Thread: Trojan Suspicion
View Single Post
Old 10-03-2007, 08:34 AM   #1 (permalink)
theone320
Registered User
 
Join Date: Oct 2007
Posts: 4
OS: Windows XP SP2


Trojan Suspicion
I think I have a Trojan and Antivir sometimes reports something.
Antivir: TR/Dldr.ConHook.Gen in C:\WINDOWS\system32\geebb.dll

PandaActiveScan:

Incident Status Location

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\qnyi482i.default\cookies.txt.old[.com.com/]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Alex\My Documents\ComboFix.exe[nircmd.exe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Alex\My Documents\ComboFix.exe[nircmd.cfexe]

Deckard's System Scanner v20070905.67
Run by Alex on 2007-10-03 16:28:29
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 5 Restore Point(s) --
6: 2007-10-03 14:22:42 UTC - RP178 - Deckard's System Scanner Restore Point
5: 2007-10-03 12:32:25 UTC - RP177 - Removed Windows Defender
4: 2007-10-03 12:27:50 UTC - RP176 - Windows Defender Checkpoint
3: 2007-10-03 12:23:23 UTC - RP175 - Last known good configuration
2: 2007-10-03 12:23:21 UTC - RP174 - Software Distribution Service 3.0


-- First Restore Point --
1: 2007-10-03 12:23:21 UTC - RP173 - ComboFix created restore point


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Alex.exe) ------------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-10-03 16:32:00
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.20627)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\explorer.exe
C:\Program Files\cFosSpeed\spd.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\cFosSpeed\cfosspeed.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Alex\My Documents\dss.exe
C:\Program Files\Trend Micro\HijackThis\Alex.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.bin

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5283E5B5-161B-4964-8017-3163DA2036DE} - C:\WINDOWS\system32\awtst.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKEY_LOCAL_MACHINE\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKEY_LOCAL_MACHINE\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKEY_LOCAL_MACHINE\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKEY_LOCAL_MACHINE\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKEY_LOCAL_MACHINE\..\Run: [nwiz] nwiz.exe /install
O4 - HKEY_LOCAL_MACHINE\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html (file missing)
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html (file missing)
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html (file missing)
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html (file missing)
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html (file missing)
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: (no name) - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} () - http://a516.g.akamai.net/f/516/25175...at-no-eula.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} () - http://www.fileplanet.com/fpdlmgr/ca..._2.3.2.100.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab Class) - http://www.nvidia.com/content/Driver...sysreqlab2.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/Driver...aSmartScan.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get.../ultrashim.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{2D585446-0F65-49CE-8C07-9C3A976CCDCA}: NameServer = 192.168.178.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1288.0816.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1288.0816.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: gebyvvu - C:\WINDOWS\system32\gebyvvu.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\system32\WgaLogon.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - "C:\Program Files\AntiVir PersonalEdition Classic\sched.exe"
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - "C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe"
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe /StartService
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TVersityMediaServer - Unknown owner - "C:\Program Files\TVersity\Media Server\MediaServer.exe"


-- File Associations -----------------------------------------------------------

.ini - Notepad++_file - DefaultIcon - unable to read value
.ini - Notepad++_file - shell\open\command - "C:\Program Files\Notepad++\notepad++.exe" "%1"
.txt - Notepad++_file - DefaultIcon - unable to read value
.txt - Notepad++_file - shell\open\command - "C:\Program Files\Notepad++\notepad++.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 SSHDRV61 - c:\windows\system32\drivers\sshdrv61.sys
R2 atksgt - c:\windows\system32\drivers\atksgt.sys
R2 lirsgt - c:\windows\system32\drivers\lirsgt.sys
R3 NVR0Dev - c:\windows\nvoclock.sys <Not Verified; NVidia Corp.; NVidia System Utility Driver>

