0% R1 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch
94 0.0% R1 HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = actsvr.comcastonline.com:8100
95 0.0% R1 HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = actsvr.comcastonline.com

Explanation of the codes

R - Registry, StartPage/SearchPage changes


R0 - Changed registry value
R1 - Created registry value
R2 - Created registry key
R3 - Created extra registry value where only one should be

F - IniFiles, autoloading entries


F0 - Changed inifile value
F1 - Created inifile value
F2 - Changed inifile value, mapped to Registry
F3 - Created inifile value, mapped to Registry

N - Netscape/Mozilla StartPage/SearchPage changes


N1 - Change in prefs.js of Netscape 4.x
N2 - Change in prefs.js of Netscape 6
N3 - Change in prefs.js of Netscape 7
N4 - Change in prefs.js of Mozilla

O - Other, several sections which represent:


O1 - Hijack of auto.search.msn.com with Hosts file
O2 - Enumeration of existing MSIE BHO's
O3 - Enumeration of existing MSIE toolbars
O4 - Enumeration of suspicious autoloading Registry entries
O5 - Blocking of loading Internet Options in Control Panel
O6 - Disabling of 'Internet Options' Main tab with Policies
O7 - Disabling of Regedit with Policies
O8 - Extra MSIE context menu items
O9 - Extra 'Tools' menuitems and buttons
O10 - Breaking of Internet access by New.Net or WebHancer
O11 - Extra options in MSIE 'Advanced' settings tab
O12 - MSIE plugins for file extensions or MIME types
O13 - Hijack of default URL prefixes
O14 - Changing of IERESET.INF
O15 - Trusted Zone Autoadd
O16 - Download Program Files item
O17 - Domain hijack
O18 - Enumeration of existing protocols and filters
O19 - User stylesheet hijack
O20 - AppInit_DLLs autorun Registry value, Winlogon Notify Registry keys
O21 - ShellServiceObjectDelayLoad (SSODL) autorun Registry key
O22 - SharedTaskScheduler autorun Registry key
O23 - Enumeration of NT Services
O24 - Enumeration of ActiveX Desktop Components


Privacy Policy | About Trend Micro | Contact Us

Copyright © 2007 Trend Micro, Inc.
PatM
Active Member
 
Posts: 1
Joined: January 31st, 2009, 3:41 pm
Advertisement
Register to Remove

Re: 1st TrendMicro Scan Please analyze and advise on what to fix

Unread postby NonSuch » January 31st, 2009, 11:00 pm

You have inadvertently posted the wrong log. :) In order for us to help you it is necessary that you provide us with a HijackThis log. A HijackThis log, as well as other logs that may be requested, provide us with a guideline for removing whatever malware is infecting your system. We cannot proceed without such logs for guidance.

Please follow the guideline at the link below to start a new topic and post your HijackThis log.

This topic is now closed. Please start a new topic by following the HijackThis Guideline posted here: >Guideline for posting your HijackThis log<
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27302
Joined: February 23rd, 2005, 7:08 am
Location: California


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 21 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware