Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

nid help

Started by hibyefire , Dec 01 2007 12:13 PM

  • Please log in to reply

#1
hibyefire
Posted 01 December 2007 - 12:13 PM

hibyefire

    New Member

  • Member
  • Pip
  • 1 posts
Deckard's System Scanner v20071014.68
Run by morven on 2007-12-02 02:08:00
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
32: 2007-12-02 10:08:05 UTC - RP180 - Deckard's System Scanner Restore Point
31: 2007-12-02 09:50:30 UTC - RP179 - Installed AVG 7.5
30: 2007-11-29 10:06:35 UTC - RP178 - Installed MapleStory
29: 2007-11-27 07:45:28 UTC - RP177 - System Checkpoint
28: 2007-11-19 05:26:05 UTC - RP176 - Installed 1.21a NoCD


-- First Restore Point --
1: 2007-11-10 04:25:05 UTC - RP149 - Installed Windows Live Messenger


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as morven.exe) ----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 2:09:22 AM, on 12/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20661)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
D:\Downloads\dss.exe
D:\DOWNLO~1\morven.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cuteworm.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
F2 - REG:system.ini: Shell=Explorer.exe SCVVHSOT.exe
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [AudCtrl] RunDll32 AudCtrl.dll,RCMonitor
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBExtigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\SCVVHSOT.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: LotusMenu - https://npportal.np....nu/menudisp.cab
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://www.gamescamp...GamesCampus.cab
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus....ek_sys_ctrl.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1195531452156
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 npkcrypt - c:\program files\wizet\maplestory\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>

S3 CEDRIVER52 - c:\program files\cheat engine\dbk32.sys (file missing)
S3 DRIVER1111 - c:\documents and settings\morven\desktop\new folder\blowie32.sys (file missing)
S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
S3 NOWMEMDF - c:\windows\system32\nowmemdf.sys (file missing)
S3 npkcusb - c:\program files\wizet\maplestory\npkcusb.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
S3 NVDISP - c:\documents and settings\morven\desktop\new folder (2)\nv7800gt.sys (file missing)
S3 XDva035 - c:\windows\system32\xdva035.sys (file missing)
S3 ZUAVER52 - c:\program files\zuan engine\zuan32.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-12-02 01:35:10 354 --a------ C:\WINDOWS\Tasks\At1.job
2007-11-29 22:45:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-11-02 and 2007-12-02 -----------------------------

2007-12-02 01:54:31 0 dr-h----- C:\$VAULT$.AVG
2007-12-02 01:51:08 0 d-------- C:\Documents and Settings\morven\Application Data\AVG7
2007-12-02 01:50:57 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-02 01:50:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-02 01:50:30 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-12-02 01:48:37 0 d-------- C:\Documents and Settings\morven\smitRem
2007-11-19 21:01:15 0 d-------- C:\Program Files\Matroska Pack
2007-11-19 20:58:17 0 d-------- C:\Program Files\XP Codec Pack
2007-11-19 20:12:21 0 d-------- C:\Program Files\Combined Community Codec Pack
2007-11-19 20:09:46 0 d-------- C:\Documents and Settings\morven\Application Data\vlc
2007-11-19 20:09:05 0 d-------- C:\Program Files\VideoLAN
2007-11-19 19:55:15 0 d-------- C:\Program Files\Intel
2007-11-12 22:41:21 0 d-------- C:\Documents and Settings\morven\Application Data\Hamachi
2007-11-12 15:45:27 1755 --a------ C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
2007-11-11 19:34:09 0 d-------- C:\Program Files\MegauploadToolbar
2007-11-11 19:34:09 0 d-------- C:\Documents and Settings\morven\Application Data\MegauploadToolbar
2007-11-11 18:43:58 0 d-------- C:\Documents and Settings\morven\.dwa_store
2007-11-11 04:17:47 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-11-11 03:12:07 0 d-------- C:\Program Files\MSXML 6.0
2007-11-11 03:04:01 0 dr-h----- C:\Documents and Settings\morven\Recent
2007-11-11 03:02:43 0 d-------- C:\WINDOWS\nview
2007-11-11 03:01:28 0 d-------- C:\Program Files\MultiRes
2007-11-11 02:54:44 0 d-------- C:\Program Files\MSBuild
2007-11-11 02:50:29 0 d-------- C:\WINDOWS\system32\XPSViewer
2007-11-11 02:49:47 0 d-------- C:\Program Files\Reference Assemblies
2007-11-11 02:45:22 0 d-------- C:\WINDOWS\network diagnostic
2007-11-11 02:43:39 0 d-------- C:\Program Files\Windows Media Connect 2
2007-11-11 02:42:33 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-11-11 02:36:01 0 d-------- C:\Program Files\Nvidia Omega Drivers
2007-11-11 02:33:27 0 d-------- C:\WINDOWS\system32\URTTemp
2007-11-11 02:02:12 0 d-------- C:\Documents and Settings\morven\Application Data\Media Player Classic
2007-11-11 01:53:03 1156 --a------ C:\WINDOWS\mozver.dat
2007-11-11 01:45:17 0 --a------ C:\WINDOWS\nsreg.dat
2007-11-11 01:45:15 0 d-------- C:\Documents and Settings\morven\Application Data\Mozilla
2007-11-11 01:32:51 0 d-------- C:\Program Files\DIFX
2007-11-11 01:22:50 0 d-------- C:\WINDOWS\system32\LogFiles
2007-11-09 22:55:46 0 d-------- C:\Program Files\iPod
2007-11-09 22:55:43 0 d-------- C:\Program Files\iTunes
2007-11-09 22:54:48 0 d-------- C:\Program Files\QuickTime
2007-11-09 22:53:49 0 d-------- C:\Program Files\Apple Software Update
2007-11-09 22:53:26 0 d-------- C:\Program Files\Common Files\Apple
2007-11-09 22:53:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-11-09 22:36:07 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-11-09 20:26:03 0 d-------- C:\Documents and Settings\morven\Contacts
2007-11-09 20:25:19 0 d------c- C:\WINDOWS\system32\DRVSTORE