S3 ADIDTSFiltService (ADI DTS Filter Service) - c:\windows\system32\drivers\adidts.sys (file missing)
S3 catchme - c:\docume~1\alex\locals~1\temp\catchme.sys (file missing)
S3 cmigameport - c:\windows\system32\drivers\cmigameport.sys
S3 cmpci (TerraTec Aureon 5.1 (WDM)) - c:\windows\system32\drivers\cmaudio.sys <Not Verified; C-Media Inc; C-Media Audio Driver (WDM)>
S3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys (file missing)
S3 SANDRA - c:\program files\sisoftware\sisoftware sandra lite xii\sandra.sys (file missing)
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
S3 Xponaut_WBD (Xponaut WaveBridge Device (WDM)) - c:\windows\system32\drivers\xpntwbd.sys <Not Verified; Xponaut; Xponaut WaveBridge>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AntiVirScheduler (AntiVir PersonalEdition Classic Planer) - "c:\program files\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; Scheduler>
R2 ForceWare Intelligent Application Manager (IAM) - c:\program files\nvidia corporation\networkaccessmanager\bin\nsvcappflt.exe <Not Verified; ; app_filter Module>
R2 nTuneService (nTune Service) - c:\program files\nvidia corporation\ntune\ntuneservice.exe /startservice <Not Verified; NVIDIA; NVIDIA nTune>
R2 TVersityMediaServer - "c:\program files\tversity\media server\mediaserver.exe"

S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Parport
Device ID: ROOT\LEGACY_PARPORT\0000
Manufacturer:
Name: Parport
PNP Device ID: ROOT\LEGACY_PARPORT\0000
Service: Parport

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Serial
Device ID: ROOT\LEGACY_SERIAL\0000
Manufacturer:
Name: Serial
PNP Device ID: ROOT\LEGACY_SERIAL\0000
Service: Serial


-- Files created between 2007-09-03 and 2007-10-03 -----------------------------

2007-10-03 16:24:15 0 d-------- C:\Program Files\Trend Micro
2007-10-03 16:19:07 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2007-10-03 16:19:06 0 d-------- C:\Program Files\SpywareBlaster
2007-10-03 15:33:19 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-10-03 15:33:19 0 d-------- C:\WINDOWS\LastGood
2007-10-03 15:18:37 0 d-------- C:\Program Files\hjt
2007-10-03 14:23:33 6473 ---hs---- C:\WINDOWS\system32\tstwa.bak1
2007-10-03 14:23:09 320608 --a------ C:\WINDOWS\system32\awtst.dll
2007-10-03 13:29:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-03 11:57:15 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-10-03 11:53:57 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2007-10-03 11:53:57 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-10-03 11:53:57 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-10-03 11:53:57 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-10-03 11:53:57 1478656 --a------ C:\WINDOWS\system32\nview.dll
2007-10-03 11:53:57 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-10-03 11:53:57 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-10-03 11:53:57 425984 --a------ C:\WINDOWS\system32\keystone.exe
2007-10-03 11:53:57 0 d-------- C:\WINDOWS\nview
2007-10-03 11:53:12 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2007-10-03 11:53:07 0 d-------- C:\nVidia Forceware
2007-10-03 11:50:34 0 dr-h----- C:\Documents and Settings\Alex\Recent
2007-10-03 00:35:39 20 --a------ C:\WINDOWS\system32\PDBootState
2007-10-02 2130 35328 --a------ C:\WINDOWS\system32\gebyvvu.dll
2007-10-02 16:36:34 0 d-------- C:\Documents and Settings\Alex\Application Data\Logitech
2007-10-02 16:36:14 69632 --a------ C:\WINDOWS\system32\KemXML.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2007-10-02 16:36:14 110592 --a------ C:\WINDOWS\system32\KemWnd.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2007-10-02 16:36:14 135168 --a------ C:\WINDOWS\system32\KemUtil.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2007-10-02 16:36:14 163840 --a------ C:\WINDOWS\system32\kemutb.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2007-10-02 16:36:12 0 d-------- C:\Program Files\Logitech
2007-10-02 16:36:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2007-10-02 16:36:11 0 d-------- C:\Program Files\Common Files\Logitech
2007-10-02 16:32:47 23600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
2007-09-30 00:03:36 0 d-------- C:\Documents and Settings\Alex\Application Data\SystemRequirementsLab
2007-09-25 16:25:54 0 d-------- C:\Program Files\OpenOffice.org 2.3
2007-09-24 20:25:32 0 d-------- C:\Program Files\Red Kawa
2007-09-16 13:01:46 0 d-------- C:\Program Files\Stranglehold Demo
2007-09-13 21:56:24 0 d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2007-09-13 18:57:03 0 d-------- C:\Program Files\Winamp
2007-09-13 15:14:01 0 d-------- C:\Program Files\Foxit Software
2007-09-10 19:13:13 0 d-------- C:\Documents and Settings\Alex\Application Data\Transclick
2007-09-10 19:13:11 0 d-------- C:\Program Files\Transclick
2007-09-10 18:32:12 466944 -----n--- C:\WINDOWS\Setup1.exe <Not Verified; Nemesysco (Entertainment) Ltd; Visual Basic>
2007-09-10 18:32:11 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2007-09-08 09:58:42 0 d-------- C:\Program Files\Raxco
2007-09-08 09:58:42 0 d-------- C:\Program Files\Common Files\Raxco
2007-09-08 09:58:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Raxco
2007-09-04 17:03:15 0 d-------- C:\Documents and Settings\Alex\Application Data\Bioshock
2007-09-04 17:01:20 0 d-------- C:\WINDOWS\SxsCaPendDel
2007-09-04 16:50:48 0 d-------- C:\Program Files\2K Games
2007-09-04 16:50:37 0 d-------- C:\Documents and Settings\Alex\Application Data\InstallShield


