Tech Support banner

Status
Not open for further replies.
1 - 5 of 5 Posts

·
Registered
Joined
·
19 Posts
Discussion Starter #1
I am new to this whole HijackThis thing and was looking for some help. As I stated in my title, I have ben noticing some odd behavoirs from my PC (Mostly programs such as games and applications shutting down randomly). After doing some research I found out about HijackThis and abit about how to use it, but I do not know how to go about interpretting what I find.
*Note: I have tried varius malware scanner (avast! Free, Trend Micro Housecall, Windows Defender) and they have all came up clean, yet I am still having problems.

Here is my log, I appreciate any and all help given!



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:54:51 PM, on 12/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\lcdsirreal25\LCDSirReal.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\TBPanel.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Free Download Manager\FUM\fumoei.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRAM FILES\FRAPS\FRAPS.EXE
C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ctrlaltdel-online.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Fraps] C:\PROGRAM FILES\FRAPS\FRAPS.EXE
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ?
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1191859484953
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1191859542406
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {8FD07749-EFFA-48C6-947C-45A8D7BF422F} (CLVistaGenie Control) - http://www.cyberlink.com/vista/prog/CLVistaGenie.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15031/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = crlogic.com
O17 - HKLM\Software\..\Telephony: DomainName = crlogic.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = crlogic.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = crlogic.com
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 10499 bytes
 

·
TSF Security Manager, Emeritus
Joined
·
42,837 Posts
Hello ABXG and welcome,

We prefer a more comprehensive set of logs to assist in detecting any malware that may be present. As noted in our sticky topic (Updated!) IMPORTANT - Read This Before Posting A Log, download Deckard's System Scanner (DSS) to your Desktop.

What DSS will do:
  • create a new System Restore point in Windows XP and Vista.
  • clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
  • check some important areas of your system and produce a report for your analyst to review.
  • DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your next reply.
  5. Please attach extra.txt to your post.
To attach a file to a new post, simply
  1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
  2. copy and paste the following into the "Upload File from your Computer" box:
    C:\Deckard\System Scanner\extra.txt
  3. Click Upload.
Please include the following in your next reply:

main.txt
an attached extra.txt
 

·
Registered
Joined
·
19 Posts
Discussion Starter #4 (Edited by Moderator)
I ran that scan and attatched the files.

Deckard's System Scanner v20071014.68
Run by AustinB on 2007-12-06 15:35:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
23: 2007-12-06 22:35:39 UTC - RP131 - Deckard's System Scanner Restore Point
22: 2007-12-06 02:14:43 UTC - RP130 - Cleaned registry with Windows Live OneCare safety scanner
21: 2007-12-06 01:13:28 UTC - RP129 - Cleaned registry with Windows Live OneCare safety scanner
20: 2007-12-06 01:07:55 UTC - RP128 - Installed Sony Vegas Pro 8.0
19: 2007-12-06 01:01:44 UTC - RP127 - Installed McAfee Desktop Firewall


-- First Restore Point --
1: 2007-11-30 22:03:32 UTC - RP109 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as AustinB.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:36:29 PM, on 12/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\lcdsirreal25\LCDSirReal.exe
C:\WINDOWS\TBPanel.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\Firetray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Free Download Manager\FUM\fumoei.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRAM FILES\FRAPS\FRAPS.EXE
C:\Program Files\Everest\everest.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Downloads\dss.exe
C:\PROGRA~1\HIJACK~1\AustinB.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ctrlaltdel-online.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [McAfeeFireTray] C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\Firetray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Fraps] C:\PROGRAM FILES\FRAPS\FRAPS.EXE
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [EVEREST AutoStart] C:\Program Files\Everest\everest.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ?
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1191859484953
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1191859542406
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {8FD07749-EFFA-48C6-947C-45A8D7BF422F} (CLVistaGenie Control) - http://www.cyberlink.com/vista/prog/CLVistaGenie.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15031/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = crlogic.com
O17 - HKLM\Software\..\Telephony: DomainName = crlogic.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = crlogic.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = crlogic.com
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: McAfee Desktop Firewall Service (FireSvc) - Networks Associates Technology, Inc. - C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 11860 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 FirePM (McAfee Desktop Firewall Policy Manager Driver) - c:\windows\system32\drivers\firepm.sys <Not Verified; Networks Associates Technology, Inc.; McAfee Desktop Firewall>
R1 ATITool (ATITool Overclocking Utility) - c:\windows\system32\drivers\atitool.sys <Not Verified; ; Low-Level Driver>
R1 FireHook (McAfee Desktop Firewall) - c:\windows\system32\drivers\firehk5x.sys <Not Verified; Networks Associates Technology, Inc.; McAfee Desktop Firewall>
R1 FireTDI (McAfee Desktop Firewall TDI Driver) - c:\windows\system32\drivers\firetdi.sys <Not Verified; Networks Associates Technology, Inc.; McAfee Desktop Firewall>
R1 KS0108 - c:\program files\lcdstudio\ks0108.sys
R1 LC7981 - c:\program files\lcdstudio\lc7981.sys
R1 n3900 - c:\program files\lcdstudio\n3900.sys
R1 SED133x - c:\program files\lcdstudio\sed133x.sys
R1 T6963C - c:\program files\lcdstudio\t6963c.sys
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.5.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.5.0>
R3 firelm01 - c:\windows\system32\drivers\firelm01.sys
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 SjyPkt - c:\windows\system32\drivers\sjypkt.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>

