Thread: do this log please
View Single Post
Old 05-04-2007, 02:49 PM   #3 (permalink)
define
Registered User
 
Join Date: May 2007
Posts: 25
OS: XP


Re: do this log please
THIS IS THE GOOD ONE
The panda scanner is not letting me scan because its not downloading the active x but i did though...

Deckard's System Scanner v20070426.43
Run by Define on 2007-05-04 at 15:34:22
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
44: 2007-05-04 14:34:24 UTC - RP44 - Deckard's System Scanner Restore Point
43: 2007-05-03 22:24:31 UTC - RP43 - System Checkpoint
42: 2007-05-02 21:25:48 UTC - RP42 - System Checkpoint
41: 2007-05-01 20:03:54 UTC - RP41 - System Checkpoint
40: 2007-04-30 19:44:39 UTC - RP40 - System Checkpoint


-- First Restore Point --
1: 2007-04-04 19:42:19 UTC - RP1 - Installed Microsoft Office Professional Edition 2003


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Define.exe) ----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 3:35:20 PM, on 5/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Documents and Settings\Define\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Define.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [AIM] "C:\Program Files\AIM\aim.exe" -cnetwait.odl
O4 - HKCU\..\Run: [Steam] "d:\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] "C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe"
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 cmudaxu (C-Media USB Sound Interface) - c:\windows\system32\drivers\cmudaxu.sys <Not Verified; C-Media Inc; C-Media USB Audio Driver (WDM)>

S3 AC97ALI (Service for AC'97 Driver (WDM)) - c:\windows\system32\drivers\ali55wdm.sys <Not Verified; ULi Corporation; ULi M5455 Audio Controller WDM Driver>
S3 cpuz126 - c:\docume~1\define\locals~1\temp\cpuz.sys (file missing)
S3 GMSIPCI - e:\install\gmsipci.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AntiVirScheduler (AntiVir PersonalEdition Classic Scheduler) - "c:\program files\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; Scheduler>


-- Scheduled Tasks -------------------------------------------------------------

2007-05-03 19:55:57 268 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
2007-05-03 19:55:56 386 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job


-- Files created between 2007-04-04 and 2007-05-04 -----------------------------

2007-05-04 15:31:09 0 d-------- C:\Program Files\SpywareBlaster
2007-05-03 22:49:44 0 dr-h----- C:\Documents and Settings\Define\Recent
2007-05-03 22:32:20 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2007-05-03 22:25:10 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-05-03 20:12:59 0 d-------- C:\Program Files\Uniblue
2007-05-03 19:55:58 0 d-------- C:\Documents and Settings\Define\Application Data\Uniblue
2007-04-27 18:02:13 0 d-------- C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
2007-04-26 21:09:56 0 d-------- C:\Program Files\BitLord
2007-04-26 14:41:45 0 d-------- C:\Program Files\LimeWire
2007-04-25 13:57:31 0 d-------- C:\Program Files\Windows Media Connect 2
2007-04-25 13:56:24 0 d-------- C:\WINDOWS\system32\LogFiles
2007-04-25 13:56:24 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-04-25 13:47:17 0 d-------- C:\WINDOWS\network diagnostic
2007-04-25 13:30:26 592 --a------ C:\WINDOWS\chgkey.vbs
2007-04-22 20:57:16 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2007-04-16 15:47:35 119056 --a------ C:\WINDOWS\system32\reg_c3.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2007-04-16 15:47:34 1017545 --a------ C:\WINDOWS\system32\cpuz.exe <Not Verified; CPUID; CPU-Z Application>
2007-04-16 15:47:30 0 d-------- C:\Program Files\CEVO
2007-04-16 15:28:21 262144 --a------ C:\Documents and Settings\All Users\ntuser.dat
2007-04-16 03:00:18 0 d-------- C:\WINDOWS\system32\DllCache
2007-04-16 00:03:41 0 d-------- C:\Program Files\Common Files\Scanner
2007-04-16 00:03:41 0 d-------- C:\Program Files\ComcastToolbar
2007-04-16 00:03:40 0 d-------- C:\Documents and Settings\Define\Application Data\ComcastToolbar
2007-04-16 00:01:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-04-14 14:44:28 0 d-------- C:\Program Files\support.com
2007-04-14 14:44:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Support.com
2007-04-14 13:42:06 0 d-------- C:\Program Files\SystemRequirementsLab
2007-04-14 13:42:00 0 d-------- C:\Documents and Settings\Define\Application Data\SystemRequirementsLab
2007-04-14 13:41:52 0 d-------- C:\WINDOWS\Sun
2007-04-14 13:41:52 0 d-------- C:\Documents and Settings\Define\Application Data\Sun
2007-04-14 10:10:47 0 d-------- C:\Documents and Settings\Define\Incomplete
2007-04-14 10:10:38 0 d-------- C:\Documents and Settings\Define\Application Data\LimeWire
2007-04-14 10:07:39 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-04-14 1057 0 d-------- C:\Documents and Settings\Define\Application Data\Leadertech
2007-04-14 00:02:35 0 d-------- C:\Program Files\Java
2007-04-14 00:02:29 0 d-------- C:\Program Files\Common Files\Java
2007-04-13 23:58:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2007-04-13 23:58:09 0 d-------- C:\Documents and Settings\Define\Application Data\Azureus
2007-04-10 15:38:29 0 d-------- C:\WINDOWS\system32\NtmsData
2007-04-09 17:07:10 0 d-------- C:\WINDOWS\system32\Lang
2007-04-09 17:07:10 60416 --a------ C:\WINDOWS\ALCFDRTM.EXE <Not Verified; Realtek Semiconductor Corp.; Realtek ALCFDRTM>
2007-04-07 21:27:15 0 d-------- C:\Documents and Settings\Define\Application Data\teamspeak2
2007-04-07 00:17:01 0 d-------- C:\Documents and Settings\Define\Application Data\vlc
2007-04-07 00:16:13 0 d-------- C:\Program Files\VideoLAN
2007-04-06 11:04:12 0 d-------- C:\Program Files\MSXML 4.0
2007-04-05 23:58:13 0 d--h----- C:\WINDOWS\$hf_mig$
2007-04-05 23:56:57 0 d---s---- C:\Documents and Settings\Define\UserData
2007-04-04 23:32:20 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-04-04 23:01:54 0 d-------- C:\Documents and Settings\Define\Application Data\WinRAR
2007-04-04 22:44:39 0 d-------- C:\Documents and Settings\Define\Application Data\Xfire
2007-04-04 22:44:38 0 d---s---- C:\Program Files\Xfire
2007-04-04 22:37:14 0 d-------- C:\Documents and Settings\Define\Application Data\Ventrilo
2007-04-04 22:36:36 0 d-------- C:\Program Files\Ventrilo
2007-04-04 22:36:16 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-04-04 22:20:02 0 d-------- C:\Documents and Settings\Define\Application Data\Aim
2007-04-04 22:18:53 0 d-------- C:\Program Files\Viewpoint
2007-04-04 22:18:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-04-04 22:18:50 0 d-------- C:\Program Files\AIM
2007-04-04 22:18:08 0 d-------- C:\Program Files\CCleaner
2007-04-04 21:27:53 0 d--hs---- C:\WINDOWS\Installer
2007-04-04 21:27:52 0 dr------- C:\Program Files
2007-04-04 21:27:52 0 d-------- C:\Program Files\Common Files\ODBC
