|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
06-12-2008, 06:37 PM
|
#1 (permalink) |
|
Registered User
Join Date: May 2007
Posts: 25
OS: XP
|
Check Up - machine 2
Hi everyone, I just want to do a check up. When I do online scans it usually always finds cookies, I use CCleaner also. I also use Avira AntiVir and it has detected a couple Trojans in the past. The bad thing is I don't have the names of the Trojans because I have uninstalled and reinstalled the program. So thats it. I am also doing this on another pc so I'm going to do another thread.
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:25:36 PM, on 6/12/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\RunDll32.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/ O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1209788689030 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1209791598796 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 4602 bytes Deckard's System Scanner v20071014.68 Run by Administrator on 2008-06-12 19:19:09 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 90: 2008-06-13 00:19:12 UTC - RP90 - Deckard's System Scanner Restore Point 89: 2008-06-11 22:35:04 UTC - RP89 - System Checkpoint 88: 2008-06-10 22:11:38 UTC - RP88 - Software Distribution Service 3.0 87: 2008-06-10 02:51:40 UTC - RP87 - System Checkpoint 86: 2008-06-09 02:51:14 UTC - RP86 - System Checkpoint -- First Restore Point -- 1: 2008-05-03 03:14:40 UTC - RP1 - System Checkpoint Backed up registry hives. Performed disk cleanup. -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2008-06-12 19:20:32 Platform: Windows XP Service Pack 3 (5.01.2600) MSIE: Internet Explorer (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Documents and Settings\Administrator\Desktop\dss.exe C:\Program Files\Mozilla Firefox\firefox.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/ O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1209788689030 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1209791598796 O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get.../ultrashim.cab O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 5004 bytes -- File Associations ----------------------------------------------------------- .cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%* .cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%* -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R3 cmudaxu (C-Media USB Sound Interface) - c:\windows\system32\drivers\cmudaxu.sys <Not Verified; C-Media Inc; C-Media USB Audio Driver (WDM)> S3 CM1083264 (C-Media CM108 Like Sound UDAX Interface) - c:\windows\system32\drivers\cm108.sys (file missing) S3 usbsermpt (Motorola USB Modem Driver for MPT) - c:\windows\system32\drivers\usbsermpt.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System> S3 XDva134 - c:\windows\system32\xdva134.sys (file missing) S3 XDva158 - c:\windows\system32\xdva158.sys (file missing) S3 XDva164 - c:\windows\system32\xdva164.sys (file missing) S3 XDva167 - c:\windows\system32\xdva167.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 AntiVirScheduler (Avira AntiVir Personal – Free Antivirus Scheduler) - "c:\program files\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; AntiVir Workstation> R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager> S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Files created between 2008-05-12 and 2008-06-12 ----------------------------- 2008-06-12 19:17:07 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP 2008-06-12 19:17:04 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library> 2008-06-12 19:17:04 0 d-------- C:\Program Files\SpywareBlaster 2008-06-12 17:33:42 0 d-------- C:\WINDOWS\LastGood 2008-06-12 17:33:28 0 d-------- C:\Program Files\Panda Security 2008-06-12 14:58:07 0 dr-h----- C:\Documents and Settings\Administrator\Recent 2008-06-01 01:14:28 0 d-------- C:\Program Files\Avira 2008-05-30 20:12:54 0 d-------- C:\Program Files\Audacity 2008-05-27 21:38:59 0 d-------- C:\Documents and Settings\Administrator\Application Data\mIRC 2008-05-27 21:38:58 0 d-------- C:\Program Files\mIRC 2008-05-27 16:18:56 0 d-------- C:\Program Files\Sony 2008-05-27 16:15:48 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sony Setup 2008-05-27 16:15:43 0 d-------- C:\Program Files\Sony Setup 2008-05-27 16:03:23 0 d-------- C:\Program Files\Common Files\Sony Ericsson Shared 2008-05-27 16:03:22 0 d-------- C:\Program Files\Common Files\Teleca Shared 2008-05-27 