Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

PROB? [RESOLVED]

Started by AQUA258 , Feb 03 2008 02:58 AM

  • This topic is locked This topic is locked

#1
AQUA258
Posted 03 February 2008 - 02:58 AM

AQUA258

    Member

  • Member
  • PipPipPip
  • 169 posts
Hi, its me again.
Still must have probs left from before. Computer going so slow, will not let me log in to sites. Have posted at Newbies but comp wont let me go back in there. will not even open the home page(error msge) PLUS since i had the DR WATSON BUG I can not access my ACP in my website. My comp logs me in as two people eg... 1 guest and admin. Can not get any further in to site than that. I tried accessing my site from a diff computer and it all works fine, no problems.
I just did the HJT and a message came up saying that my comp is not allowing it to do the scan. That if i do have a highjacker it will not show up in the scan????

HELP!!



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:46:10 PM, on 3/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\USB Storage RW\shwicon.exe
C:\Windows\system32\HpSrvUI.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3V1.EXE
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\Program Files\Trend Micro\Internet Security\UfUpdUi.exe
C:\Program Files\Trend Micro\Internet Security\SfFnUp.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [hpScannerFirstBoot] c:\hp\drivers\scanners\scannerfb.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [EPSON Stylus CX1500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3V1.EXE /P26 "EPSON Stylus CX1500 Series" /O6 "USB001" /M "Stylus CX1500"
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [EPSON Stylus CX1500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3V1.EXE /P26 "EPSON Stylus CX1500 Series" /M "Stylus CX1500" /EF "HKCU"
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1186103321781
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1186116406453
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 8761 bytes
  • 0

Advertisements

#2
AQUA258
Posted 04 February 2008 - 03:37 PM

AQUA258

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 169 posts
Firstly I know that it says if you have no reply to topic to go to "waiting room" BUT i didnt do that because my topic keeps saying that i posted yesterday and thats not right, therefore you would have looked and thought i was just being impatient. I posted some days ago.


UPDATE;

Managed to get ad-aware to update and run a full scan and it picked up....WIN 32 TROJAN. AGENT....The prob is that ad-aware can not delete or quarantine the file/s, it just freezes. Have gone on a mad rampage deleting things that don't look familiar to me (which mind you could be most of the stuff on my comp...lol) BUT its still here. How i can tell is because ad-aware keeps getting reset eg....all updates keep getting turned off.

Edited by AQUA258, 06 February 2008 - 09:13 AM.

  • 0

#3
Rorschach112
Posted 07 February 2008 - 06:37 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#4
AQUA258
Posted 08 February 2008 - 07:05 AM

AQUA258

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 169 posts
After doing these scans I could not open my home page. Finally manged to get it open then I couldn't log in here. Managed to get this far BUT its turned off my Trend Micro. Can't seem to find where to start up internet security. Went into the said box and clicked on the recommend but nothing working. So at the moment I have NO PROTECTION....HELP


KASPERSKY ONLINE SCANNER REPORT
Friday, February 08, 2008 7:34:01 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 8/02/2008
Kaspersky Anti-Virus database records: 553987
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 94789
Number of viruses found: 7
Number of infected objects: 18
Number of suspicious objects: 0
Duration of the scan process: 04:07:36

