| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 104811 | 2009-11-09 04:50:00 | Hard Drives not displaying content when try to open them | gza (13233) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 828724 | 2009-11-09 04:50:00 | hi...all the hard drives and their partitions will only display their contents in explorer if I right click them and then choose the Explore open in the window that opens. Double clicking any of the drives opens a window that asks "What Program do you want to use to open this drive' and lists a mass of programs that won't open the drive. This has been happening for a couple of days and has me beat, although I can open the drive/s by clicking the Explore option. Also, every time that I start the computer, Autoplay( or is it Run?) starts up and is running through the partitions of the 1TB Seagate External Hard drive and windows are opening on screen for each partition as it reads them, asking me What action would I like windows to do for this drive".....I choose "Open to display folders". unfortunately this doesn't work or hold that setting. The battery in my computer is only 2 months old and all drives - HDD and Optical show in BIOS and bootup isn't slow or faulty. Any ideas on this minor pain in the but? Compaq Presario S3010AN AMD Athlon XP 2000+ 1.67GHz 1.5GB PC 2700 DDR SDRAM WXP Pro + SP3 Western Digital 80GB EIDE ATA ( C + D, 40GB each) Seagate External 1TB HDD ATI Radeon 9000 Graphics card |
gza (13233) | ||
| 828725 | 2009-11-09 05:35:00 | Follow what it says here (en.kioskea.net) 1.Start Registry Editor. (start -> Run... -> regedit) 2.Locate the Default value under the following key in the registry: HKEY_CLASSES_ROOT\Directory\shell 3.Click Modify on the Edit menu. 4.In the File data box, type: none 5.Click OK. 6.Quit Registry Editor. 1. Open Start>>Run and type cmd and press enter. This will open a command prompt window. On this command prompt window type the following steps. 2. type cd\ 3. type attrib -r -h -s autorun.inf 4. type del autorun.inf If autorun.inf is on your hdd, you maybe infected with something (it shouldnt be there). |
Speedy Gonzales (78) | ||
| 828726 | 2009-11-09 06:03:00 | Thanks Speedy. I'll give your suggestion a run when I gat back to Bluff from Invercargill in an hour. I could have a virus on the computer, my Avast Home 4.8 says that there is one which is active im memory, it is located in Prefetch, but Avast's recommended action is to "Ignore", so I do. Can't recall the name attached to the virusbut its something like ndsq1.exe....I'll submit a Trojan Remover Log later today or in the morningA full Malware Bytes scan showed 3 nasties but I couldn't believe that it rated BitCollider as a Hijack Tool. Anyway, I left all in-situ for the moment. Submit Logs to you asap. Thanks,gza |
gza (13233) | ||
| 828727 | 2009-11-09 06:08:00 | Well if its in memory I would tell Avast to remove it, dont ignore it. And use something like ccleaner remove the temp files etc. And disable system restore, before you do the above | Speedy Gonzales (78) | ||
| 828728 | 2009-11-09 06:14:00 | Ok, will do. Just read the page you directed me to and it seems like what I'm after. Now I got to get on way home, back with Logs soon as. |
gza (13233) | ||
| 828729 | 2009-11-09 07:48:00 | 1. Open Start>>Run and type cmd and press enter. This will open a command prompt window. On this command prompt window type the following steps. 2. type cd\ 3. type attrib -r -h -s autorun.inf 4. type del autorun.inf If autorun.inf is on your hdd, you maybe infected with something (it shouldnt be there). That'll fix it. What usually happens is autorun.inf is infected, your AV tries to disinfect and damages when doing so... Blam |
Blam (54) | ||
| 828730 | 2009-11-09 08:27:00 | Or run this (http://oldmcdonald.wordpress.com/) | Speedy Gonzales (78) | ||
| 828731 | 2009-11-12 03:32:00 | Ya wouldn't Adam and Eve it!!!.. I'm in a Netcafe/Boarding house using the damn net, and it their com won't allow me to read from Flash drive.....not enough permissions. 4get the parmisens as they are $getting pernicious missions : P Basically, I'll get butzis into Invercargill tomorrow and do what I came here for....ie. submit the news Computer is ok after Speedy's suggestion but there is/was lots more. I been at it 23 days fixing and there hwve been "HIDDEN PROCESSES" running and more. All cleared up now with out of updated gear since April '09. Will be back as said tomorrow with the full Logs et al. But com sweet again Thanks for your input Blam. Back tomorrow, gza OHHHH.... I need to be back online... A.S.A.P : ( |
gza (13233) | ||
| 828732 | 2009-11-14 03:06:00 | Back again with the scans etc. The computer that I tried to use the other day that wouldn't allow USB flash drives also bought up an alert about about a virus on my flash drive. All that was /is on it were the bitmaps of screenshots of the problems and the notepad text that I have here to submit. When I got home I scanned the flash drive and nothing was founs. But, today in town on netcafe computer, their NOD 32 found the threat: info here:- F:\nds0q.exe Threat: a variant of Win43/Pacer.Gen Virus I deleted it. Then more info said it was a online gaming thingy....faded out to quick for me to write down. Now I think I know what to look for on com at home. Anyway, here are the scans. ........................................... Good news and thank you very much Speedy, the computer is cleaned of the Viruses and malware. How they got into the System I don't know because my computer hasn't been connected to the Internet since April 2009 and it was good then as it was until about ten days ago. The first show of a problem was seen in Event Viewer 'System' or 'Antivirus' on 29/10/2007. There's not an entry in there now (?) so I can't say to what it referred. But I think it was to do with the ntds0q.exe or the SPTD 1.5.Although the computer hasn't been directly connected to the net I did use a netcafe occaisionally to get a couple of files and took them home on a flash drive to instal later. Also, my Seagate External HDD was connected to another computer that I was trying to convert OS from FAT32 to NTFS. All my files/programs etc are stored on this External drive. i could've picked up the bug from either of these places, but I do know that there was nothing wrong with the my computer until 2 weeks ago. Although in the past week it has problems with DVD RW drives not reading/seeing CD's, Red Book- Cannot play Digital Audio, Secondary IDE Channel was UDMA 5 is now only UDMA 2---------blah blah.....they not the issue here,,,the installed CD RW works and DVD sees and plays DVD Right then, on with the Thread issue: Firstly, I'm not online and the Avast 4.8, Trojan Remover and MalwareBytes Programs are operating without any Updates since March '09; my com is devoid of updates , Java is 6-11. Speedy, I tried to do the Regedit that you suggested but couldn't locate the "directory" in HKey_classes_ROOT.....its not there....... "Directory" is but, I assume, as you know, the "shell" that is in there isn't the one I needed, so I couldn't continue that path.( where has the lower case directory gone...I wonder? ) I then did a scan with TR and when it bought up an issue (RootKit-Hidden Process) and showed it in every drive I set TR to " Stop this from running and to rename the file". At the end all drives showed a "nds0q.exe.vir" and an "autorun.inf.vir" file. The nds0q.exe file was first made known to me a bout 10 days back, Comodo Firewall would open an alert that ntds0q.exe was attempting to gain elevated privileges to Computer Management ( I think it said), and of the options I chose 'Allow'. : ) this happened for every drive/partition when I clicked one to open it...." Welcummon in!! Howdy-doo-do-dee, indeed" SPTD 1.5........or sptd1.5.......showed up about same time, saying that it had to ba installed to run a program ( never asked for it before) so click OK, Program opens. Got sick of this happening so uninstalled program, reinstalled it 2 days ago, and in the first 15secs of instal a window opens saying ' Windows 2000 or higher with SPTD 1.5 is needed to run this program. Never known that to happen before, clicked NO, didn't instal. Run instal it again, agree to it and it says Reboot necessary. Oki Doki...... reboots...... BSOD...ha, blimmin ha. 4 fix attempts later I boot to Safe Mode and after the initial instal of drivers and before opening to Safe Mode,a message bottom screen says " push ESC to not load SPTD 1.5"..... I didn't, Safe Mode opens, Administrator and gza sign in options, use gza click Enter and BSOD again. 3 times until I pushed the ESC key. Voila! Safe Mode opens. I performed a TR Scan in Safe Mode and did the same actions as before to stop the greeblies. Opened the drives and deleted the .vir files. Rebooted into Windows Full Mode, all good.... for a while. TR Scanned again and stopped/renamed these " Hidden Files" files again. Deleted them from the drives, Rebooted, turned System Restore back on all drives and set a restore point. ( don't know if thats the correct way to have turned Sys-Restore off/on and set a restore point---just my luck it'll be the other way round) TR's discovery of the ":herss.exe" in C:\DOCUME~1\gza\LOCALS~1\Temp\herss.exe HKCU\Software\Microsoft\Windows\currentVersion\Run \"cdoosoft" (FILE IS SUSPICIOUS:HAS HIDDEN/SYSTEM ATTRIBUTES), hadn't shown itself before,that is, Avast hadn't detected it, and of course, I havn't made use of TR for 6+ months. MalwareBytes disclosure of Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Advanced\Folder\Hidden\SHOWALL \CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken. I followed this all the way to the (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken., and left the value ( 1 ) as it was....assuming that it was 'Good'............perhaps I should've changed the value to ( 0 ),,??? I did instruct MalaWareBytes to 'Fix' the issues that it found, but, it didn't, thats why the Log of it says "No action taken". oh and, I forget to mention, within the past week there was a program that I went to open and a window opened on screen with the message " to run this program Kernel Debugger needs to be Deactivated". Never been asked for that before.......so it was Oki-Doki again..... Its all my own fault ,eh. Anyway, I've waffled on a lot here and I'd best submit the logs for scrutiny. Sorry I'm late back to this, no net and recurring probs kept me at the to-do stage. The TR Log is of the scan that I did last night. I have the 3 or 4 previous logs but haven't added them here because they are as lenghty as this one is. I can submit them if you want/ask to see them. I cannot get back to this Net site until tomorrow afternoon. .................................................. ................................. .................................................. ..................... TROJAN REMOVER ***** NORMAL SCAN FOR ACTIVE MALWARE ***** Trojan Remover Ver 6.7.5.2560. For information, email support@simplysup1.com [Registered to: Black Riders] Scan started at: 9:19:47 PM 11 Nov 2009 Using Database v7251 Operating System: Windows XP SP2 [Windows XP Professional Service Pack 2 (Build 2600)] File System: NTFS Data directory: C:\Documents and Settings\gza\Application Data\Simply Super Software\Trojan Remover\ Database directory: C:\Program Files\Trojan Remover\ Logfile directory: C:\Documents and Settings\gza\My Documents\Simply Super Software\Trojan Remover Logfiles\ Program directory: C:\Program Files\Trojan Remover\ Running with Administrator privileges ************************************************** ********** The following Anti-Malware program(s) are loaded: Avast! Antivirus ************************************************** ********** ************************************************** ********** 9:19:47 PM: Scanning ----------WIN.INI----------- WIN.INI found in C:\WINDOWS ************************************************** ********** 9:19:47 PM: Scanning --------SYSTEM.INI--------- SYSTEM.INI found in C:\WINDOWS ************************************************** ********** 9:19:47 PM: ----- SCANNING FOR ROOTKIT SERVICES ----- No hidden Services were detected. ************************************************** ********** 9:19:48 PM: Scanning -----WINDOWS REGISTRY----- -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon This key's "Shell" value calls the following program(s): File: Explorer.exe C:\WINDOWS\Explorer.exe 1032192 bytes Created: 8/5/2004 Modified: 8/5/2004 Company: Microsoft Corporation ---------- This key's "Userinit" value calls the following program(s): File: C:\WINDOWS\system32\userinit.exe C:\WINDOWS\system32\userinit.exe 24576 bytes Created: 8/5/2004 Modified: 8/5/2004 Company: Microsoft Corporation ---------- This key's "System" value appears to be blank ---------- This key's "UIHost" value calls the following program: File: logonui.exe C:\WINDOWS\system32\logonui.exe 514560 bytes Created: 8/5/2004 Modified: 8/5/2004 Company: Microsoft Corporation ---------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Value Name: load -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Value Name: avast! Value Data: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 81000 bytes Created: 12/26/2008 Modified: 2/6/2009 Company: ALWIL Software -------------------- Value Name: HDInspector.exe Value Data: C:\Program Files\Hard Drive Inspector\HDInspector.exe C:\Program Files\Hard Drive Inspector\HDInspector.exe 1008392 bytes Created: 2/12/2008 Modified: 12/28/2008 Company: Altrixsoft -------------------- Value Name: COMODO Firewall Pro Value Data: "C:\Program Files\COMODO\Firewall\cfp.exe" -h C:\Program Files\COMODO\Firewall\cfp.exe 1797880 bytes Created: 12/26/2008 Modified: 12/27/2008 Company: COMODO -------------------- Value Name: COMODO Internet Security Value Data: "C:\Program Files\COMODO\Firewall\cfp.exe" -h C:\Program Files\COMODO\Firewall\cfp.exe 1797880 bytes Created: 12/26/2008 Modified: 12/27/2008 Company: COMODO -------------------- Value Name: QuickTime Task Value Data: "C:\Program Files\QuickTime\qttask.exe" -atboottime C:\Program Files\QuickTime\qttask.exe 286720 bytes Created: 6/29/2007 Modified: 6/29/2007 Company: Apple Inc. -------------------- Value Name: SunJavaUpdateSched Value Data: "C:\Program Files\Java\jre6\bin\jusched.exe" C:\Program Files\Java\jre6\bin\jusched.exe 148888 bytes Created: 12/26/2008 Modified: 2/7/2009 Company: Sun Microsystems, Inc. -------------------- Value Name: WinampAgent Value Data: "C:\Program Files\Winamp\winampa.exe" C:\Program Files\Winamp\winampa.exe 36352 bytes Created: 8/4/2008 Modified: 8/4/2008 Company: [no info] -------------------- Value Name: TrojanScanner Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot C:\Program Files\Trojan Remover\Trjscan.exe 1231752 bytes Created: 11/9/2009 Modified: 1/1/2009 Company: Simply Super Software -------------------- Value Name: PWRISOVM.EXE Value Data: C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\PowerISO\PWRISOVM.EXE 200704 bytes Created: 8/7/2007 Modified: 8/7/2007 Company: PowerISO Computing, Inc. -------------------- Value Name: SoundMan Value Data: SOUNDMAN.EXE C:\WINDOWS\SOUNDMAN.EXE 577536 bytes Created: 2/3/2009 Modified: 4/16/2007 Company: Realtek Semiconductor Corp. -------------------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Once This Registry Key appears to be empty -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run OnceEx This Registry Key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Value Name: ctfmon.exe Value Data: C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\ctfmon.exe 15360 bytes Created: 8/5/2004 Modified: 8/5/2004 Company: Microsoft Corporation -------------------- Value Name: AlcoholAutomount Value Data: "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe 203928 bytes Created: 2/24/2009 Modified: 2/24/2009 Company: Alcohol Soft Development Team -------------------- -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Once This Registry Key appears to be empty ************************************************** ********** 9:19:50 PM: Scanning -----SHELLEXECUTEHOOKS----- ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972} File: shell32.dll - this file is expected and has been left in place ---------- ************************************************** ********** 9:19:50 PM: Scanning -----HIDDEN REGISTRY ENTRIES----- Taskdir check completed ---------- No Hidden File-loading Registry Entries found ---------- ************************************************** ********** 9:19:50 PM: Scanning -----ACTIVE SCREENSAVER----- ScreenSaver: C:\WINDOWS\system32\ssflwbox.scr C:\WINDOWS\system32\ssflwbox.scr 393216 bytes Created: 8/5/2004 Modified: 8/5/2004 Company: Microsoft Corporation -------------------- ************************************************** ********** 9:19:50 PM: Scanning ----- REGISTRY ACTIVE SETUP KEYS ----- Key: {621FCD24-4498-4324-A81E-07D331376EDF} Path: C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe 7680 bytes Created: 9/19/2007 Modified: 9/19/2007 Company: [no info] ---------- ************************************************** ********** 9:19:51 PM: Scanning ----- SERVICEDLL REGISTRY KEYS ----- ************************************************** ********** 9:19:51 PM: Scanning ----- SERVICES REGISTRY KEYS ----- Key: AmdK7 ImagePath: system32\DRIVERS\amdk7.sys C:\WINDOWS\system32\DRIVERS\amdk7.sys 37376 bytes Created: 8/4/2004 Modified: 8/5/2004 Company: Microsoft Corporation ---------- Key: aswFsBlk ImagePath: system32\DRIVERS\aswFsBlk.sys C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys 20560 bytes Created: 12/26/2008 Modified: 2/6/2009 Company: ALWIL Software ---------- Key: aswUpdSv ImagePath: "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 18752 bytes Created: 12/26/2008 Modified: 2/6/2009 Company: ALWIL Software ---------- Key: ATI Smart ImagePath: C:\WINDOWS\system32\ati2sgag.exe C:\WINDOWS\system32\ati2sgag.exe 520192 bytes Created: 12/27/2008 Modified: 5/3/2006 Company: ---------- Key: avast! Antivirus ImagePath: "C:\Program Files\Alwil Software\Avast4\ashServ.exe" C:\Program Files\Alwil Software\Avast4\ashServ.exe 138680 bytes Created: 12/26/2008 Modified: 2/6/2009 Company: ALWIL Software ---------- Key: avast! Mail Scanner ImagePath: "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 254040 bytes Created: 12/26/2008 Modified: 2/6/2009 Company: ALWIL Software ---------- Key: avast! Web Scanner ImagePath: "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 352920 bytes Created: 12/26/2008 Modified: 2/6/2009 Company: ALWIL Software ---------- Key: bgsvcgen ImagePath: "C:\WINDOWS\system32\bgsvcgen.exe" C:\WINDOWS\system32\bgsvcgen.exe 145504 bytes Created: 2/12/2009 Modified: 2/12/2009 Company: B.H.A Corporation ---------- Key: Bonjour Service ImagePath: "C:\Program Files\Bonjour\mDNSResponder.exe" C:\Program Files\Bonjour\mDNSResponder.exe 229376 bytes Created: 2/28/2006 Modified: 2/28/2006 Company: Apple Computer, Inc. ---------- Key: cmdAgent ImagePath: "C:\Program Files\COMODO\Firewall\cmdagent.exe" C:\Program Files\COMODO\Firewall\cmdagent.exe 618232 bytes Created: 12/26/2008 Modified: 12/27/2008 Company: COMODO ---------- Key: cmdGuard ImagePath: System32\DRIVERS\cmdguard.sys C:\WINDOWS\System32\DRIVERS\cmdguard.sys 101776 bytes Created: 12/26/2008 Modified: 12/27/2008 Company: COMODO ---------- Key: cmdHlp ImagePath: System32\DRIVERS\cmdhlp.sys C:\WINDOWS\System32\DRIVERS\cmdhlp.sys 31504 bytes Created: 12/26/2008 Modified: 12/27/2008 Company: COMODO ---------- Key: ElbyCDFL ImagePath: System32\Drivers\ElbyCDFL.sys C:\WINDOWS\System32\Drivers\ElbyCDFL.sys 34760 bytes Created: 12/27/2006 Modified: 12/27/2006 Company: SlySoft, Inc. ---------- Key: ElbyCDIO ImagePath: System32\Drivers\ElbyCDIO.sys C:\WINDOWS\System32\Drivers\ElbyCDIO.sys 25160 bytes Created: 8/8/2007 Modified: 8/8/2007 Company: Elaborate Bytes AG ---------- Key: ElbyDelay ImagePath: System32\Drivers\ElbyDelay.sys C:\WINDOWS\System32\Drivers\ElbyDelay.sys 11984 bytes Created: 2/16/2007 Modified: 2/16/2007 Company: Elaborate Bytes AG ---------- Key: epmntdrv ImagePath: \??\C:\WINDOWS\system32\epmntdrv.sys C:\WINDOWS\system32\epmntdrv.sys 8704 bytes Created: 10/2/2009 Modified: 4/22/2009 Company: [no info] ---------- Key: EuGdiDrv ImagePath: \??\C:\WINDOWS\system32\EuGdiDrv.sys C:\WINDOWS\system32\EuGdiDrv.sys 3072 bytes Created: 10/2/2009 Modified: 4/22/2009 Company: [no info] ---------- Key: FLEXnet Licensing Service ImagePath: "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 654848 bytes Created: 2/15/2009 Modified: 2/15/2009 Company: Macrovision Europe Ltd. ---------- Key: HDDSvc ImagePath: C:\WINDOWS\system32\HDDSvc.exe C:\WINDOWS\system32\HDDSvc.exe 189704 bytes Created: 2/12/2008 Modified: 2/12/2008 Company: AltrixSoft (http://www.altrixsoft.com/) ---------- Key: HSFHWBS2 ImagePath: system32\DRIVERS\HSFBS2S2.sys C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys 220032 bytes Created: 12/27/2008 Modified: 8/4/2004 Company: Conexant Systems, Inc. ---------- Key: HSF_DP ImagePath: system32\DRIVERS\HSFDPSP2.sys C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys 1041536 bytes Created: 12/27/2008 Modified: 8/4/2004 Company: Conexant Systems, Inc. ---------- Key: IDriverT ImagePath: "C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe" C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe 69632 bytes Created: 11/14/2005 