Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Runscanner logs


  • Please log in to reply

#1
sleen

sleen

    New Member

  • Member
  • Pip
  • 3 posts
Hi all, I did an analysis on my startup files and here below are the logs. The report is also visible at
http://www.runscanner.net/report.aspx?report=26f29fcf-37aa-4dfe-bc14-ead7c2f7153f
Please let me know what I can and can not fix



Runscanner logfile http://www.runscanner.net

* = signed file
- = file not found

000 General info
----------------
Computer name : SLEEN-NOTEBOOK
Creation time : 2/14/2008 10:13:03 AM
Hosts <> 127.0.0.1 : 0
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 6.0.2900.2180
OS : Microsoft Windows XP
OS Build : 2600
OS SP : Service Pack 2
RunScanner Version : 1.6.1.0
User Language : English (United States)
User rights : Administrator
Windows folder : D:\WINDOWS

001 Running processes
---------------------
d:\program files\nvidia corporation\networkaccessmanager\apache group\apache2\bin\apache.exe (Apache Software Foundation)
d:\program files\nvidia corporation\networkaccessmanager\apache group\apache2\bin\apache.exe (Apache Software Foundation)
d:\program files\nvidia corporation\networkaccessmanager\bin\nsvcappflt.exe
* d:\windows\system32\alg.exe (Microsoft Corporation)
* d:\windows\system32\csrss.exe (Microsoft Corporation)
* d:\program files\mozilla firefox\firefox.exe (Mozilla Corporation)
d:\program files\nvidia corporation\networkaccessmanager\bin\ntrayfw.exe (NVIDIA Corporation)
* d:\windows\system32\svchost.exe (Microsoft Corporation)
* d:\windows\system32\svchost.exe (Microsoft Corporation)
* d:\windows\system32\svchost.exe (Microsoft Corporation)
* d:\windows\system32\svchost.exe (Microsoft Corporation)
* d:\windows\system32\svchost.exe (Microsoft Corporation)
* d:\program files\hp\hp software update\hpwuschd2.exe (Hewlett-Packard)
* d:\program files\internet explorer\iexplore.exe (Microsoft Corporation)
* d:\program files\java\jre1.6.0_03\bin\jusched.exe (Sun Microsystems, Inc.)
* d:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations\avp.exe (Kaspersky Lab)
* d:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations\avp.exe (Kaspersky Lab)
* d:\windows\system32\lsass.exe (Microsoft Corporation)
* d:\windows\system32\mqsvc.exe (Microsoft Corporation)
* d:\windows\system32\msdtc.exe (Microsoft Corporation)
d:\program files\nvidia corporation\networkaccessmanager\bin\nsvcip.exe (NVIDIA Corporation)
* d:\windows\system32\notepad.exe (Microsoft Corporation)
d:\program files\nvidia corporation\networkaccessmanager\bin\nsvclog.exe (NVIDIA)
d:\windows\system32\nvsvc32.exe (NVIDIA Corporation)
* d:\program files\outlook express\msimn.exe (Microsoft Corporation)
d:\program files\nokia\nokia pc suite 6\launchapplication.exe (Nokia)
* d:\windows\system32\rundll32.exe (Microsoft Corporation)
* d:\windows\system32\rundll32.exe (Microsoft Corporation)
* d:\documents and settings\sleen\my documents\software\reg_wares\runscanner.exe (Runscanner.net)
d:\program files\pc connectivity solution\servicelayer.exe (Nokia.)
* d:\windows\system32\services.exe (Microsoft Corporation)
* d:\windows\system32\spoolsv.exe (Microsoft Corporation)
* d:\program files\synaptics\syntp\syntpenh.exe (Synaptics, Inc.)
d:\windows\system32\sysnet.exe
* d:\program files\common files\vmware\vmware virtual image editing\vmount2.exe (VMware, Inc.)
* d:\program files\vmware\vmware player\vmware-authd.exe (VMware, Inc.)
* d:\program files\vmware\vmware player\hqtray.exe (VMware, Inc.)
* d:\windows\explorer.exe (Microsoft Corporation)
* d:\program files\messenger\msmsgs.exe (Microsoft Corporation)
* d:\windows\system32\winlogon.exe (Microsoft Corporation)
* d:\windows\system32\mqtgsvc.exe (Microsoft Corporation)
* d:\windows\system32\smss.exe (Microsoft Corporation)
* d:\windows\system32\wuauclt.exe (Microsoft Corporation)
* d:\windows\system32\wbem\wmiprvse.exe (Microsoft Corporation)
* d:\program files\yahoo!\messenger\yahoomessenger.exe (Yahoo! Inc.)

