Tech Support Forum banner
Status
Not open for further replies.
1 - 1 of 1 Posts

·
Registered
Joined
·
7 Posts
Discussion Starter · #1 ·
on my new pc right from day one i have this annoying problem: when surfing with firefox i keep getting new windows (not tabs) with annoying adverts. i've followed the 5 steps before posting with no luck :sigh:

here's the Deckard's System Scanner resulsts...


Deckard's System Scanner v20071014.68
Run by XP on 2008-03-17 18:22:35
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
34: 2008-03-17 17:22:39 UTC - RP34 - Deckard's System Scanner Restore Point
33: 2008-03-17 16:41:13 UTC - RP33 - DirectX installato
32: 2008-03-16 14:41:36 UTC - RP32 - Punto di arresto del sistema
31: 2008-03-15 14:40:11 UTC - RP31 - DirectX installato
30: 2008-03-14 17:28:37 UTC - RP30 - Punto di arresto del sistema


-- First Restore Point --
1: 2008-03-05 19:16:39 UTC - RP1 - Punto di arresto del sistema


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as XP.exe) --------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 18.23.41, on 17/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\McAfee.com\Agent\mcagent.exe
C:\Programmi\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\ctfmon.exe
D:\APPS\KEYBOARD SHORTCUT APP\mdAxel_1_0_beta\mdAxel.exe
C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\sistray.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\FILECO~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\FILECO~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Documents and Settings\XP\Desktop\dss.exe
D:\APPS\HI-JAC~1\XP.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programmi\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programmi\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programmi\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [mcagent_exe] C:\Programmi\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programmi\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Ad-Aware] "C:\Programmi\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" +c
O4 - HKLM\..\Run: [SiteAdvisor] C:\Programmi\SiteAdvisor\6253\SiteAdv.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Programmi\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [mdAxel] D:\APPS\KEYBOARD SHORTCUT APP\mdAxel_1_0_beta\mdAxel.exe
O4 - HKCU\..\Run: [AWMON] "C:\Programmi\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKCU\..\Run: [µTorrent] "C:\Programmi\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1199976995500
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1199981196046
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Programmi\SiteAdvisor\6253\SiteAdv.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FILECO~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FILECO~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe


-- HijackThis Fixed Entries (D:\APPS\HI-JAC~1\backups\) ------------------------

backup-20080317-164502-137 O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Programmi\SiteAdvisor\6253\SiteAdv.dll
backup-20080317-164502-229 O4 - HKLM\..\Run: [SiteAdvisor] C:\Programmi\SiteAdvisor\6253\SiteAdv.exe
backup-20080317-164502-834 O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programmi\SiteAdvisor\6253\SiteAdv.dll

-- File Associations -----------------------------------------------------------

.scr - AutoCADScriptFile - shell\open\command - C:\WINDOWS\system32\notepad.exe "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>

S3 Ad-Watch Connect Filter (Ad-Watch Connect Kernel Filter) - c:\windows\system32\drivers\nsdriver.sys (file missing)
S3 Ad-Watch Real-Time Scanner (AW Real-Time Scanner) - c:\windows\system32\drivers\awrtpd.sys (file missing)
S3 Ad-Watch Registry Filter (Ad-Watch Registry Kernel Filter) - c:\windows\system32\drivers\awrtrd.sys (file missing)
S3 hwdatacard (Huawei DataCard USB Modem and USB Serial) - c:\windows\system32\drivers\ewusbmdm.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 FLEXnet Licensing Service - "c:\programmi\file comuni\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S4 Nero BackItUp Scheduler 3 - c:\programmi\nero\nero8\nero backitup\nbservice.exe
S4 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\programmi\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: SiS191 Ethernet Controller
Device ID: PCI\VEN_1039&DEV_0191&SUBSYS_0C9E105B&REV_02\3&B1BFB68&0&20
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS191 Ethernet Controller
PNP Device ID: PCI\VEN_1039&DEV_0191&SUBSYS_0C9E105B&REV_02\3&B1BFB68&0&20
Service: SiSGbeXP


