Mourning the loss of our friend, WhitPhil.
There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
 
Malware Removal & HijackThis Logs
Tag Cloud
access audio black screen blue screen boot bsod connection crash dell desktop driver drivers dvd email error excel firefox hard drive hardware hijackthis internet keyboard laptop malware monitor network networking outlook problem processor recovery registry cleaner router safe mode slow sound spyware tdlwsp.dll trojan upgrade vba video virus vista vundo windows windows 7 windows vista windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > Malware Removal & HijackThis Logs >
Malwarebytes/Superantispyware and other issues (In Progress)

Tip: Click here to scan for System Errors and Optimize PC performance
[ Sponsored Link ]

Closed Thread
Page 1 of 2 1 2
 
Thread Tools
Confuzified's Avatar
Member with 58 posts.
  
Join Date: Apr 2009
Experience: Beginner
29-Jun-2009, 01:42 AM #1
Malwarebytes/Superantispyware and other issues
I am having issues with my laptop and they are really worrying me.

I use Trend Micro Security Suite and while checking the Security Dashboard logs I noticed that I had 3 separate incidences of Web Threats. Rather than listing the name of the site it just lists the time/date and a dash (-). When I clicked on it, Trend just says that it is "pharming".

I am not sure whether it is blocked by Trend when detected or whether something has managed to get through. I was on a real-estate site and twice on Myspace when these incidences happened.

Also, after updating MalwareBytes AntiMalware when it had finished rather than saying what version it had updated to it just said that it had addes so many fingerprints (I don't remember the actual wording). I noticed that it didn't say what it normal says so I updated again and it worked.

However, a yellow Trend box popped up saying that MBAM was suspicious. In the 4 months I have had Trend it has never issued a warning. I blocked it, then checked the version number which is 1.38.

After googling it, it seemed to be the newer version. Then that afternoon I went to do a scan with it and Trend again popped up with a red box saying it was dangerous.

When I checked Trend for unauthorized changes it says MBAMSwissArmyProgram. It is listed as system32\drivers\mbamswissarmy.sys.

Is this a legitimate part of Malware Bytes?

Yesterday, I updated SuperAntiSpyware and the same thing happened. Trend popped up with a yellow box saying that it was suspicious. I noted down the details and they are as follows:
SUPERANTISPYWARE.EXE
suspicious
port: 80
protocol: tcp
remote ip address: 174.133.41.172

I don't know what any of that means.

I copied down all the unauthorised changes that Trend has logged.

I am not sure if all of them are legitimate or not. They are as follows:

ArcSoft Connect Daemon
C:\ProgramFiles\CommonFiles\ArcSoft\ConnectionService\Bin\ACService.exe
aliide
C:Windows\system32\drivers\aliide.sys
Brother USN Mass-Storage Lower Filter Driver
C:\Windows\system32\drivers\brfitlo.sys
Brother USB Mass-Storage Upper Filter Driver
C:\Windows\system32\drivers\brfiltup.sys
Brother MFC Serial Port Interface Driver (WDM)
C:\Windows\system32\drivers\brserid.sys
Brother WDM
C:Windows\system32\drivers\brserwdm.sys
Brother MFC USB Fax Only Modem
C:Windows\system32\drivers\brusbmdm.sys
Brother MFC USB Serial WDM Driver
C:Windows\system32\drivers\brusbser.sys
cmdide
C:Windows\systerm32\drivers\cmdide.sys
elxstor
C:Windows\system32\drivers\elxstor.sys
getPlus (R) Helper
C:\ProgramFiles\NOS\bin\getPlus_HelperSvc.exe
ITEATAPI_Service_Install
C:Windows\system32\drivers\iteatapi.sys
ITERAID_Service_Install
C:\Windows\syster32\drivers\iteraid.sys
C:\Windows\system32\drivers\massfilter.sys
MBAMSwissArmy
C:\Windows\systerm32\drivers\mbamswissarmy.sys
megasas
C:\Windows\system32\drivers\megasas.sys
MegaSR
C:\Windows\systerm32\drivers\megasr.sys
N-trig HID Tablet Driver
C:\Windows\system32\drivers\ntrigdigi.sys
OpenLibSys
C:\ProgramFiles\NXP\FMRadio\OpenLibSys.sys
rimmptsk
C:\Windows\system32\DRIVERS\rimmptsk.sys
rimsptsk
C:\Windows\system32\DRIVERS\rimsptsk.sys
Ricoh xD-Picture Card Driver
C:\Windows\system32\DRIVERS\rixdptsk.sys
SASDIFSV
C:\ProgramFiles\SUPERAntiSpyware\SASDIFSV.SYS
C:\ProgramFiles\SUPERAntiSpyware\SASENUM.SYS
SASKUTIL
C:\ProgramFiles\SUPERAntiSpyware\SASKUTIL.sys
SiSRaid4
C:\Windows\system32\drivers\sisraid4.sys
uliahci
C:\Windows\system32\drivers\uliahci.sys
UVCFTR
C:\Windows\system32\Drivers\UVCFTR_S.SYS
viaide
C:\Windows\system32\drivers\viaide.sys
vsmraid
C:\Windows\system32\drivers\vsmraid.sys
ZTE Proprietary USB Driver
C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
ZTE NMEA Port
C:Windows\system32\DRIVERS\ZTEusbnmea.sys
ZTE Mass Storage Filter Driver
C:\Windows\system32\ZTEusbser6k.sys

My main concern is that on the log for web threats the following is found:
"liutilities.com/products/wintaskpro/processlibrary/winlogon"
"liutilities.com/device-driver/zte-diagnostics-interface-6000-com15/"
"liutilities.com/device-driver/zte-nmea-device-com16/"

These seem to be related to the unauthorised changes found above.

I would really appreciate any help. I have been having problems for the last couple weeks.

Thanks.
Register for free to hide this ad!
Confuzified's Avatar
Member with 58 posts.
  
Join Date: Apr 2009
Experience: Beginner
29-Jun-2009, 01:44 AM #2
Here is the latest HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:13:18 PM, on 29/06/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Users\a\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\PlatformDependent\ProToolbarComm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.icisp.net.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
O4 - HKCU\..\Run: [googletalk] C:\Users\a\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'Default user')
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Security Activity Dashboard Service - Trend Micro Inc. - C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 8010 bytes
Confuzified's Avatar
Member with 58 posts.
  
Join Date: Apr 2009
Experience: Beginner
06-Jul-2009, 12:59 AM #3
I was thinking that maybe I should unistall SuperantiSpyware and MalwareBytes and then reinstall them but I still do not know why Trend came with a warning that they were both suspicious within days of each other. I don't want to do anything though without knowing if I have something nasty on my computer. I would also like to roll back some of the changes listed in my first post but am not sure if they are all legitimate and if that would make any difference.

It does seem though that when I search or google them eg. the ZTE ones that I then have web threats found from web sites that I don't even click on.

Any help really is appreciated.
Confuzified's Avatar
Member with 58 posts.
  
Join Date: Apr 2009
Experience: Beginner
10-Jul-2009, 06:40 AM #4
Bumping again.

Tonight I updated my Trend Micro and as happens sometimes, a red icon came up on the bottom of my screen saying that my security was turned off and to click on the balloon to fix it. Normally it remedies by itself but it took longer than usual so I clicked on it. The security centre opened saying that the Malware Protection was turned off. I clicked on turn on and nothing happened. I clicked it 3 times and then a box opened saying that all the Trend Micro components failed or something in them words and windows will notify if there is a remedy.

I went to check the Unauthorised Changes and it wasn't even available to check. I restarted my computer and then after it loaded, checked the unauthorised changes and it said that it was a high risk and to check the security settings since they had been turned off. I checked and it is all normal.

I then opened the Unauthorised Changes again so that I could write the exact wording in this post and it failed to load. Windows came up with a box saying that there is a problem with all the Trend Components.

When I clicked to close the Unauthorised changes box another box said "Unable to recognize the software configuration. Restart your computer to restore the missing information."

When I attempted once more to open the Unauthorised changes box it said "An error has interrupted the task currently in progress. Please restart your security software and try again".

I really think that there is something wrong with my computer. I am reluctant to try to research it using Google as last time I did, I received web threat warnings that were in direct relation with the terms that I had tried to find information on. I would really appreciate any help.
Confuzified's Avatar
Member with 58 posts.
  
Join Date: Apr 2009
Experience: Beginner
10-Jul-2009, 10:41 PM #5
I am still having issues with Trend.

While trying to get it to open it last night after the incidence with it in my post above it said "Your Unauthorized Change prevention service has shut down. Trying restarting Trend Micro Security Internet Pro to restore your Unauthorized Change prevention service. If the problem persists please restart your computer.

Before going to bed I had the wireless internet switched off and thought I would try to start Trend and see if it would work. However, Trend failed to load and after trying to open it from the start menu, my computer would not respond at all. My cursor seemed to not be working at all. It would right click but when clicking on the start menu or anywhere else, nothing happened. I tried to use the keyboard to open the start menu but that also failed. The only way to get my laptop to turn off was to hit the power button and put it into sleep mode. Then when I turned it back on, it opened to the user screen. I switched users which then gave me a power icon to click on and turn off.

This morning it is working normally. However, I went to update Spyware Blaster and the same thing happened as it did with MalwareBytes and Superantispyware. Trend came up with a warning box. It said:

Suspicious Activity
Program: SPYWAREBLASTER.EXE
Risk: suspicious
Port: 80
Protocol: TCP
Remote IP Address: 207.171.191.246.

I seriously do not know what is going on and would really like some help or answers. I would appreciate any responses at all.

Thank you.
Confuzified's Avatar
Member with 58 posts.
  
Join Date: Apr 2009
Experience: Beginner
14-Jul-2009, 08:15 PM #6
Bumping again.

It has been over 2 weeks since I first posted and I still am having issues. I no longer use any other programs like Superantispyware since they all are "suspicious" according to Trend Micro and I don't know what is going on.

I just checked Trend Pro Features and now have 4 file transfers which have been quarantined with a atdmt cookie that is always showing up everytime I use the computer. Trend says that it is a medium risk cookie.

I really would like it if someone could help me out. I am at a complete loss.
Confuzified's Avatar
Member with 58 posts.
  
Join Date: Apr 2009
Experience: Beginner
16-Jul-2009, 04:15 AM #7
Bumping once more. Hopefully someone can help me. Sorry if I seem impatient but it has been over 2 weeks since I first posted and even longer since I have had issues with my laptop. I would appreciate any help even if it is to tell me that I have to wait until someone has time to help me out.

Thanks.
Confuzified's Avatar
Member with 58 posts.
  
Join Date: Apr 2009
Experience: Beginner
18-Jul-2009, 12:50 AM #8
I decided to uninstall MalwareBytes, SuperAntispyware and SpywareBlaster and then reinstall them.

When I attempted to uninstall MalwareBytes, a dialogue box popped up with "mbam.exe is unable to locate component. This application failed to start because MSVBVM60.DLL was not found. "

Trend Micro also popped up with a warning box about MalwareBytes. I unblocked it so that it could uninstall.

I had no problem uninstalling SpywareBlaster or SuperAntiSpyware.

I reinstalled Spywareblaster first and while updating it and activating the protectio Trend came up with another warning box. It said:

Program: Spywareblaster.exe
Publisher: Unknown
Activity: Security Program Modification
Risk: High

Spywareblaster.exe (2108) is attempting to modify the windows security policy. Security policy changes can leave the computer more vunerable to different threats.

Knowing where I had downloaded it from (following a link in another thread that I started a couple months back) I allowed Spywareblaster.

Reinstalling SuperAntispyware I again had another Trend warning. It said:

Program: SuperAntispyware.exe
Publisher: SuperAntispyware.exe
Suspicious Behaviour
Risk: High

SuperAntispyware.exe (4548) is attempting some unexpected operations and can be harmful.

I allowed it and after letting it analyze my system and send a report I did a scan. The log is as follows:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/18/2009 at 01:57 PM

Application Version : 4.26.1006

Core Rules Database Version : 4003
Trace Rules Database Version: 1943

Scan type : Complete Scan
Total Scan Time : 00:37:33

Memory items scanned : 815
Memory threats detected : 0
Registry items scanned : 7563
Registry threats detected : 0
File items scanned : 26298
File threats detected : 1

Adware.Tracking Cookie
C:\Users\a\AppData\Roaming\Microsoft\Windows\Cookies\a@atdmt[2].txt
Confuzified's Avatar
Member with 58 posts.
  
Join Date: Apr 2009
Experience: Beginner
18-Jul-2009, 12:52 AM #9
I have also done another HJT log and hopefully someone can look at it and tell me if there is anything wrong with my laptop still. I will reinstall MalwareBytes another time I think.

My HJT log is as follows:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:22:15 PM, on 18/07/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Users\a\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\PlatformDependent\ProToolbarComm.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.icisp.net.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
O4 - HKCU\..\Run: [googletalk] C:\Users\a\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'Default user')
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Security Activity Dashboard Service - Trend Micro Inc. - C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 8148 bytes
Confuzified's Avatar
Member with 58 posts.
  
Join Date: Apr 2009
Experience: Beginner
20-Jul-2009, 07:32 PM #10
I know that there are lots of people asking for help and understand that I have to wait but it has been 3 weeks since I posted this thread and I havent had any replies at all.

I am getting more file transfers than ever before in the last few days. I have had Trend for the last 4 months or so and it has only been the last week probably since I started getting file transfers being quarantined. The atdmt cookie is the one that is always being found. I would really appreciate some help.

Thank you.
Confuzified's Avatar
Member with 58 posts.
  
Join Date: Apr 2009
Experience: Beginner
22-Jul-2009, 11:54 PM #11
I reinstalled MalwareBytes and had another high alert from Trend regarding suspicious activity. I assumed that I may have changed the alerts that Trend sends so that I am aware of it. It seems to be ok. I did a scan and found nothing but when I had an infection before MBAM didnt find anything either.

So bumping this again. Hopefully someone will give an answer.
cybertech's Avatar
Computer Specs
Moderator with 68,253 posts.
  
Join Date: Apr 2002
Location: Washington State
27-Jul-2009, 02:58 PM #12
Hi Confuzified,

Sorry you have had to wait so long. I don't see anything wrong with your log so I think you just need to tell Trend it's ok for those programs to run or be removed.
Confuzified's Avatar
Member with 58 posts.
  
Join Date: Apr 2009
Experience: Beginner
27-Jul-2009, 08:30 PM #13
Thanks for the reply. I do understand that there are a lot of people asking for help.

Is there any reason why I would be getting alot of atdmt cookies all the time? Trend is picking them up and so is SuperAntispyware. They are either found as web threats and now file threats according to Trend. I wouldn't have anything on my computer that is picking them up would I?

I have cleared my internet cache a few times now, as well as marking them as unwanted on Trend but I am still getting them. I am only concerned because Trend says that they are medium risk.
cybertech's Avatar
Computer Specs
Moderator with 68,253 posts.
  
Join Date: Apr 2002
Location: Washington State
28-Jul-2009, 05:55 PM #14
These instructions are for IE6, which I use, but IE8 should be similar.

Open IE, go to Tools, Internet Options, Privacy, Advanced, click in the box "Override automatic cookie handling", First-party Cookies select Prompt, Third-party cookies select Block. When those cookies try to install click block.
Confuzified's Avatar
Member with 58 posts.
  
Join Date: Apr 2009
Experience: Beginner
29-Jul-2009, 12:48 AM #15
I followed your instructions for IE8. I use FireFox mainly and have gone to Tools - Privacy - and unchecked Accept Third Party Cookies. I actually did that last week and still I am finding them when scanning with Trend and SuperAntiSpyware. Should I be worried about picking these cookies up all the time? I tend to do a quick scan with Trend a few times during the day just to clear the cookies up and get rid of them.
Closed Thread Bookmark and Share
Page 1 of 2 1 2

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Smart Search

Find your solution!


« Previous Thread | Malware Removal & HijackThis Logs | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.

Thread Tools


Twitter Twitter! | Podcast | Mobile | Advertise
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -5. The time now is 11:11 AM.
Copyright © 1996 - 2009 TechGuy, Inc. All rights reserved.
Powered by vBulletin, Copyright © 2000 - 2009, Jelsoft Enterprises Ltd.
 Powered by Cermak Technologies, Inc.