-- Find3M Report ---------------------------------------------------------------

2007-11-30 00:24:33 729088 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2007-11-29 02:06:35 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-29 01:39:22 0 d-------- C:\Documents and Settings\morven\Application Data\BitTorrent
2007-11-14 19:40:21 0 d-------- C:\Program Files\DivX
2007-11-11 03:15:59 0 d-------- C:\Program Files\BitTorrent
2007-11-11 01:41:14 0 d-------- C:\Program Files\Common Files
2007-11-11 01:16:30 0 d-------- C:\Program Files\Creative
2007-11-11 01:00:08 0 d-------- C:\Program Files\LimeWire
2007-11-11 00:57:56 0 d-------- C:\Program Files\EA Games
2007-11-09 22:57:47 0 d-------- C:\Documents and Settings\morven\Application Data\Lavasoft
2007-11-09 22:57:27 0 d-------- C:\Program Files\FlashGet
2007-11-09 20:28:58 0 d-------- C:\Documents and Settings\morven\Application Data\LimeWire
2007-11-09 20:25:40 0 d-------- C:\Program Files\MSN Messenger
2007-10-19 16:54:28 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-10-19 16:54:12 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-10-19 16:54:12 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-10-19 16:54:12 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-10-18 01:02:34 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudCtrl"="AudCtrl.dll" [03/21/2002 02:53 AM C:\WINDOWS\system32\AudCtrl.dll]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 12:00 AM]
"Jet Detection"="C:\Program Files\Creative\SBExtigy\PROGRAM\ADGJDet.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [04/13/2005 02:48 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [10/19/2007 08:16 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/02/2007 06:36 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [03/09/2006 02:29 PM]
"nwiz"="nwiz.exe" [03/09/2006 02:29 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [03/09/2006 02:29 PM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [12/02/2007 01:50 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [01/19/2007 12:54 PM]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" []
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [09/07/2007 03:01 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 11:56 PM]
"Yahoo Messengger"="C:\WINDOWS\system32\SCVVHSOT.exe" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)
"DisableRegistryTools"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NofolderOptions"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe SCVVHSOT.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ebf4e2e-cbf2-11da-921a-806d6172696f}]
AutoRun\command- D:\SCVVHSOT.exe
Open\command- D:\SCVVHSOT.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{93b8aafa-98e2-11dc-bda6-00112fef1f0b}]
AutoRun\command- G:\SCVVHSOT.exe
Open\command- G:\SCVVHSOT.exe




-- End of Deckard's System Scanner: finished at 2007-12-02 02:10:00 ------------
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP