Thread: pc very slow, multiple trojans/malware, hijackthis log
View Single Post
Old 10-02-2007, 04:52 AM   #1 (permalink)
jimmyfishcake
Registered User
 
Join Date: Sep 2007
Posts: 5
OS: XP


pc very slow, multiple trojans/malware, hijackthis log
About 4 or 5 days ago my pc became extremely slow & laggy, so slow it is almost impossible to use unless i restart it. After a restart it gradually slows down over a few hours until I have to restart it again. Its when I'm using firefox I notice it the most but it affects most programs, applications will freeze for 1 minute or 10 minutes or even hours.
A couple of times when I forced a folder or some applications to quit, my desktop crashed, everything disappeared & some very large yellow words appeared on a black background at bottom left of my page. The words were VERTICAL & said 'my desktop' or some **** like this. Its so dam frustrating I am on the verge of losing my mind. It takes me hours just to do this post.

The only other clue I have is that I have noticed a new icon in my notification area, it says 'shockwave updater' when I hover over it, it not only looks very suspicious, but I didn't put it there. Its been approaching me a couple of times a day via pop-up, trying to make me click 'o.k.'

I have posted requested log files below:


Any help would be appreciated.



Incident Status Location

Potentially unwanted tool:Application/PRScheduler Not disinfected C:\Documents and Settings\Jon_W\Start Menu\Programs\Startup\PowerReg Scheduler.exe
Adware:adware/exact.bargainbuddy Not disinfected c:\windows\system32\exclean.exe
Spyware:spyware/clearsearch Not disinfected c:\windows\system32\IETie.dll
Dialer:dialer.xd Not disinfected c:\windows\switchagreement.txt
Adware:adware/sahagent Not disinfected c:\windows\system32\SahImages
Adware:adware/wupd Not disinfected Windows Registry
Spyware:spyware/searchcentrix Not disinfected Windows Registry
Dialer:dialer.asl Not disinfected hkey_classes_root\clsid\{0D62A517-E7C6-4E1F-A577-07D4AC549A48}
Adware:adware/instdollars Not disinfected Windows Registry
Adware:adware/dyfuca Not disinfected Windows Registry
Adware:adware/savenow Not disinfected Windows Registry
Adware:adware/ist.yoursitebar Not disinfected Windows Registry
Adware:adware/powerstrip Not disinfected Windows Registry
Dialer:dialer.dk Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units\{91433D86-9F27-402C-B5E3-DEBDD122C339}
Adware:adware/ist.istbar Not disinfected Windows Registry
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Jon_W\Cookies\jon_w@adultfriendfinder[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Jon_W\Cookies\jon_w@xiti[1].txt
Virus:Generic Trojan Not disinfected C:\Documents and Settings\Jon_W\Desktop\setup.exe[²ÜÇ\xxl.dll]
Adware:Adware/SecurityError Not disinfected C:\Program Files\setup.exe[²ÜÇ\xxl.dll]
Dialer:Dialer.FYG Not disinfected C:\WINDOWS\Downloaded Program Files\qames.inf
Dialer:Dialer.ABR Not disinfected C:\WINDOWS\Downloaded Program Files\startbf2.inf




Deckard's System Scanner v20070905.67
Run by Jon_W on 2007-10-02 22:32:38
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Jon_W.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:32:46 p.m., on 2/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\D-Link\DSL-200\dslagent.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Multimedia Combo Set\MouseDrv.exe
C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
C:\Program Files\PKR\pkrpal.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jon_W\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Jon_W.exe