-- Scheduled Tasks -------------------------------------------------------------

2008-03-14 17:15:00 376 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job
2008-03-06 17:19:56 378 --a------ C:\WINDOWS\Tasks\AdsGone.job
2008-03-01 01:00:07 326 --a------ C:\WINDOWS\Tasks\McQcTask.job


-- Files created between 2008-02-17 and 2008-03-17 -----------------------------

2008-03-17 18:09:23 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-03-17 17:08:12 0 d-------- C:\WINDOWS\LastGood
2008-03-15 15:40:57 0 d-------- C:\Programmi\File comuni\Autodesk Shared
2008-03-15 15:40:57 0 d-------- C:\Programmi\AutoCAD 2009
2008-03-13 17:39:18 67645 --a------ C:\WINDOWS\system32\drivers\pshook11.sys <Not Verified; TrekBlue, LLC; Anti-Virus Engine>
2008-03-13 17:38:24 0 d-------- C:\Programmi\INAC
2008-03-12 18:32:10 0 d-------- C:\Programmi\Total Video Converter
2008-03-12 18:18:21 0 d-------- C:\Programmi\Yahoo!
2008-03-12 16:04:15 0 d-------- C:\Programmi\Lavasoft
2008-03-12 02:43:53 0 d-------- C:\Programmi\Mozilla Firefox 3 Beta 4
2008-03-06 17:18:28 0 d-------- C:\Programmi\AdsGone
2008-03-06 17:13:25 0 d-------- C:\Programmi\DivX
2008-03-05 16:41:43 0 d-------- C:\Programmi\PowerISO
2008-03-04 18:17:11 0 d-------- C:\WINDOWS\pss
2008-03-03 17:22:15 0 d-------- C:\WINDOWS\system32\URTTEMP
2008-03-03 16:38:40 359808 --a------ C:\WINDOWS\system32\tcpip.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-02-26 16:30:52 0 d-------- C:\Programmi\Microsoft Expression
2008-02-24 14:26:09 0 d-------- C:\Programmi\Microsoft Visual Studio 8
2008-02-22 19:56:04 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-02-22 19:52:43 0 d-------- C:\Programmi\Sony
2008-02-22 19:52:11 0 d-------- C:\Programmi\Sony Setup
2008-02-22 19:47:37 0 d-------- C:\Programmi\TechSmith
2008-02-22 17:17:41 0 d-------- C:\Programmi\Microsoft SQL Server
2008-02-22 17:16:27 0 d-------- C:\Programmi\Vstplugins
2008-02-19 19:24:04 0 d-------- C:\Programmi\uTorrent
2008-02-17 16:11:31 45056 --a------ C:\WINDOWS\system32\WNASPI32.DLL <Not Verified; Adaptec; Adaptec's ASPI Layer>
2008-02-17 16:11:31 25244 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS <Not Verified; Adaptec; Adaptec's ASPI Layer>
2008-02-17 16:11:31 4672 --a------ C:\WINDOWS\system\WOWPOST.EXE <Not Verified; Adaptec; Adaptec's ASPI Layer>
2008-02-17 16:11:31 5600 --a------ C:\WINDOWS\system\WINASPI.DLL <Not Verified; Adaptec; Adaptec's ASPI Layer>