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Trend Micro\TrendSecure\Log\TS-CF-20080204-192835-078.log Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012008020820080209\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DFCC5.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DFCD6.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Program Files\DAP\History\Owner\_lasthist.dat Object is locked skipped
C:\Program Files\DAP\Log\DAP_REPORT.LOG Object is locked skipped
C:\Program Files\Trend Micro\Internet Security\Quarantine\1D.tmp Infected: not-a-virus:Monitor.Win32.007SpySoft.342 skipped
C:\Program Files\Trend Micro\Internet Security\Quarantine\1F.tmp Infected: Trojan-Spy.Win32.SpyAnyTime.a skipped
C:\Program Files\Trend Micro\Internet Security\Quarantine\24.tmp Infected: not-a-virus:Monitor.Win32.007SpySoft.342 skipped
C:\Program Files\Trend Micro\Internet Security\Quarantine\26.tmp Infected: Trojan-Spy.Win32.SpyAnyTime.a skipped
C:\Program Files\Trend Micro\Internet Security\Quarantine\28.tmp Infected: not-a-virus:Monitor.Win32.007SpySoft.342 skipped
C:\Program Files\Trend Micro\Internet Security\Quarantine\2B.tmp Infected: not-a-virus:Monitor.Win32.007SpySoft.342 skipped
C:\Program Files\Trend Micro\Internet Security\Quarantine\2D.tmp Infected: Trojan-Spy.Win32.SpyAnyTime.a skipped
C:\Program Files\Trend Micro\Internet Security\Quarantine\2F.tmp Infected: not-a-virus:Monitor.Win32.007SpySoft.342 skipped
C:\Program Files\Trend Micro\Internet Security\Quarantine\33.tmp Infected: not-a-virus:Monitor.Win32.007SpySoft.342 skipped
C:\Program Files\Trend Micro\Internet Security\Quarantine\34.tmp Infected: not-a-virus:Monitor.Win32.007SpySoft.342 skipped
C:\Program Files\Trend Micro\Internet Security\Quarantine\36.tmp Infected: Trojan-Spy.Win32.SpyAnyTime.a skipped
C:\Program Files\Trend Micro\Internet Security\Quarantine\5C.tmp Infected: not-a-virus:AdWare.Win32.TrafficSol.o skipped
C:\Program Files\Trend Micro\Internet Security\Quarantine\AC.tmp Infected: not-virus:BadJoke.Win32.VB.p skipped
C:\Program Files\Trend Micro\Internet Security\Quarantine\is151306[1]_5fc.VIR Infected: not-a-virus:AdWare.Win32.Virtumonde.dvm skipped
C:\Program Files\Trend Micro\Internet Security\Quarantine\is151306[1]_78c.VIR Infected: not-a-virus:AdWare.Win32.Virtumonde.dvm skipped
C:\Program Files\Trend Micro\Internet Security\Quarantine\is151314[1].exe Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Program Files\Trend Micro\Internet Security\Trusted.dat Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{025B975B-FBD3-4DE0-899E-8E330F2E4991}\RP338\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{39DE19CB-F783-4752-8794-DDA6F5273E34}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Temporary Directory 1 for Vista-Theme.zip\Setup.exe/data0062 Infected: not-a-virus:RiskTool.Win32.WFPDisabler.a skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Temporary Directory 1 for Vista-Theme.zip\Setup.exe NSIS: infected - 1 skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Cookies\index.dat Object is locked skipped
C:\WINDOWS\Temp\History\History.IE5\index.dat Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_104.dat Object is locked skipped
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.



Deckard's System Scanner v20071014.68
Run by Owner on 2008-02-08 21:07:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 448 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:07:38 PM, on 8/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\USB Storage RW\shwicon.exe
C:\Windows\system32\HpSrvUI.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\vsnpstd.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3V1.EXE
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\hh.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [hpScannerFirstBoot] c:\hp\drivers\scanners\scannerfb.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EPSON Stylus CX1500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3V1.EXE /P26 "EPSON Stylus CX1500 Series" /O6 "USB001" /M "Stylus CX1500"
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [EPSON Stylus CX1500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3V1.EXE /P26 "EPSON Stylus CX1500 Series" /M "Stylus CX1500" /EF "HKCU"
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1186103321781
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1186116406453
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 7860 bytes