S3 CO_Mon - c:\windows\system32\drivers\co_mon.sys
S3 cpuz128 - c:\docume~1\austinb\locals~1\temp\cpuz_x32.sys (file missing)
S3 ENTECH - c:\windows\system32\drivers\entech.sys <Not Verified; EnTech Taiwan; PowerStrip>
S3 hamachi_oem (PlayLinc Adapter) - c:\windows\system32\drivers\gan_adapter.sys <Not Verified; Applied Networking Inc.; Hamachi Virtual Network Interface Driver, OEM>
S3 TIEHDUSB - c:\windows\system32\drivers\tiehdusb.sys <Not Verified; Texas Instruments Incorporated; Texas Instruments Incorporated Educational Handheld Device>
S3 XDva020 - c:\windows\system32\xdva020.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 FireSvc (McAfee Desktop Firewall Service) - "c:\program files\network associates\mcafee desktop firewall for windows xp\firesvc.exe" <Not Verified; Networks Associates Technology, Inc.; McAfee Desktop Firewall>
R2 McAfeeFramework (McAfee Framework Service) - "c:\program files\network associates\common framework\frameworkservice.exe" /servicestart <Not Verified; Network Associates, Inc.; McAfee Common Framework>
R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe
R2 StarWindServiceAE (StarWind AE Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe <Not Verified; Rocket Division Software; StarWind Alcohol Edition>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&B6AFFD&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&B6AFFD&0
Service: i8042prt