Modified: 11/14/2005 Company: Macrovision Corporation ---------- Key: imagedrv ImagePath: System32\Drivers\imagedrv.sys C:\WINDOWS\System32\Drivers\imagedrv.sys 11304 bytes Created: 8/8/2007 Modified: 8/8/2007 Company: Ahead Software AG ---------- Key: imagesrv ImagePath: system32\DRIVERS\imagesrv.sys C:\WINDOWS\system32\DRIVERS\imagesrv.sys 132904 bytes Created: 8/8/2007 Modified: 8/8/2007 Company: Ahead Software AG ---------- Key: Inspect ImagePath: System32\DRIVERS\inspect.sys C:\WINDOWS\System32\DRIVERS\inspect.sys 79504 bytes Created: 12/26/2008 Modified: 12/27/2008 Company: COMODO ---------- Key: JavaQuickStarterService ImagePath: "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" C:\Program Files\Java\jre6\bin\jqs.exe 152984 bytes Created: 12/26/2008 Modified: 2/7/2009 Company: Sun Microsystems, Inc. ---------- Key: MySQL ImagePath: "C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld" --defaults-file="C:\Program Files\MySQL\MySQL Server 5.1\my.ini" MySQL C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe 6447744 bytes Created: 11/15/2008 Modified: 11/15/2008 Company: [no info] ---------- Key: Nero BackItUp Scheduler 3 ImagePath: C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe 836904 bytes Created: 8/8/2007 Modified: 8/8/2007 Company: Nero AG ---------- Key: NMIndexingService ImagePath: "C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe" C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe 382248 bytes Created: 8/3/2007 Modified: 8/3/2007 Company: Nero AG ---------- Key: oflpydin ImagePath: \??\C:\DOCUME~1\gza\LOCALS~1\Temp\oflpydin.sys C:\DOCUME~1\gza\LOCALS~1\Temp\oflpydin.sys [file not found to scan] ---------- Key: pcouffin ImagePath: System32\Drivers\pcouffin.sys C:\WINDOWS\System32\Drivers\pcouffin.sys 47360 bytes Created: 1/18/2009 Modified: 1/18/2009 Company: VSO Software ---------- Key: RTL8023xp ImagePath: system32\DRIVERS\Rtnicxp.sys C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys 118656 bytes Created: 2/3/2009 Modified: 12/2/2008 Company: Realtek Semiconductor Corporation ---------- Key: rtl8139 ImagePath: system32\DRIVERS\RTL8139.SYS C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [file not found to scan] ---------- Key: Secdrv ImagePath: system32\DRIVERS\secdrv.sys C:\WINDOWS\system32\DRIVERS\secdrv.sys 27440 bytes Created: 8/5/2004 Modified: 8/5/2004 Company: [no info] ---------- Key: sptd ImagePath: System32\Drivers\sptd.sys - this file is globally excluded ---------- Key: SSHDRV65 ImagePath: \??\C:\WINDOWS\system32\drivers\SSHDRV65.sys C:\WINDOWS\system32\drivers\SSHDRV65.sys 120320 bytes Created: 10/29/2009 Modified: 10/29/2009 Company: [no info] ---------- Key: StarWindServiceAE ImagePath: C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe 275968 bytes Created: 5/29/2007 Modified: 5/29/2007 Company: Rocket Division Software ---------- Key: SwPrv ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{4776326A-8BDE-4915-AF7B-09278F91BBA7} C:\WINDOWS\system32\dllhost.exe 5120 bytes Created: 8/5/2004 Modified: 8/5/2004 Company: Microsoft Corporation ---------- Key: tbhsd ImagePath: system32\drivers\tbhsd.sys C:\WINDOWS\system32\drivers\tbhsd.sys 26784 bytes Created: 12/30/2008 Modified: 12/11/2007 Company: RapidSolution Software AG ---------- Key: usnjsvc ImagePath: "C:\Program Files\Windows Live\Messenger\usnsvc.exe" C:\Program Files\Windows Live\Messenger\usnsvc.exe 98328 bytes Created: 10/18/2007 Modified: 10/18/2007 Company: Microsoft Corporation ---------- Key: viaagp ImagePath: system32\DRIVERS\viaagp.sys C:\WINDOWS\system32\DRIVERS\viaagp.sys 42240 bytes Created: 12/27/2008 Modified: 8/3/2004 Company: Microsoft Corporation ---------- Key: Viewpoint Manager Service ImagePath: "C:\Program Files\Viewpoint\Common\ViewpointService.exe" C:\Program Files\Viewpoint\Common\ViewpointService.exe 24652 bytes Created: 2/13/2009 Modified: 1/5/2007 Company: Viewpoint Corporation ---------- Key: winachsf ImagePath: system32\DRIVERS\HSFCXTS2.sys C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys 685056 bytes Created: 12/27/2008 Modified: 8/4/2004 Company: Conexant Systems, Inc. ---------- Key: WLSetupSvc ImagePath: "C:\Program Files\Windows Live\installer\WLSetupSvc.exe" C:\Program Files\Windows Live\installer\WLSetupSvc.exe 266240 bytes Created: 10/25/2007 Modified: 10/25/2007 Company: Microsoft Corporation ---------- ************************************************** ********** 9:19:58 PM: Scanning -----VXD ENTRIES----- ************************************************** ********** 9:19:58 PM: Scanning ----- WINLOGON\NOTIFY DLLS ----- ************************************************** ********** 9:19:58 PM: Scanning ----- CONTEXTMENUHANDLERS ----- Key: 7-Zip CLSID: {23170F69-40C1-278A-1000-000100020000} Path: C:\Program Files\7-Zip\7-zip.dll C:\Program Files\7-Zip\7-zip.dll 69632 bytes Created: 12/6/2007 Modified: 12/6/2007 Company: Igor Pavlov ---------- Key: avast CLSID: {472083B0-C522-11CF-8763-00608CC02F24} Path: C:\Program Files\Alwil Software\Avast4\ashShell.dll C:\Program Files\Alwil Software\Avast4\ashShell.dll 76880 bytes Created: 12/26/2008 Modified: 2/6/2009 Company: ALWIL Software ---------- Key: Cover Designer CLSID: {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} Path: C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll 2102568 bytes Created: 8/4/2007 Modified: 8/4/2007 Company: Nero AG ---------- Key: PowerISO CLSID: {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} Path: C:\Program Files\PowerISO\PWRISOSH.DLL C:\Program Files\PowerISO\PWRISOSH.DLL 204800 bytes Created: 8/7/2007 Modified: 8/7/2007 Company: PowerISO Computing, Inc. ---------- Key: {100BD527-7304-4b7f-BEE2-26D97B04EBA4} Path: C:\Program Files\Nero\Nero8\Nero BackItUp\NBShell.dll C:\Program Files\Nero\Nero8\Nero BackItUp\NBShell.dll 255272 bytes Created: 8/8/2007 Modified: 8/8/2007 Company: Nero AG ---------- Key: {C539A15A-3AF9-4c92-B771-50CB78F5C751} CLSID: {C539A15A-3AF9-4c92-B771-50CB78F5C751} File: [CLSID does not appear to reference a file] ---------- ************************************************** ********** 9:19:58 PM: Scanning ----- FOLDER\COLUMNHANDLERS ----- Key: {7D4D6379-F301-4311-BEBA-E26EB0561882} File: C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll 1803560 bytes Created: 8/8/2007 Modified: 8/8/2007 Company: Nero AG ---------- Key: {FED7043D-346A-414D-ACD7-550D052499A7} File: [CLSID does not appear to reference a file] ************************************************** ********** 9:19:59 PM: Scanning ----- BROWSER HELPER OBJECTS ----- Key: {02478D38-C3F9-4EFB-9B51-7695ECA05670} BHO: C:\Program Files\ Yahoo! \Companion\Installs\cpn1\yt.dll C:\Program Files\ Yahoo! \Companion\Installs\cpn1\yt.dll 878352 bytes Created: 11/21/2007 Modified: 11/21/2007 Company: Yahoo! Inc. ---------- Key: {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} BHO: C:\Program Files\Winamp Toolbar\winamptb.dll C:\Program Files\Winamp Toolbar\winamptb.dll 1266992 bytes Created: 7/17/2008 Modified: 7/17/2008 Company: AOL LLC. ---------- Key: {3049C3E9-B461-4BC5-8870-4C09146192CA} BHO: C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll 308856 bytes Created: 1/2/2009 Modified: 1/2/2009 Company: RealPlayer ---------- Key: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} BHO: C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll - file already scanned Key: {9030D464-4C02-4ABF-8ECC-5164760863C6} BHO: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll 328752 bytes Created: 9/20/2007 Modified: 9/20/2007 Company: Microsoft Corporation ---------- Key: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} BHO: C:\Program Files\Windows Live Toolbar\msntb.dll C:\Program Files\Windows Live Toolbar\msntb.dll 546320 bytes Created: 10/19/2007 Modified: 10/19/2007 Company: Microsoft Corporation ---------- Key: {DBC80044-A445-435b-BC74-9C25C1C588A9} BHO: C:\Program Files\Java\jre6\bin\jp2ssv.dll C:\Program Files\Java\jre6\bin\jp2ssv.dll 35840 bytes Created: 12/26/2008 Modified: 2/7/2009 Company: Sun Microsystems, Inc. ---------- Key: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} BHO: C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll 73728 bytes Created: 12/26/2008 Modified: 2/7/2009 Company: Sun Microsystems, Inc. ---------- ************************************************** ********** 9:19:59 PM: Scanning ----- SHELLSERVICEOBJECTS ----- ************************************************** ********** 9:20:00 PM: Scanning ----- SHAREDTASKSCHEDULER ENTRIES ----- ************************************************** ********** 9:20:00 PM: Scanning ----- IMAGEFILE DEBUGGERS ----- No "Debugger" entries found. ************************************************** ********** 9:20:00 PM: Scanning ----- APPINIT_DLLS ----- AppInitDLLs entry = [C:\WINDOWS\system32\guard32.dll] File: C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\guard32.dll 147192 bytes Created: 12/26/2008 Modified: 12/27/2008 Company: COMODO ---------- ************************************************** ********** 9:20:00 PM: Scanning ----- SECURITY PROVIDER DLLS ----- ************************************************** ********** 9:20:00 PM: Scanning ------ COMMON STARTUP GROUP ------ [C:\Documents and Settings\All Users\Start Menu\Programs\Startup] The Common Startup Group attempts to load the following file(s) at boot time: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini -HS- 84 bytes Created: 12/27/2008 Modified: 11/10/2009 Company: [no info] -------------------- ************************************************** ********** 9:20:00 PM: Scanning ------ USER STARTUP GROUPS ------ -------------------- Checking Startup Group for: Administrator [C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP] The Startup Group for Administrator attempts to load the following file(s): C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP\desktop.ini -HS- 84 bytes Created: 12/27/2008 Modified: 12/26/2008 Company: [no info] ---------- -------------------- Checking Startup Group for: gza [C:\Documents and Settings\gza\START MENU\PROGRAMS\STARTUP] The Startup Group for gza attempts to load the following file(s): C:\Documents and Settings\gza\START MENU\PROGRAMS\STARTUP\desktop.ini -HS- 84 bytes Created: 12/26/2008 Modified: 12/26/2008 Company: [no info] ---------- C:\Documents and Settings\gza\Application Data\Leadertech\PowerRegister\Seagate Product Registration.exe 1731736 bytes Created: 9/17/2009 Modified: 1/16/2009 Company: Leader Technologies/Seagate Seagate Product Registration.lnk - links to C:\Documents and Settings\gza\Application Data\Leadertech\PowerRegister\Seagate Product Registration.exe ---------- ************************************************** ********** 9:20:00 PM: Scanning ----- SCHEDULED TASKS ----- Taskname: Check Updates for Windows Live Toolbar.job File: C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE 99856 bytes Created: 10/19/2007 Modified: 10/19/2007 Company: Microsoft Corporation Parameters: [blank] Next Run Time: 11/11/2009 9:46:00 PM Status: The task is ready to run at its next scheduled time Creator: gza Comments: [blank] ---------- Taskname: Driver Robot.job File: C:\Program Files\Driver Robot\1.0.9.12\DriverRobot.exe C:\Program Files\Driver Robot\1.0.9.12\DriverRobot.exe 75232 bytes Created: 8/18/2009 Modified: 8/16/2009 Company: Parameters: --scan --stack=from-scheduler Next Run Time: 11/15/2009 2:08:00 AM Status: The task is ready to run at its next scheduled time Creator: BLITWARE Comments: Runs a Driver Robot scan to check for critical driver updates. ---------- ************************************************** ********** 9:20:00 PM: Scanning ----- SHELLICONOVERLAYIDENTIFIERS ----- ************************************************** ********** 9:20:01 PM: ----- ADDITIONAL CHECKS ----- PE386 rootkit checks completed ---------- Winlogon registry rootkit checks completed ---------- Heuristic checks for hidden files/drivers completed ---------- Layered Service Provider entries checks completed ---------- Windows Explorer Policies checks completed ---------- Desktop Wallpaper entry is blank ---------- Web Desktop Wallpaper entry is blank ---------- DNS Server information: Rogue DNS NameServers: Interface: Realtek RTL8139/810x Family Fast Ethernet NIC NameServers: 202.37.101.1 Checks for rogue DNS NameServers completed ---------- Additional checks completed ************************************************** ********** 9:20:01 PM: Scanning ----- RUNNING PROCESSES ----- C:\WINDOWS\System32\smss.exe -------------------- C:\WINDOWS\system32\csrss.exe -------------------- C:\WINDOWS\system32\winlogon.exe -------------------- C:\WINDOWS\system32\services.exe -------------------- C:\WINDOWS\system32\lsass.exe -------------------- C:\WINDOWS\system32\Ati2evxx.exe -------------------- C:\WINDOWS\system32\svchost.exe -------------------- C:\WINDOWS\system32\svchost.exe - file already scanned -------------------- C:\WINDOWS\System32\svchost.exe - file already scanned -------------------- C:\WINDOWS\system32\svchost.exe - file already scanned -------------------- C:\WINDOWS\system32\svchost.exe - file already scanned -------------------- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe - file already scanned -------------------- C:\Program Files\Alwil Software\Avast4\ashServ.exe - file already scanned -------------------- C:\WINDOWS\system32\spoolsv.exe -------------------- C:\Program Files\COMODO\Firewall\cmdagent.exe - file already scanned -------------------- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe - file already scanned -------------------- C:\WINDOWS\system32\svchost.exe - file already scanned -------------------- C:\WINDOWS\System32\alg.exe -------------------- C:\WINDOWS\system32\Ati2evxx.exe -------------------- C:\WINDOWS\Explorer.EXE - file already scanned -------------------- C:\WINDOWS\system32\wscntfy.exe -------------------- C:\WINDOWS\system32\wbem\wmiprvse.exe -------------------- C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe - file already scanned -------------------- C:\Program Files\Hard Drive Inspector\HDInspector.exe - file already scanned -------------------- C:\Program Files\COMODO\Firewall\cfp.exe - file already scanned -------------------- C:\Program Files\Java\jre6\bin\jusched.exe - file already scanned -------------------- C:\Program Files\Winamp\winampa.exe - file already scanned -------------------- C:\Program Files\PowerISO\PWRISOVM.EXE - file already scanned -------------------- C:\WINDOWS\SOUNDMAN.EXE - file already scanned -------------------- C:\WINDOWS\system32\ctfmon.exe - file already scanned -------------------- C:\WINDOWS\system32\wuauclt.exe -------------------- C:\Documents and Settings\gza\Application Data\Simply Super Software\Trojan Remover\ihd3.exe FileSize: 2921336 [This is a Trojan Remover component] -------------------- ************************************************** ********** 9:20:05 PM: Checking AUTOEXEC.BAT file AUTOEXEC.BAT found in C:\ No malicious entries were found in the AUTOEXEC.BAT file ************************************************** ********** 9:20:05 PM: Checking AUTOEXEC.NT file AUTOEXEC.NT found in C:\WINDOWS\system32 No malicious entries were found in the AUTOEXEC.NT file ************************************************** ********** 9:20:05 PM: Checking HOSTS file No malicious entries were found in the HOSTS file ************************************************** ********** ------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------ HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page": www.microsoft.com HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page": %SystemRoot%\system32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page": www.microsoft.com HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL": www.microsoft.com HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL": www.microsoft.com HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch": ie.search.msn.com HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant": ie.search.msn.com HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page": http://www.google.com/ HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page": www.microsoft.com HKCU\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch": ie.search.msn.com HKCU\Software\Microsoft\Internet Explorer\Search\"SearchAssistant": ie.search.msn.com ************************************************** ********** === NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES === Scan completed at: 9:20:05 PM 11 Nov 2009 Total Scan time: 00:00:17 ************************************************** ********** ***** NORMAL SCAN FOR ACTIVE MALWARE ***** Trojan Remover Ver 6.7.5.2560. For information, email support@simplysup1.com [Registered to: Black Riders] Scan started at: 9:12:53 PM 11 Nov 2009 Using Database v7251 Operating System: Windows XP SP2 [Windows XP Professional Service Pack 2 (Build 2600)] File System: NTFS Data directory: C:\Documents and Settings\gza\Application Data\Simply Super Software\Trojan Remover\ Database directory: C:\Program Files\Trojan Remover\ Logfile directory: C:\Documents and Settings\gza\My Documents\Simply Super Software\Trojan Remover Logfiles\ Program directory: C:\Program Files\Trojan Remover\ Running with Administrator privileges ************************************************** ********** The following Anti-Malware program(s) are loaded: Avast! Antivirus ************************************************** ********** ************************************************** ********** 9:12:54 PM: Scanning ----------WIN.INI----------- WIN.INI found in C:\WINDOWS ************************************************** ********** 9:12:54 PM: Scanning --------SYSTEM.INI--------- SYSTEM.INI found in C:\WINDOWS ************************************************** ********** 9:12:54 PM: ----- SCANNING FOR ROOTKIT SERVICES ----- No hidden Services were detected. ************************************************** ********** 9:12:54 PM: Scanning -----WINDOWS REGISTRY----- -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon This key's "Shell" value calls the following program(s): File: Explorer.exe C:\WINDOWS\Explorer.exe 1032192 bytes Created: 8/5/2004 Modified: 8/5/2004 Company: Microsoft Corporation ---------- This key's "Userinit" value calls the following program(s): File: C:\WINDOWS\system32\userinit.exe C:\WINDOWS\system32\userinit.exe 24576 bytes Created: 8/5/2004 Modified: 8/5/2004 Company: Microsoft Corporation ---------- This key's "System" value appears to be blank ---------- This key's "UIHost" value calls the following program: File: logonui.exe C:\WINDOWS\system32\logonui.exe 514560 bytes Created: 8/5/2004 Modified: 8/5/2004 Company: Microsoft Corporation ---------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Value Name: load -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Value Name: avast! Value Data: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 81000 bytes Created: 12/26/2008 Modified: 2/6/2009 Company: ALWIL Software -------------------- Value Name: HDInspector.exe Value Data: C:\Program Files\Hard Drive Inspector\HDInspector.exe C:\Program Files\Hard Drive Inspector\HDInspector.exe 1008392 bytes Created: 2/12/2008 Modified: 12/28/2008 Company: Altrixsoft -------------------- Value Name: COMODO Firewall Pro Value Data: "C:\Program Files\COMODO\Firewall\cfp.exe" -h C:\Program Files\COMODO\Firewall\cfp.exe 1797880 bytes Created: 12/26/2008 Modified: 12/27/2008 Company: COMODO -------------------- Value Name: COMODO Internet Security Value Data: "C:\Program Files\COMODO\Firewall\cfp.exe" -h C:\Program Files\COMODO\Firewall\cfp.exe 1797880 bytes Created: 12/26/2008 Modified: 12/27/2008 Company: COMODO -------------------- Value Name: QuickTime Task Value Data: "C:\Program Files\QuickTime\qttask.exe" -atboottime C:\Program Files\QuickTime\qttask.exe 286720 bytes Created: 6/29/2007 Modified: 6/29/2007 Company: Apple Inc. -------------------- Value Name: SunJavaUpdateSched Value Data: "C:\Program Files\Java\jre6\bin\jusched.exe" C:\Program Files\Java\jre6\bin\jusched.exe 148888 bytes Created: 12/26/2008 Modified: 2/7/2009 Company: Sun Microsystems, Inc. -------------------- Value Name: WinampAgent Value Data: "C:\Program Files\Winamp\winampa.exe" C:\Program Files\Winamp\winampa.exe 36352 bytes Created: 8/4/2008 Modified: 8/4/2008 Company: [no info] -------------------- Value Name: TrojanScanner Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot C:\Program Files\Trojan Remover\Trjscan.exe 1231752 bytes Created: 11/9/2009 Modified: 1/1/2009 Company: Simply Super Software -------------------- Value Name: PWRISOVM.EXE Value Data: C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\PowerISO\PWRISOVM.EXE 200704 bytes Created: 8/7/2007 Modified: 8/7/2007 Company: PowerISO Computing, Inc. -------------------- Value Name: SoundMan Value Data: SOUNDMAN.EXE C:\WINDOWS\SOUNDMAN.EXE 577536 bytes Created: 2/3/2009 Modified: 4/16/2007 Company: Realtek Semiconductor Corp. -------------------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Once This Registry Key appears to be empty -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run OnceEx This Registry Key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Value Name: ctfmon.exe Value Data: C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\ctfmon.exe 15360 bytes Created: 8/5/2004 Modified: 8/5/2004 Company: Microsoft Corporation -------------------- Value Name: AlcoholAutomount Value Data: "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe 203928 bytes Created: 2/24/2009 Modified: 2/24/2009 Company: Alcohol Soft Development Team -------------------- -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Once This Registry Key appears to be empty ************************************************** ********** 9:12:56 PM: Scanning -----SHELLEXECUTEHOOKS----- ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972} File: shell32.dll - this file is expected and has been left in place ---------- ************************************************** ********** 9:12:56 PM: Scanning -----HIDDEN REGISTRY ENTRIES----- Taskdir check completed ---------- No Hidden File-loading Registry Entries found ---------- ************************************************** ********** 9:12:57 PM: Scanning -----ACTIVE SCREENSAVER----- ScreenSaver: C:\WINDOWS\system32\ssflwbox.scr C:\WINDOWS\system32\ssflwbox.scr 393216 bytes Created: 8/5/2004 Modified: 8/5/2004 Company: Microsoft Corporation -------------------- ************************************************** ********** 9:12:57 PM: Scanning ----- REGISTRY ACTIVE SETUP KEYS ----- Key: {621FCD24-4498-4324-A81E-07D331376EDF} Path: C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe 7680 bytes Created: 9/19/2007 Modified: 9/19/2007 Company: [no info] ---------- ************************************************** ********** 9:12:57 PM: Scanning ----- SERVICEDLL REGISTRY KEYS ----- ************************************************** ********** 9:12:58 PM: Scanning ----- SERVICES REGISTRY KEYS ----- Key: AmdK7 ImagePath: system32\DRIVERS\amdk7.sys C:\WINDOWS\system32\DRIVERS\amdk7.sys 37376 bytes Created: 8/4/2004 Modified: 8/5/2004 Company: Microsoft Corporation ---------- Key: aswFsBlk ImagePath: system32\DRIVERS\aswFsBlk.sys C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys 20560 bytes Created: 12/26/2008 Modified: 2/6/2009 Company: ALWIL Software ---------- Key: aswUpdSv ImagePath: "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 18752 bytes Created: 12/26/2008 Modified: 2/6/2009 Company: ALWIL Software ---------- Key: ATI Smart ImagePath: C:\WINDOWS\system32\ati2sgag.exe C:\WINDOWS\system32\ati2sgag.exe 520192 bytes Created: 12/27/2008 Modified: 5/3/2006 Company: ---------- Key: avast! Antivirus ImagePath: "C:\Program Files\Alwil Software\Avast4\ashServ.exe" C:\Program Files\Alwil Software\Avast4\ashServ.exe 138680 bytes Created: 12/26/2008 Modified: 2/6/2009 Company: ALWIL Software ---------- Key: avast! Mail Scanner ImagePath: "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 254040 bytes Created: 12/26/2008 Modified: 2/6/2009 Company: ALWIL Software ---------- Key: avast! Web Scanner ImagePath: "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 352920 bytes Created: 12/26/2008 Modified: 2/6/2009 Company: ALWIL Software ---------- Key: bgsvcgen ImagePath: "C:\WINDOWS\system32\bgsvcgen.exe" C:\WINDOWS\system32\bgsvcgen.exe 145504 bytes Created: 2/12/2009 Modified: 2/12/2009 Company: B.H.A Corporation ---------- Key: Bonjour Service ImagePath: "C:\Program Files\Bonjour\mDNSResponder.exe" C:\Program Files\Bonjour\mDNSResponder.exe 229376 bytes Created: 2/28/2006 Modified: 2/28/2006 Company: Apple Computer, Inc. ---------- Key: cmdAgent ImagePath: "C:\Program Files\COMODO\Firewall\cmdagent.exe" C:\Program Files\COMODO\Firewall\cmdagent.exe 618232 bytes Created: 12/26/2008 Modified: 12/27/2008 Company: COMODO ---------- Key: cmdGuard ImagePath: System32\DRIVERS\cmdguard.sys C:\WINDOWS\System32\DRIVERS\cmdguard.sys 101776 bytes Created: 12/26/2008 Modified: 12/27/2008 Company: COMODO ---------- Key: cmdHlp ImagePath: System32\DRIVERS\cmdhlp.sys C:\WINDOWS\System32\DRIVERS\cmdhlp.sys 31504 bytes Created: 12/26/2008 Modified: 12/27/2008 Company: COMODO ---------- Key: ElbyCDFL ImagePath: System32\Drivers\ElbyCDFL.sys C:\WINDOWS\System32\Drivers\ElbyCDFL.sys 34760 bytes Created: 12/27/2006 Modified: 12/27/2006 Company: SlySoft, Inc. ---------- Key: ElbyCDIO ImagePath: System32\Drivers\ElbyCDIO.sys C:\WINDOWS\System32\Drivers\ElbyCDIO.sys 25160 bytes Created: 8/8/2007 Modified: 8/8/2007 Company: Elaborate Bytes AG ---------- Key: ElbyDelay ImagePath: System32\Drivers\ElbyDelay.sys C:\WINDOWS\System32\Drivers\ElbyDelay.sys 11984 bytes Created: 2/16/2007 Modified: 2/16/2007 Company: Elaborate Bytes AG ---------- Key: epmntdrv ImagePath: \??\C:\WINDOWS\system32\epmntdrv.sys C:\WINDOWS\system32\epmntdrv.sys 8704 bytes Created: 10/2/2009 Modified: 4/22/2009 Company: [no info] ---------- Key: EuGdiDrv ImagePath: \??\C:\WINDOWS\system32\EuGdiDrv.sys C:\WINDOWS\system32\EuGdiDrv.sys 3072 bytes Created: 10/2/2009 Modified: 4/22/2009 Company: [no info] ---------- Key: FLEXnet Licensing Service ImagePath: "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 654848 bytes Created: 2/15/2009 Modified: 2/15/2009 Company: Macrovision Europe Ltd. ---------- Key: HDDSvc ImagePath: C:\WINDOWS\system32\HDDSvc.exe C:\WINDOWS\system32\HDDSvc.exe 189704 bytes Created: 2/12/2008 Modified: 2/12/2008 Company: AltrixSoft (http://www.altrixsoft.com/) ---------- Key: HSFHWBS2 ImagePath: system32\DRIVERS\HSFBS2S2.sys C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys 220032 bytes Created: 12/27/2008 Modified: 8/4/2004 Company: Conexant Systems, Inc. ---------- Key: HSF_DP ImagePath: system32\DRIVERS\HSFDPSP2.sys C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys 1041536 bytes Created: 12/27/2008 Modified: 8/4/2004 Company: Conexant Systems, Inc. ---------- Key: IDriverT ImagePath: "C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe" C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe 69632 bytes Created: 11/14/2005 Modified: 11/14/2005 Company: Macrovision Corporation ---------- Key: imagedrv ImagePath: System32\Drivers\imagedrv.sys C:\WINDOWS\System32\Drivers\imagedrv.sys 11304 bytes Created: 8/8/2007 Modified: 8/8/2007 Company: Ahead Software AG ---------- Key: imagesrv ImagePath: system32\DRIVERS\imagesrv.sys C:\WINDOWS\system32\DRIVERS\imagesrv.sys 132904 bytes Created: 8/8/2007 Modified: 8/8/2007 Company: Ahead Software AG ---------- Key: Inspect ImagePath: System32\DRIVERS\inspect.sys C:\WINDOWS\System32\DRIVERS\inspect.sys 79504 bytes Created: 12/26/2008 Modified: 12/27/2008 Company: COMODO ---------- Key: JavaQuickStarterService ImagePath: "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" C:\Program Files\Java\jre6\bin\jqs.exe 152984 bytes Created: 12/26/2008 Modified: 2/7/2009 Company: Sun Microsystems, Inc. ---------- Key: MySQL ImagePath: "C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld" --defaults-file="C:\Program Files\MySQL\MySQL Server 5.1\my.ini" MySQL C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe 6447744 bytes Created: 11/15/2008 Modified: 11/15/2008 Company: [no info] ---------- Key: Nero BackItUp Scheduler 3 ImagePath: C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe 836904 bytes Created: 8/8/2007 Modified: 8/8/2007 Company: Nero AG ---------- Key: NMIndexingService ImagePath: "C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe" C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe 382248 bytes Created: 8/3/2007 Modified: 8/3/2007 Company: Nero AG ---------- Key: oflpydin ImagePath: \??\C:\DOCUME~1\gza\LOCALS~1\Temp\oflpydin.sys C:\DOCUME~1\gza\LOCALS~1\Temp\oflpydin.sys [file not found to scan] ---------- Key: pcouffin ImagePath: System32\Drivers\pcouffin.sys C:\WINDOWS\System32\Drivers\pcouffin.sys 47360 bytes Created: 1/18/2009 Modified: 1/18/2009 Company: VSO Software ---------- Key: RTL8023xp ImagePath: system32\DRIVERS\Rtnicxp.sys C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys 118656 bytes Created: 2/3/2009 Modified: 12/2/2008 Company: Realtek Semiconductor Corporation ---------- Key: rtl8139 ImagePath: system32\DRIVERS\RTL8139.SYS C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [file not found to scan] ---------- Key: Secdrv ImagePath: system32\DRIVERS\secdrv.sys C:\WINDOWS\system32\DRIVERS\secdrv.sys 27440 bytes Created: 8/5/2004 Modified: 8/5/2004 Company: [no info] ---------- Key: sptd ImagePath: System32\Drivers\sptd.sys - this file is globally excluded ---------- Key: SSHDRV65 ImagePath: \??\C:\WINDOWS\system32\drivers\SSHDRV65.sys C:\WINDOWS\system32\drivers\SSHDRV65.sys 120320 bytes Created: 10/29/2009 Modified: 10/29/2009 Company: [no info] ---------- Key: StarWindServiceAE ImagePath: C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe 275968 bytes Created: 5/29/2007 Modified: 5/29/2007 Company: Rocket Division Software ---------- Key: SwPrv ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{4776326A-8BDE-4915-AF7B-09278F91BBA7} C:\WINDOWS\system32\dllhost.exe 5120 bytes Created: 8/5/2004 Modified: 8/5/2004 Company: Microsoft Corporation ---------- Key: tbhsd ImagePath: system32\drivers\tbhsd.sys C:\WINDOWS\system32\drivers\tbhsd.sys 26784 bytes Created: 12/30/2008 Modified: 12/11/2007 Company: RapidSolution Software AG ---------- Key: usnjsvc ImagePath: "C:\Program Files\Windows Live\Messenger\usnsvc.exe" C:\Program Files\Windows Live\Messenger\usnsvc.exe 98328 bytes Created: 10/18/2007 Modified: 10/18/2007 Company: Microsoft Corporation ---------- Key: viaagp ImagePath: system32\DRIVERS\viaagp.sys C:\WINDOWS\system32\DRIVERS\viaagp.sys 42240 bytes Created: 12/27/2008 Modified: 8/3/2004 Company: Microsoft Corporation ---------- Key: Viewpoint Manager Service ImagePath: "C:\Program Files\Viewpoint\Common\ViewpointService.exe" C:\Program Files\Viewpoint\Common\ViewpointService.exe 24652 bytes Created: 2/13/2009 Modified: 1/5/2007 Company: Viewpoint Corporation ---------- Key: winachsf ImagePath: system32\DRIVERS\HSFCXTS2.sys C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys 685056 bytes Created: 12/27/2008 Modified: 8/4/2004 Company: Conexant Systems, Inc. ---------- Key: WLSetupSvc ImagePath: "C:\Program Files\Windows Live\installer\WLSetupSvc.exe" C:\Program Files\Windows Live\installer\WLSetupSvc.exe 266240 bytes Created: 10/25/2007 Modified: 10/25/2007 Company: Microsoft Corporation ---------- ************************************************** ********** 9:13:04 PM: Scanning -----VXD ENTRIES----- ************************************************** ********** 9:13:04 PM: Scanning ----- WINLOGON\NOTIFY DLLS ----- ************************************************** ********** 9:13:04 PM: Scanning ----- CONTEXTMENUHANDLERS ----- Key: 7-Zip CLSID: {23170F69-40C1-278A-1000-000100020000} Path: C:\Program Files\7-Zip\7-zip.dll C:\Program Files\7-Zip\7-zip.dll 69632 bytes Created: 12/6/2007 Modified: 12/6/2007 Company: Igor Pavlov ---------- Key: avast CLSID: {472083B0-C522-11CF-8763-00608CC02F24} Path: C:\Program Files\Alwil Software\Avast4\ashShell.dll C:\Program Files\Alwil Software\Avast4\ashShell.dll 76880 bytes Created: 12/26/2008 Modified: 2/6/2009 Company: ALWIL Software ---------- Key: Cover Designer CLSID: {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} Path: C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll 2102568 bytes Created: 8/4/2007 Modified: 8/4/2007 Company: Nero AG ---------- Key: PowerISO CLSID: {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} Path: C:\Program Files\PowerISO\PWRISOSH.DLL C:\Program Files\PowerISO\PWRISOSH.DLL 204800 bytes Created: 8/7/2007 Modified: 8/7/2007 Company: PowerISO Computing, Inc. ---------- Key: {100BD527-7304-4b7f-BEE2-26D97B04EBA4} Path: C:\Program Files\Nero\Nero8\Nero BackItUp\NBShell.dll C:\Program Files\Nero\Nero8\Nero BackItUp\NBShell.dll 255272 bytes Created: 8/8/2007 Modified: 8/8/2007 Company: Nero AG ---------- Key: {C539A15A-3AF9-4c92-B771-50CB78F5C751} CLSID: {C539A15A-3AF9-4c92-B771-50CB78F5C751} File: [CLSID does not appear to reference a file] ---------- ************************************************** ********** 9:13:05 PM: Scanning ----- FOLDER\COLUMNHANDLERS ----- Key: {7D4D6379-F301-4311-BEBA-E26EB0561882} File: C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll 1803560 bytes Created: 8/8/2007 Modified: 8/8/2007 Company: Nero AG ---------- Key: {FED7043D-346A-414D-ACD7-550D052499A7} File: [CLSID does not appear to reference a file] ************************************************** ********** 9:13:05 PM: Scanning ----- BROWSER HELPER OBJECTS ----- Key: {02478D38-C3F9-4EFB-9B51-7695ECA05670} BHO: C:\Program Files\ Yahoo! \Companion\Installs\cpn1\yt.dll C:\Program Files\ Yahoo! \Companion\Installs\cpn1\yt.dll 878352 bytes Created: 11/21/2007 Modified: 11/21/2007 Company: Yahoo! Inc. ---------- Key: {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} BHO: C:\Program Files\Winamp Toolbar\winamptb.dll C:\Program Files\Winamp Toolbar\winamptb.dll 1266992 bytes Created: 7/17/2008 Modified: 7/17/2008 Company: AOL LLC. ---------- Key: {3049C3E9-B461-4BC5-8870-4C09146192CA} BHO: C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll 308856 bytes Created: 1/2/2009 Modified: 1/2/2009 Company: RealPlayer ---------- Key: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} BHO: C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll - file already scanned Key: {9030D464-4C02-4ABF-8ECC-5164760863C6} BHO: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll 328752 bytes Created: 9/20/2007 Modified: 9/20/2007 Company: Microsoft Corporation ---------- Key: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} BHO: C:\Program Files\Windows Live Toolbar\msntb.dll C:\Program Files\Windows Live Toolbar\msntb.dll 546320 bytes Created: 10/19/2007 Modified: 10/19/200 |
gza (13233) | ||
| 828733 | 2009-11-14 08:58:00 | You dont need trojan remover, quicktime, java, winamp agent, or soundman in startup. I would be careful with programs like alcohol (using too many of them, as virtual disks), and having them start on bootup. They have a tendency to crash systems (that SPTD belongs to alcohol). Be careful WHAT codecs / codec packs you install. Some contain trojans Is this still on the system C:\WINDOWS\system32\epmntdrv.sys ?? It looks like it belongs to a trojan. Easeus partition master isnt installed is it? I would boot into safe mode / networking, and MAKE SURE TR, and malwarebytes (do a full scan, NOT a quick scan), are up to date before you do another scan. Also select all options under utilities in TR. Use ccleaner run it so it can remove the temp files etc |
Speedy Gonzales (78) | ||
| 1 2 3 | |||||