-- Files created between 2008-01-08 and 2008-02-08 -----------------------------

2008-02-08 13:25:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-08 13:25:08 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-08 07:51:27 0 d-------- C:\Program Files\Lavasoft
2008-02-08 07:50:18 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-07 21:55:06 0 d-------- C:\Program Files\Microsoft Silverlight
2008-02-07 18:28:27 0 d-------- C:\Program Files\Spybot - Search & Destroy 1
2008-02-06 17:54:18 0 d-------- C:\Documents and Settings\Owner\.housecall6.6
2008-01-30 06:33:25 0 d-------- C:\Program Files\Nuclear Ball
2008-01-30 05:59:51 0 d-------- C:\Documents and Settings\All Users\Application Data\QB9 S.R.L
2008-01-27 20:31:15 0 d-------- C:\Desktop
2008-01-26 08:10:37 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus>
2008-01-24 17:38:18 0 d-------- C:\Documents and Settings\Owner\Contacts
2008-01-23 23:02:06 0 d-------- C:\Documents and Settings\Owner\Application Data\HouseCall 6.6
2008-01-23 14:46:53 0 d-------- C:\WINDOWS\pss
2008-01-22 08:35:34 0 d-------- C:\Documents and Settings\Owner\Application Data\WinRAR
2008-01-21 14:36:48 0 d-------- C:\Documents and Settings\All Users\Application Data\FreshGames
2008-01-21 09:09:42 0 d-------- C:\Documents and Settings\Owner\Application Data\GameHouse
2008-01-20 17:38:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Friends Games
2008-01-20 01:23:22 0 d-------- C:\Documents and Settings\Owner\Application Data\Zen Puzzle Garden
2008-01-20 00:53:34 0 d-------- C:\Documents and Settings\Owner\Application Data\Leadertech
2008-01-20 00:49:49 0 d-------- C:\Documents and Settings\Owner\Application Data\7Wonders
2008-01-19 22:49:38 0 d-------- C:\Documents and Settings\Owner\Application Data\Age of Japan II
2008-01-19 22:38:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Awem
2008-01-19 16:59:13 0 d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-01-19 16:57:25 0 d-------- C:\Program Files\BFG
2008-01-13 21:58:27 0 d-------- C:\Documents and Settings\Owner\Application Data\ForgottenRiddles
2008-01-13 20:51:07 0 d-------- C:\Documents and Settings\All Users\Application Data\MythPeople
2008-01-11 20:56:22 0 d-------- C:\Program Files\Trend Micro


-- Find3M Report ---------------------------------------------------------------

2008-02-08 07:50:18 0 d-------- C:\Program Files\Common Files
2008-02-07 22:06:13 0 d-------- C:\Program Files\XoftSpySE
2008-02-07 17:12:27 0 d-------- C:\Documents and Settings\Owner\Application Data\LimeWire
2008-02-07 10:59:50 0 d-------- C:\Program Files\USB Storage RW
2008-02-07 10:55:47 0 d-------- C:\Program Files\MSN Messenger
2008-02-07 10:45:51 0 d-------- C:\Program Files\DAP
2008-02-01 06:32:20 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2008-01-30 08:01:20 0 d-------- C:\Documents and Settings\Owner\Application Data\URSE Games
2008-01-28 12:51:35 0 d-------- C:\Program Files\LimeWire
2008-01-20 21:51:30 0 d-------- C:\Documents and Settings\Owner\Application Data\iWin
2008-01-20 17:28:30 0 d-------- C:\Documents and Settings\Owner\Application Data\Boomzap
2008-01-20 16:56:34 0 d-------- C:\Documents and Settings\Owner\Application Data\PlayFirst
2008-01-18 07:50:40 0 d-------- C:\Program Files\Office 2007 Enterprise Edition
2008-01-18 06:44:43 32 --a------ C:\WINDOWS\jantje
2008-01-06 23:26:36 0 d-------- C:\Documents and Settings\Owner\Application Data\Magic Match
2007-12-29 15:55:42 0 d-------- C:\Program Files\CRACK
2007-12-25 00:31:54 0 d-------- C:\Documents and Settings\Owner\Application Data\Angkor
2007-12-23 19:09:25 0 d-------- C:\Documents and Settings\Owner\Application Data\AmuletAdventure
2007-12-23 09:45:33 0 d-------- C:\Program Files\ReflexiveArcade
2007-12-21 17:47:49 192512 --a------ C:\WINDOWS\system32\kdfvmgr.exe <Not Verified; ??????; ?????? KdfVMgr>
2007-12-21 17:47:48 53248 --a------ C:\WINDOWS\system32\Kdfhok.dll <Not Verified; Kings Information & Network; Kings kdfhok>
2007-12-21 17:47:48 77824 --a------ C:\WINDOWS\system32\kdfapi.dll <Not Verified; Kings Information & Network; lab kdfapi>
2007-12-21 17:02:17 849920 --a------ C:\WINDOWS\system32\kdfinj.dll <Not Verified; Bluegem Security; LocalSSL kdfinj Library>
2007-12-09 18:44:22 0 d-------- C:\Documents and Settings\Owner\Application Data\EA
2007-12-08 01:14:21 0 d-------- C:\Documents and Settings\Owner\Application Data\Macromedia
2007-12-08 00:38:07 0 d-------- C:\Documents and Settings\Owner\Application Data\Google
2007-11-18 00:37:30 720896 --a------ C:\WINDOWS\iun6002ev.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C1656CCA-D2EA-4A32-94AE-AE0B180E6449}]
16/09/2007 11:21 PM 103760 --a------ C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [07/05/1998 02:04 PM]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [16/10/2002 04:18 AM]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [16/10/2002 04:05 AM]
"KYE_Showicon"="C:\Program Files\USB Storage RW\shwicon.exe" [25/10/2002 01:33 PM]
"hp Silent Service"="C:\Windows\system32\HpSrvUI.exe" [18/06/2002 06:24 PM]
"hpScannerFirstBoot"="c:\hp\drivers\scanners\scannerfb.exe" [13/12/2001 05:24 PM]
"Share-to-Web Namespace Daemon"="c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [17/04/2002 03:42 PM]
"CamMonitor"="c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [17/06/2002 09:11 PM]
"KBD"="C:\HP\KBD\KBD.EXE" [06/07/2001 06:56 PM]
"nwiz"="nwiz.exe" [28/07/2003 03:19 PM C:\WINDOWS\system32\nwiz.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [31/07/2002 05:28 PM]
"AlcxMonitor"="ALCXMNTR.EXE" [07/09/2004 02:47 PM C:\WINDOWS\ALCXMNTR.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 02:11 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [28/07/2003 03:19 PM]
"EPSON Stylus CX1500 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3V1.exe" [01/06/2004 07:26 PM]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [10/06/2004 02:48 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/05/2007 04:06 AM]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [01/11/2007 11:23 AM]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [21/01/2008 12:16 PM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [24/08/2007 07:00 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 04:56 PM]
"NvMediaCenter"="C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit" []
"EPSON Stylus CX1500 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3V1.exe" [01/06/2004 07:26 PM]
"OE"="C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [18/09/2007 02:31 AM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 11:43 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

