Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

PROBS?

Started by AQUA258 , Feb 08 2008 06:17 AM

  • This topic is locked This topic is locked

#1
AQUA258
Posted 08 February 2008 - 06:17 AM

AQUA258

    Member

  • Member
  • PipPipPip
  • 169 posts
I posted in the waiting room and was asked to do these scans. I now can't find where my original post went to.
After doing these scans I could not open my home page. Finally manged to get it open then I couldn't log in here. Managed to get this far BUT its turned off my Trend Micro. Can't seem to find where to start up internet security. Went into the said box and clicked on the recommend but nothing working. So at the moment I have NO PROTECTION....HELP


KASPERSKY ONLINE SCANNER REPORT
Friday, February 08, 2008 7:34:01 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 8/02/2008
Kaspersky Anti-Virus database records: 553987
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 94789
Number of viruses found: 7
Number of infected objects: 18
Number of suspicious objects: 0
Duration of the scan process: 04:07:36

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Trend Micro\TrendSecure\Log\TS-CF-20080204-192835-078.log Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012008020820080209\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DFCC5.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DFCD6.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Program Files\DAP\History\Owner\_lasthist.dat Object is locked skipped
C:\Program Files\DAP\Log\DAP_REPORT.LOG Object is locked skipped
C:\Program Files\Trend Micro\Internet Security\Quarantine\1D.tmp Infected: not-a-virus:Monitor.Win32.007SpySoft.342 skipped
C:\Program Files\Trend Micro\Internet Security\Quarantine\1F.tmp Infected: Trojan-Spy.Win32.SpyAnyTime.a skipped
C:\Program Files\Trend Micro\Internet Security\Quarantine\24.tmp Infected: not-a-virus:Monitor.Win32.007SpySoft.342 skipped
C:\Program Files\Trend Micro\Internet Security\Quarantine\26.tmp Infected: Trojan-Spy.Win32.SpyAnyTime.a skipped
C:\Program Files\Trend Micro\Internet Security\Quarantine\28.tmp Infected: not-a-virus:Monitor.Win32.007SpySoft.342 skipped
C:\Program Files\Trend Micro\Internet Security\Quarantine\2B.tmp Infected: not-a-virus:Monitor.Win32.007SpySoft.342 skipped
C:\Program Files\Trend Micro\Internet Security\Quarantine\2D.tmp Infected: Trojan-Spy.Win32.SpyAnyTime.a skipped
C:\Program Files\Trend Micro\Internet Security\Quarantine\2F.tmp Infected: not-a-virus:Monitor.Win32.007SpySoft.342 skipped
C:\Program Files\Trend Micro\Internet Security\Quarantine\33.tmp Infected: not-a-virus:Monitor.Win32.007SpySoft.342 skipped
C:\Program Files\Trend Micro\Internet Security\Quarantine\34.tmp Infected: not-a-virus:Monitor.Win32.007SpySoft.342 skipped
C:\Program Files\Trend Micro\Internet Security\Quarantine\36.tmp Infected: Trojan-Spy.Win32.SpyAnyTime.a skipped
C:\Program Files\Trend Micro\Internet Security\Quarantine\5C.tmp Infected: not-a-virus:AdWare.Win32.TrafficSol.o skipped
C:\Program Files\Trend Micro\Internet Security\Quarantine\AC.tmp Infected: not-virus:BadJoke.Win32.VB.p skipped
C:\Program Files\Trend Micro\Internet Security\Quarantine\is151306[1]_5fc.VIR Infected: not-a-virus:AdWare.Win32.Virtumonde.dvm skipped
C:\Program Files\Trend Micro\Internet Security\Quarantine\is151306[1]_78c.VIR Infected: not-a-virus:AdWare.Win32.Virtumonde.dvm skipped
C:\Program Files\Trend Micro\Internet Security\Quarantine\is151314[1].exe Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Program Files\Trend Micro\Internet Security\Trusted.dat Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{025B975B-FBD3-4DE0-899E-8E330F2E4991}\RP338\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{39DE19CB-F783-4752-8794-DDA6F5273E34}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Temporary Directory 1 for Vista-Theme.zip\Setup.exe/data0062 Infected: not-a-virus:RiskTool.Win32.WFPDisabler.a skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Temporary Directory 1 for Vista-Theme.zip\Setup.exe NSIS: infected - 1 skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Cookies\index.dat Object is locked skipped
C:\WINDOWS\Temp\History\History.IE5\index.dat Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_104.dat Object is locked skipped
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.



Deckard's System Scanner v20071014.68
Run by Owner on 2008-02-08 21:07:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 448 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:07:38 PM, on 8/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\USB Storage RW\shwicon.exe
C:\Windows\system32\HpSrvUI.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\vsnpstd.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3V1.EXE
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\hh.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [hpScannerFirstBoot] c:\hp\drivers\scanners\scannerfb.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EPSON Stylus CX1500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3V1.EXE /P26 "EPSON Stylus CX1500 Series" /O6 "USB001" /M "Stylus CX1500"
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [EPSON Stylus CX1500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3V1.EXE /P26 "EPSON Stylus CX1500 Series" /M "Stylus CX1500" /EF "HKCU"
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1186103321781
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1186116406453
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 7860 bytes

-- Files created between 2008-01-08 and 2008-02-08 -----------------------------

2008-02-08 13:25:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-08 13:25:08 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-08 07:51:27 0 d-------- C:\Program Files\Lavasoft
2008-02-08 07:50:18 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-07 21:55:06 0 d-------- C:\Program Files\Microsoft Silverlight
2008-02-07 18:28:27 0 d-------- C:\Program Files\Spybot - Search & Destroy 1
2008-02-06 17:54:18 0 d-------- C:\Documents and Settings\Owner\.housecall6.6
2008-01-30 06:33:25 0 d-------- C:\Program Files\Nuclear Ball
2008-01-30 05:59:51 0 d-------- C:\Documents and Settings\All Users\Application Data\QB9 S.R.L
2008-01-27 20:31:15 0 d-------- C:\Desktop
2008-01-26 08:10:37 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus>
2008-01-24 17:38:18 0 d-------- C:\Documents and Settings\Owner\Contacts
2008-01-23 23:02:06 0 d-------- C:\Documents and Settings\Owner\Application Data\HouseCall 6.6
2008-01-23 14:46:53 0 d-------- C:\WINDOWS\pss
2008-01-22 08:35:34 0 d-------- C:\Documents and Settings\Owner\Application Data\WinRAR
2008-01-21 14:36:48 0 d-------- C:\Documents and Settings\All Users\Application Data\FreshGames
2008-01-21 09:09:42 0 d-------- C:\Documents and Settings\Owner\Application Data\GameHouse
2008-01-20 17:38:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Friends Games
2008-01-20 01:23:22 0 d-------- C:\Documents and Settings\Owner\Application Data\Zen Puzzle Garden
2008-01-20 00:53:34 0 d-------- C:\Documents and Settings\Owner\Application Data\Leadertech
2008-01-20 00:49:49 0 d-------- C:\Documents and Settings\Owner\Application Data\7Wonders
2008-01-19 22:49:38 0 d-------- C:\Documents and Settings\Owner\Application Data\Age of Japan II
2008-01-19 22:38:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Awem
2008-01-19 16:59:13 0 d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-01-19 16:57:25 0 d-------- C:\Program Files\BFG
2008-01-13 21:58:27 0 d-------- C:\Documents and Settings\Owner\Application Data\ForgottenRiddles
2008-01-13 20:51:07 0 d-------- C:\Documents and Settings\All Users\Application Data\MythPeople
2008-01-11 20:56:22 0 d-------- C:\Program Files\Trend Micro


-- Find3M Report ---------------------------------------------------------------

2008-02-08 07:50:18 0 d-------- C:\Program Files\Common Files
2008-02-07 22:06:13 0 d-------- C:\Program Files\XoftSpySE
2008-02-07 17:12:27 0 d-------- C:\Documents and Settings\Owner\Application Data\LimeWire
2008-02-07 10:59:50 0 d-------- C:\Program Files\USB Storage RW
2008-02-07 10:55:47 0 d-------- C:\Program Files\MSN Messenger
2008-02-07 10:45:51 0 d-------- C:\Program Files\DAP
2008-02-01 06:32:20 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2008-01-30 08:01:20 0 d-------- C:\Documents and Settings\Owner\Application Data\URSE Games
2008-01-28 12:51:35 0 d-------- C:\Program Files\LimeWire
2008-01-20 21:51:30 0 d-------- C:\Documents and Settings\Owner\Application Data\iWin
2008-01-20 17:28:30 0 d-------- C:\Documents and Settings\Owner\Application Data\Boomzap
2008-01-20 16:56:34 0 d-------- C:\Documents and Settings\Owner\Application Data\PlayFirst
2008-01-18 07:50:40 0 d-------- C:\Program Files\Office 2007 Enterprise Edition
2008-01-18 06:44:43 32 --a------ C:\WINDOWS\jantje
2008-01-06 23:26:36 0 d-------- C:\Documents and Settings\Owner\Application Data\Magic Match
2007-12-29 15:55:42 0 d-------- C:\Program Files\CRACK
2007-12-25 00:31:54 0 d-------- C:\Documents and Settings\Owner\Application Data\Angkor
2007-12-23 19:09:25 0 d-------- C:\Documents and Settings\Owner\Application Data\AmuletAdventure
2007-12-23 09:45:33 0 d-------- C:\Program Files\ReflexiveArcade
2007-12-21 17:47:49 192512 --a------ C:\WINDOWS\system32\kdfvmgr.exe <Not Verified; ??????; ?????? KdfVMgr>
2007-12-21 17:47:48 53248 --a------ C:\WINDOWS\system32\Kdfhok.dll <Not Verified; Kings Information & Network; Kings kdfhok>
2007-12-21 17:47:48 77824 --a------ C:\WINDOWS\system32\kdfapi.dll <Not Verified; Kings Information & Network; lab kdfapi>
2007-12-21 17:02:17 849920 --a------ C:\WINDOWS\system32\kdfinj.dll <Not Verified; Bluegem Security; LocalSSL kdfinj Library>
2007-12-09 18:44:22 0 d-------- C:\Documents and Settings\Owner\Application Data\EA
2007-12-08 01:14:21 0 d-------- C:\Documents and Settings\Owner\Application Data\Macromedia
2007-12-08 00:38:07 0 d-------- C:\Documents and Settings\Owner\Application Data\Google
2007-11-18 00:37:30 720896 --a------ C:\WINDOWS\iun6002ev.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C1656CCA-D2EA-4A32-94AE-AE0B180E6449}]
16/09/2007 11:21 PM 103760 --a------ C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [07/05/1998 02:04 PM]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [16/10/2002 04:18 AM]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [16/10/2002 04:05 AM]
"KYE_Showicon"="C:\Program Files\USB Storage RW\shwicon.exe" [25/10/2002 01:33 PM]
"hp Silent Service"="C:\Windows\system32\HpSrvUI.exe" [18/06/2002 06:24 PM]
"hpScannerFirstBoot"="c:\hp\drivers\scanners\scannerfb.exe" [13/12/2001 05:24 PM]
"Share-to-Web Namespace Daemon"="c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [17/04/2002 03:42 PM]
"CamMonitor"="c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [17/06/2002 09:11 PM]
"KBD"="C:\HP\KBD\KBD.EXE" [06/07/2001 06:56 PM]
"nwiz"="nwiz.exe" [28/07/2003 03:19 PM C:\WINDOWS\system32\nwiz.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [31/07/2002 05:28 PM]
"AlcxMonitor"="ALCXMNTR.EXE" [07/09/2004 02:47 PM C:\WINDOWS\ALCXMNTR.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 02:11 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [28/07/2003 03:19 PM]
"EPSON Stylus CX1500 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3V1.exe" [01/06/2004 07:26 PM]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [10/06/2004 02:48 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/05/2007 04:06 AM]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [01/11/2007 11:23 AM]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [21/01/2008 12:16 PM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [24/08/2007 07:00 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 04:56 PM]
"NvMediaCenter"="C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit" []
"EPSON Stylus CX1500 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3V1.exe" [01/06/2004 07:26 PM]
"OE"="C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [18/09/2007 02:31 AM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 11:43 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

*Newly Created Service* - HTTPFILTER



-- End of Deckard's System Scanner: finished at 2008-02-08 21:08:09 ------------
  • 0

Advertisements

#2
Rorschach112
Posted 08 February 2008 - 06:54 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Here is your original topic

http://www.geekstogo...OB-t186136.html

Post the logs there please
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP