Jump to content


Check up

Started by Tunerz, Sep 15 2007 06:40 PM

  • You cannot reply to this topic
3 replies to this topic

#1 OFFLINE   Tunerz

    Advanced Member

  • Members
  • PipPipPip
  • 490 posts
  • Gender:Male
  • Location:Philippines
  • Interests:No idea

Posted 15 September 2007 - 06:40 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:38:37 AM, on 9/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
d:\Program Files\Triggersoft\Hotspot Shield\bin\openvpnas.exe
C:\windows\system32\nvsvc32.exe
D:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\windows\system32\svchost.exe
D:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
D:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
D:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
D:\Program Files\Warcraft III\DynDNS Updater\DynDNS.exe
C:\windows\Explorer.EXE
D:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\windows\system32\rundll32.exe
D:\Program Files\Warcraft III\Privoxy\privoxy.exe
D:\Program Files\Warcraft III\System Utilities\RocketDock\RocketDock.exe
D:\Program Files\Opera 9\Opera.exe
C:\windows\System32\svchost.exe
D:\Program Files\CursorXP\CursorXP.exe
D:\Program Files\Warcraft III\PCC2006_1410_1041\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Program Files\Warcraft III\Orbitdownloader\orbitcth.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - D:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [pccguide.exe] "D:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CursorXP] D:\Program Files\CursorXP\CursorXP.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Privoxy.lnk = D:\Program Files\Warcraft III\Privoxy\privoxy.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Rocket Dock.lnk = D:\Program Files\Warcraft III\System Utilities\RocketDock\RocketDock.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Privoxy.lnk = D:\Program Files\Warcraft III\Privoxy\privoxy.exe (User 'Default user')
O4 - .DEFAULT Startup: Rocket Dock.lnk = D:\Program Files\Warcraft III\System Utilities\RocketDock\RocketDock.exe (User 'Default user')
O4 - Startup: Privoxy.lnk = D:\Program Files\Warcraft III\Privoxy\privoxy.exe
O4 - Startup: Rocket Dock.lnk = D:\Program Files\Warcraft III\System Utilities\RocketDock\RocketDock.exe
O8 - Extra context menu item: &Download by Orbit - res://D:\Program Files\Warcraft III\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://D:\Program Files\Warcraft III\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Program Files\Warcraft III\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://D:\Program Files\Warcraft III\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1172263792312
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SOL\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apache2 - Apache Software Foundation - D:\Program Files\Offlinez\apache\bin\apache.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\windows\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: DynDNS Updater Service (DynDNS_Updater_Service) - Kana Solution - D:\Program Files\Warcraft III\DynDNS Updater\DynDNS.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - d:\Program Files\Triggersoft\Hotspot Shield\bin\openvpnas.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: mysql - Unknown owner - D:\Program Files\Offlinez\mysql\bin\mysqld-nt.exe
O23 - Service: Neoava Guard Service (neosvc) - Unknown owner - (no file)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - D:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - D:\Program Files\SOL\Sandboxie\SbieSvc.exe
O23 - Service: Shadow System Service (ShadowSystemService) - Unknown owner - C:\windows\system32\shadow\ShadowService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - D:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - D:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - D:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Tor Win32 Service (tor) - Trend Micro Inc. - (no file)
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 8761 bytes

#2 OFFLINE   AndyManchesta

    Power Member

  • Spyware Moderators
  • 1,821 posts
  • Gender:Male
  • Location:Manchester. UK
  • Interests:Music, Movies, Website Building & Design, Malware Testing/Research and spending time with friends & family.

Posted 21 September 2007 - 12:07 AM

Hi Tunerz

Run HijackThis and choose Do A System Scan then place a check next to these entries

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O24 - Desktop Component 0: (no name) - (no file)

Close all open browser and other windows except for HijackThis and press the Fix Checked button

Optional


O23 - Service: Neoava Guard Service (neosvc) - Unknown owner - (no file)
If Neoava Guard is no longer on the system then this service can be removed by going to start > run > and typing sc delete neosvc, press ok and you will just notice the cmd screen flash on then off again and the service will then be removed, if it is still on the system then it should be reinstalled as its missing the filepath information.


O23 - Service: Tor Win32 Service (tor) - Trend Micro Inc. - (no file)
Something appears to be abit corrupt there as this service isnt created by Trend Micro, Tor is an anonymous Internet communication system from http://tor.eff.org/, again if its no longer on the system its service can be removed by going to start > run > and typing sc delete tor or reinstalled if it is something you wish to use

To make sure there's no malware problems please run a scan with Kaspersky and post back the log

Run Kaspersky WebScanner
  • Please go HERE and click Kaspersky Online Scanner
  • Read and Accept the Agreement
  • You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • If you see a Windows [dialog asking if you want to install this software, click the Install button.
  • The program will launch and then begin downloading the latest definition files,
  • When the "Update progress" line changes to "Ready" and the "NEXT ->" button becomes available, please click on it.
  • Click on the Scan Settings button, and in the next window select the Extended database, and click Ok.
  • Under "Please select a target to scan:", click My Computer to start the scan.
  • When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window.
Cheers

Andy

#3 OFFLINE   Tunerz

    Advanced Member

  • Members
  • PipPipPip
  • 490 posts
  • Gender:Male
  • Location:Philippines
  • Interests:No idea

Posted 22 September 2007 - 02:19 PM

Quote

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:15:19 PM, on 9/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
d:\Program Files\Triggersoft\Hotspot Shield\bin\openvpnas.exe
C:\windows\system32\nvsvc32.exe
D:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\windows\system32\svchost.exe
D:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
D:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
D:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
D:\Program Files\Warcraft III\DynDNS Updater\DynDNS.exe
C:\windows\Explorer.EXE
C:\windows\system32\rundll32.exe
D:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\windows\System32\svchost.exe
D:\Program Files\Warcraft III\System Utilities\RocketDock\RocketDock.exe
D:\Program Files\SOL\Sandboxie\SbieSvc.exe
C:\Documents and Settings\rj.REBORN\My Documents\Flash Games\DF Trainer\DF Millenium 3.5.exe
D:\Program Files\Winamp\winamp.exe
D:\Program Files\Opera 9\Opera.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
D:\Program Files\Warcraft III\PCC2006_1410_1041\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Program Files\Warcraft III\Orbitdownloader\orbitcth.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - D:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [pccguide.exe] "D:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Rocket Dock.lnk = D:\Program Files\Warcraft III\System Utilities\RocketDock\RocketDock.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Rocket Dock.lnk = D:\Program Files\Warcraft III\System Utilities\RocketDock\RocketDock.exe (User 'Default user')
O8 - Extra context menu item: &Download by Orbit - res://D:\Program Files\Warcraft III\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://D:\Program Files\Warcraft III\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Program Files\Warcraft III\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://D:\Program Files\Warcraft III\Orbitdownloader\orbitmxt.dll/202
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1172263792312
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SOL\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apache2 - Apache Software Foundation - D:\Program Files\Offlinez\apache\bin\apache.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\windows\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: DynDNS Updater Service (DynDNS_Updater_Service) - Kana Solution - D:\Program Files\Warcraft III\DynDNS Updater\DynDNS.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - d:\Program Files\Triggersoft\Hotspot Shield\bin\openvpnas.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: mysql - Unknown owner - D:\Program Files\Offlinez\mysql\bin\mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - D:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - D:\Program Files\SOL\Sandboxie\SbieSvc.exe
O23 - Service: Shadow System Service (ShadowSystemService) - Unknown owner - C:\windows\system32\shadow\ShadowService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - D:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - D:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - D:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 7963 bytes

Managed to remove most of the entries you requested to fix


Quote

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, September 22, 2007 10:14:23 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 22/09/2007
Kaspersky Anti-Virus database records: 422037
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - Folders:
C:\

Scan Statistics:
Total number of scanned objects: 45946
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 00:51:53

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\rj.REBORN\Application Data\Mozilla\Firefox\Profiles\74l5rvj6.default\cert8.db Object is locked skipped
C:\Documents and Settings\rj.REBORN\Application Data\Mozilla\Firefox\Profiles\74l5rvj6.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\rj.REBORN\Application Data\Mozilla\Firefox\Profiles\74l5rvj6.default\history.dat Object is locked skipped
C:\Documents and Settings\rj.REBORN\Application Data\Mozilla\Firefox\Profiles\74l5rvj6.default\key3.db Object is locked skipped
C:\Documents and Settings\rj.REBORN\Application Data\Mozilla\Firefox\Profiles\74l5rvj6.default\parent.lock Object is locked skipped
C:\Documents and Settings\rj.REBORN\Application Data\Mozilla\Firefox\Profiles\74l5rvj6.default\search.sqlite Object is locked skipped
C:\Documents and Settings\rj.REBORN\Application Data\Mozilla\Firefox\Profiles\74l5rvj6.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\rj.REBORN\Application Data\Sandbox\__Delete_DefaultBox_01C7C5D4496025C8\DFV4\Dragonfablev3.exe Object is locked skipped
C:\Documents and Settings\rj.REBORN\Application Data\Sandbox\__Delete_DefaultBox_01C7C5D4496025C8\DFV4\readme first for the ID's.txt Object is locked skipped
C:\Documents and Settings\rj.REBORN\Application Data\Sandbox\__Delete_DefaultBox_01C7C5D4496025C8\DFV4\system\admin.swf Object is locked skipped
C:\Documents and Settings\rj.REBORN\Application Data\Sandbox\__Delete_DefaultBox_01C7C5D4496025C8\DFV4\system\char.swf Object is locked skipped
C:\Documents and Settings\rj.REBORN\Application Data\Sandbox\__Delete_DefaultBox_01C7C5D4496025C8\DFV4\system\class.swf Object is locked skipped
C:\Documents and Settings\rj.REBORN\Application Data\Sandbox\__Delete_DefaultBox_01C7C5D4496025C8\DFV4\system\new.swf Object is locked skipped
C:\Documents and Settings\rj.REBORN\Application Data\Sandbox\__Delete_DefaultBox_01C7C5D4496025C8\DFV4\system\quest.swf Object is locked skipped
C:\Documents and Settings\rj.REBORN\Application Data\Sandbox\__Delete_DefaultBox_01C7C5D4496025C8\DFV4\system\shop.swf Object is locked skipped
C:\Documents and Settings\rj.REBORN\Application Data\Sandbox\__Delete_DefaultBox_01C7C5D4496025C8\DFV4\system\test.swf Object is locked skipped
C:\Documents and Settings\rj.REBORN\Application Data\Sandbox\__Delete_DefaultBox_01C7C5D4496025C8\DFV4\system\test2.swf Object is locked skipped
C:\Documents and Settings\rj.REBORN\Application Data\Sandbox\__Delete_DefaultBox_01C7C5D4496025C8\DFV4\system\town.swf Object is locked skipped
C:\Documents and Settings\rj.REBORN\Application Data\Sandbox\__Delete_DefaultBox_01C7C5D4496025C8\DFV4\system\town2.swf Object is locked skipped
C:\Documents and Settings\rj.REBORN\Application Data\Sandbox\__Delete_DefaultBox_01C7C5D4496025C8\DFV4\system\town3.swf Object is locked skipped
C:\Documents and Settings\rj.REBORN\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\rj.REBORN\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\rj.REBORN\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\rj.REBORN\Local Settings\Application Data\Mozilla\Firefox\Profiles\74l5rvj6.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\rj.REBORN\Local Settings\Application Data\Mozilla\Firefox\Profiles\74l5rvj6.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\rj.REBORN\Local Settings\Application Data\Mozilla\Firefox\Profiles\74l5rvj6.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\rj.REBORN\Local Settings\Application Data\Mozilla\Firefox\Profiles\74l5rvj6.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\rj.REBORN\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\rj.REBORN\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\rj.REBORN\ntuser.dat Object is locked skipped
C:\Documents and Settings\rj.REBORN\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{2DDBE2E6-938E-4600-9368-4FACB1A1C5D4}\RP241\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

I'll post the report on Partition D tomorrow, running low in time currently

#4 OFFLINE   AndyManchesta

    Power Member

  • Spyware Moderators
  • 1,821 posts
  • Gender:Male
  • Location:Manchester. UK
  • Interests:Music, Movies, Website Building & Design, Malware Testing/Research and spending time with friends & family.

Posted 22 September 2007 - 03:02 PM

Hi Tunerz

Let us know if it does find any infections or if your having any problems on the PC but based on those results and your hijackthis log your system looks fine,

Cheers

Andy
Back to Spyware Hell


  1. Piriform Community Forums
  2. Computer Help and Discussion
  3. Spyware Hell