Tech Support Forum - View Single Post

Duke Dukay · 02-28-2007, 03:23 PM

2006-12-19 22

30 356352 --a------ C:\Windows\system32\nvuninst.exe
2006-12-19 22

30 356352 --a------ C:\Windows\system32\nvudisp.exe
2006-12-19 22

30 90191 --a------ C:\Windows\system32\nvsvc.dll
2006-12-19 22

30 5685248 --a------ C:\Windows\system32\nvoglv32.dll
2006-12-19 22

28 2854912 --a------ C:\Windows\system32\nvmoblsr.dll
2006-12-19 22

26 888832 --a------ C:\Windows\system32\nvmobls.dll
2006-12-19 22

22 81920 --a------ C:\Windows\system32\nvmctray.dll
2006-12-19 22

22 458752 --a------ C:\Windows\system32\nvmccssr.dll
2006-12-19 22

22 188416 --a------ C:\Windows\system32\nvmccss.dll
2006-12-19 22

22 45056 --a------ C:\Windows\system32\nvmccsrs.dll
2006-12-19 22

22 229376 --a------ C:\Windows\system32\nvmccs.dll
2006-12-19 22

20 3207168 --a------ C:\Windows\system32\nvgamesr.dll
2006-12-19 22

20 3063808 --a------ C:\Windows\system32\nvgames.dll
2006-12-19 22

20 307200 --a------ C:\Windows\system32\nvexpbar.dll
2006-12-19 22

14 5230592 --a------ C:\Windows\system32\nvdispsr.dll
2006-12-19 22

14 5619712 --a------ C:\Windows\system32\nvdisps.dll
2006-12-19 22

12 3055616 --a------ C:\Windows\system32\nvd3dum.dll
2006-12-19 22

12 1019904 --a------ C:\Windows\system32\nvcpluir.dll
2006-12-19 22

12 806912 --a------ C:\Windows\system32\nvcplui.exe
2006-12-19 22

06 7766016 --a------ C:\Windows\system32\nvcpl.dll
2006-12-19 22

04 147456 --a------ C:\Windows\system32\nvcolor.exe
2006-12-19 22

04 303104 --a------ C:\Windows\system32\nvapi.dll
2006-12-19 22:05:56 521128 --a------ C:\Windows\system32\dpinst.exe

-- Registry Dump ----------------------------------------------------------------

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Sidebar"="C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun"
"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"
"DellSupport"="\"C:\\Program Files\\DellSupport\\DSAgnt.exe\" /startup"
"ehTray.exe"="C:\\Windows\\ehome\\ehTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Windows Defender"=hex(2):25,50,72,6f,67,72,61,6d,46,69,6c,65,73,25,5c,57,69,\
6e,64,6f,77,73,20,44,65,66,65,6e,64,65,72,5c,4d,53,41,53,43,75,69,2e,65,78,\
65,20,2d,68,69,64,65,00
"NvSvc"="RUNDLL32.EXE C:\\Windows\\system32\\nvsvc.dll,nvsvcStart"
"NvCplDaemon"="RUNDLL32.EXE C:\\Windows\\system32\\NvCpl.dll,NvStartup"
"NvMediaCenter"="RUNDLL32.EXE C:\\Windows\\system32\\NvMcTray.dll,NvTaskbarInit"
"SunJavaUpdateSched"="\"c:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""
"SigmatelSysTrayApp"="sttray.exe"
"IAAnotif"="\"C:\\Program Files\\Intel\\Intel Matrix Storage Manager\\Iaanotif.exe\""
"Corel Photo Downloader"="C:\\Program Files\\Corel\\Corel Snapfire Plus\\PhotoDownloader.exe"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
@=""
"RoxWatchTray"="\"C:\\Program Files\\Common Files\\Roxio Shared\\9.0\\SharedCOM\\RoxWatchTray9.exe\""
"RoxioDragToDisc"="\"C:\\Program Files\\Roxio\\Drag-to-Disc\\DrgToDsc.exe\""
"MskAgentexe"="C:\\Program Files\\McAfee\\MSK\\MskAgent.exe"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"ECenter"="c:\\dell\\E-Center\\EULALauncher.exe"
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=dword:00000002
"ConsentPromptBehaviorUser"=dword:00000001
"EnableInstallerDetection"=dword:00000001
"EnableLUA"=dword:00000001
"EnableSecureUIAPaths"=dword:00000001
"EnableVirtualization"=dword:00000001
"PromptOnSecureDesktop"=dword:00000001
"ValidateAdminCodeSignatures"=dword:00000000
"scforceoption"=dword:00000000
"FilterAdministratorToken"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\UIPI]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\UIPI\Clipboard]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=dword:00000001
"CF_BITMAP"=dword:00000002
"CF_OEMTEXT"=dword:00000007
"CF_DIB"=dword:00000008
"CF_PALETTE"=dword:00000009
"CF_UNICODETEXT"=dword:0000000d
"CF_DIBV5"=dword:00000011

