| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 97048 | 2009-02-02 08:08:00 | Crapware | Blam (54) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 744341 | 2009-02-03 00:38:00 | Great idea-I forgot about that! Never knew it cleaned toshiba crapware too... Thanks Blam |
Blam (54) | ||
| 744342 | 2009-02-03 04:40:00 | Somethings some how gone wrong-and now I can't lauch firefox... Tried system restore, but didn't work. Avast! keeps popping up about an infected files with trojans... I tried scanning with trojan remover but it said that userinit.exe was infected but it could not find something to restore it to...I have posted a log: ***** NORMAL SCAN FOR ACTIVE MALWARE ***** Trojan Remover Ver 6.7.5.2562. For information, email support@simplysup1.com [Unregistered version] Scan started at: 5:27:13 p.m. 03 Feb 2009 Using Database v7278 Operating System: Windows Vista Business File System: NTFS User Account Control is DISABLED. UserData directory: C:\Users\12189\AppData\Roaming\Simply Super Software\Trojan Remover\ Database directory: C:\Program Files\Trojan Remover\ Logfile directory: D:\Documents\Simply Super Software\Trojan Remover Logfiles\ Program directory: C:\Program Files\Trojan Remover\ Running with Administrator privileges ************************************************** ********** The following Anti-Malware program(s) are loaded: [AV Warnings are suppressed] Avast! Antivirus ************************************************** ********** ************************************************** ********** 5:27:13 p.m.: Scanning ----------WIN.INI----------- WIN.INI found in C:\Windows ************************************************** ********** 5:27:13 p.m.: Scanning --------SYSTEM.INI--------- SYSTEM.INI found in C:\Windows ************************************************** ********** 5:27:14 p.m.: ----- SCANNING FOR ROOTKIT SERVICES ----- No hidden Services were detected. ************************************************** ********** 5:27:17 p.m.: Scanning -----WINDOWS REGISTRY----- -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon This key's "Shell" value calls the following program(s): Key value: [explorer.exe] File: explorer.exe C:\Windows\explorer.exe 2923520 bytes Created: 22/11/2007 10:39 a.m. Modified: 22/11/2007 10:39 a.m. Company: Microsoft Corporation ---------- [B]This key's "Userinit" value calls the following program(s): Key value: [C:\Windows\system32\userinit.exe,] File: C:\Windows\system32\userinit.exe C:\Windows\system32\userinit.exe 24576 bytes Created: 2/11/2006 9:43 p.m. Modified: 2/11/2006 10:45 p.m. Company: Microsoft Corporation C:\Windows\system32\userinit.exe - this userinit.exe file is either the wrong size, or has missing/incorrect version information C:\Windows\system32\userinit.exe - cannot restore a good copy of this file ---------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Value Name: load -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Value Name: Apoint Value Data: C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Apoint2K\Apoint.exe 200704 bytes Created: 21/12/2006 6:00 a.m. Modified: 11/09/2006 8:21 p.m. Company: Alps Electric Co., Ltd. -------------------- Value Name: ThpSrv Value Data: C:\Windows\system32\thpsrv /logon C:\Windows\system32\thpsrv.exe 531264 bytes Created: 25/11/2006 11:05 p.m. Modified: 25/11/2006 11:05 p.m. Company: TOSHIBA Corporation -------------------- Value Name: PSQLLauncher Value Data: "C:\Program Files\Protector Suite QL\launcher.exe" /startup C:\Program Files\Protector Suite QL\launcher.exe 49168 bytes Created: 4/12/2006 1:29 p.m. Modified: 4/12/2006 1:29 p.m. Company: UPEK Inc. -------------------- Value Name: TPwrMain Value Data: %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE 411192 bytes Created: 29/03/2007 10:39 a.m. Modified: 29/03/2007 10:39 a.m. Company: TOSHIBA Corporation -------------------- Value Name: SmoothView Value Data: %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe C:\Program Files\Toshiba\SmoothView\SmoothView.exe 448080 bytes Created: 15/06/2007 9:01 p.m. Modified: 15/06/2007 9:01 p.m. Company: TOSHIBA Corporation -------------------- Value Name: WsUiMgr Value Data: C:\Program Files\PMM\WsUIMgr.exe C:\Program Files\PMM\WsUIMgr.exe 25088 bytes Created: 8/05/2007 8:18 p.m. Modified: 8/05/2007 8:18 p.m. Company: Websense -------------------- Value Name: avast! Value Data: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 81000 bytes Created: 1/02/2009 10:15 p.m. Modified: 27/11/2008 6:18 a.m. Company: ALWIL Software -------------------- Value Name: TrojanScanner Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot C:\Program Files\Trojan Remover\Trjscan.exe 1231752 bytes Created: 3/02/2009 5:19 p.m. Modified: 1/01/2009 8:43 p.m. Company: Simply Super Software -------------------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Once This Registry Key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run This Registry Key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Once This Registry Key appears to be empty ************************************************** ********** 5:28:21 p.m.: Scanning -----SHELLEXECUTEHOOKS----- ShellExecuteHooks key is empty ************************************************** ********** 5:28:21 p.m.: Scanning -----HIDDEN REGISTRY ENTRIES----- Taskdir check completed ---------- No Hidden File-loading Registry Entries found ---------- ************************************************** ********** 5:28:21 p.m.: Scanning -----ACTIVE SCREENSAVER----- ScreenSaver: C:\Windows\system32\logon.scr C:\Windows\system32\logon.scr 5714432 bytes Created: 2/11/2006 9:48 p.m. Modified: 2/11/2006 10:44 p.m. Company: Microsoft Corporation -------------------- ************************************************** ********** 5:28:21 p.m.: Scanning ----- REGISTRY ACTIVE SETUP KEYS ----- Key: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} Path: RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP IEDKCS32.DLL 384000 bytes Created: 2/11/2006 9:49 p.m. Modified: 2/11/2006 10:46 p.m. Company: Microsoft Corporation ---------- Key: {89820200-ECBD-11cf-8B85-00AA005B4340} Path: regsvr32.exe /s /n /i:U shell32.dll shell32.dll 11315712 bytes Created: 15/04/2008 3:42 p.m. Modified: 15/04/2008 3:42 p.m. Company: Microsoft Corporation ---------- ************************************************** ********** 5:28:23 p.m.: Scanning ----- SERVICEDLL REGISTRY KEYS ----- ************************************************** ********** 5:28:43 p.m.: Scanning ----- SERVICES REGISTRY KEYS ----- Key: ADIHdAudAddService ImagePath: system32\drivers\ADIHdAud.sys C:\Windows\system32\drivers\ADIHdAud.sys 333312 bytes Created: 17/11/2007 3:32 p.m. Modified: 13/04/2007 2:38 p.m. Company: Analog Devices, Inc. ---------- Key: ApfiltrService ImagePath: system32\DRIVERS\Apfiltr.sys C:\Windows\system32\DRIVERS\Apfiltr.sys 140800 bytes Created: 21/12/2006 6:00 a.m. Modified: 30/08/2006 2:35 p.m. Company: Alps Electric Co., Ltd. ---------- Key: APLMp50 ImagePath: System32\Drivers\APLMp50.sys C:\Windows\System32\Drivers\APLMp50.sys 28224 bytes Created: 1/02/2007 3:07 p.m. Modified: 29/11/2006 6:46 p.m. Company: Printing Communications Assoc., Inc. (PCAUSA) ---------- Key: aswFsBlk ImagePath: system32\DRIVERS\aswFsBlk.sys C:\Windows\system32\DRIVERS\aswFsBlk.sys 20560 bytes Created: 1/02/2009 10:16 p.m. Modified: 27/11/2008 6:17 a.m. Company: ALWIL Software ---------- Key: aswMonFlt ImagePath: system32\DRIVERS\aswMonFlt.sys C:\Windows\system32\DRIVERS\aswMonFlt.sys 51792 bytes Created: 1/02/2009 10:10 p.m. Modified: 27/11/2008 6:17 a.m. Company: ALWIL Software ---------- Key: aswUpdSv ImagePath: "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 18752 bytes Created: 1/02/2009 10:15 p.m. Modified: 27/11/2008 6:12 a.m. Company: ALWIL Software ---------- Key: avast! Antivirus ImagePath: "C:\Program Files\Alwil Software\Avast4\ashServ.exe" C:\Program Files\Alwil Software\Avast4\ashServ.exe 155160 bytes Created: 1/02/2009 10:15 p.m. Modified: 27/11/2008 6:18 a.m. Company: ALWIL Software ---------- Key: avast! Mail Scanner ImagePath: "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 254040 bytes Created: 1/02/2009 10:15 p.m. Modified: 27/11/2008 6:18 a.m. Company: ALWIL Software ---------- Key: avast! Web Scanner ImagePath: "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 352920 bytes Created: 1/02/2009 10:15 p.m. Modified: 27/11/2008 6:16 a.m. Company: ALWIL Software ---------- Key: blbdrive ImagePath: \SystemRoot\system32\drivers\blbdrive.sys - file is missing - alert is globally excluded ---------- Key: e1express ImagePath: system32\DRIVERS\e1e6032.sys C:\Windows\system32\DRIVERS\e1e6032.sys 200704 bytes Created: 2/11/2006 11:25 p.m. Modified: 2/11/2006 8:30 p.m. Company: Intel Corporation ---------- Key: glaide32 ImagePath: \??\C:\Windows\system32\drivers\glaide32.sys C:\Windows\system32\drivers\glaide32.sys [file not found to scan] ---------- Key: ialm ImagePath: system32\DRIVERS\igdkmd32.sys C:\Windows\system32\DRIVERS\igdkmd32.sys 1609728 bytes Created: 18/11/2007 7:37 p.m. Modified: 26/02/2007 2:57 p.m. Company: Intel Corporation ---------- Key: IDriverT ImagePath: "C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe" C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe 94208 bytes Created: 22/10/2004 3:24 a.m. Modified: 22/10/2004 3:24 a.m. Company: Macrovision Corporation ---------- Key: igfx ImagePath: system32\DRIVERS\igdkmd32.sys C:\Windows\system32\DRIVERS\igdkmd32.sys 1609728 bytes Created: 18/11/2007 7:37 p.m. Modified: 26/02/2007 2:57 p.m. Company: Intel Corporation ---------- Key: IpInIp ImagePath: system32\DRIVERS\ipinip.sys - file is missing - alert is globally excluded ---------- Key: KbdFIOControl ImagePath: System32\Drivers\KbdF.sys C:\Windows\System32\Drivers\KbdF.sys 7168 bytes Created: 18/11/2007 1:12 p.m. Modified: 18/11/2007 1:10 p.m. Company: Windows (R) 2000 DDK provider ---------- Key: msiserver ImagePath: %systemroot%\system32\msiexec /V ---------- Key: NETw3v32 ImagePath: system32\DRIVERS\NETw3v32.sys C:\Windows\system32\DRIVERS\NETw3v32.sys 1786880 bytes Created: 21/12/2006 5:59 a.m. Modified: 30/10/2006 2:42 p.m. Company: Intel® Corporation ---------- Key: NETw4v32 ImagePath: system32\DRIVERS\NETw4v32.sys C:\Windows\system32\DRIVERS\NETw4v32.sys 2251776 bytes Created: 4/12/2007 11:39 a.m. Modified: 20/11/2007 4:03 p.m. Company: Intel Corporation ---------- Key: NwlnkFlt ImagePath: system32\DRIVERS\nwlnkflt.sys - file is missing - alert is globally excluded ---------- Key: NwlnkFwd ImagePath: system32\DRIVERS\nwlnkfwd.sys - file is missing - alert is globally excluded ---------- Key: ProtexisLicensing ImagePath: C:\Windows\system32\PSIService.exe C:\Windows\system32\PSIService.exe 177704 bytes Created: 5/06/2007 1:20 p.m. Modified: 5/06/2007 1:20 p.m. Company: ---------- Key: rpcapd ImagePath: "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" C:\Program Files\WinPcap\rpcapd.exe 93048 bytes Created: 26/01/2007 6:31 a.m. Modified: 26/01/2007 6:31 a.m. Company: CACE Technologies ---------- Key: SBSDWSCService ImagePath: C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe 600912 bytes Created: 18/11/2007 5:16 p.m. Modified: 31/08/2007 4:46 p.m. Company: Safer Networking Ltd. ---------- Key: Serenum ImagePath: \SystemRoot\system32\drivers\serenum.sys C:\Windows\system32\drivers\serenum.sys 17920 bytes Created: 2/11/2006 9:51 p.m. Modified: 2/11/2006 9:51 p.m. Company: Microsoft Corporation ---------- Key: Serial ImagePath: \SystemRoot\system32\drivers\serial.sys C:\Windows\system32\drivers\serial.sys 83456 bytes Created: 2/11/2006 9:51 p.m. Modified: 2/11/2006 9:51 p.m. Company: Microsoft Corporation ---------- Key: TcUsb ImagePath: System32\Drivers\tcusb.sys C:\Windows\System32\Drivers\tcusb.sys 39056 bytes Created: 4/12/2006 1:21 p.m. Modified: 4/12/2006 1:21 p.m. Company: UPEK Inc. ---------- Key: tdcmdpst ImagePath: system32\DRIVERS\tdcmdpst.sys C:\Windows\system32\DRIVERS\tdcmdpst.sys 16128 bytes Created: 19/10/2006 8:50 a.m. Modified: 19/10/2006 8:50 a.m. Company: TOSHIBA Corporation. ---------- Key: Thpdrv ImagePath: system32\DRIVERS\thpdrv.sys C:\Windows\system32\DRIVERS\thpdrv.sys 16384 bytes Created: 31/10/2006 12:47 p.m. Modified: 31/10/2006 12:47 p.m. Company: TOSHIBA Corporation ---------- Key: Thpevm ImagePath: system32\DRIVERS\Thpevm.SYS C:\Windows\system32\DRIVERS\Thpevm.SYS 6528 bytes Created: 20/10/2006 2:11 p.m. Modified: 20/10/2006 2:11 p.m. Company: TOSHIBA Corporation ---------- Key: Thpsrv ImagePath: C:\Windows\system32\ThpSrv.exe C:\Windows\system32\ThpSrv.exe 531264 bytes Created: 25/11/2006 11:05 p.m. Modified: 25/11/2006 11:05 p.m. Company: TOSHIBA Corporation ---------- Key: tifm21 ImagePath: system32\drivers\tifm21.sys C:\Windows\system32\drivers\tifm21.sys 168448 bytes Created: 6/07/2006 6:44 p.m. Modified: 6/07/2006 6:44 p.m. Company: Texas Instruments ---------- Key: TODDSrv ImagePath: C:\Windows\system32\TODDSrv.exe C:\Windows\system32\TODDSrv.exe 114688 bytes Created: 21/12/2006 7:24 a.m. Modified: 26/05/2006 3:30 p.m. Company: TOSHIBA Corporation ---------- Key: TosCoSrv ImagePath: "C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe" C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe 427576 bytes Created: 29/03/2007 10:39 a.m. Modified: 29/03/2007 10:39 a.m. Company: TOSHIBA Corporation ---------- Key: TOSHIBA Bluetooth Service ImagePath: C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe 77824 bytes Created: 1/11/2006 7:40 p.m. Modified: 1/11/2006 7:40 p.m. Company: TOSHIBA CORPORATION ---------- Key: tosrfec ImagePath: system32\DRIVERS\tosrfec.sys C:\Windows\system32\DRIVERS\tosrfec.sys 9216 bytes Created: 24/10/2006 1:32 p.m. Modified: 24/10/2006 1:32 p.m. Company: TOSHIBA Corporation ---------- Key: TPM ImagePath: system32\drivers\tpm.sys C:\Windows\system32\drivers\tpm.sys 41064 bytes Created: 2/11/2006 11:25 p.m. Modified: 2/11/2006 10:50 p.m. Company: Microsoft Corporation ---------- Key: TVALZ ImagePath: system32\DRIVERS\TVALZ.SYS C:\Windows\system32\DRIVERS\TVALZ.SYS 16768 bytes Created: 6/10/2006 7:13 p.m. Modified: 6/10/2006 7:13 p.m. Company: TOSHIBA Corporation ---------- Key: UleadBurningHelper ImagePath: C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe 49152 bytes Created: 17/11/2007 3:25 p.m. Modified: 23/08/2006 4:39 p.m. Company: Ulead Systems, Inc. ---------- Key: WebsenseDesktopClient ImagePath: C:\Program Files\PMM\WDC.exe C:\Program Files\PMM\WDC.exe -H- 471040 bytes Created: 8/05/2007 8:18 p.m. Modified: 8/05/2007 8:18 p.m. Company: Websense ---------- Key: wscam6300 ImagePath: System32\Drivers\wscam6300.sys C:\Windows\System32\Drivers\wscam6300.sys 33024 bytes Created: 8/05/2007 8:18 p.m. Modified: 8/05/2007 8:18 p.m. Company: Websense, Inc. ---------- Key: WsFsF ImagePath: System32\Drivers\WsFsFwlh.sys