Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Anything Wrong?


  • Please log in to reply
1 reply to this topic

#1 andre_

andre_

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 18 May 2008 - 01:10 AM

My computer has been acting weird in the last 5-6 weeks, mainly when booting up. I get all sorts of weird things happen like a blue screen with a yellow message that appears for about 1 second then vanishes, then computer attempts to reboot (over and over). I've scanned with Kaspersky Online scanner and its clean. Ive also scanned with adaware 2007 and I got this report, but im not sure if its anything to worry about? The file is *cough* cracked *cough* so I thought Adaware was showing it up for that reason??
Attached File  log.jpg   51.55KB   27 downloads
I just wanted to post some logs and see what you guys think so I can rule out malware issues. Also I want to know more about malware in general so it's good for my own knowledge.

Here is the DSS report that I followed in the Prep Guide. It didnt load hijackthis properly for some reason, but I can upload a log of that too if required.
Thanks in advance for any info!

Deckard's System Scanner v20071014.68
Run by Andre on 2008-05-18 15:53:43
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 2 Restore Point(s) --
2: 2008-05-18 05:53:47 UTC - RP2 - Deckard's System Scanner Restore Point
1: 2008-05-17 06:02:47 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-18 15:56:43
Platform: Windows XP Service Pack 3 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\ESET\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\alg.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ESET\nod32kui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Andre\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [UIWatcher] C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1198828052437
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\srvlnch.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\ESET\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


--
End of file - 8134 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S1 InCDPass - c:\windows\system32\drivers\incdpass.sys (file missing)
S1 InCDRm (InCD Reader) - c:\windows\system32\drivers\incdrm.sys (file missing)
S3 Ad-Watch Connect Filter (Ad-Watch Connect Kernel Filter) - c:\windows\system32\drivers\nsdriver.sys <Not Verified; Lavasoft AB; Ad-Watch Connections>
S3 WFIOCTL - c:\program files\winfast\wfdtv\wfioctl.sys <Not Verified; Leadtek Research Inc.; WinFast MultiMedia Device Driver (Windows 2000/XP)>
S3 WFLR6654 (WinFast DTV1800 H (Video)) - c:\windows\system32\drivers\wfeaglxt.sys (file missing)
S4 InCDFs (InCD File System) - c:\windows\system32\drivers\incdfs.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 SvcOnlineArmor (Online Armor) - "c:\program files\tall emu\online armor\oasrv.exe" <Not Verified; Tall Emu; Online Armor Security Suite>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description: Multimedia Video Controller
Device ID: PCI\VEN_14F1&DEV_8800&SUBSYS_6654107D&REV_05\4&BC67B8D&0&00F0
Manufacturer:
Name: Multimedia Video Controller
PNP Device ID: PCI\VEN_14F1&DEV_8800&SUBSYS_6654107D&REV_05\4&BC67B8D&0&00F0
Service:

Class GUID:
Description: Multimedia Controller
Device ID: PCI\VEN_14F1&DEV_8801&SUBSYS_6654107D&REV_05\4&BC67B8D&0&01F0
Manufacturer:
Name: Multimedia Controller
PNP Device ID: PCI\VEN_14F1&DEV_8801&SUBSYS_6654107D&REV_05\4&BC67B8D&0&01F0
Service:

Class GUID:
Description: Multimedia Controller
Device ID: PCI\VEN_14F1&DEV_8802&SUBSYS_6654107D&REV_05\4&BC67B8D&0&02F0
Manufacturer:
Name: Multimedia Controller
PNP Device ID: PCI\VEN_14F1&DEV_8802&SUBSYS_6654107D&REV_05\4&BC67B8D&0&02F0
Service:

Class GUID: {FF646F80-8DEF-11D2-9449-00105A075F6B}
Description: pcouffin device for 32 bits systems
Device ID: ROOT\PCOUFFIN\0000
Manufacturer: VSO Software
Name: pcouffin device for 32 bits systems
PNP Device ID: ROOT\PCOUFFIN\0000
Service: pcouffin


-- Files created between 2008-04-18 and 2008-05-18 -----------------------------

2008-05-18 01:11:04 0 d-------- C:\WINDOWS\nvidia icons
2008-05-18 01:05:23 0 d-------- C:\Program Files\SystemRequirementsLab
2008-05-18 01:04:21 0 d-------- C:\Documents and Settings\Andre\Application Data\SystemRequirementsLab
2008-05-16 01:07:59 0 d-------- C:\Program Files\XTLUsage
2008-05-15 22:15:51 0 d-------- C:\WINDOWS\Prefetch
2008-05-15 21:36:23 0 d-------- C:\WINDOWS\ServicePackFiles
2008-05-15 17:39:59 0 d-------- C:\WINDOWS\system32\scripting
2008-05-15 17:39:59 0 d-------- C:\WINDOWS\system32\en
2008-05-15 17:39:59 0 d-------- C:\WINDOWS\l2schemas
2008-05-15 17:39:58 0 d-------- C:\WINDOWS\system32\bits
2008-05-15 17:36:51 0 d-------- C:\WINDOWS\network diagnostic
2008-05-15 17:34:36 0 d-------- C:\WINDOWS\EHome
2008-04-27 01:12:04 0 d-------- C:\Documents and Settings\Andre\Application Data\OnlineArmor
2008-04-27 01:12:04 0 d-------- C:\Documents and Settings\All Users\Application Data\OnlineArmor
2008-04-26 15:43:31 0 d-------- C:\Documents and Settings\Andre\Application Data\TrueCrypt
2008-04-26 03:45:49 0 d-------- C:\Documents and Settings\Andre\Incomplete
2008-04-25 17:32:53 0 d-------- C:\Program Files\DirectVobSub
2008-04-25 16:20:49 0 d-------- C:\Documents and Settings\Andre\Application Data\vlc
2008-04-25 11:15:58 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-25 11:15:53 0 d-------- C:\Documents and Settings\Andre\Application Data\SUPERAntiSpyware.com
2008-04-24 17:42:34 0 d-------- C:\Documents and Settings\Andre\Application Data\Ubisoft
2008-04-24 17:14:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-04-24 17:02:09 0 d-------- C:\Program Files\Ubisoft
2008-04-20 00:03:50 0 d-------- C:\Program Files\Common Files\Logitech
2008-04-19 11:08:33 0 d-------- C:\Documents and Settings\Andre\Application Data\skypePM
2008-04-19 11:08:33 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-04-18 23:57:06 0 d-------- C:\Documents and Settings\Andre\Application Data\Talkback
2008-04-18 23:57:03 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-18 23:57:01 0 d-------- C:\Documents and Settings\Andre\Application Data\Mozilla
2008-04-18 23:49:43 0 d-------- C:\Program Files\Lavasoft
2008-04-18 23:28:47 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard


-- Find3M Report ---------------------------------------------------------------

2008-05-17 15:04:27 0 d-------- C:\Documents and Settings\Andre\Application Data\Azureus
2008-05-17 13:20:21 0 d-------- C:\Program Files\SpywareBlaster
2008-05-15 22:17:04 0 d-------- C:\Program Files\MSN Messenger
2008-05-15 21:38:15 0 d-------- C:\Program Files\Messenger
2008-05-15 21:38:01 0 d-------- C:\Program Files\Movie Maker
2008-05-15 21:36:10 0 d-------- C:\Program Files\Windows NT
2008-05-07 21:49:40 2 --a------ C:\WINDOWS\system32\Dvbpws.dll
2008-05-04 12:21:59 0 d-------- C:\Program Files\LimeWire
2008-05-03 18:58:47 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-02 22:46:00 1630208 --a------ C:\WINDOWS\system32\nwiz.exe
2008-05-02 22:46:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-05-02 22:46:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-05-02 22:46:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-05-02 22:46:00 1486848 --a------ C:\WINDOWS\system32\nview.dll
2008-05-02 22:46:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-05-02 22:46:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-05-02 22:46:00 425984 --a------ C:\WINDOWS\system32\keystone.exe
2008-04-26 15:43:15 0 d-------- C:\Program Files\TrueCrypt
2008-04-25 11:17:23 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-24 16:57:07 0 d-------- C:\Program Files\D-Tools
2008-04-24 16:49:43 0 d-------- C:\Program Files\Common Files
2008-04-21 16:10:54 0 d-------- C:\Documents and Settings\Andre\Application Data\LimeWire
2008-04-20 10:03:46 0 d-------- C:\Program Files\Incomplete
2008-04-18 21:02:20 0 d-------- C:\Program Files\Azureus
2008-03-28 17:10:59 0 d-------- C:\Documents and Settings\Andre\Application Data\Xfire
2008-03-26 01:20:24 0 d-------- C:\Documents and Settings\Andre\Application Data\Vso
2008-03-25 17:58:02 0 d-------- C:\Documents and Settings\Andre\Application Data\RipIt4Me
2008-03-25 17:47:58 0 d-------- C:\Documents and Settings\Andre\Application Data\DVDFab
2008-03-25 17:24:50 0 d-------- C:\Program Files\DVDFab Platinum 4
2008-03-24 00:17:27 0 d-------- C:\Program Files\Xfire
2008-03-22 12:19:16 0 d-------- C:\Program Files\StuffPlug3
2008-03-22 10:19:28 0 d-------- C:\Documents and Settings\Andre\Application Data\Adobe
2008-03-22 10:17:44 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-07 19:34:26 1048576 --a------ C:\my volume
2008-03-04 12:56:43 86 --a------ C:\sccfg.sys


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [11/01/2008 12:58 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [02/05/2008 10:46 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [21/02/2008 05:22 PM]
"LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [26/06/2006 10:33 AM]
"OnlineArmor GUI"="C:\Program Files\Tall Emu\Online Armor\oaui.exe" [17/04/2008 05:22 AM]
"nwiz"="nwiz.exe" [02/05/2008 10:46 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [02/05/2008 10:46 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UIWatcher"="C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe" [09/07/2007 01:13 PM]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [19/01/2007 11:54 AM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [01/03/2007 05:11 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [25/04/2008 05:02 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [14/04/2008 10:12 AM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 12:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 relog_ap
"Notification Packages"= scecli scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Andre^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Andre\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Andre^Start Menu^Programs^Startup^Registration Assassin's Creed.LNK]
path=C:\Documents and Settings\Andre\Start Menu\Programs\Startup\Registration Assassin's Creed.LNK
backup=C:\WINDOWS\pss\Registration Assassin's Creed.LNKStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
"C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
"C:\Program Files\D-Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FG_Monitor]
C:\Program Files\Folder Guard Pro\FGKey.exe /Start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 12.0]
"C:\Program Files\Norton Ghost\Agent\VProTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnlineArmor GUI]
"C:\Program Files\Tall Emu\Online Armor\oaui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
"C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
SkyTel.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
"C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
C:\Program Files\WinFast\WFDTV\WFWIZ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFastDTV]
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f1c551bf-c5d5-11dc-91b0-806d6172696f}]
AutoRun\command- F:\autorun.exe




-- End of Deckard's System Scanner: finished at 2008-05-18 15:58:18 ------------

BC AdBot (Login to Remove)

 


m

#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:10:05 PM

Posted 13 June 2008 - 07:44 PM

Hello andre_

Welcome to BleepingComputer :thumbsup:
========================
If you are still in need of assistance please post a new dss log.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users