Tech Support Forum - View Single Post

Lomondra · 10-08-2005, 01:54 PM

I checked out all your 'do this first stuff' and this is everything I have completed:

Ran a Microsoft Antispyware scan and deleted the AproposMedia Browser and removed it (but I've done this numerous times and it comes back)

Ran Trend Micro PCcillin Internet Security 2005, but it finds nothing.

Ran Ad-Aware SE Professional Edition and deleted all baddies.
Ran Ad-Aware's VX2 Cleaner and it came up clean.
Ran Ad-Aware's online virus scan and it too came up clean.

Checked out the rogue program spywarrior.com and I'm sure I do not have any of these programs.

I always update Windows, Microsoft, Office and Internet Explorer. (Mainly because I used to be a Windows 98se user with a Mozilla browser and had no problems and recently upgraded to WindowsXP -the edition for 98se with sp2 already included...i.e. not a separate disk- and even since I've been having problems of some sort, but this problem is of course my fault.)

I downloaded and installed to HJT file on C drive the Hijackthis and the Analyzer and have copied the result file below:

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 9/28/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 12:49:46 PM, on 10/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\IOMEGA~1\EASYCD~1\CreateCD\createcd.exe
C:\Program Files\ATI Multimedia\main\launchpd.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\BELKIN-SSA\UPSData.exe

O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [CreateCD] E:\IOMEGA~1\EASYCD~1\CreateCD\createcd.exe -r
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - Startup: BELKIN.lnk = C:\Program Files\BELKIN-SSA\Upsmon.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {AEF76437-F960-4EBC-97EA-7BBB4230CF38} (OcarptMain Class) - https://oca.microsoft.com/en/secure/ocarpt.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{3CDA5C27-FAC1-4CFB-993B-ABA632A1B85E}: Domain = Sonic.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{3CDA5C27-FAC1-4CFB-993B-ABA632A1B85E}: NameServer = 208.201.224.11,208.201.224.33
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = Sonic.net
O17 - HKLM\System\CS1\Services\Tcpip\..\{3CDA5C27-FAC1-4CFB-993B-ABA632A1B85E}: Domain = Sonic.net
O17 - HKLM\System\CS1\Services\Tcpip\..\{3CDA5C27-FAC1-4CFB-993B-ABA632A1B85E}: NameServer = 208.201.224.11,208.201.224.33
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = Sonic.net
O17 - HKLM\System\CS2\Services\Tcpip\..\{3CDA5C27-FAC1-4CFB-993B-ABA632A1B85E}: Domain = Sonic.net
O17 - HKLM\System\CS2\Services\Tcpip\..\{3CDA5C27-FAC1-4CFB-993B-ABA632A1B85E}: NameServer = 208.201.224.11,208.201.224.33
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = Sonic.net
O23 - Service: BELKIN_Service - Unknown owner - C:\Program Files\BELKIN-SSA\UPSsrv.EXE

End of KRC HijackThis Analyzer Log.
====================================================================

10-08-2005, 01:54 PM	#1 (permalink)
Lomondra Registered User Join Date: Oct 2005 Posts: 12 OS: XP	Apropos Media has infected my computer I checked out all your 'do this first stuff' and this is everything I have completed: Ran a Microsoft Antispyware scan and deleted the AproposMedia Browser and removed it (but I've done this numerous times and it comes back) Ran Trend Micro PCcillin Internet Security 2005, but it finds nothing. Ran Ad-Aware SE Professional Edition and deleted all baddies. Ran Ad-Aware's VX2 Cleaner and it came up clean. Ran Ad-Aware's online virus scan and it too came up clean. Checked out the rogue program spywarrior.com and I'm sure I do not have any of these programs. I always update Windows, Microsoft, Office and Internet Explorer. (Mainly because I used to be a Windows 98se user with a Mozilla browser and had no problems and recently upgraded to WindowsXP -the edition for 98se with sp2 already included...i.e. not a separate disk- and even since I've been having problems of some sort, but this problem is of course my fault.) I downloaded and installed to HJT file on C drive the Hijackthis and the Analyzer and have copied the result file below: ==================================================================== Log was analyzed using KRC HijackThis Analyzer - Updated on 9/28/05 Get updates at http://www.greyknight17.com/download.htm#programs *Security Programs Detected* C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe" O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Logfile of HijackThis v1.99.1 Scan saved at 12:49:46 PM, on 10/8/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\Program Files\ATI Technologies\ATI.ACE\cli.exe E:\IOMEGA~1\EASYCD~1\CreateCD\createcd.exe C:\Program Files\ATI Multimedia\main\launchpd.exe C:\Program Files\ATI Multimedia\main\ATIDtct.EXE C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\BELKIN-SSA\UPSData.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [CreateCD] E:\IOMEGA~1\EASYCD~1\CreateCD\createcd.exe -r O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE O4 - Startup: BELKIN.lnk = C:\Program Files\BELKIN-SSA\Upsmon.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {AEF76437-F960-4EBC-97EA-7BBB4230CF38} (OcarptMain Class) - https://oca.microsoft.com/en/secure/ocarpt.CAB O17 - HKLM\System\CCS\Services\Tcpip\..\{3CDA5C27-FAC1-4CFB-993B-ABA632A1B85E}: Domain = Sonic.net O17 - HKLM\System\CCS\Services\Tcpip\..\{3CDA5C27-FAC1-4CFB-993B-ABA632A1B85E}: NameServer = 208.201.224.11,208.201.224.33 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = Sonic.net O17 - HKLM\System\CS1\Services\Tcpip\..\{3CDA5C27-FAC1-4CFB-993B-ABA632A1B85E}: Domain = Sonic.net O17 - HKLM\System\CS1\Services\Tcpip\..\{3CDA5C27-FAC1-4CFB-993B-ABA632A1B85E}: NameServer = 208.201.224.11,208.201.224.33 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = Sonic.net O17 - HKLM\System\CS2\Services\Tcpip\..\{3CDA5C27-FAC1-4CFB-993B-ABA632A1B85E}: Domain = Sonic.net O17 - HKLM\System\CS2\Services\Tcpip\..\{3CDA5C27-FAC1-4CFB-993B-ABA632A1B85E}: NameServer = 208.201.224.11,208.201.224.33 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = Sonic.net O23 - Service: BELKIN_Service - Unknown owner - C:\Program Files\BELKIN-SSA\UPSsrv.EXE End of KRC HijackThis Analyzer Log. ====================================================================