*Newly Created Service* - HTTPFILTER



-- End of Deckard's System Scanner: finished at 2008-02-08 21:08:09 ------------

Edited by AQUA258, 08 February 2008 - 07:15 AM.

  • 0

#5
Rorschach112
Posted 08 February 2008 - 07:29 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Your logs are clean

Are you having any visible problems ?
  • 0

#6
AQUA258
Posted 08 February 2008 - 07:41 AM

AQUA258

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 169 posts
YES. As I stated in my very first post. Problems logging in, can't access my website and when i do it logs me in as two diff people eg...1 guest and admin but wont let me access my ACP. Cant open atachments in MSN. Wont allow me to run Ad-Aware and when it does all updates are turned off. If i manage to get it running it cant delete or quarantine anything. Trend was just turned off, cant turn it back on, not even microsoft protection. Couldn't bring up my google home page. All cleaning program updates keep getting turned off. And thats only what i can remember.

When I use someone elses comp evreything works fine. No probs signing in anywhere.

When i managed to run ad-aware it came up with this;
Root:HKLM Path:SYSTEM\ControlSEt001\Control\Safeboot\Minimal\\ctl w32.svs (If this helps any)

OH and when i go into safe mode it asks am i the administrator or owner????
In where it says All USERS and OWNER I also found ADMINISTRATOR which i deleted because it was never there before -EVER.

Edited by AQUA258, 08 February 2008 - 08:03 AM.

  • 0

#7
Rorschach112
Posted 08 February 2008 - 08:05 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Well it isn't a malware issue, you would be better off posting in the Windows XP forum with these problems.

Few things to do

You can delete the tools that we used


You now need to update your Java and remove your older versions.

Please follow these steps to remove older version Java components.

* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.

Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here



Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.



Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts.

