Thread: Please see my logs and tell me if there's a problem
View Single Post
Old 12-06-2007, 10:39 PM   #13 (permalink)
Panzer16
Registered User
 
Join Date: Dec 2007
Posts: 33
OS: XP-Service pack two or above


Re: Please see my logs and tell me if there's a problem
Deckard's System Scanner v20071014.68
Run by Administrator on 2007-12-07 10:30:38
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 2 Restore Point(s) --
2: 2007-12-07 05:28:55 UTC - RP2 - Deckard's System Scanner Restore Point
1: 2007-12-06 08:01:22 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive F: has 0.67 GiB (less than 15%) free.


-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 10:31:47 AM, on 12/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\ZONELABS\vsmon.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\AsusTC\AsusProb.exe
C:\Zone Labs\ZoneAlarm\zlclient.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\WINDOWS\system32\ctfmon.exe
F:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
F:\PROGRA~1\Grisoft\AVG7\avgemc.exe
F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
F:\WINDOWS\system32\svchost.exe
G:\Completed torrents\dss.exe
G:\COMPLE~1\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.m-w.com/dictionary
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R3 - Default URLSearchHook is missing
O1 - Hosts: 64.29.209.117 www.answers.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - F:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - F:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll
O4 - HKLM\..\Run: [AVG7_CC] F:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ASUS Probe] f:\AsusTC\AsusProb.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "F:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [BoostSpeed] "F:\Program Files\AusLogics BoostSpeed\boostspeed.exe" /Q
O8 - Extra context menu item: &Clean Traces - F:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - F:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &ieSpell Options - res://F:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...tml?p=ZNfox000
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Check &Spelling - res://F:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Download &all with DAP - F:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Encarta &Definition - http://encarta.msn.com/encnet/featur...Dictionary.htm
O8 - Extra context menu item: Lookup on Merriam Webster - file://F:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://F:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - F:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - F:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - F:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/amun/def...jolauncher.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CDAF7451-D11C-4C08-8687-13241601EFB1}: NameServer = 202.70.150.10,202.70.150.11
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\WINDOW~3\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\WINDOW~3\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - F:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: igfxcui - F:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - F:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - F:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - F:\WINDOWS\system32\ZONELABS\vsmon.exe


-- HijackThis Fixed Entries (G:\COMPLE~1\backups\) -----------------------------

backup-20071207-102735-493 O2 - BHO: SmartShopper - {2BA1C226-EC1B-4471-A65F-D0688AC6EE3A} - (no file)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - f:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - f:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sisidex - f:\windows\system32\drivers\sisidex.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R0 sisperf (Add Performance Filter Driver) - f:\windows\system32\drivers\sisperf.sys <Not Verified; Silicon Integrated Systems Corp.; SiS Filer Driver>
R0 xmasbus - f:\windows\system32\drivers\xmasbus.sys
R0 xmasscsi - f:\windows\system32\drivers\xmasscsi.sys
R1 aslm75 - f:\windows\system32\drivers\aslm75.sys
R3 DCamUSBNW800 (LF-CAM100K) - f:\windows\system32\drivers\pcam800.sys <Not Verified; Divio Inc.; NW800 USB PC Camera>
R3 mcdbus (Driver for MagicISO SCSI Host Controller) - f:\windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>

S0 kl1 - f:\windows\system32\drivers\kl1.sys (file missing)
S2 P0250BUK (Creative PC-CAM 550 (Still)) - f:\windows\system32\drivers\p0250buk.sys (file missing)
S3 ALCXWDM (Service for Realtek AC97 Audio (WDM)) - f:\windows\system32\drivers\alcxwdm.sys (file missing)
S3 P0250VID (Creative PC-CAM 550 (Video)) - f:\windows\system32\drivers\p0250v2k.sys (file missing)
S3 rtl8139 (Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver) - f:\windows\system32\drivers\rtl8139.sys (file missing)
S3 Ser2pl (Prolific2 Serial port driver) - f:\windows\system32\drivers\ser2pl.sys <Not Verified; Prolific Technology Inc.; Prolific USB-to-Serial Bridge Cable>
S3 TSP - f:\windows\system32\drivers\klif.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 StarWindServiceAE (StarWind AE Service) - f:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe <Not Verified; Rocket Division Software; StarWind Alcohol Edition>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-12-02 20:07:02 280 --a------ F:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job
2007-11-22 18:19:56 354 --a------ F:\WINDOWS\Tasks\Uniblue SpyEraser.job


-- Files created between 2007-11-07 and 2007-12-07 -----------------------------

2007-12-07 07:20:21 0 d-------- F:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-07 07:20:20 0 d-------- F:\WINDOWS\system32\Kaspersky Lab
2007-12-07 06:41:01 0 d-------- F:\WINDOWS\LastGood
2007-12-06 08:51:21 0 d-------- F:\Program Files\free-downloads.net
2007-12-06 08:51:12 0 d-------- F:\Program Files\Alcohol Soft
2007-12-06 08:41:10 0 d-------- F:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-12-05 20:05:08 0 d-------- F:\Program Files\PC Wizard 2008
2007-12-05 18:10:47 0 d-------- F:\WINDOWS\nview
2007-12-04 09:35:26 0 d-------- F:\Program Files\Common Files\NSV
2007-11-27 22:15:01 0 d-------- F:\Program Files\Microsoft SQL Server Compact Edition
2007-11-27 21:40:19 0 d--hs---- F:\Program Files\Common Files\WindowsLiveInstaller
2007-11-27 21:40:13 0 d-------- F:\Program Files\Windows Live
2007-11-27 21:40:08 0 d-------- F:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-22 18:14:10 0 d-------- F:\Documents and Settings\All Users\Application Data\Uniblue
2007-11-22 09:07:56 0 dr-h----- F:\$VAULT$.AVG
2007-11-21 23:22:11 0 d-------- F:\Program Files\Common Files\xing shared
2007-11-19 23:48:16 0 d-------- F:\Program Files\Babylon
2007-11-19 20:22:28 0 d-------- F:\WINDOWS\system32\ZoneLabs
2007-11-19 19:37:06 0 d-------- F:\Program Files\mIRC
2007-11-19 13:41:36 0 d-------- F:\kav


-- Find3M Report ---------------------------------------------------------------

2007-12-07 06:32:08 4212 ---h----- F:\WINDOWS\system32\zllictbl.dat
2007-12-01 15:04:00 1744 --a------ F:\WINDOWS\system32\d3d9caps.dat
2007-11-21 23:02:08 1632 --a------ F:\WINDOWS\system32\d3d8caps.dat
2007-10-28 19:00:32 0 d-------- F:\Program Files\MSXML 6.0
2007-10-23 1708 585728 --a------ F:\WINDOWS\WLXPGSS.SCR <Not Verified; Microsoft Corporation; Windows Live Photo Gallery>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{965B54B0-71E0-4611-8DE7-F73FA0B20E26}"= F:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll [11/01/2007 03:09 PM 265952]

[-HKEY_CLASSES_ROOT\CLSID\{965B54B0-71E0-4611-8DE7-F73FA0B20E26}]
[HKEY_CLASSES_ROOT\BabylonTBLib.BabylonTB.1]
[HKEY_CLASSES_ROOT\TypeLib\{162484B8-B114-453f-A344-C0B24B0F1D99}]
[HKEY_CLASSES_ROOT\BabylonTBLib.BabylonTB]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="F:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [10/28/2007 12:50 PM]
"ASUS Probe"="f:\AsusTC\AsusProb.exe" [12/06/2002 04:07 PM]
"ZoneAlarm Client"="C:\Zone Labs\ZoneAlarm\zlclient.exe" [11/14/2007 04:05 PM]
"TkBellExe"="F:\Program Files\Common Files\Real\Update_OB\realsched.exe" [11/21/2007 11:21 PM]
"NvCplDaemon"="F:\WINDOWS\system32\NvCpl.dll" [07/28/2003 02:19 PM]
"nwiz"="nwiz.exe" [07/28/2003 02:19 PM F:\WINDOWS\system32\nwiz.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="F:\WINDOWS\system32\ctfmon.exe" [08/03/2004 10:56 PM]
"AlcoholAutomount"="F:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [07/02/2007 03:27 PM]
"NvMediaCenter"="F:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit" []
"BoostSpeed"="F:\Program Files\AusLogics BoostSpeed\boostspeed.exe" [03/30/2007 02:22 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoVisualStyleChoice"=0 (0x0)
"NoColorChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRemoteRecursiveEvents"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=1 (0x1)
"NoSaveSettings"=0 (0x0)
"NoSMConfigurePrograms"=1 (0x1)
"NoRecentDocsMenu"=1 (0x1)
"NoLowDiskSpaceChecks"=1 (0x1)
"NoChangeKeyboardNavigationIndicators"=0 (0x0)
"NoSharedDocuments"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=sockspy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipBuster]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"SPTISRV"=3 (0x3)
"PDEngine"=3 (0x3)
"PDAgent"=2 (0x2)
"PACSPTISVR"=3 (0x3)
"usnjsvc"=3 (0x3)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc6ddb5c-d2fb-11db-ae72-0015f2c24858}]

*Newly Created Service* - NVSVC



-- Hosts -----------------------------------------------------------------------

64.29.209.117 www.answers.com


-- End of Deckard's System Scanner: finished at 2007-12-07 10:33:03 ------------
Panzer16 is offline