16:03:21 0 d-------- C:\Program Files\Sony Ericsson 2008-05-27 15:59:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Teleca 2008-05-27 15:59:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson 2008-05-27 15:33:07 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sony Ericsson 2008-05-27 15:33:05 0 d-------- C:\Documents and Settings\Administrator\Application Data\Teleca 2008-05-27 15:32:08 0 d------c- C:\WINDOWS\system32\DRVSTORE 2008-05-27 15:24:10 0 d-------- C:\WINDOWS\Downloaded Installations 2008-05-26 13:11:25 0 d-------- C:\Documents and Settings\Administrator\.housecall6.6 2008-05-22 16:04:53 0 d-------- C:\Program Files\4Media 2008-05-20 14:37:39 0 d-------- C:\Program Files\Lavasoft 2008-05-20 14:37:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-05-20 14:34:18 0 d-------- C:\Program Files\Common Files\Scanner 2008-05-20 14:34:18 0 d-------- C:\Program Files\ComcastToolbar 2008-05-20 14:34:18 0 d-------- C:\Documents and Settings\Administrator\Application Data\ComcastToolbar 2008-05-19 22:14:56 729088 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module> 2008-05-19 21:19:56 0 d-------- C:\WINDOWS\Sun 2008-05-19 21:19:56 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun 2008-05-17 23:33:44 698 --a------ C:\WINDOWS\eReg.dat 2008-05-17 23:22:29 0 d-------- C:\Program Files\EA GAMES 2008-05-17 22:29:20 164352 --a------ C:\WINDOWS\system32\unrar.dll 2008-05-17 22:29:18 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec> 2008-05-17 22:29:18 2102272 --a------ C:\WINDOWS\system32\x264vfw.dll 2008-05-17 22:29:18 630784 --a------ C:\WINDOWS\system32\vp7vfw.dll <Not Verified; On2.com; On2_VP70> 2008-05-17 22:29:18 438272 --a------ C:\WINDOWS\system32\vp6vfw.dll <Not Verified; On2.com; On2_VP6> 2008-05-17 22:29:18 144384 --a------ C:\WINDOWS\system32\Iacenc.dll <Not Verified; Intel Corporation; Indeo® audio software> 2008-05-17 22:29:18 39936 --a------ C:\WINDOWS\system32\huffyuv.dll <Not Verified; Disappearing Inc.; Huffyuv> 2008-05-17 22:29:17 159839 --a------ C:\WINDOWS\system32\xvidvfw.dll 2008-05-17 22:29:17 755027 --a------ C:\WINDOWS\system32\xvidcore.dll 2008-05-17 22:29:17 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2008-05-17 22:29:17 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100> 2008-05-17 22:29:17 682496 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivX®> 2008-05-17 22:29:16 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll 2008-05-17 22:29:15 0 d-------- C:\Program Files\K-Lite Codec Pack 2008-05-16 17:20:52 0 d-------- C:\WINDOWS\system32\appmgmt 2008-05-15 19:00:40 4682 --a------ C:\WINDOWS\system32\npptNT2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT> 2008-05-12 18:11:48 0 d-------- C:\WINDOWS\Prefetch 2008-05-12 18  59 0 d-------- C:\WINDOWS\system32\scripting2008-05-12 18 58 0 d-------- C:\WINDOWS\l2schemas2008-05-12 18 57 0 d-------- C:\WINDOWS\system32\en-- Find3M Report --------------------------------------------------------------- 2008-06-12 19:20:45 0 d-------- C:\Program Files\Trend Micro 2008-06-12 14:39:39 0 d-------- C:\Program Files\Steam 2008-06-10 20 00 0 d-------- C:\Documents and Settings\Administrator\Application Data\uTorrent2008-06-08 18:13:47 0 d-------- C:\Documents and Settings\Administrator\Application Data\LimeWire 2008-05-30 20:11:25 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-05-27 16:03:23 0 d-------- C:\Program Files\Common Files 2008-05-27 15:24:09 0 d-------- C:\Program Files\Common Files\InstallShield 2008-05-25 12:51:51 0 d-------- C:\Program Files\Octoshape Streaming Services 2008-05-20 14:37:16 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-05-12 18:07:19 0 d-------- C:\Program Files\Messenger 2008-05-12 18 57 0 d-------- C:\Program Files\Movie Maker2008-05-12 18:04:20 0 d-------- C:\Program Files\Windows NT 2008-05-10 14:00:08 0 d-------- C:\Documents and Settings\Administrator\Application Data\Ahead 2008-05-10 13:56:22 0 d-------- C:\Program Files\Common Files\Ahead 2008-05-10 13:53:55 0 d-------- C:\Program Files\Nero 2008-05-06 18:08:11 0 d-------- C:\Documents and Settings\Administrator\Application Data\Ventrilo 2008-05-04 13:48:00 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla 2008-05-04 00:36:26 0 d-------- C:\Program Files\Java 2008-05-04 00:35:51 0 d-------- C:\Program Files\Common Files\Java 2008-05-04 00:35:11 0 d-------- C:\Program Files\LimeWire 2008-05-03 23:28:21 0 d-------- C:\Program Files\uTorrent 2008-05-03 15:51:01 0 d-------- C:\Program Files\OGPlanet 2008-05-03 15:49:11 0 d-------- C:\Program Files\CCleaner 2008-05-03 13:28:08 0 d-------- C:\Program Files\Steel Sound 5H USB 2008-05-03 02:09:37 0 d-------- C:\Program Files\Windows Media Connect 2 2008-05-03 01:47:41 0 d-------- C:\Documents and Settings\Administrator\Application Data\WinRAR 2008-05-03 01:30:41 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia 2008-05-03 01:30:41 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe 2008-05-03 01:30:34 1160 --a------ C:\WINDOWS\mozver.dat 2008-05-03 01:23:02 200704 --a------ C:\WINDOWS\system32\WinSys.exe <Not Verified; ; DOT Application> 2008-05-03 01:23:02 9728 --a------ C:\WINDOWS\system32\sysinfoX64.sys 2008-05-03 01:23:02 8192 --a------ C:\WINDOWS\system32\sysinfo.sys 2008-05-03 01:23:02 69632 --a------ C:\WINDOWS\system32\sw24.exe 2008-05-03 01:23:02 208896 --a------ C:\WINDOWS\system32\sw20.exe <Not Verified; ; sw20 Application> 2008-05-03 01:23:02 131072 --a------ C:\WINDOWS\system32\smdll.dll <Not Verified; ; SMdll Dynamic Link Library> 2008-05-03 01:23:02 1626112 --a------ C:\WINDOWS\system32\nwiz.exe 2008-05-03 01:23:01 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll 2008-05-03 01:23:01 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll 2008-05-03 01:23:00 1018772 --a------ C:\WINDOWS\system32\nvucode.bin 2008-05-03 01:23:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll 2008-05-03 01:23:00 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll 2008-05-03 01:22:59 1474560 --a------ C:\WINDOWS\system32\nview.dll 2008-05-03 01:22:59 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe 2008-05-03 01:22:56 442368 --a------ C:\WINDOWS\system32\nvappbar.exe 2008-05-03 01:22:55 1748992 --a------ C:\WINDOWS\system32\msicpl.dll <Not Verified; MSI; MSI MsiCpl> 2008-05-03 01:22:55 130048 --a------ C:\WINDOWS\system32\MadCHook.dll <Not Verified; www.madshi.net; madCHook> 2008-05-03 01:22:55 425984 --a------ C:\WINDOWS\system32\keystone.exe 2008-05-03 01:22:55 266240 --a------ C:\WINDOWS\system32\HookShield.dll 2008-05-03 01:22:55 262144 --a------ C:\WINDOWS\system32\HookMAp.dll 2008-05-03 01:22:54 32768 --a------ C:\WINDOWS\system32\Auxiliary.dll 2008-05-03 01:18:37 0 --a------ C:\WINDOWS\nsreg.dat 2008-05-03 00:58:37 712704 --a------ C:\WINDOWS\system32\a3d.dll <Not Verified; Sensaura Ltd; Sensaura> 2008-05-03 00:39:31 0 d-------- C:\Program Files\Ventrilo 2008-05-03 00:09:38 0 d-------- C:\Documents and Settings\Administrator\Application Data\acccore 2008-05-03 00:09:19 0 d-------- C:\Program Files\AIM6 2008-05-03 00:09:08 0 d-------- C:\Program Files\Viewpoint 2008-05-03 00:08:50 0 d-------- C:\Program Files\Common Files\AOL 2008-05-02 23:25:53 0 d--h----- C:\Program Files\WindowsUpdate 2008-05-02 22:43:35 0 d-------- C:\Program Files\AMD 2008-05-02 22:14:29 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities 2008-05-02 22:11:02 0 d-------- C:\Program Files\microsoft frontpage 2008-05-02 22:10:46 0 -rahs---- C:\MSDOS.SYS 2008-05-02 22:10:46 0 -rahs---- C:\IO.SYS 2008-05-02 22:10:46 0 --a------ C:\CONFIG.SYS 2008-05-02 22:10:46 0 --a------ C:\AUTOEXEC.BAT 2008-05-02 22:08:45 0 d-------- C:\Program Files\Common Files\MSSoap 2008-05-02 22:08:21 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat 2008-05-02 22:08:06 0 d-------- C:\Program Files\Online Services 2008-05-02 22:07:49 0 d-------- C:\Program Files\MSN Gaming Zone 2008-05-02 16:58:28 0 d-------- C:\Program Files\Common Files\ODBC 2008-05-02 16:58:26 0 d-------- C:\Program Files\Common Files\SpeechEngines 2008-05-02 16:58:00 62 --ahs---- C:\Documents and Settings\Administrator\Application Data\desktop.ini -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/03/2008 01:22 AM] "nwiz"="nwiz.exe" [05/03/2008 01:23 AM C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [05/03/2008 01:22 AM] "CmUsbSound"="cmcnfgu.cpl" [] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [02/12/2008 10:06 AM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files\steam\steam.exe" [05/02/2008 11:42 PM] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 07:12 PM] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "RunNarrator"=Narrator.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy] C:\WINDOWS\System32\dimsntfy.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] eapsvcs eaphost dot3svc dot3svc HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs napagent hkmsvc *Newly Created Service* - RKPAVPROC -- End of Deckard's System Scanner: finished at 2008-06-12 19:22:09 ------------ Forgot an attachment. Last edited by amateur; 06-12-2008 at 08:33 PM. Reason: to retain 0-reply status |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
06-21-2008, 09:56 PM
|
#5 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,576
OS: WinXP and Vista
|
Re: Check Up - machine 2
Hello define,
Ridiculous? Not from our end. Take a look at how many people post logs requesting assistance from all over the world wide web, and only a handful of us volunteering in our spare time, to clean a system for free. We do the best we can.  We do try to work from the oldest to newest threads posted, and when we do so, we are scanning the pages looking for threads with -0- or -1- reply. When we see more than that, it appears the thread is already being handled by someone. As far as infection on this system, Panda disinfected what little was onboard. Use CCleaner to clean those cookies. Cookies are just a part of 'everyday life on the internet'. Avast may be picking up on the infection sitting in your System Restore cache. To clear that, we'll flush the previous restore points and create a fresh, clean one. Create a new System Restore point Click Start >> Run - type SYSDM.CPL & press Enter * Select the System Restore Tab * Tick on the checkbox - "Turn off System Restore on all drives" Click Apply * Then untick the same checkbox & click OK This will flush out previous restore points (which contain the infections) and create a new restore point. --------------------------------------------------------------- If you still feel there may be more onboard, let's use a different online scanner and see if it finds anything else lurking about. It can take some time, so please be patient and allow it to run it's full course: Using Internet Explorer, visit http://www.kaspersky.com/kos/eng/par...avwebscan.html Answer Yes, when prompted to install an ActiveX component.
**Note** To optimize scanning time and produce a more sensible report for review:
|
|
|
|
|
06-24-2008, 12:45 PM
|
#6 (permalink) |
|
Registered User
Join Date: May 2007
Posts: 25
OS: XP
|
Re: Check Up - machine 2
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT Tuesday, June 24, 2008 Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Tuesday, June 24, 2008 17:28:04 Records in database: 881342 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: A:\ C:\ D:\ E:\ Scan statistics: Files scanned: 50301 Threat name: 1 Infected objects: 2 Suspicious objects: 0 Duration of the scan: 00:42:04 File name / Threat name / Threats count C:\Deckard\System Scanner\backup\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mirc632.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.632 1 C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.632 1 The selected area was scanned. |
|
|
|
|
06-24-2008, 01:06 PM
|
#7 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,576
OS: WinXP and Vista
|
Re: Check Up - machine 2
Hello define,
As you can see, Kaspersky is only reporting the backup created by dss.exe, and the presence of mIRC on your system. As long as you intentionally installed that program, there is no concern. Delete the following folder: C:\Deckard Other than that, your logs are clean. Is your onboard AV still detecting anything? |
|
|
|
|
06-24-2008, 06:36 PM
|
#9 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,576
OS: WinXP and Vista
|
Re: Check Up - machine 2
You're welcome, define. : )
To help prevent some of those undesirable cookies, I would suggest downloading and installing IESpyAD Zoned Out. It will block access to malicious websites so you cannot be redirected to them from an infected site or email. This severely impairs attempts to infect your system as it basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. It will not slow down your system nor clash with any of your current protection programs, as is not a 'real-time' scanning tool. Simply install it and periodically check for updates. Another program you may find helpful is McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad. This is especially helpful when using Google or other search engines, as you will be able to see the ratings for each of those sites that came up in your search--it lets you know ahead of time which are 'safe' to follow up on, and which you should stay away from. You may also find these articles to be of interest: PC Safety and Security--What Do I Need? Think Prevention |
|
|
|
| Thread Tools | |
|
|