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.
  • 0

#8
AQUA258
Posted 11 February 2008 - 06:59 AM

AQUA258

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 169 posts
HEY HEY, Unfortunately for me my suspitions were right. My comp wasn't clean. I was/ maybe am still infected with heaps of trojans. I usually run Trend micro pro but could not. Something has turned it off. Regardless of what i have done can not turn it back on so i deleted as much of it as possible (would not let me delete). I d/loaded Avasti and ran a full comp/boot check and up they all came. Trojans galore. I have run so many scans I'm actually over my comp. When i think it's all clean I create a restore point and back they come. In task manager i have this......csrss.exe.....It came up as being infected but i dont know how to remove it (apart from the end process and end process tree which wont allow me to do so).

How and where can i delete this please.
  • 0

#9
Rorschach112
Posted 11 February 2008 - 08:24 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Post a new DSS log
  • 0

#10
AQUA258
Posted 11 February 2008 - 05:10 PM

AQUA258

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 169 posts
Deckard's System Scanner v20071014.68
Run by Owner on 2008-02-12 08:09:29
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 83% (more than 75%).
Total Physical Memory: 448 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:10:32 AM, on 12/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\USB Storage RW\shwicon.exe
C:\Windows\system32\HpSrvUI.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3V1.EXE
C:\WINDOWS\vsnpstd.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll (file missing)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll (file missing)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [hpScannerFirstBoot] c:\hp\drivers\scanners\scannerfb.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EPSON Stylus CX1500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3V1.EXE /P26 "EPSON Stylus CX1500 Series" /O6 "USB001" /M "Stylus CX1500"
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [EPSON Stylus CX1500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3V1.EXE /P26 "EPSON Stylus CX1500 Series" /M "Stylus CX1500" /EF "HKCU"
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1186103321781
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1186116406453
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Unknown owner - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (file missing)
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Unknown owner - C:\Program Files\Trend Micro\BM\TMBMSRV.exe (file missing)
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Unknown owner - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe (file missing)
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Unknown owner - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe (file missing)
O23 - Service: Trend Micro Proxy Service (tmproxy) - Unknown owner - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe (file missing)

--
End of file - 8097 bytes

-- Files created between 2008-01-12 and 2008-02-12 -----------------------------

2008-02-12 08:10:05 0 d-------- C:\Program Files\Trend Micro
2008-02-11 18:32:59 0 d-------- C:\Documents and Settings\Owner\Application Data\SampleView
2008-02-10 20:21:35 4096 --a------ C:\WINDOWS\d3dx.dat
2008-02-10 17:43:05 0 d-------- C:\Program Files\Turtix
2008-02-10 17:10:49 0 d-------- C:\Program Files\Ozzy Bubbles
2008-02-10 16:54:55 0 d-------- C:\Program Files\Turtle Odyssey
2008-02-09 20:39:19 0 d-------- C:\Program Files\Lavasoft
2008-02-09 20:36:35 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-09 13:18:46 0 d-------- C:\Program Files\Alwil Software
2008-02-09 12:39:02 0 d-------- C:\Program Files\Windows Defender
2008-02-09 09:15:59 0 d-------- C:\Documents and Settings\Owner\.housecall6.6
2008-02-09 05:24:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-08 23:10:00 0 d-------- C:\Documents and Settings\All Users\Templates
2008-02-07 21:55:06 0 d-------- C:\Program Files\Microsoft Silverlight
2008-01-27 20:31:15 0 d-------- C:\Desktop
2008-01-26 08:10:37 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus>
2008-01-24 17:38:18 0 d-------- C:\Documents and Settings\Owner\Contacts
2008-01-23 14:46:53 0 d-------- C:\WINDOWS\pss
2008-01-21 14:36:48 0 d-------- C:\Documents and Settings\All Users\Application Data\FreshGames
2008-01-20 17:38:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Friends Games
2008-01-20 01:23:22 0 d-------- C:\Documents and Settings\Owner\Application Data\Zen Puzzle Garden
2008-01-20 00:49:49 0 d-------- C:\Documents and Settings\Owner\Application Data\7Wonders
2008-01-19 22:49:38 0 d-------- C:\Documents and Settings\Owner\Application Data\Age of Japan II
2008-01-19 22:38:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Awem
2008-01-19 16:59:13 0 d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-01-19 16:57:25 0 d-------- C:\Program Files\BFG