-- Scheduled Tasks -------------------------------------------------------------

2007-10-21 10:55:40 296 --ah----- C:\WINDOWS\Tasks\Age of Conan.job


-- Files created between 2007-11-06 and 2007-12-06 -----------------------------

2007-12-05 21:14:45 0 dr-h----- C:\Documents and Settings\AustinB\Recent
2007-12-05 19:10:24 0 d-------- C:\Documents and Settings\AustinB\Application Data\Network Associates
2007-12-05 18:11:27 0 d-------- C:\Documents and Settings\AustinB\Application Data\Publish Providers
2007-12-05 18:11:15 0 d-------- C:\Documents and Settings\AustinB\Application Data\Sony
2007-12-05 18:11:05 0 d--hs---- C:\Diskeeper
2007-12-05 18:08:00 0 d-------- C:\Program Files\Vstplugins
2007-12-05 18:07:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Sony
2007-12-05 18:07:56 0 d-------- C:\Program Files\Sony
2007-12-05 18:02:00 0 d-------- C:\Documents and Settings\LocalService\Application Data\Network Associates
2007-12-05 18:01:58 0 d-------- C:\Program Files\Common Files\Cisco Systems
2007-12-05 18:01:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Network Associates
2007-12-05 18:01:44 53248 --a------ C:\WINDOWS\system32\FireSCV.dll <Not Verified; Networks Associates Technology, Inc.; McAfee Desktop Firewall>
2007-12-05 18:01:44 53248 --a------ C:\WINDOWS\system32\FireNotify.dll <Not Verified; Networks Associates Technology, Inc.; McAfee Desktop Firewall>
2007-12-05 18:01:44 53248 --a------ C:\WINDOWS\system32\FireNHC.dll <Not Verified; Networks Associates Technology, Inc.; McAfee Desktop Firewall>
2007-12-05 18:01:44 589892 --a------ C:\WINDOWS\system32\FireEpo.dll <Not Verified; Networks Associates Technology, Inc.; McAfee Desktop Firewall>
2007-12-05 18:01:44 1220668 --a------ C:\WINDOWS\system32\FireCore.dll <Not Verified; Networks Associates Technology, Inc.; McAfee Desktop Firewall>
2007-12-05 18:01:44 348219 --a------ C:\WINDOWS\system32\FireCNL.dll <Not Verified; Networks Associates Technology, Inc.; McAfee Desktop Firewall>
2007-12-05 18:01:44 745530 --a------ C:\WINDOWS\system32\FireCL.dll <Not Verified; Networks Associates Technology, Inc.; McAfee Desktop Firewall>
2007-12-05 18:01:44 36923 --a------ C:\WINDOWS\system32\drivers\FireTdi.sys <Not Verified; Networks Associates Technology, Inc.; McAfee Desktop Firewall>
2007-12-05 18:01:44 109626 --a------ C:\WINDOWS\system32\drivers\FirePM.sys <Not Verified; Networks Associates Technology, Inc.; McAfee Desktop Firewall>
2007-12-05 18:01:44 32784 --a------ C:\WINDOWS\system32\drivers\firelm01.sys
2007-12-05 18:01:44 26171 --a------ C:\WINDOWS\system32\drivers\FireHk5x.sys <Not Verified; Networks Associates Technology, Inc.; McAfee Desktop Firewall>
2007-12-05 18:01:44 0 d-------- C:\Program Files\Network Associates
2007-12-05 18:01:44 0 d-------- C:\Program Files\Common Files\Network Associates
2007-12-05 17:56:57 0 d-------- C:\Program Files\PeerGuardian2
2007-12-05 17:07:52 0 d-------- C:\Program Files\Diskeeper Corporation
2007-12-05 17:07:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
2007-12-04 19:56:37 0 d-------- C:\Documents and Settings\AustinB\Application Data\Nero
2007-12-04 19:55:43 0 d-------- C:\Program Files\Nero
2007-12-04 19:55:43 0 d-------- C:\Program Files\Common Files\Nero
2007-12-04 19:55:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-12-03 22:59:36 0 d-------- C:\Program Files\Raxco
2007-12-03 18:37:24 0 d-------- C:\Program Files\Everest
2007-12-03 18:33:18 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-12-03 18:33:18 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-12-03 18:33:18 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-12-03 18:33:16 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-12-03 18:20:53 0 d-------- C:\WINDOWS\nview
2007-12-03 18:17:24 0 d--h----- C:\NVIDIA
2007-12-03 16:11:19 0 d-------- C:\Documents and Settings\All Users\Application Data\ESET
2007-12-02 13:46:09 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-02 13:46:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-02 13:14:22 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-12-01 14:40:00 0 d-------- C:\Program Files\Alcohol Soft
2007-12-01 14:32:56 0 d-------- C:\Documents and Settings\AustinB\Application Data\WinRAR
2007-11-30 22:15:38 685816 --ah----- C:\WINDOWS\system32\drivers\sptd.sys
2007-11-30 20:59:51 0 d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2007-11-30 20:59:20 0 d--h----- C:\Program Files\Common Files\Ulead Systems
2007-11-30 20:59:02 10368 ---h----- C:\WINDOWS\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
2007-11-30 20:58:54 0 d-------- C:\Program Files\InterVideo Information Service
2007-11-30 20:58:21 0 d--h----- C:\Program Files\Common Files\InterVideo
2007-11-30 20:58:18 81920 --ah----- C:\WINDOWS\mws.exe
2007-11-30 20:58:18 0 d-------- C:\Program Files\InterVideo
2007-11-30 20:53:09 0 d-------- C:\Documents and Settings\AustinB\Application Data\InterVideo
2007-11-29 15:28:24 196608 --ah----- C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-11-28 14:52:32 12288 --ah----- C:\WINDOWS\system32\DivXWMPExtType.dll
2007-11-25 18:36:14 0 d-------- C:\Program Files\Age of Conan General Beta
2007-11-25 13:15:28 0 d-------- C:\Program Files\Funcom
2007-11-25 01:05:31 23 --ah----- C:\WINDOWS\popcinfot.dat
2007-11-24 11:37:40 0 d--h----- C:\Program Files\Microsoft Time Zone
2007-11-24 10:56:07 0 d-------- C:\Program Files\lcdsirreal25
2007-11-24 00:07:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2007-11-23 23:56:08 0 d--h----- C:\Program Files\XML Notepad 2007
2007-11-23 22:26:08 0 d-------- C:\Program Files\Online Security Scanners
2007-11-23 19:07:48 1156 --ah----- C:\WINDOWS\mozver.dat
2007-11-22 16:47:05 0 d-------- C:\Program Files\ATITool
2007-11-22 16:21:46 0 d-------- C:\Program Files\Pro Imaging Powertoys
2007-11-22 15:56:32 0 d--h----- C:\WINDOWS\Downloaded Installations
2007-11-22 15:54:15 0 d--h----- C:\Program Files\Temp
2007-11-22 15:53:54 0 d--h----- C:\Program Files\Windows XP Fun Pack
2007-11-21 21:57:46 0 d-------- C:\Program Files\RogueSynapse
2007-11-17 12:15:21 25992 --ah----- C:\WINDOWS\system32\pgdfgsvc.exe <Not Verified; Sysinternals - www.sysinternals.com; Page File Defragmenter>
2007-11-17 12:12:33 0 d--h----- C:\Program Files\xpy-0.9.9-bin
2007-11-17 12:12:33 0 d-------- C:\Program Files\PageDefrag
2007-11-16 21:09:31 0 d--h----- C:\Program Files\WinsockFix
2007-11-14 22:54:35 0 d-------- C:\Program Files\THQ
2007-11-14 22:33:33 0 d-------- C:\Program Files\EA GAMES
2007-11-14 17:28:22 0 d-------- C:\Documents and Settings\AustinB\Application Data\WholeSecurity
2007-11-14 17:13:55 0 d-------- C:\Program Files\Ventrilo
2007-11-13 10:13:34 0 d-------- C:\Program Files\IObit
2007-11-13 09:55:05 0 d-------- C:\Program Files\Activision
2007-11-13 08:13:01 0 d-------- C:\Program Files\CCleaner
2007-11-11 19:07:34 0 d-------- C:\Program Files\LcdStudio
2007-11-11 18:38:03 98304 --ah----- C:\WINDOWS\system32CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
2007-11-11 12:21:22 28672 --ah----- C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-11-10 18:00:51 0 d--h----- C:\WINDOWS\system32\NtmsData
2007-11-10 12:41:32 0 d--h----- C:\WINDOWS\pss
2007-11-10 12:05:26 0 d-------- C:\Program Files\HD Tune
2007-11-10 11:57:31 0 d-------- C:\Program Files\Autodesk
2007-11-09 23:01:17 0 d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-11-09 23:00:38 0 d-------- C:\Program Files\DVD Shrink
2007-11-07 14:34:47 0 d-------- C:\Program Files\VirtualDub
2007-11-07 14:05:04 0 d-------- C:\Program Files\Wizards & Warriors


-- Find3M Report ---------------------------------------------------------------

2007-12-06 15:35:38 0 d-------- C:\Documents and Settings\AustinB\Application Data\Free Download Manager
2007-12-05 21:37:20 0 d-------- C:\Program Files\Warcraft III
2007-12-05 18:01:58 0 d--h----- C:\Program Files\Common Files
2007-12-05 17:56:40 9409 --a------ C:\Documents and Settings\AustinB\Application Data\.googlewebacchosts
2007-12-05 17:38:32 0 d-------- C:\Program Files\DivX
2007-12-04 19:53:54 0 d-------- C:\Program Files\Ahead
2007-12-04 19:53:43 0 d--h----- C:\Program Files\Common Files\Ahead
2007-12-03 18:57:13 0 d-------- C:\Program Files\Orthos
2007-12-03 18:23:51 0 d-------- C:\Program Files\Steam
2007-12-03 18:19:29 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-12-01 14:51:54 0 d--h----- C:\Program Files\Windows Live Safety Center
2007-11-30 22:34:44 0 d-------- C:\Program Files\Diablo II
2007-11-30 20:59:19 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-29 19:53:51 0 d-------- C:\Program Files\Xfire
2007-11-29 15:30:28 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-11-29 15:28:24 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-11-25 13:15:28 0 d-------- C:\Program Files\Age of Conan Tech Beta
2007-11-23 23:03:54 0 d-------- C:\Program Files\Google
2007-11-22 16:28:47 0 d--h----- C:\Program Files\Microsoft Silverlight
2007-11-19 22:08:12 0 d-------- C:\Documents and Settings\AustinB\Application Data\Xfire
2007-11-18 17:18:51 0 d-------- C:\Program Files\SuperPi
2007-11-18 16:47:19 0 d-------- C:\Documents and Settings\AustinB\Application Data\Command & Conquer 3 Tiberium Wars
2007-11-18 12:46:31 931 ---h----- C:\Documents and Settings\AustinB\Application Data\xpy.ini
2007-11-14 22:49:52 914 --ah----- C:\WINDOWS\eReg.dat
2007-11-14 17:13:47 0 d--h----- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-12 22:50:29 0 d-------- C:\Program Files\Electronic Arts
2007-11-05 12:53:39 0 d-------- C:\Program Files\Intel
2007-11-04 22:04:12 43520 --ah----- C:\WINDOWS\system32\CmdLineExt03.dll
2007-11-04 18:50:52 0 d-------- C:\Program Files\Seagate
2007-11-04 17:43:27 0 d-------- C:\Program Files\CPU Z
2007-11-04 17:37:43 0 d-------- C:\Program Files\FRAPS
2007-11-03 19:35:41 0 d-------- C:\Documents and Settings\AustinB\Application Data\Ahead
2007-11-02 22:20:32 35734 --ah----- C:\WINDOWS\DIIUnin.dat
2007-11-02 22:19:31 21840 --ah----- C:\WINDOWS\system32\SIntfNT.dll
2007-11-02 22:19:31 17212 --ah----- C:\WINDOWS\system32\SIntf32.dll
2007-11-02 22:19:31 12067 --ah----- C:\WINDOWS\system32\SIntf16.dll
2007-10-30 19:50:25 552 --ah----- C:\WINDOWS\system32\d3d8caps.dat
2007-10-30 18:48:02 0 d--h----- C:\Program Files\Windows NT
2007-10-30 17:50:21 0 d--h----- C:\Program Files\Common Files\Real
2007-10-30 17:50:18 0 d-------- C:\Documents and Settings\AustinB\Application Data\Real
2007-10-30 17:50:02 0 d-------- C:\Program Files\QuickTime
2007-10-26 21:48:22 0 d-------- C:\Documents and Settings\AustinB\Application Data\Smart Recorder
2007-10-26 17:43:31 0 d--h----- C:\Program Files\AIM6
2007-10-26 17:32:59 0 d--h----- C:\Program Files\Common Files\AOL
2007-10-21 23:27:18 0 d--h----- C:\Program Files\Common Files\InstallShield
2007-10-21 20:12:51 0 d-------- C:\Documents and Settings\AustinB\Application Data\SmartFTP
2007-10-21 20:12:47 0 d-------- C:\Program Files\SmartFTP Client
2007-10-21 18:18:03 0 d-------- C:\Documents and Settings\AustinB\Application Data\DivX
2007-10-20 15:49:52 0 d-------- C:\Program Files\Logitech
2007-10-20 15:49:52 0 d--h----- C:\Program Files\Common Files\Logitech
2007-10-20 15:35:43 0 d-------- C:\Documents and Settings\AustinB\Application Data\Bioshock
2007-10-19 21:05:48 0 d-------- C:\Documents and Settings\AustinB\Application Data\CyberLink
2007-10-19 20:59:37 0 d-------- C:\Program Files\CyberLink DVD Solution
2007-10-19 17:25:58 0 d--h----- C:\Program Files\MSECache
2007-10-17 20:29:36 86016 --ah----- C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions (C) Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL(TM) Library>
2007-10-17 20:29:06 0 d-------- C:\Program Files\Futuremark
2007-10-17 19:30:26 0 d-------- C:\Program Files\Alwil Software
2007-10-17 19:08:36 0 d--h----- C:\Program Files\Common Files\EasyInfo
2007-10-15 22:29:33 0 d--h----- C:\Program Files\GraphCalc
2007-10-15 16:52:40 0 d-------- C:\Program Files\Lexmark
2007-10-15 12:07:55 0 d-------- C:\Program Files\TI Education
2007-10-15 12:07:48 0 d--h----- C:\Program Files\Common Files\TI Shared
2007-10-14 13:12:39 0 d-------- C:\Program Files\2K Games
2007-10-14 13:12:30 0 d-------- C:\Documents and Settings\AustinB\Application Data\InstallShield
2007-10-13 21:03:36 0 d-------- C:\Program Files\Maxis
2007-10-13 15:56:57 0 d-------- C:\Documents and Settings\AustinB\Application Data\acccore
2007-10-13 15:19:05 0 d-------- C:\Program Files\Black Isle
2007-10-13 11:46:14 0 dr-h----- C:\Documents and Settings\AustinB\Application Data\SecuROM
2007-10-12 22:41:43 0 d-------- C:\Program Files\Guild Wars
2007-10-12 19:13:48 0 d-------- C:\Program Files\Paint.NET
2007-10-12 19:11:08 0 d-------- C:\Documents and Settings\AustinB\Application Data\Apple Computer
2007-10-12 19:08:26 0 d--h----- C:\Program Files\MSXML 4.0
2007-10-12 18:59:05 2829 --ah----- C:\WINDOWS\DIIUnin.pif
2007-10-12 18:59:05 94208 --ah----- C:\WINDOWS\DIIUnin.exe <Not Verified; Blizzard Entertainment; Diablo II Uninstaller>
2007-10-12 15:00:59 0 d-------- C:\Program Files\Microsoft Games
2007-10-12 13:43:19 0 d-------- C:\Program Files\Bethesda Softworks
2007-10-11 22:35:01 0 d-------- C:\Documents and Settings\AustinB\Application Data\Sun
2007-10-11 22:34:56 0 d-------- C:\Program Files\Java
2007-10-11 22:33:51 0 d--h----- C:\Program Files\Common Files\Java
2007-10-08 23:01:55 0 d-------- C:\Documents and Settings\AustinB\Application Data\Adobe
2007-10-08 16:22:17 76167 --ah----- C:\WINDOWS\War3Unin.dat
2007-10-08 15:23:31 2829 --ah----- C:\WINDOWS\War3Unin.pif
2007-10-08 15:23:31 139264 --ah----- C:\WINDOWS\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>
2007-10-08 12:03:55 0 d-------- C:\Documents and Settings\AustinB\Application Data\Ventrilo
2007-10-08 11:59:31 0 d-------- C:\Documents and Settings\AustinB\Application Data\Creative
2007-10-08 11:40:25 0 d-------- C:\Program Files\Driver Cleaner Pro
2007-10-08 11:09:17 413696 --ah----- C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2007-10-08 11:02:19 0 d-------- C:\Program Files\Creative
2007-10-08 10:43:11 0 d--h----- C:\Program Files\Common Files\Adobe
2007-10-08 10:37:39 0 d-------- C:\Documents and Settings\AustinB\Application Data\Google
2007-10-08 10:34:07 0 --ah----- C:\WINDOWS\nsreg.dat
2007-10-08 10:34:05 0 d-------- C:\Documents and Settings\AustinB\Application Data\Mozilla
2007-10-08 10:32:21 0 d-------- C:\Program Files\Free Download Manager
2007-10-08 10:15:09 0 d-------- C:\Documents and Settings\AustinB\Application Data\Macromedia
2007-10-08 10:06:41 0 d--h----- C:\Program Files\MSXML 6.0
2007-10-08 10:04:52 0 d--h----- C:\Program Files\Windows Media Connect 2
2007-10-08 09:51:49 0 d--h----- C:\Program Files\Microsoft Works
2007-10-08 09:51:35 0 d--h----- C:\Program Files\Microsoft.NET
2007-10-08 09:39:15 0 d--h----- C:\Program Files\MSBuild
2007-10-08 09:37:46 0 d--h----- C:\Program Files\Reference Assemblies
2007-10-08 09:02:24 0 d-------- C:\Documents and Settings\AustinB\Application Data\Identities
2007-10-08 08:58:47 0 d-------- C:\Program Files\ASUS WiFi-AP Solo
2007-10-08 07:53:54 183 --ah----- C:\WINDOWS\setuplog
2007-10-08 03:18:14 0 d--h----- C:\Program Files\microsoft frontpage
2007-10-08 03:18:02 0 -rahs---- C:\MSDOS.SYS
2007-10-08 03:18:02 0 -rahs---- C:\IO.SYS
2007-10-08 03:18:02 0 --a------ C:\CONFIG.SYS
2007-10-08 03:18:02 0 --a------ C:\AUTOEXEC.BAT
2007-10-08 03:17:30 0 d--h----- C:\Program Files\WindowsUpdate
2007-10-08 03:16:46 0 d--h----- C:\Program Files\Common Files\MSSoap
2007-10-08 03:16:39 0 d--h----- C:\Program Files\Movie Maker
2007-10-08 03:16:09 21640 --ah----- C:\WINDOWS\system32\emptyregdb.dat
2007-10-08 03:16:05 0 d--h----- C:\Program Files\Online Services
2007-10-08 03:16:00 0 d--h----- C:\Program Files\MSN Gaming Zone
2007-10-07 20:38:18 0 d--h----- C:\Program Files\Common Files\ODBC
2007-10-07 20:38:13 0 d--h----- C:\Program Files\Common Files\SpeechEngines
2007-10-07 20:37:45 62 --ahs---- C:\Documents and Settings\AustinB\Application Data\desktop.ini
2007-10-04 17:14:00 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2007-10-04 17:14:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-10-04 17:14:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-10-04 17:14:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-10-04 17:14:00 1478656 --a------ C:\WINDOWS\system32\nview.dll
2007-10-04 17:14:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-10-04 17:14:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-10-04 17:14:00 425984 --a------ C:\WINDOWS\system32\keystone.exe
2007-09-11 02:17:30 81920 --ah----- C:\WINDOWS\system32\frapsvid.dll <Not Verified; Beepa P/L; FRAPS>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [08/17/2006 10:32 AM C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [08/17/2006 10:32 AM C:\WINDOWS\system32\CTXFIHLP.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 12:00 AM]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [07/12/2007 03:36 PM]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [08/04/2004 05:00 AM]
"Launch LCDMon"="C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe" [04/26/2007 03:54 PM]
"Launch LGDCore"="C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" [04/26/2007 04:22 PM]
"Gainward"="C:\WINDOWS\TBPanel.exe" [10/11/2007 07:35 PM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [09/07/2006 10:19 AM]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [03/19/2002 05:30 PM]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [07/15/2005 02:48 PM]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [11/08/2007 04:13 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/04/2007 05:14 PM]
"nwiz"="nwiz.exe" [10/04/2007 05:14 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [10/04/2007 05:14 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [03/01/2007 02:57 PM]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [09/20/2007 08:51 AM]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [10/06/2004 03:50 PM]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [02/19/2004 01:07 PM]
"McAfeeFireTray"="C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\Firetray.exe" [04/12/2005 06:40 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM]
"Free Uploader Oe Integration"="C:\Program Files\Free Download Manager\FUM\fumoei.exe" [06/10/2007 06:02 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [10/08/2007 10:37 AM]
"Fraps"="C:\PROGRAM FILES\FRAPS\FRAPS.EXE" [09/10/2007 11:57 PM]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [07/02/2007 03:29 AM]
"EVEREST AutoStart"="C:\Program Files\Everest\everest.exe" [11/22/2007 03:34 PM]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [09/18/2005 06:44 PM]

C:\Documents and Settings\AustinB\Start Menu\Programs\Startup\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [11/14/2007 6:00:40 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
ASUS WiFi-AP Solo.lnk - C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe [10/8/2007 8:58:47 AM]
Run Google Web Accelerator.lnk - C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe [7/9/2007 10:24:38 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsHistory"=1 (0x1)
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoLowDiskSpaceChecks"=1 (0x1)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]

*Newly Created Service* - EVERESTDRIVER



-- End of Deckard's System Scanner: finished at 2007-12-06 15:36:50 ------------
 

Attachments

·
TSF Security Manager, Emeritus
Joined
·
42,837 Posts
Thanks. I'm not seeing anything in these logs that would account for the issues you've described. As your remaining issues do not appear to be malware related, you would be better served discussing these issues in the Windows XP Support section of this forum.
 
1 - 5 of 5 Posts
Status
Not open for further replies.
Top