-- Find3M Report ---------------------------------------------------------------

2007-10-03 16:29:24 0 d-------- C:\Documents and Settings\Alex\Application Data\OpenOffice.org2
2007-10-03 16:25:27 0 d-------- C:\Program Files\cFosSpeed
2007-10-03 16:00:00 0 d-------- C:\Program Files\Zune
2007-10-03 15:56:47 0 d-------- C:\Program Files\mIRC
2007-10-03 15:55:37 0 d-------- C:\Program Files\DAEMON Tools Pro
2007-10-03 14:01:25 0 d-------- C:\Program Files\CDisplayEx
2007-10-03 13:30:46 0 d-------- C:\Documents and Settings\Alex\Application Data\uTorrent
2007-10-03 13:29:17 0 d-------- C:\Documents and Settings\Alex\Application Data\Skype
2007-10-03 13:22:36 0 d-------- C:\Program Files\Steam
2007-10-03 13:19:11 0 d-------- C:\Program Files\DriverCleanerDotNET
2007-10-03 00:26:49 0 d-------- C:\Program Files\Common Files\Adobe
2007-10-03 00:23:00 0 d-------- C:\Program Files\Common Files
2007-10-03 00:18:09 0 d-------- C:\Documents and Settings\Alex\Application Data\Adobe
2007-10-03 00:14:30 0 d-------- C:\Program Files\IGN
2007-10-03 00:14:30 0 d-------- C:\Documents and Settings\Alex\Application Data\IGN_DLM
2007-10-02 16:36:12 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-10-02 16:32:45 2232 --a------ C:\WINDOWS\mozver.dat
2007-10-02 16:31:23 0 d-------- C:\Program Files\Microsoft Xbox 360 Accessories
2007-09-30 00:14:17 0 d-------- C:\Documents and Settings\Alex\Application Data\Hamachi
2007-09-27 15:20:26 0 d-------- C:\Program Files\QuickTime Alternative
2007-09-25 16:47:44 0 d-------- C:\Documents and Settings\Alex\Application Data\Ahead
2007-09-25 16:25:43 0 d-------- C:\Program Files\OpenOffice.org 2.2
2007-09-23 18:27:59 0 d-------- C:\Program Files\Silkroad
2007-09-23 18:24:57 0 d-------- C:\Program Files\PokerStars
2007-09-06 17:22:16 0 d-------- C:\Documents and Settings\Alex\Application Data\Macromedia
2007-09-03 16:30:43 0 d-------- C:\Program Files\Hamachi
2007-09-01 19:50:58 0 d-------- C:\Program Files\THQ
2007-09-01 15:37:01 0 d-------- C:\Program Files\Sternenschiff
2007-09-01 15:16:31 0 d-------- C:\Documents and Settings\Alex\Application Data\ICAClient
2007-09-01 15:09:06 0 d-------- C:\Program Files\Microsoft Silverlight
2007-08-30 20:23:00 0 d-------- C:\Program Files\UBISOFT
2007-08-30 20:21:15 0 d-------- C:\Documents and Settings\Alex\Application Data\RapidCRC
2007-08-30 19:35:05 0 d-------- C:\Program Files\RapidCRC
2007-08-29 15:59:54 0 d-------- C:\Program Files\Analog Devices
2007-08-28 16:19:07 0 d-------- C:\Program Files\PeerGuardian2
2007-08-26 18:47:00 0 dr-h----- C:\Documents and Settings\Alex\Application Data\SecuROM
2007-08-23 18:27:55 0 d-------- C:\Documents and Settings\Alex\Application Data\Talkback
2007-08-23 17:11:23 51600 --a------ C:\WINDOWS\system32\RadLightMPCUninstall.exe <Not Verified; RadLight, LLC.; RadLight MPC DirectShow Filter>
2007-08-20 15:48:23 0 d-------- C:\Program Files\SiSoftware
2007-08-20 11:14:57 0 d-------- C:\Program Files\Electronic Arts
2007-08-18 22:04:31 0 d-------- C:\Program Files\GameWiz32
2007-08-16 11:55:38 0 d-------- C:\Program Files\Encode360
2007-08-16 11:55:08 0 d-------- C:\Program Files\Windows Media-Komponenten
2007-08-15 11:32:38 0 d-------- C:\Program Files\MSXML 6.0
2007-08-15 11:31:57 0 d-------- C:\Program Files\MSXML 4.0
2007-08-12 16:47:00 0 d-------- C:\Documents and Settings\Alex\Application Data\teamspeak2
2007-08-12 16:46:59 0 d-------- C:\Program Files\Teamspeak2_RC2
2007-08-12 03:28:13 0 d-------- C:\Program Files\YAMIKUMO