-- Find3M Report ---------------------------------------------------------------

2008-02-11 18:08:33 0 d-------- C:\Documents and Settings\Owner\Application Data\Share-to-Web Upload Folder
2008-02-11 18:05:15 0 d-------- C:\Documents and Settings\Owner\Application Data\LimeWire
2008-02-09 20:36:35 0 d-------- C:\Program Files\Common Files
2008-02-09 03:26:28 0 d-------- C:\Program Files\Java
2008-02-09 02:09:49 0 d-------- C:\Program Files\USB Storage RW
2008-02-09 00:46:18 0 d-------- C:\Program Files\XoftSpySE
2008-02-08 21:52:41 0 d-------- C:\Documents and Settings\Owner\Application Data\PlayFirst
2008-02-07 10:55:47 0 d-------- C:\Program Files\MSN Messenger
2008-02-07 10:45:51 0 d-------- C:\Program Files\DAP
2008-02-01 06:32:20 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2008-01-28 12:51:35 0 d-------- C:\Program Files\LimeWire
2008-01-20 21:51:30 0 d-------- C:\Documents and Settings\Owner\Application Data\iWin
2008-01-18 07:50:40 0 d-------- C:\Program Files\Office 2007 Enterprise Edition
2008-01-18 06:44:43 32 --a------ C:\WINDOWS\jantje
2008-01-06 23:26:36 0 d-------- C:\Documents and Settings\Owner\Application Data\Magic Match
2007-12-29 15:55:42 0 d-------- C:\Program Files\CRACK
2007-12-23 09:45:33 0 d-------- C:\Program Files\ReflexiveArcade
2007-12-21 17:47:49 192512 --a------ C:\WINDOWS\system32\kdfvmgr.exe <Not Verified; ??????; ?????? KdfVMgr>
2007-12-21 17:47:48 53248 --a------ C:\WINDOWS\system32\Kdfhok.dll <Not Verified; Kings Information & Network; Kings kdfhok>
2007-12-21 17:47:48 77824 --a------ C:\WINDOWS\system32\kdfapi.dll <Not Verified; Kings Information & Network; lab kdfapi>
2007-12-21 17:02:17 849920 --a------ C:\WINDOWS\system32\kdfinj.dll <Not Verified; Bluegem Security; LocalSSL kdfinj Library>
2007-11-18 00:37:30 720896 --a------ C:\WINDOWS\iun6002ev.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C1656CCA-D2EA-4A32-94AE-AE0B180E6449}]
C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [07/05/1998 02:04 PM]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [16/10/2002 04:18 AM]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [16/10/2002 04:05 AM]
"KYE_Showicon"="C:\Program Files\USB Storage RW\shwicon.exe" [25/10/2002 01:33 PM]
"hp Silent Service"="C:\Windows\system32\HpSrvUI.exe" [18/06/2002 06:24 PM]
"hpScannerFirstBoot"="c:\hp\drivers\scanners\scannerfb.exe" [13/12/2001 05:24 PM]
"Share-to-Web Namespace Daemon"="c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [17/04/2002 03:42 PM]
"CamMonitor"="c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [17/06/2002 09:11 PM]
"KBD"="C:\HP\KBD\KBD.EXE" [06/07/2001 06:56 PM]
"nwiz"="nwiz.exe" [28/07/2003 03:19 PM C:\WINDOWS\system32\nwiz.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [31/07/2002 05:28 PM]
"AlcxMonitor"="ALCXMNTR.EXE" [07/09/2004 02:47 PM C:\WINDOWS\ALCXMNTR.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [28/07/2003 03:19 PM]
"EPSON Stylus CX1500 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3V1.exe" [01/06/2004 07:26 PM]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [10/06/2004 02:48 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/05/2007 04:06 AM]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [01/11/2007 11:23 AM]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [14/12/2007 03:42 AM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 07:20 PM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [04/12/2007 10:00 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 04:56 PM]
"NvMediaCenter"="C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit" []
"EPSON Stylus CX1500 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3V1.exe" [01/06/2004 07:26 PM]
"OE"="C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2008-02-12 08:10:53 ------------
  • 0

Advertisements

#11
Rorschach112
Posted 11 February 2008 - 05:46 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Go to this site:
http://www.virustotal.com/
On top you'll find 'Browse'
Click the browse button and browse to the file:

