My Hijackthis log - please look over

Shane

Shane

Super Moderator
Staff member
hi all,

please could someone whos good with security check my Hijack this log.

My current security is

Standard vista firewall
NOD32 Antivirus
Spyware terminator

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:40:27, on 07/07/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\userinit.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ESET\nod32kui.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Microsoft Office\Office10\OSA.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O13 - Gopher Prefix:
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O23 - Service: Marvell RAID Event Agent (Marvell RAID) - Unknown owner - C:\Program Files\Marvell\61xx\svc\mvraidsvc.exe
O23 - Service: MRU Web Service (MRUWebService) - Apache Software Foundation - C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 4912 bytes
Click to expand...

thankyou :)
 
Are you having any problems??? Popups, do you think you have a virus, or just want a check?
 
spyware terminator said i had a Trojan,cant remember the name of it it was something called bank log or something which got me worried as i do use the internet for buying stuff.

:)
 
OK, Do the following:

: Download and Run DSS :

Download Deckard's System Scanner (DSS) to your Desktop. You must be logged onto an account with administrator privileges.
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<- this one will be minimized.
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt in your reply.
 
Btw as you can see im currently running Vista Home Premium 32 bit not 64 bit ultimate due to having problems with compatability with some stuff :)

Deckard's System Scanner v20071014.68
Run by Shane on 2008-07-07 11:43:24
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
32: 2008-07-02 20:35:30 UTC - RP48 - Device Driver Package Install: Intel System devices
31: 2008-07-02 20:35:14 UTC - RP47 - Device Driver Package Install: Intel System devices
30: 2008-07-02 16:58:51 UTC - RP46 - Windows Update
29: 2008-07-02 16:25:19 UTC - RP45 - Windows Update
28: 2008-07-02 14:00:57 UTC - RP44 - Installed WarRock


-- First Restore Point --
1: 2008-07-01 17:20:31 UTC - RP2 - Device Driver Package Install: NVIDIA Display adapters


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Shane.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:45:00, on 07/07/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ESET\nod32kui.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Crawler\CToolbar.exe
C:\Users\Shane\Desktop\Downloads\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Shane.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O13 - Gopher Prefix:
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O23 - Service: Marvell RAID Event Agent (Marvell RAID) - Unknown owner - C:\Program Files\Marvell\61xx\svc\mvraidsvc.exe
O23 - Service: MRU Web Service (MRUWebService) - Apache Software Foundation - C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 4933 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 sp_rsdrv2 (Spyware Terminator Driver 2) - \??\c:\windows\system32\drivers\sp_rsdrv2.sys

S0 OemBiosDevice (Royalty OEM BIOS Extension) - c:\windows\system32\drivers\royal.sys <Not Verified; PARADOX; SLP Kernel-Mode Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Marvell RAID (Marvell RAID Event Agent) - c:\program files\marvell\61xx\svc\mvraidsvc.exe <Not Verified; ; mvraidsvc Application>
R2 MRUWebService (MRU Web Service) - "c:\program files\marvell\61xx\apache2\bin\apache.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server>
R2 sp_rssrv (Spyware Terminator Realtime Shield Service) - "c:\program files\spyware terminator\sp_rsser.exe" <Not Verified; Crawler.com; Crawler Spyware Terminator>

S4 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_73601462&REV_02\3&11583659&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_73601462&REV_02\3&11583659&0&FB
Service:


-- Files created between 2008-06-07 and 2008-07-07 -----------------------------

2008-07-07 02:31:35 0 d-------- C:\Program Files\Trend Micro
2008-07-07 02:22:59 0 d-------- C:\Program Files\Crawler
2008-07-06 20:52:26 0 d-------- C:\Users\Shane\Shared
2008-07-06 20:52:25 0 d-------- C:\Users\Shane\Incomplete
2008-07-06 20:50:49 0 d-------- C:\Program Files\Common Files\Java
2008-07-06 19:18:38 0 d-------- C:\Program Files\EPSON
2008-07-06 19:18:06 0 d-------- C:\epson
2008-07-06 19:02:56 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-07-05 16:07:14 0 d-------- C:\Windows\system32\Log
2008-07-04 09:21:24 53248 -----n--- C:\Windows\Ctregrun.exe <Not Verified; Creative Technology Ltd; Creative Product Registration>
2008-07-04 09:19:43 0 d-------- C:\Program Files\Common Files\Creative
2008-07-04 09:19:42 0 d--h----- C:\Program Files\Creative Installation Information
2008-07-04 09:19:22 0 d-------- C:\Users\All Users\Creative
2008-07-04 09:18:42 0 d-------- C:\Windows\system32\Data
2008-07-04 09:18:34 67072 -----n--- C:\Windows\system32\CmdRtr.dll
2008-07-04 09:18:34 105472 -----n--- C:\Windows\system32\APOMngr.dll
2008-07-04 09:18:31 409600 --a------ C:\Windows\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2008-07-04 09:18:31 114688 --a------ C:\Windows\system32\OpenAL32.dll <Not Verified; Portions (C) Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL(TM) Library>
2008-07-04 09:16:19 0 d-------- C:\Program Files\Creative
2008-07-02 21:52:15 0 d-------- C:\Users\Shane\{0f96a40d-6b3c-4434-856c-9a4e672c71e5}
2008-07-02 21:52:11 0 d-------- C:\Program Files\Realtek
2008-07-02 21:52:09 520192 --a------ C:\Windows\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2008-07-02 21:52:09 315392 --a------ C:\Windows\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-07-02 21:51:49 9 --a------ C:\Windows\mvraidver.dat
2008-07-02 21:50:48 0 d-------- C:\Users\Shane\{f98d2a56-138d-4bc6-a465-d75f4033380e}
2008-07-02 21:50:47 0 d-------- C:\Program Files\Marvell
2008-07-02 21:35:13 53248 --a------ C:\Windows\system32\CSVer.dll <Not Verified; Windows XP Bundled build C-Centric Single User; Windows XP Bundled build C-Centric Single User CSVer>
2008-07-02 21:35:13 0 d-------- C:\Program Files\Intel
2008-07-02 21:35:04 0 d-------- C:\Intel
2008-07-02 20:50:27 0 dr------- C:\Users\Lyndsey\Searches
2008-07-02 20:50:18 0 dr------- C:\Users\Lyndsey\Contacts
2008-07-02 20:50:14 0 d--hs---- C:\Users\Lyndsey\Templates
2008-07-02 20:50:14 0 d--hs---- C:\Users\Lyndsey\Start Menu
2008-07-02 20:50:14 0 d--hs---- C:\Users\Lyndsey\SendTo
2008-07-02 20:50:14 0 d--hs---- C:\Users\Lyndsey\Recent
2008-07-02 20:50:14 0 d--hs---- C:\Users\Lyndsey\PrintHood
2008-07-02 20:50:14 0 d--hs---- C:\Users\Lyndsey\NetHood
2008-07-02 20:50:14 0 d--hs---- C:\Users\Lyndsey\My Documents
2008-07-02 20:50:14 0 d--hs---- C:\Users\Lyndsey\Local Settings
2008-07-02 20:50:14 0 d--hs---- C:\Users\Lyndsey\Cookies
2008-07-02 20:50:14 0 d--hs---- C:\Users\Lyndsey\Application Data
2008-07-02 20:50:13 0 dr------- C:\Users\Lyndsey\Videos
2008-07-02 20:50:13 0 dr------- C:\Users\Lyndsey\Saved Games
2008-07-02 20:50:13 0 dr------- C:\Users\Lyndsey\Pictures
2008-07-02 20:50:13 786432 --ahs---- C:\Users\Lyndsey\NTUSER.DAT
2008-07-02 20:50:13 0 dr------- C:\Users\Lyndsey\Music
2008-07-02 20:50:13 0 dr------- C:\Users\Lyndsey\Links