2007-04-04 21:27:38 69120 --a------ C:\WINDOWS\NOTEPAD.EXE <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-04-04 21:27:27 0 d--h----- C:\Documents and Settings\Default User\Templates
2007-04-04 21:27:27 0 dr------- C:\Documents and Settings\Default User\Start Menu
2007-04-04 21:27:27 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2007-04-04 21:27:27 0 d--h----- C:\Documents and Settings\Default User\Recent
2007-04-04 21:27:27 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2007-04-04 21:27:27 0 d--h----- C:\Documents and Settings\Default User\NetHood
2007-04-04 21:27:27 0 d-------- C:\Documents and Settings\Default User\My Documents
2007-04-04 21:27:27 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2007-04-04 21:27:27 0 d-------- C:\Documents and Settings\Default User\Favorites
2007-04-04 21:27:27 0 d-------- C:\Documents and Settings\Default User\Desktop
2007-04-04 21:27:27 0 d---s---- C:\Documents and Settings\Default User\Cookies
2007-04-04 21:27:27 0 d--h----- C:\Documents and Settings\All Users\Templates
2007-04-04 21:27:27 0 dr------- C:\Documents and Settings\All Users\Start Menu
2007-04-04 21:27:27 0 d-------- C:\Documents and Settings\All Users\Favorites
2007-04-04 21:27:27 0 dr------- C:\Documents and Settings\All Users\Documents
2007-04-04 21:27:27 0 d-------- C:\Documents and Settings\All Users\Desktop
2007-04-04 21:25:10 0 d-------- C:\WINDOWS\system32\CatRoot2
2007-04-04 21:25:10 0 d-------- C:\WINDOWS\system32\CatRoot
2007-04-04 21:25:04 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2007-04-04 21:25:04 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2007-04-04 21:25:04 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2007-04-04 21:25:04 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2007-04-04 21:23:05 63488 --a------ C:\WINDOWS\system32\drivers\ali55wdm.sys <Not Verified; ULi Corporation; ULi M5455 Audio Controller WDM Driver>
2007-04-04 21:23:05 9728 --a------ C:\WINDOWS\system32\ali55prp.dll <Not Verified; ALi Corporation; ALi M5455 Audio Controller Property Page>
2007-04-04 21:22:56 0 d--hs---- C:\System Volume Information
2007-04-04 21:22:56 0 d-------- C:\Documents and Settings
2007-04-04 21:21:32 0 d-------- C:\D
2007-04-04 21:18:43 0 d-------- C:\WINDOWS
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\WinSxS
2007-04-04 21:18:43 0 dr------- C:\WINDOWS\Web
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\twain_32
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\wins
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\wbem
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\usmt
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\spool
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\ShellExt
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\Setup
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\ras
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\PreInstall
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\oobe
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\npp
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\mui
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\inetsrv
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\IME
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\icsxml
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\ias
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\export
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\drivers
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\drivers\etc
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\drivers\disdn
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\dhcp
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\config
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\3com_dmi
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\3076
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\2052
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\1054
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\1042
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\1041
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\1037
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\1033
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\1031
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\1028
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system32\1025
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\system
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\SoftwareDistribution
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\security
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\Resources
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\repair
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\Provisioning
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\PeerNet
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\pchealth
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\mui
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\msapps
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\msagent
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\Media
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\java
2007-04-04 21:18:43 0 d--h----- C:\WINDOWS\inf
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\ime
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\Help
2007-04-04 21:18:43 0 dr--s---- C:\WINDOWS\Fonts
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\ehome
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\Driver Cache
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\Debug
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\Cursors
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\Connection Wizard
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\Config
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\AppPatch
2007-04-04 21:18:43 0 d-------- C:\WINDOWS\addins
2007-04-04 21:15:19 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-04-04 21:15:16 0 d-------- C:\Program Files\Webroot
2007-04-04 21:15:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2007-04-04 21:14:34 0 d-------- C:\Documents and Settings\Define\Application Data\Webroot
2007-04-04 21:11:00 0 d-------- C:\Program Files\mIRC
2007-04-04 21:08:12 0 --a------ C:\WINDOWS\nsreg.dat
2007-04-04 21:02:43 53 --a------ C:\biosinfo
2007-04-04 20:57:57 1391296 -ra------ C:\WINDOWS\system32\drivers\cmudaxu.sys <Not Verified; C-Media Inc; C-Media USB Audio Driver (WDM)>
2007-04-04 20:57:57 98304 -ra------ C:\WINDOWS\system32\cmudau.dll <Not Verified; C-Media; C-Media cmuda.dll>
2007-04-04 20:57:57 16384 -ra------ C:\WINDOWS\system32\cmpropu.dll <Not Verified; C-Media Corporation; CMI8738/CMI9738/CMI9739 Audio Device>
2007-04-04 20:57:57 241664 -ra------ C:\WINDOWS\system32\cmdrvrmu.exe <Not Verified; C-Media Corporation; CmiRemoveDriver Application>
2007-04-04 20:57:57 45056 -ra------ C:\WINDOWS\system32\cmdrvrmu.dll
2007-04-04 20:57:57 712704 -ra------ C:\WINDOWS\system32\a3dpropu.dll <Not Verified; Sensaura Ltd; Sensaura>
2007-04-04 20:57:57 61440 -ra------ C:\WINDOWS\system\cmsnxeye.exe <Not Verified; ; CmSNXeye Application>
2007-04-04 20:57:57 315392 -ra------ C:\WINDOWS\system\cmifltr.dll <Not Verified; C-Media Electronics Inc.; C-Media CmiFltr>
2007-04-04 20:57:57 917504 -ra------ C:\WINDOWS\system\cmds3du.dll <Not Verified; C-Media Electronics Inc.; C-Media Cmids3d>
2007-04-04 20:57:54 40960 -r------- C:\WINDOWS\CmiUSB2Uninstall.exe <Not Verified; ; CmiUSBUninstall Application>
2007-04-04 20:57:49 0 d-------- C:\Program Files\Steel Sound 5H USB
2007-04-04 20:55:29 0 d-------- C:\WINDOWS\nview
2007-04-04 20:55:28 114688 -ra------ C:\WINDOWS\system32\sysinfo.dll <Not Verified; Crystal Dew World; SysInfo>
2007-04-04 20:55:27 200704 -ra------ C:\WINDOWS\system32\WinSys.exe <Not Verified; ; DOT Application>
2007-04-04 20:55:27 9728 -ra------ C:\WINDOWS\system32\sysinfoX64.sys
2007-04-04 20:55:27 8192 -ra------ C:\WINDOWS\system32\sysinfo.sys
2007-04-04 20:55:27 69632 -ra------ C:\WINDOWS\system32\sw24.exe
2007-04-04 20:55:27 208896 -ra------ C:\WINDOWS\system32\sw20.exe <Not Verified; ; sw20 Application>
2007-04-04 20:55:27 1445888 -ra------ C:\WINDOWS\system32\msicpl.dll <Not Verified; MSI; MSI MsiCpl>
2007-04-04 20:53:51 0 d-------- C:\Program Files\AMD
2007-04-04 20:52:51 0 d-------- C:\Documents and Settings\Define\Application Data\Macromedia
2007-04-04 20:51:20 40448 -----n--- C:\WINDOWS\system32\ChCfg.exe
2007-04-04 20:51:20 208896 -----n--- C:\WINDOWS\alcupd.exe <Not Verified; Realtek Semiconductor Corp.; Update Application for Realtek AC'97>
2007-04-04 20:51:20 139264 -----n--- C:\WINDOWS\alcrmv.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Removing Tool>
2007-04-04 20:50:50 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2007-04-04 20:50:49 28672 -----n--- C:\WINDOWS\system32\UnLAN.exe
2007-04-04 20:50:49 35587 -----n--- C:\WINDOWS\system32\rmlan.exe <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
2007-04-04 20:50:49 34307 -----n--- C:\WINDOWS\system32\drivers\Install.EXE <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
2007-04-04 20:50:49 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-04-04 20:50:47 0 d-------- C:\Program Files\Common Files\InstallShield
2007-04-04 20:50:36 5824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2007-04-04 20:49:52 0 d-------- C:\WINDOWS\system32\appmgmt
2007-04-04 20:41:45 0 d--h----- C:\Documents and Settings\Define\Templates
2007-04-04 20:41:45 0 dr------- C:\Documents and Settings\Define\Start Menu
2007-04-04 20:41:45 0 dr-h----- C:\Documents and Settings\Define\SendTo
2007-04-04 20:41:45 0 d--h----- C:\Documents and Settings\Define\PrintHood
2007-04-04 20:41:45 2621440 --ah----- C:\Documents and Settings\Define\NTUSER.DAT
2007-04-04 20:41:45 0 d--h----- C:\Documents and Settings\Define\NetHood
2007-04-04 20:41:45 0 dr------- C:\Documents and Settings\Define\My Documents
2007-04-04 20:41:45 0 d--h----- C:\Documents and Settings\Define\Local Settings
2007-04-04 20:41:45 0 d-------- C:\Documents and Settings\Define\ff_temp
2007-04-04 20:41:45 0 dr------- C:\Documents and Settings\Define\Favorites
2007-04-04 20:41:45 0 d-------- C:\Documents and Settings\Define\Desktop
2007-04-04 20:41:45 0 d--hs---- C:\Documents and Settings\Define\Cookies
2007-04-04 20:41:45 0 d--h----- C:\Documents and Settings\Define\Application Data
2007-04-04 20:41:45 0 d-------- C:\Documents and Settings\Define\Application Data\Mozilla
2007-04-04 20:41:45 0 d-------- C:\Documents and Settings\Define\7zS1873.tmp
2007-04-04 20:40:46 0 d---s---- C:\WINDOWS\system32\Microsoft
2007-04-04 20:40:46 0 d-------- C:\WINDOWS\Prefetch
2007-04-04 20:40:45 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2007-04-04 20:40:45 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2007-04-04 20:40:45 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2007-04-04 20:40:45 0 d-------- C:\Documents and Settings\LocalService\Application Data
2007-04-04 20:40:45 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2007-04-04 20:40:30 262144 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2007-04-04 20:40:30 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2007-04-04 20:40:30 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2007-04-04 20:40:30 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2007-04-04 20:40:30 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2007-04-04 20:39:17 262144 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2007-04-04 20:38:50 2806 --a------ C:\WINDOWS\mozver.dat
2007-04-04 20:38:49 0 d-------- C:\Documents and Settings\Default User\Application Data\Mozilla
2007-04-04 20:38:44 0 d-------- C:\Documents and Settings\Default User\ff_temp
2007-04-04 20:38:40 0 d-------- C:\Documents and Settings\Default User\7zS1873.tmp
2007-04-04 20:37:53 0 -rahs---- C:\MSDOS.SYS
2007-04-04 20:37:53 0 -rahs---- C:\IO.SYS
2007-04-04 20:37:53 0 --a------ C:\CONFIG.SYS
2007-04-04 20:37:53 0 --a------ C:\AUTOEXEC.BAT
2007-04-04 20:36:59 0 d--hs---- C:\Documents and Settings\All Users\DRM
2007-04-04 20:36:51 0 dr------- C:\WINDOWS\Offline Web Pages
2007-04-04 20:36:51 0 d---s---- C:\WINDOWS\Downloaded Program Files
2007-04-04 20:36:40 0 d--h----- C:\Program Files\WindowsUpdate
2007-04-04 20:36:37 0 d-------- C:\Program Files\Online Services
2007-04-04 20:36:24 0 d-------- C:\WINDOWS\system32\DirectX
2007-04-04 20:35:59 0 d---s---- C:\WINDOWS\Tasks
2007-04-04 20:35:58 0 d-------- C:\Program Files\Common Files\MSSoap
2007-04-04 20:35:55 0 d-------- C:\WINDOWS\system32\Macromed
2007-04-04 20:35:55 0 d-------- C:\WINDOWS\srchasst
2007-04-04 20:35:48 0 d-------- C:\Program Files\Movie Maker
2007-04-04 20:35:42 0 d-------- C:\WINDOWS\system32\Restore
2007-04-04 20:35:09 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-04-04 20:34:58 0 d-------- C:\WINDOWS\Registration
2007-04-04 20:32:47 0 d-------- C:\Program Files\MSN Messenger
2007-04-04 20:32:32 956688 --a------ C:\WINDOWS\system32\calc.exe <Not Verified; Microsoft Corporation; Microsoft® Calculator Plus>
2007-04-04 20:32:23 342528 --a------ C:\WINDOWS\system32\mspaint.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-04-04 20:32:23 0 d-------- C:\Program Files\Windows NT
2007-04-04 20:32:22 753664 --a------ C:\WINDOWS\system32\mstscax.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-04-04 20:32:22 420352 --a------ C:\WINDOWS\system32\mstsc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-04-04 20:32:20 0 d-------- C:\WINDOWS\system32\MsDtc
2007-04-04 20:32:19 0 d-------- C:\WINDOWS\system32\Com


-- Find3M Report ---------------------------------------------------------------

2007-04-04 21:27:27 62 --ahs---- C:\Documents and Settings\Define\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SoundMan"="SOUNDMAN.EXE"
"NvCplDaemon"="\"RUNDLL32.EXE\" C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="\"nwiz.exe\" /install"
"SW20"="C:\\WINDOWS\\system32\\sw20.exe"
"SW24"="C:\\WINDOWS\\system32\\sw24.exe"
"NvMediaCenter"="\"RUNDLL32.EXE\" C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"CmUsbSound"="RunDll32 cmcnfgu.cpl,CMICtrlWnd"
"KernelFaultCheck"="C:\\WINDOWS\\system32\\dumprep 0 -k"
"avgnt"="\"C:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"AIM"="\"C:\\Program Files\\AIM\\aim.exe\" -cnetwait.odl"
"Steam"="\"d:\\steam\\steam.exe\" -silent"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Uniblue SpeedUpMyPC"="\"C:\\Program Files\\Uniblue\\SpeedUpMyPC\\SpeedUpMyPC.exe\""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nlsf"=hex(2):63,6d,64,2e,65,78,65,20,2f,43,20,6d,6f,76,65,20,2f,59,20,22,25,\
53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,73,79,73,73,\
65,74,75,62,2e,64,6c,6c,22,20,22,25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,\
79,73,74,65,6d,33,32,5c,73,79,73,73,65,74,75,70,2e,64,6c,6c,22,00
"tscuninstall"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnsc"="C:\\WINDOWS\\system32\\msnsc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRemoteRecursiveEvents"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInternetIcon"=dword:00000000
"ClearRecentDocsOnExit"=dword:00000001
"NoLowDiskSpaceChecks"=dword:00000001
"NoSaveSettings"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoInternetIcon"=dword:00000000
"ClearRecentDocsOnExit"=dword:00000001
"NoLowDiskSpaceChecks"=dword:00000001
"NoSaveSettings"=dword:00000000

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



-- End of Deckard's System Scanner: finished at 2007-05-04 at 15:35:57 ---------

Logfile of HijackThis v1.99.1
Scan saved at 3:35:20 PM, on 5/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Documents and Settings\Define\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Define.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [AIM] "C:\Program Files\AIM\aim.exe" -cnetwait.odl
O4 - HKCU\..\Run: [Steam] "d:\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] "C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe"
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
Attached Files
File Type: txt extra.txt (6.0 KB, 1 views)
define is offline