2007-08-07 07:37:56 0 d-------- C:\Program Files\Peach Princess
2007-08-05 18:53:50 0 d-------- C:\Program Files\SystemRequirementsLab
2007-08-03 13:35:13 0 --a------ C:\WINDOWS\nsreg.dat
2007-08-03 13:35:11 0 d-------- C:\Documents and Settings\Alex\Application Data\Mozilla
2007-07-10 11:23:08 0 -rahs---- C:\MSDOS.SYS
2007-07-10 11:23:08 0 -rahs---- C:\IO.SYS
2007-07-10 11:23:08 0 --a------ C:\CONFIG.SYS
2007-07-10 11:23:08 0 --a------ C:\AUTOEXEC.BAT
2007-07-10 11:21:16 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-07-09 12:54:35 62 --ahs---- C:\Documents and Settings\Alex\Application Data\desktop.ini
2007-07-09 12:54:02 140288 --a------ C:\WINDOWS\system32\sfc_os.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-03 12:33:04 6912 --a------ C:\WINDOWS\nvoclock.sys <Not Verified; NVidia Corp.; NVidia System Utility Driver>
2007-07-03 12:32:58 397312 --a------ C:\WINDOWS\ntuneoem.dll <Not Verified; NVIDIA; NVIDIA nTune>
2007-07-03 12:32:06 1622016 --a------ C:\WINDOWS\NVBenchMarks.dll <Not Verified; NVIDIA; NVIDIA nTune>
2007-07-03 12:31:48 28672 --a------ C:\WINDOWS\AutoTuneScript.dll <Not Verified; NVIDIA; NVIDIA nTune>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5283E5B5-161B-4964-8017-3163DA2036DE}]
10/03/2007 14:23 320608 --a------ C:\WINDOWS\system32\awtst.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [09/21/2006 15:40]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [09/09/2007 10:44]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [04/11/2007 15:32 C:\WINDOWS\KHALMNPR.Exe]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [04/03/2007 20:55]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [03/16/2007 08:06]
"cFosSpeed"="C:\Program Files\cFosSpeed\cFosSpeed.exe" [08/22/2007 16:12]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [09/17/2007 01:07]
"nwiz"="nwiz.exe" [09/17/2007 01:07 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [09/17/2007 01:07]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [07/03/2007 12:32]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [09/06/2007 15:08]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"ShowDeskFix"=regsvr32 /s /n /i:u shell32

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [10/2/2007 16:36:14]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{8CEFE835-8EBF-420F-AFA2-807008E32917}"= C:\WINDOWS\system32\gebyvvu.dll [10/02/2007 21:06 35328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebyvvu]
gebyvvu.dll 10/02/2007 21:06 35328 C:\WINDOWS\system32\gebyvvu.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\\WINDOWS\\system32\\awtst

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{43995a54-6233-11dc-9ed3-044b80808003}]
AutoRun\command- I:\Launch.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f4016ca-56f7-11dc-9eb9-044b80808003}]
AutoRun\command- I:\Launch.exe




-- Hosts -----------------------------------------------------------------------

127.0.0.1 hityou.com
127.0.0.1 www.hityou.com
127.0.0.1 180searchassistant.com
127.0.0.1 www.180searchassistant.com
127.0.0.1 180solutions.com
127.0.0.1 www.180solutions.com
127.0.0.1 bis.180solutions.com
127.0.0.1 config.180solutions.com
127.0.0.1 cts.180solutions.com
127.0.0.1 downloads.180solutions.com

6621 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2007-10-03 16:32:23 ------------
Attached Files
File Type: txt extra.txt (16.9 KB, 0 views)
theone320 is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here