2008-07-02 20:50:13 0 dr------- C:\Users\Lyndsey\Favorites
2008-07-02 20:50:13 0 dr------- C:\Users\Lyndsey\Downloads
2008-07-02 20:50:13 0 dr------- C:\Users\Lyndsey\Documents
2008-07-02 20:50:13 0 dr------- C:\Users\Lyndsey\Desktop
2008-07-02 20:50:13 0 d--h----- C:\Users\Lyndsey\AppData
2008-07-02 20:39:06 110602 --a------ C:\Windows\system32\xcdsfx32.bin
2008-07-02 20:39:05 0 d-------- C:\Program Files\Driver Magician
2008-07-02 20:34:09 141312 --a------ C:\Windows\system32\drivers\sp_rsdrv2.sys
2008-07-02 20:34:08 0 d-------- C:\Users\All Users\Spyware Terminator
2008-07-02 20:34:07 0 d-------- C:\Program Files\Spyware Terminator
2008-07-02 15:01:05 0 d-------- C:\Program Files\WarRock
2008-07-02 14:00:01 0 d-------- C:\Program Files\Activision
2008-07-02 13:58:52 0 d--hs---- C:\Windows\ftpcache
2008-07-02 13:53:39 0 d-------- C:\Program Files\PC Drivers HeadQuarters
2008-07-02 13:31:24 0 d-------- C:\Users\All Users\PC Drivers HeadQuarters
2008-07-02 03:05:37 0 d-------- C:\Windows\Panther
2008-07-02 03:05:22 0 d--hs---- C:\Boot
2008-07-02 03:04:59 0 d-------- C:\Windows\system32\OEM
2008-07-02 03:04:59 36 -rah----- C:\Windows\DELL_VERSION
2008-07-01 22:40:32 0 d-------- C:\Users\All Users\Azureus
2008-07-01 22:40:03 0 d-------- C:\Program Files\Vuze
2008-07-01 21:58:50 0 dr------- C:\Users\Mom\Searches
2008-07-01 21:58:41 0 dr------- C:\Users\Mom\Contacts
2008-07-01 21:58:38 0 d--hs---- C:\Users\Mom\Templates
2008-07-01 21:58:38 0 d--hs---- C:\Users\Mom\Start Menu
2008-07-01 21:58:38 0 d--hs---- C:\Users\Mom\SendTo
2008-07-01 21:58:38 0 d--hs---- C:\Users\Mom\Recent
2008-07-01 21:58:38 0 d--hs---- C:\Users\Mom\PrintHood
2008-07-01 21:58:38 0 d--hs---- C:\Users\Mom\NetHood
2008-07-01 21:58:38 0 d--hs---- C:\Users\Mom\My Documents
2008-07-01 21:58:38 0 d--hs---- C:\Users\Mom\Local Settings
2008-07-01 21:58:38 0 d--hs---- C:\Users\Mom\Cookies
2008-07-01 21:58:38 0 d--hs---- C:\Users\Mom\Application Data
2008-07-01 21:58:37 0 dr------- C:\Users\Mom\Videos
2008-07-01 21:58:37 0 dr------- C:\Users\Mom\Saved Games
2008-07-01 21:58:37 0 dr------- C:\Users\Mom\Pictures
2008-07-01 21:58:37 786432 --ahs---- C:\Users\Mom\NTUSER.DAT
2008-07-01 21:58:37 0 dr------- C:\Users\Mom\Music
2008-07-01 21:58:37 0 dr------- C:\Users\Mom\Links
2008-07-01 21:58:37 0 dr------- C:\Users\Mom\Favorites
2008-07-01 21:58:37 0 dr------- C:\Users\Mom\Downloads
2008-07-01 21:58:37 0 dr------- C:\Users\Mom\Documents
2008-07-01 21:58:37 0 dr------- C:\Users\Mom\Desktop
2008-07-01 21:58:37 0 d--h----- C:\Users\Mom\AppData
2008-07-01 20:32:26 0 d-------- C:\Program Files\MSXML 4.0
2008-07-01 20:03:29 0 d-------- C:\Windows\pss
2008-07-01 19:58:51 240128 --a------ C:\Windows\system32\drivers\royal.sys <Not Verified; PARADOX; SLP Kernel-Mode Driver>
2008-07-01 19:58:45 0 d------c- C:\Windows\system32\DRVSTORE
2008-07-01 19:34:18 0 d-------- C:\Program Files\Lavalys
2008-07-01 19:34:14 0 d-------- C:\Program Files\Microsoft IntelliPoint
2008-07-01 19:33:06 0 d-------- C:\Program Files\Microsoft IntelliType Pro
2008-07-01 19:32:55 0 d-------- C:\Windows\PCHEALTH
2008-07-01 19:30:38 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-01 19:30:37 0 d-------- C:\Users\All Users\Adobe
2008-07-01 19:28:18 0 d-------- C:\Windows\Driver Cache
2008-07-01 19:27:27 3456 -r------- C:\Windows\system32\AVerIO.sys
2008-07-01 19:27:27 49152 -r------- C:\Windows\system32\AVerIO.dll <Not Verified; ; AVerIO>
2008-07-01 19:27:26 69632 -r------- C:\Windows\system32\CardID.dll <Not Verified; AVerMedia Technologies, Inc.; >
2008-07-01 19:27:24 249856 -r------- C:\Windows\system32\sptlib02.dll
2008-07-01 19:27:24 262144 -r------- C:\Windows\system32\sptlib01.dll
2008-07-01 19:27:01 0 d-------- C:\Program Files\Common Files\AVerMedia
2008-07-01 19:27:01 0 d-------- C:\Program Files\AVerMedia
2008-07-01 19:20:10 0 d--h----- C:\Windows\msdownld.tmp
2008-07-01 19:20:08 0 d-------- C:\Windows\system32\directx
2008-07-01 19:18:19 0 d-------- C:\Users\All Users\Windows Genuine Advantage
2008-07-01 18:36:09 0 d-------- C:\Users\All Users\Nero
2008-07-01 18:36:09 0 d-------- C:\Program Files\Nero
2008-07-01 18:36:09 0 d-------- C:\Program Files\Common Files\Nero
2008-07-01 18:31:39 0 d-------- C:\Program Files\Java
2008-07-01 18:31:35 0 d--hs---- C:\Windows\Installer
2008-07-01 18:31:25 0 d-------- C:\Program Files\IObit
2008-07-01 18:30:47 0 d-------- C:\Fraps
2008-07-01 18:30:33 0 d-------- C:\Program Files\FrostWire
2008-07-01 18:30:13 0 d-------- C:\Program Files\Intel Corporation
2008-07-01 18:30:13 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-01 18:29:41 0 d-------- C:\Program Files\VideoLAN
2008-07-01 18:25:11 298104 --a------ C:\Windows\system32\imon.dll <Not Verified; Eset; NOD32 Antivirus System>
2008-07-01 18:22:40 0 d-------- C:\Users\All Users\NVIDIA
2008-07-01 18:20:19 0 d-------- C:\Program Files\Common Files\InstallShield
2008-07-01 18:20:18 0 d-------- C:\NVIDIA
2008-07-01 18:18:10 0 d-------- C:\Windows\system32\Macromed
2008-07-01 18:16:37 0 --a------ C:\Windows\nsreg.dat
2008-07-01 18:16:29 3464 --a------ C:\Windows\mozver.dat
2008-07-01 18:14:49 0 dr------- C:\Users\Shane\Searches
2008-07-01 18:14:40 0 dr------- C:\Users\Shane\Contacts
2008-07-01 18:14:37 0 d--hs---- C:\Users\Shane\Templates
2008-07-01 18:14:37 0 d--hs---- C:\Users\Shane\Start Menu
2008-07-01 18:14:37 0 d--hs---- C:\Users\Shane\SendTo
2008-07-01 18:14:37 0 d--hs---- C:\Users\Shane\Recent
2008-07-01 18:14:37 0 d--hs---- C:\Users\Shane\PrintHood
2008-07-01 18:14:37 0 d--hs---- C:\Users\Shane\NetHood
2008-07-01 18:14:37 0 d--hs---- C:\Users\Shane\My Documents
2008-07-01 18:14:37 0 d--hs---- C:\Users\Shane\Local Settings
2008-07-01 18:14:37 0 d--hs---- C:\Users\Shane\Cookies
2008-07-01 18:14:37 0 d--hs---- C:\Users\Shane\Application Data
2008-07-01 18:14:36 0 dr------- C:\Users\Shane\Videos
2008-07-01 18:14:36 0 dr------- C:\Users\Shane\Saved Games
2008-07-01 18:14:36 0 dr------- C:\Users\Shane\Pictures
2008-07-01 18:14:36 1048576 --ahs---- C:\Users\Shane\NTUSER.DAT
2008-07-01 18:14:36 0 dr------- C:\Users\Shane\Music
2008-07-01 18:14:36 0 dr------- C:\Users\Shane\Links
2008-07-01 18:14:36 0 dr------- C:\Users\Shane\Favorites
2008-07-01 18:14:36 0 dr------- C:\Users\Shane\Downloads
2008-07-01 18:14:36 0 dr------- C:\Users\Shane\Documents
2008-07-01 18:14:36 0 dr------- C:\Users\Shane\Desktop
2008-07-01 18:14:36 0 d--h----- C:\Users\Shane\AppData
2008-07-01 18:08:45 0 d-------- C:\Windows\SoftwareDistribution
2008-07-01 18:07:43 0 d-------- C:\Windows\Debug
2008-07-01 18:06:46 0 d-------- C:\Windows\Prefetch
2008-07-01 18:06:38 0 d--hs---- C:\System Volume Information


-- Find3M Report ---------------------------------------------------------------

2008-07-07 02:34:00 0 d-------- C:\Users\Shane\AppData\Roaming\Spyware Terminator
2008-07-06 21:24:53 0 d-------- C:\Users\Shane\AppData\Roaming\FrostWire
2008-07-06 20:50:49 0 d-------- C:\Program Files\Common Files
2008-07-06 19:04:27 52968 --a------ C:\Users\Shane\AppData\Roaming\GDIPFONTCACHEV1.DAT
2008-07-05 16:07:10 0 d-------- C:\Users\Shane\AppData\Roaming\Xion
2008-07-04 09:24:55 0 d-------- C:\Users\Shane\AppData\Roaming\Creative
2008-07-02 21:20:38 0 d-------- C:\Users\Shane\AppData\Roaming\Azureus
2008-07-02 15:00:43 0 d-------- C:\Users\Shane\AppData\Roaming\InstallShield
2008-07-02 13:35:06 0 d-------- C:\Users\Shane\AppData\Roaming\WinRAR
2008-07-01 21:49:17 174 --ahs---- C:\Program Files\desktop.ini
2008-07-01 21:46:14 0 d-------- C:\Program Files\Windows Calendar
2008-07-01 21:46:13 0 d-------- C:\Program Files\Windows Mail
2008-07-01 21:46:11 0 d-------- C:\Program Files\Windows Defender
2008-07-01 21:46:04 0 d-------- C:\Program Files\Windows Sidebar
2008-07-01 19:54:35 0 d-------- C:\Users\Shane\AppData\Roaming\vlc
2008-07-01 18:37:11 0 d-------- C:\Users\Shane\AppData\Roaming\Nero
2008-07-01 18:18:15 0 d-------- C:\Users\Shane\AppData\Roaming\Macromedia
2008-07-01 18:18:15 0 d-------- C:\Users\Shane\AppData\Roaming\Adobe
2008-07-01 18:16:40 0 d-------- C:\Users\Shane\AppData\Roaming\Talkback
2008-07-01 18:16:36 0 d-------- C:\Users\Shane\AppData\Roaming\Mozilla
2008-07-01 18:14:42 0 d-------- C:\Users\Shane\AppData\Roaming\Identities


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [01/07/2008 20:47]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [16/05/2008 14:01]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [16/05/2008 14:01]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [01/07/2008 18:24]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [31/08/2007 20:13]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [31/08/2007 20:01]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [28/02/2007 17:50]
"P17RunE"="P17RunE.dll" [09/04/2007 02:40 C:\Windows\System32\P17RunE.dll]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [25/03/2008 04:28]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [02/07/2008 20:34]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [01/07/2008 20:35]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 01:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AVerQuick.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVerQuick.lnk
backup=C:\Windows\pss\AVerQuick.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
"C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f606f0c-4790-11dd-90b8-806e6f6e6963}]
AutoRun\command- E:\setup\rsrc\Autorun.exe
dinstall\command- E:\Directx\dxsetup.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-07-07 11:45:36 ------------
Click to expand...
 
Sorry for late reply cohen,i dont mean to be rude by not replying ;)

thankyou for looking over :)
 
No everything seems to be fine now,i actualy found out what caused the lag spike,my voltage was set too low for my OC i think and now i upped it my system has been performing alot better.
but its nice to know my system is clean :)
 
You must log in or register to reply here.
Back
Top