R3 - URLSearchHook: (no name) - _{D94AAA2A-C415-42E3-82B6-49FAB4EBFFE9} - (no file)
F3 - REG:win.ini: run=C:\WINDOWS\scvhost.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\system32\IETie.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O2 - BHO: CPub Object - {CA70AF0D-0D07-4b80-9ECE-B0F1BEFC5822} - C:\Program Files\Byteswarm\DLInterceptor.dll (file missing)
O2 - BHO: IEHlprObj Class - {CD4C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Go!Zilla\GoIEHlp.dll (file missing)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\D-Link\DSL-200\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\D-Link\DSL-200\dslagent.exe
O4 - HKLM\..\Run: [msconfig] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [Update Checker] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [WireLessMouse ] C:\Program Files\Multimedia Combo Set\MouseDrv.exe
O4 - HKLM\..\Run: [WireLessKeyboard ] C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [PKR Pal] "C:\Program Files\PKR\pkrpal.exe" -osboot
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [msconfig] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [Update Checker] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [] C:\WINDOWS\scvhost.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\Jon_W\Application Data\Mozilla\Firefox\Profiles\uknct2rc.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Jon_W\Application Data\Mozilla\Firefox\Profiles/uknct2rc.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
O4 - HKCU\..\RunOnce: [SWHelper] "C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" 1011016
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Registration Lock On
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Download with Go!Zilla - file://C:\Program Files\Go!Zilla\download-with-gozilla.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: GhostSurf Privacy Center - {578FC4E3-151E-456c-AF8E-B63061EFE228} - C:\Program Files\GhostSurf\LaunchPCC.exe (file missing)
O9 - Extra 'Tools' menuitem: GhostSurf Privacy Center - {578FC4E3-151E-456c-AF8E-B63061EFE228} - C:\Program Files\GhostSurf\LaunchPCC.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\Poker.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://www.gamescampus.com/xiah/luncher/GamesCampus.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0A79AAEF-0913-4E57-9429-59EA4377D8E9} (LaunchGame.launchGameCtrl) - http://shot.ongamenet.com.au/LaunchGame_20050802.CAB
O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} (Progetto1.int_ver32) - http://advnt01.com/dialer/int_ver32b.CAB
O16 - DPF: {127CE7BA-AD89-4108-A913-C52EFC037C36} -
O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) - http://www.hp.com/cpso-support-new/S...dObjSigned.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.35mb.com/applet/applet_l.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/pa.../GSManager.cab
O16 - DPF: {2776DDE9-D4B2-4BF7-9F98-ADC1A1B80AF5} -
O16 - DPF: {33331111-1111-1111-1111-611111193423} -
O16 - DPF: {33331111-1111-1111-1111-611111193429} -
O16 - DPF: {33331111-1111-1111-1111-615111193427} -
O16 - DPF: {33331111-1131-1111-1111-611111193428} -
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://www.ysbweb.com/ist/softwares/...b_pictures.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/soft...ch/alaunch.cab
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemp...ogin-devel.cab
O16 - DPF: {861FDA2A-2B57-4BDA-8B8B-305C9D5D8604} (_Multimedia Player) - http://stream.pussyharem.com/stream/mmp.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://l00kl23.com/default.cab?uid=6...x&ppd=4&tag=45
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://212.150.183.238/activex/AxisCamControl.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} (Progetto1.int_ver34) - http://advnt01.com/dialer/int_ver34.CAB
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/si...nerInstall.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {D3A7982E-915D-4589-8ECE-249F70D0C941} (Launch Control) - http://aaotracker.4players.de/LaunchGame.cab
O16 - DPF: {D94AAA2A-C415-42E3-82B6-49FAB4EBFFE9} (SearchHook Class) - http://www.halflemon.com/Halflemon.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/c...ploader_v6.cab
O16 - DPF: {FDF6378C-7B5D-4ABF-BA1F-92748305FFAC} (DownloadManagerInstall Control) - http://beta.byteswarm.com/agent/1.3.0.1/DMInstall.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F2B011FC-52BC-4B06-A2C6-284118F8F318}: NameServer = 210.48.65.2 210.48.66.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{F8F125C6-8B6C-4CDF-88B4-6FD4DA61A6E4}: NameServer = 203.0.178.191
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: farrandly - {8aa7a4d2-73c7-4fca-bef7-7923e38a3b1c} - C:\WINDOWS\system32\tczij.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 13505 bytes

-- Files created between 2007-09-02 and 2007-10-02 -----------------------------

2007-10-02 21:51:21 0 d-------- C:\WINDOWS\LastGood
2007-09-30 22:34:29 0 d-------- C:\Program Files\Trend Micro
2007-09-30 22:10:59 0 d-------- C:\Program Files\SpywareBlaster
2007-09-30 06:38:03 0 d-------- C:\Program Files\Common Files\xing shared
2007-09-30 00:58:46 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-09-12 09:22:19 0 d-------- C:\Program Files\Mobiola Web Camera for S60 3Ed
2007-09-09 05:04:55 17301504 --a------ C:\Documents and Settings\Jon_W\ntuser.dat
2007-09-03 10:26:52 0 d-------- C:\Program Files\jetflash


-- Find3M Report ---------------------------------------------------------------

2007-10-02 21:54:00 0 d-------- C:\Documents and Settings\Jon_W\Application Data\OpenOffice.org2
2007-09-30 18:04:00 0 d-------- C:\Program Files\Softdiv Audio Converter
2007-09-30 18:03:52 0 d-------- C:\Program Files\Shareaza
2007-09-30 18:03:33 0 d-------- C:\Program Files\PowerISO
2007-09-30 18:03:20 0 d-------- C:\Program Files\PKR
2007-09-30 17:55:39 0 d-------- C:\Program Files\Multimedia Combo Set
2007-09-30 17:55:19 0 d-------- C:\Program Files\Microsoft IntelliPoint
2007-09-30 17:55:18 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-09-30 06:38:03 0 d-------- C:\Program Files\Common Files
2007-09-30 06:37:41 0 d-------- C:\Program Files\Common Files\Real
2007-09-30 06:36:53 0 d-------- C:\Documents and Settings\Jon_W\Application Data\Real
2007-09-30 04:31:43 0 d-------- C:\Program Files\WinAce
2007-09-30 04:31:30 0 d-------- C:\Program Files\QuickTime
2007-09-30 00:29:57 0 d-------- C:\Documents and Settings\Jon_W\Application Data\AVG7
2007-09-20 22:45:08 0 d-------- C:\Program Files\Activision Value
2007-09-18 01:14:58 0 d-------- C:\Program Files\TexasCalculatem
2007-09-17 21:21:27 0 d-------- C:\Program Files\Poker.com
2007-09-15 19:32:56 0 d-------- C:\Program Files\Axis & Allies
2007-09-14 19:25:16 8 --a------ C:\WINDOWS\system32\nvModes.dat
2007-09-02 20:53:44 0 d-------- C:\Program Files\ShotOnline International
2007-08-30 16:56:52 0 d-------- C:\Program Files\CDisplay
2007-08-30 01:50:54 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-08-26 11:45:15 0 d-------- C:\Documents and Settings\Jon_W\Application Data\GrabIt
2007-08-21 23:14:14 0 d-------- C:\Program Files\Steam
2007-08-21 15:42:07 0 d-------- C:\Program Files\Winamp
2007-08-19 20:50:29 0 d-------- C:\Program Files\American Systems
2007-08-19 20:44:09 2772480 --a------ C:\Program Files\psdlx.exe
2007-08-18 00:25:14 0 d-------- C:\Documents and Settings\Jon_W\Application Data\Media Player Classic
2007-08-17 21:33:19 0 d-------- C:\Program Files\K-Lite Codec Pack
2007-08-17 21:23:54 0 d-------- C:\Program Files\Morgan
2007-08-17 21:23:45 0 d-------- C:\Program Files\DivX
2007-08-17 21:22:34 13043226 --a------ C:\Program Files\klcodec330f.exe
2007-08-17 16:39:51 0 d-------- C:\Program Files\GameSpy Arcade
2007-08-17 16:38:42 0 d-------- C:\Program Files\GRETECH
2007-08-17 16:28:52 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-08-17 16:14:11 0 d-------- C:\Program Files\Real
2007-08-17 15:54:41 0 d-------- C:\Program Files\Video Server E
2007-08-16 07:57:24 9264 --a------ C:\WINDOWS\system32\msqtvcap.dat
2007-08-16 04:00:30 0 d-------- C:\Program Files\MSXML 4.0
2007-08-13 17:09:14 0 d-------- C:\Documents and Settings\Jon_W\Application Data\Mozilla
2007-08-13 17:08:31 0 d-------- C:\Documents and Settings\Jon_W\Application Data\SecondLife
2007-08-12 02:11:52 0 d-------- C:\Program Files\NZBPlayer
2007-08-11 16:19:26 0 d-------- C:\Program Files\PartyGaming
2007-08-11 15:46:12 0 d-------- C:\Program Files\Cypress USB 2.0 DVR
2007-08-11 15:17:02 0 d-------- C:\Documents and Settings\Jon_W\Application Data\Microsoft Games
2007-08-11 02:10:57 409600 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2007-08-11 02:10:57 114688 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions (C) Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL(TM) Library>
2007-08-10 20:37:22 0 d-------- C:\Documents and Settings\Jon_W\Application Data\Skype
2007-08-10 08:43:26 510 --a------ C:\s3qs
2007-08-09 20:43:25 510 --a------ C:\s270
2007-08-09 01:49:32 0 d-------- C:\Program Files\id Software
2007-08-06 04:25:48 0 d-------- C:\Program Files\VideoLAN
2007-08-06 04:24:20 9453630 --a------ C:\Program Files\vlc-0.8.6a-win32.exe
2007-08-04 04:20:28 0 d-------- C:\Documents and Settings\Jon_W\Application Data\vlc
2007-08-02 01:20:28 0 d-------- C:\Program Files\Java
2007-07-10 19:55:44 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CD4C3CF0-4B15-11D1-ABED-709549C10000}]
C:\Program Files\Go!Zilla\GoIEHlp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [14/09/2007 10:03 a.m.]
"AVG7_EMC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" [17/08/2007 10:04 a.m.]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [28/01/2005 07:40 p.m.]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [06/06/2006 03:06 a.m.]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [24/03/2005 12:26 p.m.]
"DSLSTATEXE"="C:\Program Files\D-Link\DSL-200\dslstat.exe" [21/01/2005 09:04 p.m.]
"DSLAGENTEXE"="C:\Program Files\D-Link\DSL-200\dslagent.exe" [21/01/2005 09:04 p.m.]
"msconfig"="C:\WINDOWS\scvhost.exe" []
"Update Checker"="C:\WINDOWS\scvhost.exe" []
"@"="C:\WINDOWS\scvhost.exe" []
"WMC_AutoUpdate"="" []
"RaidTool"="C:\Program Files\VIA\RAID\raid_tool.exe" [04/01/2006 02:43 p.m.]
"VTTimer"="VTTimer.exe" [08/03/2005 08:33 a.m. C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [01/11/2005 09:15 a.m. C:\WINDOWS\system32\VTTrayp.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [22/10/2006 12:22 p.m.]
"nwiz"="nwiz.exe" [22/10/2006 12:22 p.m. C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [22/10/2006 12:22 p.m. C:\WINDOWS\system32\nvmctray.dll]
"P17Helper"="SPIRun.dll" [03/07/2006 12:43 p.m. C:\WINDOWS\system32\SPIRun.dll]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [28/07/2006 09:56 a.m.]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12/07/2007 05:00 a.m.]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 12:50 p.m.]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [16/07/2005 10:48 a.m.]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 10:25 p.m.]
"WireLessMouse "="C:\Program Files\Multimedia Combo Set\MouseDrv.exe" [27/06/2004 03:54 p.m.]
"WireLessKeyboard "="C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe" [02/08/2005 11:55 p.m.]
"PKR Pal"="C:\Program Files\PKR\pkrpal.exe" [19/09/2007 12:40 a.m.]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [30/09/2007 06:36 a.m.]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [27/10/2005 07:44 p.m.]
"FreeRAM XP"="C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [23/03/2006 12:13 a.m.]
"SetDefaultMIDI"="MIDIDef.exe" [22/04/2005 11:27 a.m. C:\WINDOWS\MIDIDEF.EXE]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [20/06/2006 11:36 p.m.]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"FFTI"=C:\Documents and Settings\Jon_W\Application Data\Mozilla\Firefox\Profiles\uknct2rc.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Jon_W\Application Data\Mozilla\Firefox\Profiles/uknct2rc.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
"SWHelper"="C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" 1011016

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"msconfig"=C:\WINDOWS\scvhost.exe
"Update Checker"=C:\WINDOWS\scvhost.exe
@=C:\WINDOWS\scvhost.exe

C:\Documents and Settings\Jon_W\Start Menu\Programs\Startup\
OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2/02/2007 5:54:56 p.m.]
PowerReg Scheduler.exe [24/01/2006 1:36:36 a.m.]
Registration Lock On [2/07/2007 7:56:07 a.m.]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 11:05:26 p.m.]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)
"DisableRegistryTools"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8aa7a4d2-73c7-4fca-bef7-7923e38a3b1c}"= C:\WINDOWS\system32\tczij.dll [ ]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b877742c-fd0a-11da-9bd0-806d6172696f}]
AutoRun\command- E:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c74496bc-405d-11d9-907b-806d6172696f}]
AutoRun\command- D:\autorun\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9fbf4c5-b3c4-11db-8b1b-806d6172696f}]
AutoRun\command- F:\Autorun.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{FC100000-A322-BF20-D41D-B00000104603}]
C:\WINDOWS\scvhost.exe



-- End of Deckard's System Scanner: finished at 2007-10-02 22:33:16 ------------
jimmyfishcake is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here