Thread: Vista Vitumonde Problem
View Single Post
Old 08-09-2007, 11:40 AM   #24 (permalink)
Antwon
Registered User
 
Join Date: Aug 2007
Posts: 14
OS: Vista


Re: Vista Vitumonde Problem
Deckard's System Scanner v20070804.61
Run by Anthony Kelly on 2007-08-09 at 13:38:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Anthony Kelly.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:48:42 PM, on 8/7/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\qttask.exe
C:\Windows\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\GetRight\getright.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Anthony Kelly\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\ANTHON~1.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: GetRight IE Download Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe

--
End of file - 4620 bytes

-- Files created between 2007-07-09 and 2007-08-09 -----------------------------

2007-08-08 15:29:21 0 d-------- C:\Users\All Users\Kaspersky Lab
2007-08-08 15:29:20 0 d-------- C:\Windows\system32\Kaspersky Lab
2007-08-07 13:12:10 0 d-------- C:\Program Files\Electronic Arts
2007-08-07 12:56:15 0 d-------- C:\Program Files\WAR BETA
2007-08-07 12:46:08 0 d-------- C:\Program Files\Trend Micro
2007-08-07 08:19:23 0 d-------- C:\Program Files\GetRight
2007-08-07 08:18:49 0 d-------- C:\Downloads <DOWNLO~1>
2007-08-02 15:57:10 0 d-------- C:\Program Files\EA GAMES
2007-08-01 14:17:23 43520 --a------ C:\Windows\system32\CmdLineExt03.dll
2007-08-01 14:16:27 21840 --a------ C:\Windows\system32\SIntfNT.dll
2007-08-01 14:16:27 17212 --a------ C:\Windows\system32\SIntf32.dll
2007-08-01 14:16:27 12067 --a------ C:\Windows\system32\SIntf16.dll
2007-07-25 00:42:03 0 d-------- C:\Program Files\DivX
2007-07-25 00:42:02 684 --a------ C:\Windows\mozver.dat
2007-07-21 17:45:44 0 d-------- C:\Users\All Users\Age of Empires 3
2007-07-19 12:31:39 0 d-------- C:\Program Files\Firaxis Games
2007-07-19 12:20:53 0 d-------- C:\Program Files\DaemonTools_WhenUSave_Installer
2007-07-19 12:20:37 0 d-------- C:\Program Files\DAEMON Tools
2007-07-19 12:18:07 682232 --a------ C:\Windows\system32\drivers\sptd.sys
2007-07-18 15:08:11 0 d-------- C:\Program Files\uTorrent
2007-07-16 20:31:41 0 d-------- C:\Extras
2007-07-16 20:31:41 0 d-------- C:\Autorun
2007-07-09 15:07:50 3596288 --a------ C:\Windows\system32\qt-dx331.dll
2007-07-09 15:05:58 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-07-09 15:05:58 73728 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-07-09 15:05:54 802816 --a------ C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-07-09 15:05:54 823296 --a------ C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-07-09 15:05:54 823296 --a------ C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-07-09 15:05:54 740442 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-07-09 15:05:28 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll


-- Find3M Report ---------------------------------------------------------------

2007-08-07 08:23:37 0 d-------- C:\Users\Anthony Kelly\AppData\Roaming\GetRightToGo
2007-08-05 16:53:06 0 d-------- C:\Program Files\Common Files
2007-08-05 15:29:24 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-08-01 20:20:33 0 d-------- C:\Users\Anthony Kelly\AppData\Roaming\uTorrent
2007-07-30 15:42:31 0 d-------- C:\Users\Anthony Kelly\AppData\Roaming\DivX
2007-07-28 12:08:38 0 d-------- C:\Users\Anthony Kelly\AppData\Roaming\Electronic Arts
2007-07-21 18:45:43 0 d-------- C:\Users\Anthony Kelly\AppData\Roaming\Hamachi
2007-07-21 13:01:37 0 d-------- C:\Program Files\Microsoft Games
2007-07-21 11:51:01 0 d-------- C:\Program Files\Common Files\InstallShield
2007-07-19 00:42:13 0 d-------- C:\Users\Anthony Kelly\AppData\Roaming\WinRAR
2007-07-17 13:36:55 0 dr-h----- C:\Users\Anthony Kelly\AppData\Roaming\SecuROM
2007-07-16 20:31:41 0 d-------- C:\Program Files\THQ
2007-07-16 16:14:29 0 d-------- C:\Users\Anthony Kelly\AppData\Roaming\InstallShield
2007-07-15 18:50:53 0 d-------- C:\Program Files\Windows Mail
2007-07-06 17:01:15 0 d-------- C:\Users\Anthony Kelly\AppData\Roaming\teamspeak2
2007-07-06 17:01:10 0 d-------- C:\Program Files\Teamspeak2_RC2
2007-06-21 11:29:20 0 d-------- C:\Users\Anthony Kelly\AppData\Roaming\Apple Computer
2007-06-19 14:52:17 0 d-------- C:\Users\Anthony Kelly\AppData\Roaming\Ventrilo
2007-06-14 19:04:51 26340 --a------ C:\Users\Anthony Kelly\AppData\Roaming\UserTile.png
2007-06-14 19:04:50 0 d-------- C:\Users\Anthony Kelly\AppData\Roaming\PeerNetworking
2007-06-12 01:12:52 0 d-------- C:\Users\Anthony Kelly\AppData\Roaming\nView_Wallpaper
2007-06-11 22:56:00 0 d-------- C:\Users\Anthony Kelly\AppData\Roaming\Microsoft Games
2007-06-11 22:55:13 0 d-------- C:\Program Files\Common Files\Microsoft Games
2007-06-11 22:28:23 0 d-------- C:\Program Files\Intel Desktop Boards
2007-06-11 22:18:49 0 d-------- C:\Program Files\Windows Defender
2007-06-11 21:53:18 22172 --a------ C:\Windows\system32\emptyregdb.dat
2007-06-11 21:47:27 0 d-------- C:\Users\Anthony Kelly\AppData\Roaming\Mozilla
2007-06-11 21:47:25 0 d-------- C:\Users\Anthony Kelly\AppData\Roaming\Macromedia
2007-06-11 21:47:25 0 d-------- C:\Users\Anthony Kelly\AppData\Roaming\Logitech
2007-06-11 21:47:25 0 d-------- C:\Users\Anthony Kelly\AppData\Roaming\Lavasoft
2007-06-11 21:47:25 0 d-------- C:\Users\Anthony Kelly\AppData\Roaming\Identities
2007-06-11 21:47:25 0 d-------- C:\Users\Anthony Kelly\AppData\Roaming\Adobe
2007-06-11 21:45:20 0 d-------- C:\Program Files\Ventrilo
2007-06-11 21:44:24 0 d-------- C:\Program Files\Valve
2007-06-11 21:44:20 0 d-------- C:\Program Files\QuickTime
2007-06-11 21:44:13 0 d-------- C:\Program Files\MSN Gaming Zone
2007-06-11 21:44:11 0 d-------- C:\Program Files\microsoft frontpage
2007-06-11 21:44:04 0 d-------- C:\Program Files\Logitech
2007-06-11 21:44:02 0 d-------- C:\Program Files\Lavasoft
2007-06-11 21:44:01 0 d-------- C:\Program Files\Intel Desktop Board
2007-06-11 21:43:58 0 d-------- C:\Program Files\Intel
2007-06-11 21:43:57 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-11 21:43:57 0 d-------- C:\Program Files\Common Files\ODBC
2007-06-11 21:43:57 0 d-------- C:\Program Files\Common Files\MSSoap
2007-06-11 21:43:57 0 d-------- C:\Program Files\Common Files\Logitech
2007-06-11 21:43:56 0 d-------- C:\Program Files\Common Files\Adobe
2007-06-11 21:43:56 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-06-11 21:43:45 0 d-------- C:\Program Files\Apple Software Update
2007-06-11 21:40:24 0 d-------- C:\Program Files\Sigmatel


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [06/11/2007 10:07 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [09/01/2006 04:57 PM]
"SigmatelSysTrayApp"="sttray.exe" [02/28/2007 07:56 PM C:\Windows\sttray.exe]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [07/06/2007 01:15 PM]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [07/06/2007 01:15 PM]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [07/06/2007 01:15 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [11/02/2006 08:35 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [11/02/2006 05:45 AM]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [03/16/2007 04:47 PM]
"Steam"="C:\Program Files\Valve\Steam\\Steam.exe" [07/28/2007 04:25 PM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 08:35 AM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 08:36 AM]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [04/03/2007 06:29 PM]

C:\Users\Anthony Kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 8:16:50 PM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
GetRight - Tray Icon.lnk - C:\Program Files\GetRight\getright.exe [8/7/2007 8:19:23 AM]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [3/16/2007 4:47:26 PM]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [1/19/2007 4:27:51 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E9BD0828-1FD9-410C-A50F-43EBE65D310F}"= C:\Windows\system32\gebbxxu.dll [ ]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
WudfServiceGroup WUDFSvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{59b7aca3-1885-11dc-8197-806e6f6e6963}]
AutoRun\command- D:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d92d08bc-3613-11dc-8a30-0019d121cabb}]
AutoRun\command- G:\autorun.exe
directx\command- G:\DirectX9\dxsetup.exe
setup\command- G:\setup.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2007-08-09 at 13:40:01 ---------
Antwon is offline