002 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (+subkeys)
-----------------------------------------------------------------
* d:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations\avp.exe (Kaspersky Lab)
* d:\program files\hp\hp software update\hpwuschd2.exe (Hewlett-Packard)
d:\windows\system32\nerocheck.exe (Ahead Software Gmbh)
d:\program files\nvidia corporation\networkaccessmanager\bin\ntrayfw.exe (NVIDIA Corporation)
d:\windows\system32\nvcpl.dll (NVIDIA Corporation)
d:\windows\system32\nvmctray.dll (NVIDIA Corporation)
D:\WINDOWS\system32\nwiz.exe
d:\program files\nokia\nokia pc suite 6\launchapplication.exe (Nokia)
* d:\program files\vmware\vmware player\hqtray.exe (VMware, Inc.)

003 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (+subkeys)
-----------------------------------------------------------------
d:\windows\system32\sysnet.exe
* d:\program files\yahoo!\messenger\yahoomessenger.exe (Yahoo! Inc.)

008 Default user \Software\Microsoft\Windows\CurrentVersion\Run (+subkeys)
--------------------------------------------------------------------------
d:\program files\nokia\nokia pc suite 6\pcsync2.exe (Time Information Services Ltd.)

009 System user\Software\Microsoft\Windows\CurrentVersion\Run (+subkeys)
------------------------------------------------------------------------
d:\program files\nokia\nokia pc suite 6\pcsync2.exe (Time Information Services Ltd.)

010 HKLM\SYSTEM\CurrentControlSet\Services (Services)
-----------------------------------------------------
d:\program files\nvidia corporation\networkaccessmanager\bin\nsvcappflt.exe (ForceWare Intelligent Application Manager (IAM))
d:\program files\nvidia corporation\networkaccessmanager\bin\nsvcip.exe (ForceWare IP service)
d:\program files\nvidia corporation\networkaccessmanager\bin\nsvclog.exe (ForceWare user log service)
d:\program files\nvidia corporation\networkaccessmanager\apache group\apache2\bin\apache.exe (Forceware Web Interface)
* d:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations\avp.exe (Kaspersky Anti-Virus 6.0)
D:\WINDOWS\system32\nvsvc32.exe (NVIDIA Display Driver Service)
D:\Program Files\winpcap\rpcapd.exe (Remote Packet Capture Protocol v.0 (experimental))
d:\program files\pc connectivity solution\servicelayer.exe (ServiceLayer)
* d:\program files\vmware\vmware player\vmware-authd.exe (VMware Authorization Service)
* d:\windows\system32\vmnetdhcp.exe (VMware DHCP Service)

011 HKLM\SYSTEM\CurrentControlSet\Services (drivers)
----------------------------------------------------
- d:\windows\system32\drivers\changer.sys (Changer)
- d:\windows\system32\drivers\uiusys.sys (Conexant Setup API)
- d:\windows\system32\drivers\i2omgmt.sys (i2omgmt)
* D:\WINDOWS\system32\drivers\klim5.sys (Kaspersky Anti-Virus NDIS Filter)
* D:\WINDOWS\system32\drivers\kl1.sys (Kl1)
d:\windows\system32\drivers\klif.sys (Klif)
- d:\windows\system32\drivers\lbrtfdc.sys (lbrtfdc)
D:\WINDOWS\system32\drivers\npf.sys (NetGroup Packet Filter Driver)
D:\WINDOWS\system32\drivers\nv4_mini.sys (nv)
D:\WINDOWS\system32\drivers\nvsmu.sys (nvsmu)
- d:\windows\system32\drivers\pcidump.sys (PCIDump)
- d:\windows\system32\drivers\pdcomp.sys (PDCOMP)
- d:\windows\system32\drivers\pdframe.sys (PDFRAME)
- d:\windows\system32\drivers\pdreli.sys (PDRELI)
- d:\windows\system32\drivers\pdrframe.sys (PDRFRAME)
D:\WINDOWS\system32\drivers\ntidrvr.sys (Upper Class Filter Driver)
* d:\windows\system32\drivers\hcmon.sys (VMware hcmon)
* d:\windows\system32\drivers\vmkbd.sys (VMware kbd)
* d:\windows\system32\drivers\vmnetuserif.sys (VMware Network Application Interface)
* d:\windows\system32\drivers\vmx86.sys (VMware vmx86)
- d:\windows\system32\drivers\wdica.sys (WDICA)

040 HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks
------------------------------------------------------------
* d:\progra~1\yahoo!\companion\installs\cpn\yt.dll (Yahoo! Inc.) {EF99BD32-C1FB-11D2-892F-0090271D4F88}

041 HKLM-HKCU\Software\Microsoft\Internet Explorer\Toolbar
----------------------------------------------------------
* d:\progra~1\yahoo!\companion\installs\cpn\yt.dll (Yahoo! Inc.) {EF99BD32-C1FB-11D2-892F-0090271D4F88}

045 HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
----------------------------------------------------------------
* d:\progra~1\yahoo!\companion\installs\cpn\yt.dll (Yahoo! Inc.) {EF99BD32-C1FB-11D2-892F-0090271D4F88}

052 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
----------------------------------------------------------------------------------
* d:\progra~1\yahoo!\companion\installs\cpn\yt.dll (Yahoo! Inc.) {02478D38-C3F9-4efb-9B51-7695ECA05670}

061 HKLM-HCKU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
---------------------------------------------------------------------------------
d:\windows\system32\nvshell.dll {1CDB2949-8F65-4355-8456-263E7C208A5D}
d:\windows\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47}
- deskpan.dll {42071714-76d4-11d1-8b24-00a0c9068ff3}
d:\program files\nokia\nokia pc suite 6\phonebrowser.dll (Nokia) {416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}
d:\windows\system32\nvcpl.dll (NVIDIA Corporation) {A70C977A-BF00-412C-90B7-034C51DA2439}
d:\windows\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48}
d:\windows\system32\nvcpl.dll (NVIDIA Corporation) {FFB699E0-306A-11d3-8BD1-00104B6F7516}
* d:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations\scieplgn.dll (Kaspersky Lab) {85E0B171-04FA-11D1-B7DA-00A0C90348D6}
d:\program files\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
* d:\program files\yahoo!\common\ymmapi.dll (Yahoo! Inc.) {5464D816-CF16-4784-B9F3-75C0DB52B499}

062 HKLM-HKCU\Software\Classes\Folder\Shellex\ColumnHandlers
------------------------------------------------------------
d:\program files\common files\adobe\acrobat\activex\pdfshell.dll (Adobe Systems, Inc.) {F9DB5320-233E-11D1-9F84-707F02C10627}

067 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
---------------------------------------------------------------------
d:\windows\system32\klogon.dll (Kaspersky Lab)

068 HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9
--------------------------------------------------------------------------------
D:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
D:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
D:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
D:\WINDOWS\system32\nvappfilter.dll (NVIDIA)

069 HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
--------------------------------------------------------
D:\WINDOWS\system32\mdimon.dll (Microsoft Corporation)

100 Internet Explorer settings
------------------------------
Default_Page_URL HKLM : http://www.yahoo.com/
Start Page HKCU : http://www.yahoo.com/
Start Page HKLM : http://www.yahoo.com/

102 HKLM - HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars
------------------------------------------------------------------
GUID / CLSID not found {32683183-48a0-441b-a342-7c2a440a9478}

104 HKLM\Software\Microsoft\Code Store Database\Distribution Units
------------------------------------------------------------------
* d:\windows\downlo~1\hpgetd~1.ocx (Netopsystems AG) {AB86CE53-AC9F-449F-9399-D8ABCA09EC09}

105 HKCU\Software\Microsoft\Internet Explorer\MenuExt
-----------------------------------------------------
Add to Anti-Banner : D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\ie_banner_deny.htm
Dial with VT&GO : file:///D:\Program Files\IP blue\VTGO\Scripts\dialer.htm
E&xport to Microsoft Excel : res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

120 Domain/DNS hijacking
------------------------
NameServer {C55473E2-80AA-4F43-8735-FFE644CABF74} : 217.113.72.20,217.113.72.21
TcpIp NameServer : 85.255.114.85 85.255.112.25

121 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs
--------------------------------------------------------------------------
* d:\progra~1\kasper~1\kasper~1.0fo\adialhk.dll (Kaspersky Lab)

145 HKLM\System\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\UpperFilters
---------------------------------------------------------------------------------------------------
* D:\WINDOWS\system32\drivers\vmkbd.sys (VMware, Inc.)

170 HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
------------------------------------------------------------------------
{36fc35d9-a875-11dc-bb04-001b247b6b01} : D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL USB2.0.exe
{454bcfe7-927f-11dc-bad7-001b247b6b01} : D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sysnet.exe
{5eb98212-929f-11dc-bad8-001b247b6b01} : D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sysnet.exe
{5eb9859b-929f-11dc-bad8-001b247b6b01} : D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \SystemVolumeInformation\system.exe
{87599885-ac74-11dc-bb04-001b247b6b01} : D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sysnet.exe
{87599e61-ac74-11dc-bb04-001b247b6b01} : D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sysnet.exe
{8759a03f-ac74-11dc-bb04-001b247b6b01} : D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL USB2.0.exe
{8759a07c-ac74-11dc-bb04-001b247b6b01} : D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL USB2.0.exe
{9ac05106-baa4-11dc-bb06-001b247b6b01} : E:\semo2x.exe
{f3c940a6-c009-11dc-bb0e-001b247b6b01} : D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sysnet.exe
{f3c940d2-c009-11dc-bb0e-001b247b6b01} : D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sysnet.exe

173 HKCR\*\shellex\ContextMenuHandlers
--------------------------------------
* d:\program files\yahoo!\common\ymmapi.dll (Yahoo! Inc.) {5464D816-CF16-4784-B9F3-75C0DB52B499}
d:\program files\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
* d:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations\shellex.dll (Kaspersky Lab) {dd230880-495a-11d1-b064-008048ec2fc5}
  • 0

Advertisements


#2
tallin

tallin

    Member

  • Member
  • PipPipPip
  • 277 posts
Posted Image sleen,

We do not Analyse logs here on this sub-forum at Geeks to Go.

Please go to this link and follow along with the excellent instructions.

Feel free to browse this great forum with so much to read and learn.

kind regards, :)
  • 0

#3
sleen

sleen

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
My bad. Sorry!
  • 0

#4
Ztruker

Ztruker

    Member 5k

  • Technician
  • 7,065 posts
Sleen, what kind of problems are you having that you are looking at your startup processes?

Do you suspect some kind of malware infection of is your system just running slow?
Is this something new or has it been this way for awhile?
If new, what have you changed in the way of hardware or software?

I noticed you have VMWare running. That sucks up a lot of resources. Is it necessary to have it running all the time or can you set it up so you can start it when you need it?
  • 0

#5
sleen

sleen

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Hi Ztruker,
I just suspect some kind of malware could have infected my system.My PC isn't slow at all.Just that I sometime got a popup which I've not been able to reproduce nor can I even remember what exactly it was saying. That's what got me worried.

best,
Sleen
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP