|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
Thread Tools |
02-20-2008, 11:31 AM
|
#1 (permalink) |
|
Oh! What shall I be?
|
Unknow start-up entry
I recently checked Spybot S&D to see wht progrmas started with Windows and i noticed and entry and it does not have much information with it. Hard to say if Windows is acting strange or not as some programs don't seem to work well with Vista.
Also when i used deckard, it only gave me main.txt, no extra.txt and i ran it a few times to check. Deckard's System Scanner v20071014.68 Run by Arthur on 2008-02-20 13:16:15 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as Arthur.exe) ---------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:16:23 PM, on 2/20/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16609) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe C:\Program Files\Toshiba\Power Saver\TPwrMain.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Toshiba\SmoothView\SmoothView.exe C:\Windows\system32\taskeng.exe C:\Program Files\Toshiba\FlashCards\TCrdMain.exe C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Program Files\Common Files\aol\1193443033\ee\aolsoftware.exe C:\Program Files\Toshiba\ConfigFree\NDSTray.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Ideazon\Reaper\Reaper_Settings.exe C:\Program Files\Belkin\Nostromo\nost_LM.exe C:\Program Files\Java\SDK\jdk\bin\javaw.exe C:\Program Files\Common Files\AOL\Loader\aolload.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Protector Suite QL\psqltray.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Synaptics\SynTP\SynToshiba.exe C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Users\Arthur\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Arthur.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1193443033\ee\AOLSoftware.exe O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe O4 - HKLM\..\Run: [ConfigFree] C:\Program Files\Toshiba\ConfigFree\NDSTray.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Reaper Gaming Mouse] C:\PROGRA~1\Ideazon\Reaper\Reaper_Settings.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: EPSON Background Monitor.lnk.disabled O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk.disabled O4 - Global Startup: Nostromo Loadout Manager.lnk = ? O4 - Global Startup: SDK Tray Menu.lnk = ? O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\Aim5.9\aim.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: Pharos Systems ComTaskMaster - Pharos Systems International - C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe O23 - Service: pinger - Unknown owner - C:\Toshiba\IVP\ISM\pinger.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: Epson Printer Status Agent (StatusAgent) - SEIKO EPSON CORPORATION - c:\program files\ESM2\SAgentNT.exe O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 11181 bytes -- Files created between 2008-01-20 and 2008-02-20 ----------------------------- 2008-02-20 12:53:03 0 d------c- C:\Program Files\Trend Micro 2008-02-20 02:08:39 11264 --a----c- C:\Windows\system32\PSS07CC1.DLL <Not Verified; Pharos Systems International; PHAROS> 2008-02-20 01:45:08 0 d------c- C:\Windows\system32\New Folder 2008-02-19 22:03:24 11264 --a----c- C:\Windows\system32\PSS05ACB.DLL <Not Verified; Pharos Systems International; PHAROS> 2008-02-19 16:36:40 109568 --a----c- C:\Windows\system32\MadCHook.dll <Not Verified; www.madshi.net; madCHook> 2008-02-19 16:36:38 11264 --a----c- C:\Windows\system32\PSS00E5F.DLL <Not Verified; Pharos Systems International; PHAROS> 2008-02-19 16:36:38 11264 --a----c- C:\Windows\system32\PSS00E5E.DLL <Not Verified; Pharos Systems International; PHAROS> 2008-02-19 16:36:38 11264 --a----c- C:\Windows\system32\PSS00E5D.DLL <Not Verified; Pharos Systems International; PHAROS> 2008-02-19 16:36:38 11264 --a----c- C:\Windows\system32\PSS00E5C.DLL <Not Verified; Pharos Systems International; PHAROS> 2008-02-19 16:36:38 11264 --a----c- C:\Windows\system32\PSS00E5B.DLL <Not Verified; Pharos Systems International; PHAROS> 2008-02-19 16:36:38 11264 --a----c- C:\Windows\system32\PSS00E5A.DLL <Not Verified; Pharos Systems International; PHAROS> 2008-02-19 16:36:38 11264 --a----c- C:\Windows\system32\PSS00E59.DLL <Not Verified; Pharos Systems International; PHAROS> 2008-02-19 16:36:38 11264 --a----c- C:\Windows\system32\PSS00E58.DLL <Not Verified; Pharos Systems International; PHAROS> 2008-02-19 16:36:38 11264 --a----c- C:\Windows\system32\PSS00E57.DLL <Not Verified; Pharos Systems International; PHAROS> 2008-02-19 16:36:38 442368 --a----c- C:\Windows\system32\PSP00E56.DLL <Not Verified; Pharos Systems International; PHAROS> 2008-02-19 16:36:35 249856 --a----c- C:\Windows\system32\PSR00E29.DLL <Not Verified; Pharos Systems International; PHAROS> 2008-02-19 16:36:31 0 d------c- C:\Program Files\PharosSystems 2008-02-19 16:36:29 0 d------c- C:\Program Files\Pharos 2008-02-12 21:15:04 442368 -ra----c- C:\Windows\system32\vp6vfw.dll <Not Verified; On2.com; On2_VP6> 2008-02-12 21:15:04 0 d------c- C:\Program Files\EA GAMES 2008-02-10 17:58:49 212 --a----c- C:\Windows\ildasmfnt.bin 2008-02-09 21:43:50 0 d------c- C:\Program Files\PowerISO 2008-02-09 02:51:03 691545 --a----c- C:\Windows\unins000.exe 2008-02-09 02:51:03 3444 --a----c- C:\Windows\unins000.dat 2008-02-09 02:20:57 0 d------c- C:\Windows\system32\1033 2008-02-09 00:47:13 0 d------c- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-02-08 23:40:41 0 d------c- C:\Program Files\Microsoft Device Emulator 2008-02-08 23:40:26 0 d------c- C:\Program Files\Microsoft SQL Server 2005 Mobile Edition 2008-02-08 23:20:36 0 d------c- C:\Windows\Symbols 2008-02-08 23:20:36 0 d------c- C:\Users\All Users\PreEmptive Solutions 2008-02-08 23:20:35 0 d------c- C:\Program Files\HTML Help Workshop 2008-02-08 23:20:35 0 d------c- C:\Program Files\Common Files\Merge Modules 2008-02-08 23:20:35 0 d------c- C:\Program Files\Common Files\Business Objects 2008-02-08 23:20:35 0 d------c- C:\Program Files\CE Remote Tools 2008-02-08 23:18:16 0 d------c- C:\Program Files\Microsoft Visual Studio 8 2008-02-04 22:27:42 0 d------c- C:\Program Files\Folding@Home 2008-02-03 13:27:30 4141056 --a----c- C:\Windows\eyeQ Screen Saver.scr 2008-02-03 13:27:07 0 d------c- C:\Program Files\Infinite Mind LC 2008-02-02 19:05:10 86016 --a----c- C:\Windows\unvise32.exe <Not Verified; MindVision Software; Installer VISE> 2008-02-02 19:04:45 0 d------c- C:\Program Files\The Rosetta Stone 2008-02-01 19:02:15 304128 --a----c- C:\Windows\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller> 2008-02-01 05:12:27 0 d------c- C:\Program Files\McAfee.com 2008-02-01 05:12:23 0 d------c- C:\Program Files\Common Files\McAfee 2008-02-01 05:12:20 0 d------c- C:\Program Files\McAfee 2008-01-29 13:40:44 0 d------c- C:\Program Files\AIM 2008-01-27 10:50:26 0 d------c- C:\Program Files\AMD 2008-01-27 08:15:21 0 d------c- C:\Program Files\VideoLAN 2008-01-25 02:39:37 715248 --a----c- C:\Windows\system32\drivers\sptd.sys 2008-01-21 12:58:31 0 d------c- C:\Program Files\iPod 2008-01-21 12:58:27 0 d------c- C:\Program Files\iTunes 2008-01-21 12:56:37 0 d------c- C:\Program Files\QuickTime 2008-01-20 22:34:43 0 d------c- C:\Users\Arthur\Incomplete 2008-01-20 22:00:03 0 d------c- C:\Program Files\FrostWire 2008-01-20 21:33:01 0 d------c- C:\Users\All Users\Lavasoft 2008-01-20 21:33:01 0 d------c- C:\Program Files\Lavasoft 2008-01-20 21:31:15 0 d------c- C:\Program Files\Common Files\Wise Installation Wizard -- Find3M Report --------------------------------------------------------------- 2008-02-20 11:36:59 0 d------c- C:\Program Files\SpeedFan 2008-02-20 01:32:02 0 d------c- C:\Program Files\DC++ 2008-02-19 16:17:39 0 d------c- C:\Program Files\World of Warcraft 2008-02-19 16:16:39 0 d------c- C:\Program Files\Google 2008-02-19 16:16:38 0 d------c- C:\Program Files\DivX 2008-02-10 01:44:29 0 d------c- C:\Users\Arthur\AppData\Roaming\Adobe 2008-02-09 22:48:59 0 d------c- C:\Program Files\Common Files\Adobe 2008-02-08 23:20:35 0 d------c- C:\Program Files\Common Files 2008-02-08 20:18:33 0 d------c- C:\Program Files\Java 2008-02-06 11:08:49 1032 --a----c- C:\Windows\eReg.dat 2008-02-04 09:14:20 0 d------c- C:\Program Files\Maxis 2008-02-03 13:27:04 0 d--h---c- C:\Program Files\InstallShield Installation Information 2008-02-03 11:52:48 0 d------c- C:\Users\Arthur\AppData\Roaming\FrostWire 2008-02-01 05:18:15 0 d------c- C:\Program Files\Bonjour 2008-01-29 13:41:42 0 d------c- C:\Users\Arthur\AppData\Roaming\Aim 2008-01-28 14:09:48 0 d------c- C:\Users\Arthur\AppData\Roaming\Toshiba 2008-01-27 20:59:07 0 d------c- C:\Program Files\Microsoft Games 2008-01-27 17:19:24 0 d------c- C:\Users\Arthur\AppData\Roaming\GTek 2008-01-27 08:17:17 0 d------c- C:\Users\Arthur\AppData\Roaming\vlc 2008-01-23 11:08:43 0 d------c- C:\Users\Arthur\AppData\Roaming\Real 2008-01-19 02:07:15 0 d------c- C:\Program Files\Common Files\xing shared 2008-01-19 02:07:13 0 d------c- C:\Program Files\Real 2008-01-19 02  49 0 d------c- C:\Program Files\Common Files\Real2008-01-15 10:58:42 0 d------c- C:\Program Files\Windows Mail 2008-01-15 10:53:28 0 d------c- C:\Program Files\Windows Sidebar 2008-01-05 00:46:51 0 d------c- C:\Users\Arthur\AppData\Roaming\BitTorrent 2008-01-01 05:10:40 0 d------c- C:\Users\Arthur\AppData\Roaming\AOL 2008-01-01 03:11:57 94 --a----c- C:\bbcscte.bat 2007-12-31 23:24:05 744960 --a----c- C:\Windows\system32\IR41_32.DLL <Not Verified; Intel Corporation; Intel Indeo(R) Video Interactive 32-bit Driver> 2007-12-31 11:24:38 0 d------c- C:\Program Files\Common Files\aol 2007-12-31 10:23:37 0 d------c- C:\Program Files\Yahoo! 2007-12-31 10:09:47 0 d------c- C:\Program Files\Common Files\Blizzard Entertainment 2007-12-29 20:58:07 0 d------c- C:\Program Files\FahMon 2007-12-29 20:28:30 0 d------c- C:\Program Files\Ideazon 2007-12-27 00:29:24 0 d------c- C:\Users\Arthur\AppData\Roaming\Ulead Systems 2007-12-26 12:48:15 0 d------c- C:\Program Files\AOL 9.1 2007-12-26 01:55:43 0 d------c- C:\Program Files\Common Files\aolshare 2007-12-26 01:53:18 0 d------c- C:\Users\Arthur\AppData\Roaming\Mozilla 2007-12-20 00:10:07 0 d------c- C:\Program Files\Common Files\Macrovision Shared 2007-12-18 21:32:35 2560 --a----c- C:\Windows\_MSRSTRT.EXE 2007-12-11 14:46:02 3596288 --a----c- C:\Windows\system32\qt-dx331.dll 2007-12-11 14:44:28 196608 --a----c- C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100> 2007-12-11 14:44:28 81920 --a----c- C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100> 2007-12-11 14:44:18 802816 --a----c- C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?> 2007-12-11 14:44:18 823296 --a----c- C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®> 2007-12-11 14:44:18 823296 --a----c- C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®> 2007-12-11 14:44:18 682496 --a----c- C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®> 2007-12-11 14:43:44 12288 --a----c- C:\Windows\system32\DivXWMPExtType.dll -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Camera Assistant Software"="C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" [05/22/2007 12:50 PM] "PSQLLauncher"="C:\Program Files\Protector Suite QL\launcher.exe" [03/28/2007 09:23 PM] "TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [03/29/2007 12:39 PM] "HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [12/07/2006 06:49 PM] "SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [06/15/2007 11:01 PM] "00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [05/22/2007 06:32 PM] "SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [08/15/2007 05:31 PM] "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [01/05/2007 04:21 PM] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/10/2006 02:35 PM] "HostManager"="C:\Program Files\Common Files\AOL\1193443033\ee\AOLSoftware.exe" [05/25/2007 12:16 PM] "amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [07/23/2007 11:06 AM] "ConfigFree"="C:\Program Files\Toshiba\ConfigFree\NDSTray.exe" [07/20/2007 10:45 PM] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [12/06/2007 09:12 AM] "@"="" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [01/15/2008 10:53 AM] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 07:35 AM] "Reaper Gaming Mouse"="C:\PROGRA~1\Ideazon\Reaper\Reaper_Settings.exe" [12/05/2007 02:38 PM] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"=2 (0x2) "EnableLUA"=0 (0x0) "DisableCAD"=1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] C:\Windows\system32\psqlpwd.dll 03/28/2007 09:46 PM 90112 C:\Windows\System32\psqlpwd.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Notification Packages"= scecli psqlpwd [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] @="IEEE 1394 Bus host controllers" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] @="SBP2 IEEE 1394 Devices" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] @="SecurityDevices" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide "<NO NAME>"= [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] AutoRun\command- E:\Setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] AutoRun\command- F:\RunGame.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G] AutoRun\command- G:\RunGame.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H] AutoRun\command- H:\RunGame.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] C:\Windows\system32\unregmp2.exe /ShowWMP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI -- End of Deckard's System Scanner: finished at 2008-02-20 13:16:50 ------------
__________________
studying = day + night + any free time - times I have exams
 Infected computer? click here Has TSF Helped You? Posting System Specifications Please Donate to TSF |
|
     |
|
02-27-2008, 11:54 AM
|
#2 (permalink) |
|
Oh! What shall I be?
|
Re: Unknow start-up entry
BUMP - also want to add I ran Ad-ware 2007 (after a few treis with getting a BLue Screen) and it came up with Win32.Trojan.Small in my documents (something I downloaded) and that also showed up in the Registry I think:
Root: HKLM Path: software\microsoft\windows nt\currentversion\image file execution options\iexplore.exe That was removed, and between Ad-ware, Mcafee virus scan and spybot s&d the only other things to show up where cookie files and just recently viewed lists. If you want me to run another scan now, just say so and I will as soon as i get a chance. Thank you in advance.
__________________
studying = day + night + any free time - times I have exams
Infected computer? click here Has TSF Helped You? Posting System Specifications Please Donate to TSF |
|
|
|
|
03-03-2008, 07:30 AM
|
#3 (permalink) |
|
Oh! What shall I be?
|
Re: Unknow start-up entry
BUMP
__________________
studying = day + night + any free time - times I have exams
Infected computer? click here Has TSF Helped You? Posting System Specifications Please Donate to TSF |
|
|
|
|
03-04-2008, 08:06 PM
|
#4 (permalink) |
|
Security Team (ret.)
Join Date: Nov 2003
Location: Victoria.Australia
Posts: 7,405
OS: XP Pro SP3
|
Re: Unknow start-up entry
I dont see any malware related problems in the log.All is fine,and yes, some programs do not run on Vista.This week alone I have been told by three users that they are changing to XP just because of that.
__________________
Eddy |
|
|
|
|
03-04-2008, 08:17 PM
|
#5 (permalink) |
|
Oh! What shall I be?
|
Re: Unknow start-up entry
ok, thank you for the check, just wanted to check to make sure
__________________
studying = day + night + any free time - times I have exams
Infected computer? click here Has TSF Helped You? Posting System Specifications Please Donate to TSF |
|
|
|
| Thread Tools | |
|
|