C:\WINDOWS\system32\kdfvmgr.exe

Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Once scanned, copy and paste the results as well in your next reply.
  • 0

#12
AQUA258
Posted 11 February 2008 - 05:58 PM

AQUA258

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 169 posts
File has already been analysed:
MD5: 999d6822b3073a730ad657a2566e7776
Date: 01.14.2008 06:46:34 (CET) [>28D]
Results: 0/32
Permalink: analisis/970983b6075ccaa993b3d3a4baf7f4d5


File kdfvmgr.exe received on 02.12.2008 00:52:34 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 0/32 (0%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:


Antivirus Version Last Update Result
AhnLab-V3 2008.2.12.10 2008.02.11 -
AntiVir 7.6.0.62 2008.02.11 -
Authentium 4.93.8 2008.02.11 -
Avast 4.7.1098.0 2008.02.11 -
AVG 7.5.0.516 2008.02.11 -
BitDefender 7.2 2008.02.12 -
CAT-QuickHeal None 2008.02.11 -
ClamAV 0.92 2008.02.11 -
DrWeb 4.44.0.09170 2008.02.11 -
eSafe 7.0.15.0 2008.02.11 -
eTrust-Vet 31.3.5529 2008.02.11 -
Ewido 4.0 2008.02.11 -
FileAdvisor 1 2008.02.12 -
Fortinet 3.14.0.0 2008.02.11 -
F-Prot 4.4.2.54 2008.02.11 -
F-Secure 6.70.13260.0 2008.02.11 -
Ikarus T3.1.1.20 2008.02.11 -
Kaspersky 7.0.0.125 2008.02.12 -
McAfee 5227 2008.02.11 -
Microsoft 1.3204 2008.02.11 -
NOD32v2 2866 2008.02.11 -
Norman 5.80.02 2008.02.11 -
Panda 9.0.0.4 2008.02.11 -
Prevx1 V2 2008.02.12 -
Rising 20.29.22.00 2008.01.30 -
Sophos 4.26.0 2008.02.11 -
Sunbelt 2.2.907.0 2008.02.09 -
Symantec 10 2008.02.12 -
TheHacker 6.2.9.217 2008.02.11 -
VBA32 3.12.6.0 2008.02.11 -
VirusBuster 4.3.26:9 2008.02.11 -
Webwasher-Gateway 6.6.2 2008.02.11 -
Additional information
File size: 192512 bytes
MD5: 999d6822b3073a730ad657a2566e7776
SHA1: 50db9991c4e9d1f4e87645215359366706babef9
PEiD: Armadillo v1.71
  • 0

#13
Rorschach112
Posted 11 February 2008 - 06:13 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Ok your logs are clean

What problems are you having ?
  • 0

#14
AQUA258
Posted 11 February 2008 - 06:50 PM

AQUA258

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 169 posts
Have installed and uninstalled Ad-aware so many times, followed the instructions as how to set it up even though i know how BUT thought that i may be missing something. Still, every time i go to use it all the settings have been changed. Like i said I cant run or uninstall the left overs of trend yet they are still there. When i do a search nothing comes up. Yesterday it allowed me to login to my website even though i still cant get into ACP BUT today it wont even bring up the home page. This all started when I noticed i had viruses and I originally posted in your site (When Loophole was sorting it out. Not saying its his fault. Simply saying that something must have reconfigged settings on my comp). I was even having probs logging here and at Newbie. The whooshing noise has stopped since i ran the full scan with avasti yesterday BUT thats what happened when loophole told me i was good to go. The whooshing stopped then came back after a day or two????? I had to uninstall spybot sd because it said it was infected???
  • 0

#15
Rorschach112
Posted 11 February 2008 - 06:57 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Seems you have a botched Trend Micro

Lets fix that and go from there

Download WinPFind35U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.
  • Open the WinPFind35u folder and double-click on WinPFind35U.exe to start the program.
  • Under Additional Scans check the boxes beside Reg - Disabled MS Config Items, File - Additional Folder Scans, File Purity Scan.
  • Under Rootkit Search change that to Yes.
  • Under Drivers change it to Non-Microsoft
  • Under Files Created Within change it to 90 days, do the same for Files Modified Within
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.

Make sure you attach the report in your reply.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP