Thread: Browser Hijacked -- How troublesome...
View Single Post
Old 08-07-2007, 03:47 PM   #7 (permalink)
Wanderer_Stars
Registered User
 
Join Date: Aug 2007
Posts: 12
OS: XP


Re: Browser Hijacked -- How troublesome...
Yes, Ill d/l any anti-virus

Here is the main.txt log:


Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
62: 2007-08-07 21:05:38 UTC - RP87 - Deckard's System Scanner Restore Point
61: 2007-08-07 10:40:01 UTC - RP86 - System Checkpoint
60: 2007-08-06 08:21:59 UTC - RP85 - System Checkpoint
59: 2007-08-05 05:50:44 UTC - RP84 - Installed Debugging Tools for Windows
58: 2007-08-05 02:42:49 UTC - RP83 - System Checkpoint


-- First Restore Point --
1: 2007-06-13 05:43:46 UTC - RP26 - Installed Windows Media Format 9 Series Runtime Setup


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Illidan.exe) ---------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-08-07 14:10:09
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\soundman.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\cthelper.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Illidan\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.planetgamecam.com/index.php?locid=tutorials
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {00000026-8735-428D-B81F-DD098223B25F} - (no file)
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {000006b1-19b5-414a-849f-2a3c64ae6939} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: msscds32.msdn_hlp - {279A05E3-C129-4189-BA16-F0DB908C89B0} - C:\WINDOWS\system32\msscds32.dll
O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKEY_LOCAL_MACHINE\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKEY_LOCAL_MACHINE\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKEY_LOCAL_MACHINE\..\Run: [nwiz] nwiz.exe /install
O4 - HKEY_LOCAL_MACHINE\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKEY_LOCAL_MACHINE\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKEY_LOCAL_MACHINE\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra 'Tools' menuitem: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} () - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft.com/fwlink/?LinkId=82580
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1186520408045
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get.../ultrashim.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{C3D289D8-6E5F-49F9-B3D0-60F0A2420152}: NameServer = 213.246.33.228
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{EFB6AD7A-C23E-4260-A824-002447FBD892}: NameServer = 213.246.33.228
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - "C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe



-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 ZWCWDEJS - c:\windows\system32\zwcwdejs.afp

S2 vdo_b76-4b6b - c:\windows\system32\vdo_b76-4b6b.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ForceWare Intelligent Application Manager (IAM) - c:\program files\nvidia corporation\networkaccessmanager\bin\nsvcappflt.exe <Not Verified; ; app_filter Module>
R2 ForcewareWebInterface (Forceware Web Interface) - "c:\program files\nvidia corporation\networkaccessmanager\apache group\apache2\bin\apache.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server>
R2 nSvcIp (ForceWare IP service) - c:\program files\nvidia corporation\networkaccessmanager\bin\nsvcip.exe <Not Verified; NVIDIA; NVIDIA nSvcIp>
R2 nSvcLog (ForceWare user log service) - c:\program files\nvidia corporation\networkaccessmanager\bin\nsvclog.exe <Not Verified; NVIDIA; NVIDIA nSvcLog>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-08-03 08:47:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-07-07 and 2007-08-07 -----------------------------