-- Find3M Report ---------------------------------------------------------------

2008-03-17 18:22:32 0 d-------- C:\Documents and Settings\XP\Dati applicazioni\uTorrent
2008-03-15 15:53:40 0 d-------- C:\Documents and Settings\XP\Dati applicazioni\Autodesk
2008-03-15 15:40:57 0 d-------- C:\Programmi\File comuni
2008-03-14 05:06:38 0 d-------- C:\Documents and Settings\XP\Dati applicazioni\INAC
2008-03-12 16:04:58 0 d-------- C:\Documents and Settings\XP\Dati applicazioni\Lavasoft
2008-03-12 16:03:04 0 d-------- C:\Programmi\File comuni\Wise Installation Wizard
2008-03-12 02:44:01 0 d-------- C:\Documents and Settings\XP\Dati applicazioni\Mozilla
2008-03-09 16:30:31 0 d-------- C:\Documents and Settings\XP\Dati applicazioni\Adobe
2008-03-05 18:43:04 2279424 --a------ C:\WINDOWS\system32\TUKernel.exe <Not Verified; Microsoft Corporation; Sistema operativo Microsoft® Windows®>
2008-03-05 18:38:39 0 d-------- C:\Programmi\WindowFX
2008-03-03 17:22:35 528078 --a------ C:\WINDOWS\system32\perfh010.dat
2008-03-03 17:22:35 100850 --a------ C:\WINDOWS\system32\perfc010.dat
2008-03-03 17:04:19 0 d-------- C:\Programmi\McAfee
2008-02-24 14:29:50 0 d-------- C:\Programmi\Microsoft Works
2008-02-22 19:57:59 0 d-------- C:\Documents and Settings\XP\Dati applicazioni\Sony
2008-02-17 15:08:41 0 d-------- C:\Documents and Settings\XP\Dati applicazioni\Thinstall
2008-02-15 16:55:33 0 d-------- C:\Programmi\Elaborate Bytes
2008-02-15 16:54:36 0 d-------- C:\Programmi\SlySoft
2008-02-15 16:50:32 0 d-------- C:\Documents and Settings\XP\Dati applicazioni\Publish Providers
2008-02-15 16:50:20 0 d-------- C:\Documents and Settings\XP\Dati applicazioni\DivX
2008-02-15 16:42:18 0 d-------- C:\Programmi\MOJOSOFT
2008-02-15 16:42:18 0 d-------- C:\Documents and Settings\XP\Dati applicazioni\mojosoft
2008-02-12 21:32:40 0 d-------- C:\Programmi\EPSON Print CD
2008-02-12 15:16:15 0 d--h----- C:\Programmi\InstallShield Installation Information
2008-02-12 14:51:47 0 d-------- C:\Programmi\File comuni\Adobe
2008-02-12 14:49:35 0 d-------- C:\Programmi\File comuni\Adobe Systems Shared
2008-02-12 14:42:48 0 d-------- C:\Programmi\File comuni\Macrovision Shared
2008-02-11 16:38:11 0 d-------- C:\Programmi\SiteAdvisor
2008-02-11 14:04:07 0 d-------- C:\Documents and Settings\XP\Dati applicazioni\SiteAdvisor
2008-02-10 19:21:02 0 d-------- C:\Programmi\WebConnection
2008-02-10 16:23:25 0 d-------- C:\Programmi\Diskeeper Corporation
2008-02-10 16:11:24 0 d-------- C:\Programmi\File comuni\McAfee
2008-02-10 16:11:05 0 d-------- C:\Programmi\McAfee.com
2008-02-10 16:06:21 0 d-------- C:\Programmi\Your Uninstaller 2008
2008-02-10 16:03:42 0 d-------- C:\Documents and Settings\XP\Dati applicazioni\URSoft
2008-02-10 15:56:02 0 d-------- C:\Documents and Settings\XP\Dati applicazioni\Macromedia
2008-02-10 15:55:44 1142 --a------ C:\WINDOWS\mozver.dat
2008-02-10 15:06:18 0 d-------- C:\Documents and Settings\XP\Dati applicazioni\TuneUp Software
2008-02-10 15:02:23 10 --a------ C:\WINDOWS\system32\wfxhelp22.dll
2008-02-10 14:48:00 0 --a------ C:\WINDOWS\nsreg.dat
2008-02-10 14:35:14 0 d-------- C:\Programmi\Huawei technologies
2008-02-10 14:19:45 0 d-------- C:\Programmi\File comuni\InstallShield
2008-02-10 14:16:40 0 d-------- C:\Programmi\EPSON
2008-02-10 14:05:23 0 d-------- C:\Programmi\HP
2008-02-10 13:36:29 0 d-------- C:\Documents and Settings\XP\Dati applicazioni\vlc
2008-01-10 16:27:25 33533 --a------ C:\WINDOWS\system32\CoreVorbis-uninstall.exe
2008-01-10 16:27:24 36734 --a------ C:\WINDOWS\system32\OggDSuninst.exe
2008-01-10 15:37:52 0 -rahs---- C:\MSDOS.SYS
2008-01-10 15:37:52 0 -rahs---- C:\IO.SYS
2008-01-10 15:37:52 0 --a------ C:\CONFIG.SYS
2008-01-10 15:37:52 0 --a------ C:\AUTOEXEC.BAT
2008-01-10 15:34:41 21840 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-01-10 15:29:45 62 --ahs---- C:\Documents and Settings\XP\Dati applicazioni\desktop.ini
2008-01-04 22:58:50 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 22:57:22 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-01-04 22:57:22 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-01-04 22:57:12 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-04 22:57:10 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-01-04 22:57:10 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-04 22:57:10 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-04 22:56:24 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"="SiSPower.dll" [03/10/2007 15.58 C:\WINDOWS\system32\SiSPower.dll]
"RTHDCPL"="RTHDCPL.EXE" [01/06/2006 08.48 C:\WINDOWS\RTHDCPL.EXE]
"SkyTel"="SkyTel.EXE" [16/05/2006 10.04 C:\WINDOWS\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [03/05/2005 10.43 C:\WINDOWS\ALCMTR.EXE]
"mcagent_exe"="C:\Programmi\McAfee.com\Agent\mcagent.exe" [03/08/2007 22.33]
"PWRISOVM.EXE"="C:\Programmi\PowerISO\PWRISOVM.EXE" [07/08/2007 01.05]
"Ad-Aware"="C:\Programmi\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" [27/05/2005 14.24]
"SiteAdvisor"="C:\Programmi\SiteAdvisor\6253\SiteAdv.exe" [24/08/2007 22.57]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [19/08/2004 18.39]
"uTorrent"="C:\Programmi\uTorrent\utorrent.exe" [02/07/2006 17.29]
"mdAxel"="D:\APPS\KEYBOARD SHORTCUT APP\mdAxel_1_0_beta\mdAxel.exe" [19/09/2004 18.32]
"AWMON"="C:\Programmi\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" [25/05/2005 12.12]
"µTorrent"="C:\Programmi\uTorrent\utorrent.exe" [02/07/2006 17.29]
"Yahoo! Pager"="C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" [29/02/2008 09.14]
"oljcnwrmq"="c:\documents and settings\xp\impostazioni locali\dati applicazioni\oljcnwrmq.exe" [09/03/2008 14.41]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nltide3"=cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C
"nltide2"=cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,L

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [10/01/2008 15.53.27]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^XP^Menu Avvio^Programmi^Esecuzione automatica^Adobe Gamma.lnk]
path=C:\Documents and Settings\XP\Menu Avvio\Programmi\Esecuzione automatica\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
"C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
"C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
C:\Programmi\Acronis\TrueImageHome\TimounterMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
C:\Programmi\SlySoft\AnyDVD\AnyDVDtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
C:\Programmi\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
"C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NI.UGES_0001_N122M2602]
"C:\Documents and Settings\XP\Desktop\setup_en.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
C:\Programmi\Acronis\TrueImageHome\TrueImageMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowFX]
C:\Programmi\WindowFX\\wfxload.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"SiteAdvisor Service"=2 (0x2)
"RichVideo"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"NMIndexingService"=3 (0x3)
"Nero BackItUp Scheduler 3"=2 (0x2)
"MDM"=2 (0x2)
"idsvc"=3 (0x3)
"Diskeeper"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"AcrSch2Svc"=2 (0x2)
"aawservice"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d31be47-d7db-11dc-8658-0040f466ccd3}]
AutoRun\command- J:\AutoRun.exe




-- Hosts -----------------------------------------------------------------------

127.0.0.1 mpa.one.microsoft.com


-- End of Deckard's System Scanner: finished at 2008-03-17 18:24:23 ------------


any help would be greatly appreciated!!

regards
 
1 - 1 of 1 Posts
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
Status
Not open for further replies.
Top