Thread: Check Up - machine 2
View Single Post
Old 06-12-2008, 06:37 PM   #1 (permalink)
define
Registered User
 
Join Date: May 2007
Posts: 25
OS: XP


Check Up - machine 2
Hi everyone, I just want to do a check up. When I do online scans it usually always finds cookies, I use CCleaner also. I also use Avira AntiVir and it has detected a couple Trojans in the past. The bad thing is I don't have the names of the Trojans because I have uninstalled and reinstalled the program. So thats it. I am also doing this on another pc so I'm going to do another thread.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:25:36 PM, on 6/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1209788689030
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1209791598796
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 4602 bytes

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-06-12 19:19:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
90: 2008-06-13 00:19:12 UTC - RP90 - Deckard's System Scanner Restore Point
89: 2008-06-11 22:35:04 UTC - RP89 - System Checkpoint
88: 2008-06-10 22:11:38 UTC - RP88 - Software Distribution Service 3.0
87: 2008-06-10 02:51:40 UTC - RP87 - System Checkpoint
86: 2008-06-09 02:51:14 UTC - RP86 - System Checkpoint


-- First Restore Point --
1: 2008-05-03 03:14:40 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-12 19:20:32
Platform: Windows XP Service Pack 3 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1209788689030
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1209791598796
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get.../ultrashim.cab
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


--
End of file - 5004 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 cmudaxu (C-Media USB Sound Interface) - c:\windows\system32\drivers\cmudaxu.sys <Not Verified; C-Media Inc; C-Media USB Audio Driver (WDM)>

S3 CM1083264 (C-Media CM108 Like Sound UDAX Interface) - c:\windows\system32\drivers\cm108.sys (file missing)
S3 usbsermpt (Motorola USB Modem Driver for MPT) - c:\windows\system32\drivers\usbsermpt.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
S3 XDva134 - c:\windows\system32\xdva134.sys (file missing)
S3 XDva158 - c:\windows\system32\xdva158.sys (file missing)
S3 XDva164 - c:\windows\system32\xdva164.sys (file missing)
S3 XDva167 - c:\windows\system32\xdva167.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AntiVirScheduler (Avira AntiVir Personal – Free Antivirus Scheduler) - "c:\program files\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; AntiVir Workstation>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-05-12 and 2008-06-12 -----------------------------

2008-06-12 19:17:07 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-12 19:17:04 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2008-06-12 19:17:04 0 d-------- C:\Program Files\SpywareBlaster
2008-06-12 17:33:42 0 d-------- C:\WINDOWS\LastGood
2008-06-12 17:33:28 0 d-------- C:\Program Files\Panda Security
2008-06-12 14:58:07 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-06-01 01:14:28 0 d-------- C:\Program Files\Avira
2008-05-30 20:12:54 0 d-------- C:\Program Files\Audacity
2008-05-27 21:38:59 0 d-------- C:\Documents and Settings\Administrator\Application Data\mIRC
2008-05-27 21:38:58 0 d-------- C:\Program Files\mIRC
2008-05-27 16:18:56 0 d-------- C:\Program Files\Sony
2008-05-27 16:15:48 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sony Setup
2008-05-27 16:15:43 0 d-------- C:\Program Files\Sony Setup
2008-05-27 16:03:23 0 d-------- C:\Program Files\Common Files\Sony Ericsson Shared
2008-05-27 16:03:22 0 d-------- C:\Program Files\Common Files\Teleca Shared
2008-05-27 16:03:21 0 d-------- C:\Program Files\Sony Ericsson
2008-05-27 15:59:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Teleca
2008-05-27 15:59:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-05-27 15:33:07 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sony Ericsson
2008-05-27 15:33:05 0 d-------- C:\Documents and Settings\Administrator\Application Data\Teleca
2008-05-27 15:32:08 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-05-27 15:24:10 0 d-------- C:\WINDOWS\Downloaded Installations
2008-05-26 13:11:25 0 d-------- C:\Documents and Settings\Administrator\.housecall6.6
2008-05-22 16:04:53 0 d-------- C:\Program Files\4Media
2008-05-20 14:37:39 0 d-------- C:\Program Files\Lavasoft
2008-05-20 14:37:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-20 14:34:18 0 d-------- C:\Program Files\Common Files\Scanner
2008-05-20 14:34:18 0 d-------- C:\Program Files\ComcastToolbar
2008-05-20 14:34:18 0 d-------- C:\Documents and Settings\Administrator\Application Data\ComcastToolbar
2008-05-19 22:14:56 729088 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-05-19 21:19:56 0 d-------- C:\WINDOWS\Sun
2008-05-19 21:19:56 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-05-17 23:33:44 698 --a------ C:\WINDOWS\eReg.dat
2008-05-17 23:22:29 0 d-------- C:\Program Files\EA GAMES
2008-05-17 22:29:20 164352 --a------ C:\WINDOWS\system32\unrar.dll
2008-05-17 22:29:18 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2008-05-17 22:29:18 2102272 --a------ C:\WINDOWS\system32\x264vfw.dll
2008-05-17 22:29:18 630784 --a------ C:\WINDOWS\system32\vp7vfw.dll <Not Verified; On2.com; On2_VP70>
2008-05-17 22:29:18 438272 --a------ C:\WINDOWS\system32\vp6vfw.dll <Not Verified; On2.com; On2_VP6>
2008-05-17 22:29:18 144384 --a------ C:\WINDOWS\system32\Iacenc.dll <Not Verified; Intel Corporation; Indeo® audio software>
2008-05-17 22:29:18 39936 --a------ C:\WINDOWS\system32\huffyuv.dll <Not Verified; Disappearing Inc.; Huffyuv>
2008-05-17 22:29:17 159839 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-05-17 22:29:17 755027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-05-17 22:29:17 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-17 22:29:17 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-17 22:29:17 682496 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-17 22:29:16 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-05-17 22:29:15 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-05-16 17:20:52 0 d-------- C:\WINDOWS\system32\appmgmt
2008-05-15 19:00:40 4682 --a------ C:\WINDOWS\system32\npptNT2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
2008-05-12 18:11:48 0 d-------- C:\WINDOWS\Prefetch
2008-05-12 1859 0 d-------- C:\WINDOWS\system32\scripting
2008-05-12 1858 0 d-------- C:\WINDOWS\l2schemas
2008-05-12 1857 0 d-------- C:\WINDOWS\system32\en


-- Find3M Report ---------------------------------------------------------------

2008-06-12 19:20:45 0 d-------- C:\Program Files\Trend Micro
2008-06-12 14:39:39 0 d-------- C:\Program Files\Steam
2008-06-10 2000 0 d-------- C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-06-08 18:13:47 0 d-------- C:\Documents and Settings\Administrator\Application Data\LimeWire
2008-05-30 20:11:25 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-27 16:03:23 0 d-------- C:\Program Files\Common Files
2008-05-27 15:24:09 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-25 12:51:51 0 d-------- C:\Program Files\Octoshape Streaming Services
2008-05-20 14:37:16 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-12 18:07:19 0 d-------- C:\Program Files\Messenger
2008-05-12 1857 0 d-------- C:\Program Files\Movie Maker
2008-05-12 18:04:20 0 d-------- C:\Program Files\Windows NT
2008-05-10 14:00:08 0 d-------- C:\Documents and Settings\Administrator\Application Data\Ahead
2008-05-10 13:56:22 0 d-------- C:\Program Files\Common Files\Ahead
2008-05-10 13:53:55 0 d-------- C:\Program Files\Nero
2008-05-06 18:08:11 0 d-------- C:\Documents and Settings\Administrator\Application Data\Ventrilo
2008-05-04 13:48:00 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-05-04 00:36:26 0 d-------- C:\Program Files\Java
2008-05-04 00:35:51 0 d-------- C:\Program Files\Common Files\Java
2008-05-04 00:35:11 0 d-------- C:\Program Files\LimeWire
2008-05-03 23:28:21 0 d-------- C:\Program Files\uTorrent
2008-05-03 15:51:01 0 d-------- C:\Program Files\OGPlanet
2008-05-03 15:49:11 0 d-------- C:\Program Files\CCleaner
2008-05-03 13:28:08 0 d-------- C:\Program Files\Steel Sound 5H USB
2008-05-03 02:09:37 0 d-------- C:\Program Files\Windows Media Connect 2
2008-05-03 01:47:41 0 d-------- C:\Documents and Settings\Administrator\Application Data\WinRAR
2008-05-03 01:30:41 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-05-03 01:30:41 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-05-03 01:30:34 1160 --a------ C:\WINDOWS\mozver.dat
2008-05-03 01:23:02 200704 --a------ C:\WINDOWS\system32\WinSys.exe <Not Verified; ; DOT Application>
2008-05-03 01:23:02 9728 --a------ C:\WINDOWS\system32\sysinfoX64.sys
2008-05-03 01:23:02 8192 --a------ C:\WINDOWS\system32\sysinfo.sys
2008-05-03 01:23:02 69632 --a------ C:\WINDOWS\system32\sw24.exe
2008-05-03 01:23:02 208896 --a------ C:\WINDOWS\system32\sw20.exe <Not Verified; ; sw20 Application>
2008-05-03 01:23:02 131072 --a------ C:\WINDOWS\system32\smdll.dll <Not Verified; ; SMdll Dynamic Link Library>
2008-05-03 01:23:02 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2008-05-03 01:23:01 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-05-03 01:23:01 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-05-03 01:23:00 1018772 --a------ C:\WINDOWS\system32\nvucode.bin
2008-05-03 01:23:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-05-03 01:23:00 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2008-05-03 01:22:59 1474560 --a------ C:\WINDOWS\system32\nview.dll
2008-05-03 01:22:59 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-05-03 01:22:56 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-05-03 01:22:55 1748992 --a------ C:\WINDOWS\system32\msicpl.dll <Not Verified; MSI; MSI MsiCpl>
2008-05-03 01:22:55 130048 --a------ C:\WINDOWS\system32\MadCHook.dll <Not Verified; www.madshi.net; madCHook>
2008-05-03 01:22:55 425984 --a------ C:\WINDOWS\system32\keystone.exe
2008-05-03 01:22:55 266240 --a------ C:\WINDOWS\system32\HookShield.dll
2008-05-03 01:22:55 262144 --a------ C:\WINDOWS\system32\HookMAp.dll
2008-05-03 01:22:54 32768 --a------ C:\WINDOWS\system32\Auxiliary.dll
2008-05-03 01:18:37 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-03 00:58:37 712704 --a------ C:\WINDOWS\system32\a3d.dll <Not Verified; Sensaura Ltd; Sensaura>
2008-05-03 00:39:31 0 d-------- C:\Program Files\Ventrilo
2008-05-03 00:09:38 0 d-------- C:\Documents and Settings\Administrator\Application Data\acccore
2008-05-03 00:09:19 0 d-------- C:\Program Files\AIM6
2008-05-03 00:09:08 0 d-------- C:\Program Files\Viewpoint
2008-05-03 00:08:50 0 d-------- C:\Program Files\Common Files\AOL
2008-05-02 23:25:53 0 d--h----- C:\Program Files\WindowsUpdate
2008-05-02 22:43:35 0 d-------- C:\Program Files\AMD
2008-05-02 22:14:29 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-05-02 22:11:02 0 d-------- C:\Program Files\microsoft frontpage
2008-05-02 22:10:46 0 -rahs---- C:\MSDOS.SYS
2008-05-02 22:10:46 0 -rahs---- C:\IO.SYS
2008-05-02 22:10:46 0 --a------ C:\CONFIG.SYS
2008-05-02 22:10:46 0 --a------ C:\AUTOEXEC.BAT
2008-05-02 22:08:45 0 d-------- C:\Program Files\Common Files\MSSoap
2008-05-02 22:08:21 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-05-02 22:08:06 0 d-------- C:\Program Files\Online Services
2008-05-02 22:07:49 0 d-------- C:\Program Files\MSN Gaming Zone
2008-05-02 16:58:28 0 d-------- C:\Program Files\Common Files\ODBC
2008-05-02 16:58:26 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-05-02 16:58:00 62 --ahs---- C:\Documents and Settings\Administrator\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/03/2008 01:22 AM]
"nwiz"="nwiz.exe" [05/03/2008 01:23 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [05/03/2008 01:22 AM]
"CmUsbSound"="cmcnfgu.cpl" []
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [02/12/2008 10:06 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [05/02/2008 11:42 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 07:12 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc

*Newly Created Service* - RKPAVPROC



-- End of Deckard's System Scanner: finished at 2008-06-12 19:22:09 ------------

Forgot an attachment.
Attached Files
File Type: txt extra.txt (11.2 KB, 1 views)
File Type: txt ActiveScan.txt (4.7 KB, 2 views)
Last edited by amateur; 06-12-2008 at 08:33 PM. Reason: to retain 0-reply status
define is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here