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="credssp.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AppInfo
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\KeyIso
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\MCODS
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\NTDS
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\ProfSvc
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sacsvr
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\SWPRV
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\TabletInputService
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\TBS
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\TrustedInstaller
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\volmgr.sys
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\volmgrx.sys
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ nsi\0lltdsvc\0SSDPSRV\0upnphost\0SCardSvr\0w32time\0EventSystem\0RemoteRegistry\0WinHttpAutoProxySvc\0lanmanworkstation\0TBS\0SLUINotify\0THREADORDER\0fdrespub\0netprofm\0fdphost\0wcncsvc\0QWAVE\0Mcx2Svc\0WebClient\0\0
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv\0UxSms\0WdiSystemHost\0Netman\0trkwks\0AudioEndpointBuilder\0WUDFSvc\0irmon\0sysmain\0IPBusEnum\0dot3svc\0PcaSvc\0EMDMgmt\0TabletInputService\0wlansvc\0WPDBusEnum\0\0
NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent\0\0
LocalServiceNoNetwork REG_MULTI_SZ PLA\0DPS\0BFE\0mpssvc\0ehstart\0\0
NetworkService REG_MULTI_SZ CryptSvc\0DHCP\0TermService\0KtmRm\0DNSCache\0NapAgent\0nlasvc\0WinRM\0WECSVC\0Tapisrv\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WerSvcGroup REG_MULTI_SZ wersvc\0\0
swprv REG_MULTI_SZ swprv\0\0
LocalServiceNetworkRestricted REG_MULTI_SZ DHCP\0eventlog\0AudioSrv\0LmHosts\0wscsvc\0p2pimsvc\0PNRPSvc\0p2psvc\0WPCSvc\0PnrpAutoReg\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
regsvc REG_MULTI_SZ RemoteRegistry\0\0
wcssvc REG_MULTI_SZ WcsPlugInService\0\0
DcomLaunch REG_MULTI_SZ PlugPlay\0DcomLaunch\0\0
wdisvc REG_MULTI_SZ WdiServiceHost\0\0
sdrsvc REG_MULTI_SZ sdrsvc\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
secsvcs REG_MULTI_SZ WinDefend\0\0

HKLM\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
AeLookupSvc
wercplsupport
CertPropSvc
SCPolicySvc
gpsvc
IKEEXT
LogonHours
PCAudit
iphlpsvc
AppInfo
msiscsi
MMCSS
ProfSvc
EapHost
SessionEnv
hkmsvc

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9226e268-bd40-11db-b9ff-806e6f6e6963}]
shell\AutoRun\command E:\autorun.exe

-- End of ComboScan: finished at 2007-02-28 at 21:34:04 -------------------------

02-28-2007, 03:23 PM	#14 (permalink)
Duke Dukay Registered User Join Date: Feb 2007 Posts: 21 OS: Windows Vista (Home Premium)	2006-12-19 2230 356352 --a------ C:\Windows\system32\nvuninst.exe 2006-12-19 2230 356352 --a------ C:\Windows\system32\nvudisp.exe 2006-12-19 2230 90191 --a------ C:\Windows\system32\nvsvc.dll 2006-12-19 2230 5685248 --a------ C:\Windows\system32\nvoglv32.dll 2006-12-19 2228 2854912 --a------ C:\Windows\system32\nvmoblsr.dll 2006-12-19 2226 888832 --a------ C:\Windows\system32\nvmobls.dll 2006-12-19 2222 81920 --a------ C:\Windows\system32\nvmctray.dll 2006-12-19 2222 458752 --a------ C:\Windows\system32\nvmccssr.dll 2006-12-19 2222 188416 --a------ C:\Windows\system32\nvmccss.dll 2006-12-19 2222 45056 --a------ C:\Windows\system32\nvmccsrs.dll 2006-12-19 2222 229376 --a------ C:\Windows\system32\nvmccs.dll 2006-12-19 2220 3207168 --a------ C:\Windows\system32\nvgamesr.dll 2006-12-19 2220 3063808 --a------ C:\Windows\system32\nvgames.dll 2006-12-19 2220 307200 --a------ C:\Windows\system32\nvexpbar.dll 2006-12-19 2214 5230592 --a------ C:\Windows\system32\nvdispsr.dll 2006-12-19 2214 5619712 --a------ C:\Windows\system32\nvdisps.dll 2006-12-19 2212 3055616 --a------ C:\Windows\system32\nvd3dum.dll 2006-12-19 2212 1019904 --a------ C:\Windows\system32\nvcpluir.dll 2006-12-19 2212 806912 --a------ C:\Windows\system32\nvcplui.exe 2006-12-19 2206 7766016 --a------ C:\Windows\system32\nvcpl.dll 2006-12-19 2204 147456 --a------ C:\Windows\system32\nvcolor.exe 2006-12-19 2204 303104 --a------ C:\Windows\system32\nvapi.dll 2006-12-19 22:05:56 521128 --a------ C:\Windows\system32\dpinst.exe -- Registry Dump ---------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "Sidebar"="C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun" "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "DellSupport"="\"C:\\Program Files\\DellSupport\\DSAgnt.exe\" /startup" "ehTray.exe"="C:\\Windows\\ehome\\ehTray.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "Windows Defender"=hex(2):25,50,72,6f,67,72,61,6d,46,69,6c,65,73,25,5c,57,69,\ 6e,64,6f,77,73,20,44,65,66,65,6e,64,65,72,5c,4d,53,41,53,43,75,69,2e,65,78,\ 65,20,2d,68,69,64,65,00 "NvSvc"="RUNDLL32.EXE C:\\Windows\\system32\\nvsvc.dll,nvsvcStart" "NvCplDaemon"="RUNDLL32.EXE C:\\Windows\\system32\\NvCpl.dll,NvStartup" "NvMediaCenter"="RUNDLL32.EXE C:\\Windows\\system32\\NvMcTray.dll,NvTaskbarInit" "SunJavaUpdateSched"="\"c:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\"" "SigmatelSysTrayApp"="sttray.exe" "IAAnotif"="\"C:\\Program Files\\Intel\\Intel Matrix Storage Manager\\Iaanotif.exe\"" "Corel Photo Downloader"="C:\\Program Files\\Corel\\Corel Snapfire Plus\\PhotoDownloader.exe" "ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start" @="" "RoxWatchTray"="\"C:\\Program Files\\Common Files\\Roxio Shared\\9.0\\SharedCOM\\RoxWatchTray9.exe\"" "RoxioDragToDisc"="\"C:\\Program Files\\Roxio\\Drag-to-Disc\\DrgToDsc.exe\"" "MskAgentexe"="C:\\Program Files\\McAfee\\MSK\\MskAgent.exe" "Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup" "ECenter"="c:\\dell\\E-Center\\EULALauncher.exe" "ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "appinit_dlls"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"=dword:00000002 "ConsentPromptBehaviorUser"=dword:00000001 "EnableInstallerDetection"=dword:00000001 "EnableLUA"=dword:00000001 "EnableSecureUIAPaths"=dword:00000001 "EnableVirtualization"=dword:00000001 "PromptOnSecureDesktop"=dword:00000001 "ValidateAdminCodeSignatures"=dword:00000000 "scforceoption"=dword:00000000 "FilterAdministratorToken"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\UIPI] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\UIPI\Clipboard] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\UIPI\Clipboard\ExceptionFormats] "CF_TEXT"=dword:00000001 "CF_BITMAP"=dword:00000002 "CF_OEMTEXT"=dword:00000007 "CF_DIB"=dword:00000008 "CF_PALETTE"=dword:00000009 "CF_UNICODETEXT"=dword:0000000d "CF_DIBV5"=dword:00000011 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="credssp.dll" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AppInfo HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\KeyIso HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\MCODS HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\NTDS HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\ProfSvc HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sacsvr HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\SWPRV HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\TabletInputService HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\TBS HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\TrustedInstaller HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\volmgr.sys HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\volmgrx.sys HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F} HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7} HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6} [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ nsi\0lltdsvc\0SSDPSRV\0upnphost\0SCardSvr\0w32time\0EventSystem\0RemoteRegistry\0WinHttpAutoProxySvc\0lanmanworkstation\0TBS\0SLUINotify\0THREADORDER\0fdrespub\0netprofm\0fdphost\0wcncsvc\0QWAVE\0Mcx2Svc\0WebClient\0\0 LocalSystemNetworkRestricted REG_MULTI_SZ hidserv\0UxSms\0WdiSystemHost\0Netman\0trkwks\0AudioEndpointBuilder\0WUDFSvc\0irmon\0sysmain\0IPBusEnum\0dot3svc\0PcaSvc\0EMDMgmt\0TabletInputService\0wlansvc\0WPDBusEnum\0\0 NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent\0\0 LocalServiceNoNetwork REG_MULTI_SZ PLA\0DPS\0BFE\0mpssvc\0ehstart\0\0 NetworkService REG_MULTI_SZ CryptSvc\0DHCP\0TermService\0KtmRm\0DNSCache\0NapAgent\0nlasvc\0WinRM\0WECSVC\0Tapisrv\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WerSvcGroup REG_MULTI_SZ wersvc\0\0 swprv REG_MULTI_SZ swprv\0\0 LocalServiceNetworkRestricted REG_MULTI_SZ DHCP\0eventlog\0AudioSrv\0LmHosts\0wscsvc\0p2pimsvc\0PNRPSvc\0p2psvc\0WPCSvc\0PnrpAutoReg\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 regsvc REG_MULTI_SZ RemoteRegistry\0\0 wcssvc REG_MULTI_SZ WcsPlugInService\0\0 DcomLaunch REG_MULTI_SZ PlugPlay\0DcomLaunch\0\0 wdisvc REG_MULTI_SZ WdiServiceHost\0\0 sdrsvc REG_MULTI_SZ sdrsvc\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 secsvcs REG_MULTI_SZ WinDefend\0\0 HKLM\software\Microsoft\Windows NT\CurrentVersion\Svchost netsvcs AeLookupSvc wercplsupport CertPropSvc SCPolicySvc gpsvc IKEEXT LogonHours PCAudit iphlpsvc AppInfo msiscsi MMCSS ProfSvc EapHost SessionEnv hkmsvc [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9226e268-bd40-11db-b9ff-806e6f6e6963}] shell\AutoRun\command E:\autorun.exe -- End of ComboScan: finished at 2007-02-28 at 21:34:04 -------------------------