2007-08-07 14:07:04 0 d-------- C:\Program Files\Trend Micro
2007-08-07 14:00:14 0 d-------- C:\WINDOWS\LastGood
2007-08-07 13:54:45 21312 --a------ C:\WINDOWS\choice.exe
2007-08-07 13:14:18 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2007-08-07 13:14:17 0 d-------- C:\Program Files\SpywareBlaster
2007-08-07 02:03:13 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-08-05 14:24:53 0 d-------- C:\Documents and Settings\Illidan\Application Data\Yahoo!
2007-08-05 14:24:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-08-05 14:19:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-08-05 14:18:50 0 d-------- C:\Program Files\Yahoo!
2007-08-04 22:50:45 0 d-------- C:\Program Files\Debugging Tools for Windows
2007-08-04 20:36:31 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2007-08-03 18:40:44 4 --a------ C:\WINDOWS\system32\stfv.bin
2007-08-03 17:09:14 18432 --a------ C:\WINDOWS\sysrlb32.exe <Not Verified; Microsoft Corp.; Project1>
2007-08-03 16:31:33 26112 --a------ C:\WINDOWS\vxddsk.exe
2007-08-03 16:31:32 29696 --a------ C:\WINDOWS\wml.exe
2007-08-03 16:31:32 20224 --a------ C:\WINDOWS\system32\wml.exe
2007-08-03 16:31:32 21248 --a------ C:\WINDOWS\system32\vxddsk.exe
2007-08-03 16:31:32 12800 --a------ C:\WINDOWS\SUSP.exe
2007-08-03 16:31:32 14336 --a------ C:\WINDOWS\satmat.exe
2007-08-03 16:31:32 17152 --a------ C:\WINDOWS\Biprep.exe
2007-08-03 16:31:32 14080 --a------ C:\WINDOWS\bi.dll
2007-08-03 16:31:32 15616 --a------ C:\WINDOWS\7search.dll
2007-08-03 16:31:31 23296 --a------ C:\WINDOWS\voiceip.dll
2007-08-03 16:31:31 26624 --a------ C:\WINDOWS\swin32.dll
2007-08-03 16:31:31 20992 --a------ C:\WINDOWS\stcloader.exe
2007-08-03 16:31:31 19712 --a------ C:\WINDOWS\pbar.dll
2007-08-03 16:31:31 12800 --a------ C:\WINDOWS\flt.dll
2007-08-03 16:31:31 17152 --a------ C:\WINDOWS\764.exe
2007-08-03 16:31:30 18432 --a------ C:\WINDOWS\mssvr.exe
2007-08-03 16:31:30 30720 --a------ C:\WINDOWS\mspphe.dll
2007-08-03 16:31:30 13312 --a------ C:\WINDOWS\cdsm32.dll
2007-08-03 16:31:30 31744 --a------ C:\WINDOWS\bokja.exe
2007-08-03 16:31:29 20992 --a------ C:\WINDOWS\system32\WER8274.DLL
2007-08-03 16:31:29 8960 --a------ C:\WINDOWS\system32\MSIXU.DLL
2007-08-03 16:31:29 9728 --a------ C:\WINDOWS\bjam.dll
2007-08-03 16:31:29 27136 --a------ C:\WINDOWS\2020search2.dll
2007-08-03 16:31:29 28928 --a------ C:\WINDOWS\2020search.dll
2007-08-03 16:31:29 31744 --a------ C:\WINDOWS\180ax.exe
2007-08-03 16:31:28 19968 --a------ C:\WINDOWS\updatetc.exe
2007-08-03 16:31:28 17664 --a------ C:\WINDOWS\salm.exe
2007-08-03 16:31:28 11264 --a------ C:\WINDOWS\saiemod.dll
2007-08-03 16:31:22 25088 --a------ C:\WINDOWS\system32\msscds32.dll <Not Verified; Microsoft; Windows Explorer cdrom optimizer>
2007-08-03 16:31:21 12 --a------ C:\WINDOWS\system32\gtv_sd.bin
2007-08-03 16:31:12 10756 --a------ C:\WINDOWS\system32\uqpzttri.exe <Not Verified; Microsoft; Project1>
2007-08-03 16:31:11 8705 --a------ C:\WINDOWS\system32\rdovyjbw.exe
2007-07-31 13:37:35 0 d-------- C:\Documents and Settings\Illidan\Application Data\Publish Providers
2007-07-31 13:34:51 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2007-07-31 13:34:39 0 d-------- C:\Program Files\Microsoft SQL Server
2007-07-31 13:34:25 0 d-------- C:\Documents and Settings\Illidan\Application Data\Sony
2007-07-31 13:33:32 0 d-------- C:\Program Files\Sony
2007-07-30 06:19:36 3072 --a------ C:\Documents and Settings\Illidan\open.exe
2007-07-30 06:07:08 0 dr------- C:\Documents and Settings\LocalService\Favorites
2007-07-30 06:07:08 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
2007-07-30 06:07:03 3073 --a------ C:\WINDOWS\system32\open.exe
2007-07-29 19:51:13 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-07-29 19:51:13 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2007-07-29 19:51:13 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-07-29 19:51:13 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-07-29 19:51:12 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-07-29 19:51:12 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-07-29 19:51:12 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-07-29 19:51:12 0 d--h----- C:\Documents and Settings\Administrator\Recent
2007-07-29 19:51:12 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-07-29 19:51:12 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-07-29 19:51:12 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-07-29 19:51:12 0 d-------- C:\Documents and Settings\Administrator\My Documents
2007-07-29 19:51:12 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-07-29 19:51:12 0 d-------- C:\Documents and Settings\Administrator\Favorites
2007-07-28 01:22:48 0 d-------- C:\Program Files\AVSMedia
2007-07-27 10:20:44 113157 --a------ C:\WINDOWS\spooldr.exe
2007-07-27 10:19:40 8296 --a------ C:\WINDOWS\system32\tilishpy.exe
2007-07-25 20:27:25 2829 --a------ C:\WINDOWS\War3Unin.pif
2007-07-25 20:27:25 139264 --a------ C:\WINDOWS\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>
2007-07-25 20:27:25 76474 --a------ C:\WINDOWS\War3Unin.dat
2007-07-25 20:11:18 0 d-------- C:\WINDOWS\system32\defaults
2007-07-25 20:11:17 0 d-------- C:\WINDOWS\system32\data
2007-07-23 14:22:12 1082 --a------ C:\WINDOWS\checkip.dat
2007-07-19 23:23:55 8662 --a------ C:\WINDOWS\system32\magdfovj.exe
2007-07-12 17:44:43 0 d-------- C:\WINDOWS\Sun
2007-07-12 17:44:43 0 d-------- C:\Documents and Settings\Illidan\Application Data\Sun
2007-07-11 11:37:26 0 d-------- C:\Program Files\Common Files\Download Manager
2007-07-10 17:08:17 0 d-------- C:\Documents and Settings\Illidan\Application Data\Apple Computer
2007-07-10 1745 1755 --a------ C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
2007-07-10 17:05:59 0 d-------- C:\Program Files\Apple Software Update
2007-07-10 17:05:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer


-- Find3M Report ---------------------------------------------------------------

2007-08-07 02:40:28 0 d-------- C:\Program Files\Messenger
2007-08-07 02:39:31 0 d-------- C:\Program Files\Google
2007-08-05 23:13:14 0 d-------- C:\Program Files\Warcraft III
2007-08-05 14:17:54 0 d-------- C:\Program Files\Trillian
2007-08-03 19:24:45 0 d-------- C:\Program Files\Java
2007-07-29 20:05:13 0 d-------- C:\Program Files\Common Files\AVSMedia
2007-07-28 01:24:23 0 d-------- C:\Documents and Settings\Illidan\Application Data\AVSMedia
2007-07-25 19:44:16 0 d-------- C:\Program Files\LimeWire
2007-07-12 19:02:16 0 d-------- C:\Program Files\QuickTime
2007-07-12 11:22:01 0 d-------- C:\Documents and Settings\Illidan\Application Data\LimeWire
2007-07-11 11:37:26 0 d-------- C:\Program Files\Common Files
2007-07-06 10:44:07 0 d-------- C:\Program Files\Game Cam v1.4
2007-06-25 18:35:06 0 d-------- C:\Documents and Settings\Illidan\Application Data\Help
2007-06-14 20:40:57 0 d-------- C:\Program Files\Movie Maker
2007-06-12 22:44:03 0 d-------- C:\Documents and Settings\Illidan\Application Data\AVS4YOU


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000026-8735-428D-B81F-DD098223B25F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{000006b1-19b5-414a-849f-2a3c64ae6939}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{279A05E3-C129-4189-BA16-F0DB908C89B0}]
08/03/2007 04:31 PM 25088 --a------ C:\WINDOWS\system32\msscds32.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30000273-8230-4dd4-be4f-6889d1e74167}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5fa6752a-c4a0-4222-88c2-928ae5ab4966}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77701e16-9bfe-4b63-a5b4-7bd156758a37}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bb936323-19fa-4521-ba29-eca6a121bc78}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765728274}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc3a74e5-f281-4f10-ae1e-733078684f3c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nTrayFw"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [04/29/2005 06:22 PM]
"SoundMan"="SOUNDMAN.EXE" [10/23/2005 11:45 PM C:\WINDOWS\soundman.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [08/11/2006 09:43 PM]
"nwiz"="nwiz.exe" [08/11/2006 09:43 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [08/11/2006 09:43 PM]
"CTHelper"="CTHELPER.EXE" [05/28/2003 12:59 PM C:\WINDOWS\system32\cthelper.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [03/14/2007 03:43 AM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [08/04/2004 12:56 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/20/2007 06:02 PM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [07/16/2007 03:17 PM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Illidan^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Illidan\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F146C9B1-VMVQ-A9RC-NUFL-D0BA00B4E999}]
C:\WINDOWS\system32\msbind32.exe



-- End of Deckard's System Scanner: finished at 2007-08-07 at 14:10:42 ---------







And as directed, I attached the extra.txt


~Wanderer of the Stars~
Attached Files
File Type: txt extra.txt (8.8 KB, 2 views)
Wanderer_Stars is offline