Download TrojanHunter Now
Free 30-day trial!
Latest TrojanHunter Version:
TrojanHunter 5.0
Order Now
License file delivered within minutes.
Welcome, Guest. Please Login or Register.
Dec 1st, 2008, 8:04pm
   Mischel Internet Security Forum
   Malware
   Trojans (Moderators: Helena, Gavin_Coe, Magnus)
   How do I fix Registry issues noted -:\secure32.htm		 « Previous topic | Next topic »
Pages: 1 2  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print
   Author  Topic: How do I fix Registry issues noted -:\secure32.htm  (Read 920 times)
mhm
Newbie
*





   


Posts: 8
How do I fix Registry issues noted -:\secure32.htm
« on: Dec 27th, 2006, 12:54am »		 Quote Quote  Modify Modify
How do I fix these issues.
 
I tried deleting from Regisry location, but they are back.
 
See below:  issue is with redirect to :\secure32.html  
 
 
Registry scan
Registry value and data exist: HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL=c:\secure32.html (matches StartPage.100) (Regedit Jump)
Registry value and data exist: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page=c:\secure32.html (matches StartPage.100) (Regedit Jump)
Registry value and data exist: HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page=c:\secure32.html (matches StartPage.100) (Regedit Jump)
Registry value and data exist: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL=c:\secure32.html (matches StartPage.100) (Regedit Jump)
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5815
Re: How do I fix Registry issues noted -:\secure32
« Reply #1 on: Dec 27th, 2006, 2:24am »		 Quote Quote  Modify Modify
Welcome to the forum mhm  Wink
 
First let's take a look at a HiJackThis scan of your system to see if other infections are present.
 
Please go to the link below, carefully read/follow the instructions, and install HiJackThis.  
 
http://www.misec.net/forum/board/FAQ/1163329424
 
Then run a HijackThis scan and post the scan log back here.
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
mhm
Newbie
*





   


Posts: 8
Re: How do I fix Registry issues noted -:\secure32
« Reply #2 on: Dec 27th, 2006, 9:15am »		 Quote Quote  Modify Modify
Here is logfile from last night I had posted to other site.
 
I can run again if needed, let me know:
 
Logfile of HijackThis v1.99.1
Scan saved at 11:48:56 PM, on 12/26/2006
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\AOL\1106919927\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\mstsc.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.ex e
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
O2 - BHO: C:\WINDOWS\System32\zgCrypt.dll - {8A5849C4-93F3-429D-FF34-660A2068897C} - C:\WINDOWS\System32\zgCrypt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1106919927\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AutoSys] C:\WINDOWS\System32\autosys.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.ex e
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Recoveru systems] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\svchost.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: Add To Kaboodle - http://www.kaboodle.com/zg/addToKaboodle.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1 -0-3-48.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/ muweb_site.cab?1137041765120
O16 - DPF: {8FAC20B4-0B1D-4BAC-BCE0-59DA519DEE67} (PCRALM.ALARM1) - http://www.pcrecruiter.net/pcrimg/PCRALM.CAB
O16 - DPF: {F2B980A3-3697-468F-9F7B-1D3E68BAF253} (Addr40.AddrControl1) - http://www.pcrecruiter.net/pcrimg/ADDR20.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{3541D36B-5AC8-4B51-A2D0-679F329F5C44} : NameServer = 10.0.0.1 10.0.0.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{3541D36B-5AC8-4B51-A2D0-679F329F5C44} : NameServer = 10.0.0.1 10.0.0.2
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\System32\msasvc.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
 
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5815
Re: How do I fix Registry issues noted -:\secure32
« Reply #3 on: Dec 27th, 2006, 12:55pm »		 Quote Quote  Modify Modify
Are you receiving help from another forum?  If so, please stick with that forum for assistance or stay on this forum for assistance.  It would not be good for you to be receiving instructions from 2-3 different people during the correction of this problem.  Please let me know if you wish me to provide assistance.
 
If you wish to use this forum, please post a fresh HJT log.
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
mhm
Newbie
*





   


Posts: 8
Re: How do I fix Registry issues noted -:\secure32
« Reply #4 on: Dec 27th, 2006, 1:09pm »		 Quote Quote  Modify Modify
I am getting no help or response except from you. The Symantec reccomendation did not work and their tech support on email were idiots.
 
Thanks for help, and I hope you can fix it or the program Trojan hunter can help and then I just buy that.
 
__________________________________________________
 
Here is log from this AM:
 
 
Logfile of HijackThis v1.99.1
Scan saved at 9:21:33 AM, on 12/27/2006
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\AOL\1106919927\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.ex e
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\WINDOWS\system32\mstsc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HJT\analyse.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
O2 - BHO: C:\WINDOWS\System32\zgCrypt.dll - {8A5849C4-93F3-429D-FF34-660A2068897C} - C:\WINDOWS\System32\zgCrypt.dll (file missing)
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1106919927\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AutoSys] C:\WINDOWS\System32\autosys.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.ex e
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Recoveru systems] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\svchost.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: Add To Kaboodle - http://www.kaboodle.com/zg/addToKaboodle.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1 -0-3-48.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/ muweb_site.cab?1137041765120
O16 - DPF: {8FAC20B4-0B1D-4BAC-BCE0-59DA519DEE67} (PCRALM.ALARM1) - http://www.pcrecruiter.net/pcrimg/PCRALM.CAB
O16 - DPF: {F2B980A3-3697-468F-9F7B-1D3E68BAF253} (Addr40.AddrControl1) - http://www.pcrecruiter.net/pcrimg/ADDR20.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{3541D36B-5AC8-4B51-A2D0-679F329F5C44} : NameServer = 10.0.0.1 10.0.0.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{3541D36B-5AC8-4B51-A2D0-679F329F5C44} : NameServer = 10.0.0.1 10.0.0.2
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\System32\msasvc.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
 
 
 
 
 
 
 
 
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5815
Re: How do I fix Registry issues noted -:\secure32
« Reply #5 on: Dec 27th, 2006, 1:45pm »		 Quote Quote  Modify Modify
Okay, please do the following:
 
1.  Go to the link below and download CleanUp.
 
http://cleanup.stevengould.org/
 
-  Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).  
-  Click the Options... button on the right.  
-  Move the arrow down to "Custom CleanUp!"  
-  Put a check next to the following (Make sure nothing else is checked!):
 
Empty Recycle Bins  
Delete Cookies  
Cleanup! All Users
 
- Click OK and close CleanUp.
 
DO NOT RUN IT YET
 
 
2.  Go to the link below and download Killbox.  Save it to your desktop.
 
http://www.downloads.subratam.org/KillBox.exe
 
3.  Go to the link below if you need info on how to boot your computer into SAFE MODE.
 
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/200105240942040 6
 
4.  Copy these instructions to Notepad and save them to your desktop so that you can refer to them while in SAFE MODE.
 
5.  Run a fresh HijackThis scan.  Once the scan is completed, place a check mark next to the following items.  BE SURE only these items are checked.
 

 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html  
 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html  
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html  
 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
 
O2 - BHO: C:\WINDOWS\System32\zgCrypt.dll - {8A5849C4-93F3-429D-FF34-660A2068897C} - C:\WINDOWS\System32\zgCrypt.dll (file missing)

 
Then close ALL windows except the HiJackThis window.  On the bottom left of the HJT window, click on Fix Checked.
Confirm that you want HJT to fix these items.
 
6.  After the HJT fixes are completed, close HJT.  IMMEDIATELY reboot your computer into SAFE MODE.  
 
7.  Perform the following steps in safe mode:
 
 
A.  Double-click on Killbox.exe to run it.  
 
- Put a tick by Standard File Kill.  
- In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time.
- Click on the button that has the red circle with the X in the middle after you enter each file.  
- It will ask for confimation to delete the file. Click Yes.  
- Continue with that procedure until you have pasted all of these in the "Paste Full Path of File to Delete" box.
 
c:\secure32.html
 
c:\Windows\secure32.html
 
c:\Windows\System32\secure32.html
 
Note: It is possible that Killbox will tell you that one or more files do not exist.  
If that happens, just continue on with all the files. Be sure you don't miss any.
 
- Exit the Killbox.
 
B.  Run Cleanup:  
Click on the "Cleanup" button and let it run.
Once it is done, close the program.
 
C.  Go to Control Panel > Internet Options.  
Click on the Programs tab then click the "Reset Web Settings" button.  
Click Apply then OK.  
 
 
D. Restart Windows back in Normal Mode.
 
8.  Now run a Remote Scan using Bit Defender.  BE SURE to disable your normal anti-virus program when running this remote scan.  Let Bit Defender clean what it finds.  The link below will send you to the Bit Defender remote scanner.  
 
http://www.bitdefender.com/scan8/ie.html
 
9.  Reboot your computer immediately following the Bit Defender scan/cleaning.
 
10.  Then run LiveUpdate in TrojanHunter to obtain the very latest rulesets.  
 
11.  Open TH scanner and click on the Options icon in the left side bar.  Check mark ALL options for scanning except the very last option concerning logging files with double extensions.  Close TH scanner.
 
12.  Reboot your computer back into SAFE MODE.
 
13.  Run a FULL scan with TrojanHunter.  Let it clean what it finds.
 
14.  Reboot your computer back into Normal Mode.
 
15.  Run another HJT scan.
 
16.  Post the new HJT scan log here.  Post the TH scan/cleaning log.  Post the Bit Defender scan/cleaning log.  
 
Looking forward to seeing the results.  Wink
 
« Last Edit: Dec 27th, 2006, 2:08pm by siliconman01 » IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
mhm
Newbie
*





   


Posts: 8
Re: How do I fix Registry issues noted -:\secure32
« Reply #6 on: Dec 27th, 2006, 1:51pm »		 Quote Quote  Modify Modify
OK - will do this when I get home from work today.
 
Appreciate the detailed response.  
 
Once cleaned - I will get kids a separate computer.
 
Mark
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5815
Re: How do I fix Registry issues noted -:\secure32
« Reply #7 on: Dec 27th, 2006, 2:16pm »		 Quote Quote  Modify Modify
Thoughts for after your system is cleaned up.  Wink
 
I assume you have not upgraded your Windows XP to Windows XP-SP2 for some good reason.  However, I strongly urge you to upgrade your system to Windows XP-SP2 so that you have the latest security patches for your XP system.  There are many, many security holes in the original XP that have been corrected via SP1 and then SP2.  
 
It is strongly recommended that you update Windows every 2nd Tuesday of the month via Windows Update.  That is when the new patches/fixes are released.  
 
In addition Internet Explorer 6.0 has been upgraded to Internet Explorer 7.0.  Again several security fixes and many enhancements.  
 
Also, your Java plug-in is out-of-date.  If you go to START>SETTINGS>CONTROL PANEL>JAVA>UPDATE tab, it will direct you to the latest version of Java.
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
mhm
Newbie
*





   


Posts: 8
Re: How do I fix Registry issues noted -:\secure32
« Reply #8 on: Dec 27th, 2006, 2:38pm »		 Quote Quote  Modify Modify
Long story but need to get it installed. I had a firend install this as my computer came with home version.
 
I never bought the upgrade to get new SP at home.
 
Any reccomendation on where to buy XP Pro Upgrade is appreciated.
 
Mark
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5815
Re: How do I fix Registry issues noted -:\secure32
« Reply #9 on: Dec 27th, 2006, 3:18pm »		 Quote Quote  Modify Modify
Quote:
Any reccomendation on where to buy XP Pro Upgrade is appreciated.  

 
First, you have to be a bit careful because there are many, many sites on the web with great prices on software; however, the truth is that they are selling pirated versions...illegal...and will not pass Microsoft Authentication.  Here are a few sites that are trustworthy.  Prices are about the same...$184-$199.  The prices may go down when Vista is released in Feb 2007.  
 
http://www.amazon.com/Microsoft-Windows-Professional-UPGRADE-SP2/dp/B000 22PTT8/sr=8-1/qid=1167253781/ref=pd_bbs_sr_1/104-9573536-5671103?ie=UTF8&s=software
 
http://www.buy.com/prod/Microsoft_Windows_XP_Professional_with_SP2_Upgra de_version/q/loc/105/20361038.html
 
http://www.compusa.com/products/product_info.asp?pfp=srch1&Ntt=windo ws+XP+Professional+Upgrade&N=0&Dx=mode+matchall&Nty=1&D=windows+XP+Professional+Upgrade&Ntk=All&product_code=314679
 
http://www.bestbuy.com/site/olspage.jsp;jsessionid=CYAQYO0YKTZURKC4D3MFA GY?_dyncharset=ISO-8859-1&id=pcat17071&type=page&st=Windows+XP+Professional+Upgrade&sc=Global&cp=1&nrp=15&sp=&qp=&list=n&iht=y&usc=All+Categories
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
mhm
Newbie
*





   


Posts: 8
Re: How do I fix Registry issues noted -:\secure32
« Reply #10 on: Dec 27th, 2006, 11:01pm »		 Quote Quote  Modify Modify
Hijack this
_______
Logfile of HijackThis v1.99.1
Scan saved at 10:43:59 PM, on 12/27/2006
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\AOL\1106919927\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\America Online 9.0c\waol.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\mstsc.exe
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\America Online 9.0c\shellmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\HJT\analyse.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =  
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =  
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1106919927\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AutoSys] C:\WINDOWS\System32\autosys.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.ex e
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Recoveru systems] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\svchost.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0c\AOL.EXE" -b
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: Add To Kaboodle - http://www.kaboodle.com/zg/addToKaboodle.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1 -0-3-48.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/ muweb_site.cab?1137041765120
O16 - DPF: {8FAC20B4-0B1D-4BAC-BCE0-59DA519DEE67} (PCRALM.ALARM1) - http://www.pcrecruiter.net/pcrimg/PCRALM.CAB
O16 - DPF: {F2B980A3-3697-468F-9F7B-1D3E68BAF253} (Addr40.AddrControl1) - http://www.pcrecruiter.net/pcrimg/ADDR20.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{3541D36B-5AC8-4B51-A2D0-679F329F5C44} : NameServer = 10.0.0.1 10.0.0.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{3541D36B-5AC8-4B51-A2D0-679F329F5C44} : NameServer = 10.0.0.1 10.0.0.2
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\System32\msasvc.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
 
 
 
 
 
______________
Bit defender summary
 
BitDefender Online Scanner - Real Time Virus Report
   
   
 
Generated at: Wed, Dec 27, 2006 - 21:24:20
 
 
------------------------------------------------------------------------ --------
 
 
   
   
 
Scan Info
   
   
 Scanned Files
 389884
 
Infected Files
 41
   
   
 
Virus Detected
   
   
 
DeepScan:Generic.Malware.SHBdldg.3B6111F9
 1
 
Trojan.SpySheriff.C
 2
 
DeepScan:Generic.Malware.Ssp!.9E60ADE1
 1
 
Adware.CyDoor
 2
 
Trojan.Downloader.3346.A
 2
 
Trojan.Downloader.Bensort.A
 1
 
Win32.Netsky.B@mm
 19
 
Generic.Malware.Bdld.BAB18B65
 8
 
Win32.Netsky.P@mm
 5
 
   
------------------------------------------------------------------------ --------
   
   
 
   
_______________
Trojan report
 Registry scan
Registry value and data exist: HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL=c:\secure32.html (matches StartPage.100) (Regedit Jump)
Registry value and data exist: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page=c:\secure32.html (matches StartPage.100) (Regedit Jump)
Registry value and data exist: HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page=c:\secure32.html (matches StartPage.100) (Regedit Jump)
Registry value and data exist: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL=c:\secure32.html (matches StartPage.100) (Regedit Jump)
Inifile scan
No suspicious entries found
Port scan
No suspicious open ports found
Memory scan
No trojans found in memory
File scan
No trojan files found
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5815
Re: How do I fix Registry issues noted -:\secure32
« Reply #11 on: Dec 28th, 2006, 1:26am »		 Quote Quote  Modify Modify
Wow, BitDefender found some choice items.  I assume that it cleaned them for you.  
 
I recommend that we check for a rootkit on your system at this point.  Please go to the link below and download/install Blacklight .  Then run the Blacklight scan and post its scan results.  While on the F-Secure site, please read what it says about rootkits.  BE SURE to download/install only Blacklight...not F-Secure Internet Security Suite 2006.
 
http://www.f-secure.com/blacklight/blacklight.html
 
Something is not quite adding here.  TH is showing the registry entries are still present.  However, the HJT scan log does not show them in its scan.  
 
Did you run the HJT scan as the last thing and just before you posted?  
 
Do you know how to use Regedit to make manual changes to the system registry?  
 
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5815
Re: How do I fix Registry issues noted -:\secure32
« Reply #12 on: Dec 28th, 2006, 2:13am »		 Quote Quote  Modify Modify
In addition to my above post, please do the following:
 
1.  Go to the link below and download/install freebie program SpywareBlaster.  This program will protect you against over 7000 malicious items that routinely infect systems using the web.  In addition, it permits you to reset web page settings.  Once you get SpywareBlaster installed, run it and do an Update to download its rules.  Enable all protection.  On the Protection Status page you should show that 0 protection items have been disabled once you have completed the above.   Note:  SpywareBlaster updates occur every 3-4 weeks; therefore, you will want to check for new updates every so often.
 
http://www.javacoolsoftware.com/spywareblaster.html
 
2.  Then click on Tools in the left icon bar of SpywareBlaster.  Select Browser Pages in the top menu.  You will see a list of browser page assignments that are in your system.  In your case, the 4 bad ones with Secure32.html should show up.  
 
DO THEY show up in this window?
 
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
mhm
Newbie
*





   


Posts: 8
Re: How do I fix Registry issues noted -:\secure32
« Reply #13 on: Dec 28th, 2006, 8:36am »		 Quote Quote  Modify Modify

FYI - When I ran Trojan Hunter after doing the things you said it did clean out the problem, and the fix kept, so something in the lengthy process did work to allow it to remove it in HJT and then in Trojan Hunter without coming back.
 
I will do other things you mentioned above.  
 
I will buy the Trojan Hunter SW also vs. the eval I have now.
 
My plan is to upgrade PCs at home now and should have done so before.
 
Thanks for your help.
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5815
Re: How do I fix Registry issues noted -:\secure32
« Reply #14 on: Dec 28th, 2006, 8:57am »		 Quote Quote  Modify Modify
Great!  Very glad that all is cleaned up  Wink
 
I'm very glad that you are upgrading to XP-SP2 Pro or Home (whichever you decide).  Also, I'm confident that you will be pleased with the additional security that TrojanHunter provides for your system.  Gavin, the trojan analyst, is adding hundreds of new detection rulesets with updates occurring daily...even on weekends.  In 2006, it looks like he will have added ~ 68,000 new detections.  
 
As a fellow Symantec user, I also suggest that you consider taking your Norton software up to NIS 2007 or NAV 2007 which is much improved over previous versions...less system resources and enhanced security protection...such as phishing protection and an excellent detection rate for malware of all types.  I'm not sure which version you have now, but the upgrade is free for some older versions if you already have a paid subscription active.    
 
Please do not hesitate to stop in on the forum at any time to seek assistance, obtain info, or whatever.   Cheesy
« Last Edit: Dec 28th, 2006, 8:57am by siliconman01 » IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
Pages: 1 2  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print

« Previous topic | Next topic »
Search
Members
Login
Register