C:\Windows\System32\Drivers\WsFsFwlh.sys 31744 bytes Created: 8/05/2007 8:18 p.m. Modified: 8/05/2007 8:18 p.m. Company: Websense, Inc. ---------- Key: wstdi ImagePath: System32\Drivers\wstdiwlh.sys C:\Windows\System32\Drivers\wstdiwlh.sys 35328 bytes Created: 8/05/2007 8:18 p.m. Modified: 8/05/2007 8:18 p.m. Company: Websense, Inc. ---------- ************************************************** ********** 5:29:33 p.m.: Scanning -----VXD ENTRIES----- ************************************************** ********** 5:29:33 p.m.: Scanning ----- WINLOGON\NOTIFY DLLS ----- Key : igfxcui DLLName: igfxdev.dll igfxdev.dll 200704 bytes Created: 21/12/2006 6:01 a.m. Modified: 26/02/2007 2:25 p.m. Company: Intel Corporation ---------- Key : psfus DLLName: C:\Windows\system32\psqlpwd.dll C:\Windows\system32\psqlpwd.dll 90112 bytes Created: 4/12/2006 1:50 p.m. Modified: 4/12/2006 1:50 p.m. Company: UPEK Inc. ---------- ************************************************** ********** 5:29:34 p.m.: Scanning ----- CONTEXTMENUHANDLERS ----- Key: avast CLSID: {472083B0-C522-11CF-8763-00608CC02F24} Path: C:\Program Files\Alwil Software\Avast4\ashShell.dll C:\Program Files\Alwil Software\Avast4\ashShell.dll 76880 bytes Created: 1/02/2009 10:15 p.m. Modified: 27/11/2008 6:15 a.m. Company: ALWIL Software ---------- Key: YsiShellExt CLSID: {E46B8A96-C11A-4EE5-9B0F-2050A3DD6A45} Path: C:\Program Files\YouSendIt\Express\version2\YsiExt.dll C:\Program Files\YouSendIt\Express\version2\YsiExt.dll 53248 bytes Created: 3/04/2008 10:41 a.m. Modified: 3/04/2008 10:41 a.m. Company: YouSendIt.com ---------- ************************************************** ********** 5:29:35 p.m.: Scanning ----- FOLDER\COLUMNHANDLERS ----- ************************************************** ********** 5:29:35 p.m.: Scanning ----- BROWSER HELPER OBJECTS ----- Key: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} BHO: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll 75128 bytes Created: 11/06/2008 10:33 p.m. Modified: 11/06/2008 10:33 p.m. Company: Adobe Systems Incorporated ---------- Key: {53707962-6F74-2D53-2644-206D7942484F} BHO: C:\PROGRA~1\SPYBOT~1\SDHelper.dll C:\PROGRA~1\SPYBOT~1\SDHelper.dll 1122128 bytes Created: 18/11/2007 5:16 p.m. Modified: 31/08/2007 4:46 p.m. Company: Safer Networking Limited ---------- Key: {9030D464-4C02-4ABF-8ECC-5164760863C6} BHO: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll 408952 bytes Created: 18/11/2008 1:47 p.m. Modified: 18/11/2008 1:47 p.m. Company: Microsoft Corporation ---------- ************************************************** ********** 5:29:36 p.m.: Scanning ----- SHELLSERVICEOBJECTS ----- ************************************************** ********** 5:29:36 p.m.: Scanning ----- SHAREDTASKSCHEDULER ENTRIES ----- ************************************************** ********** 5:29:36 p.m.: Scanning ----- IMAGEFILE DEBUGGERS ----- No "Debugger" entries found. ************************************************** ********** 5:29:36 p.m.: Scanning ----- APPINIT_DLLS ----- The AppInit_DLLs value is blank or does not exist ************************************************** ********** 5:29:37 p.m.: Scanning ----- SECURITY PROVIDER DLLS ----- ************************************************** ********** 5:29:37 p.m.: Scanning ------ COMMON STARTUP GROUP ------ [C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup] The Common Startup Group attempts to load the following file(s) at boot time: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -HS- 174 bytes Created: 3/11/2006 1:50 a.m. Modified: 15/04/2008 3:49 p.m. Company: [no info] -------------------- ************************************************** ********** 5:29:37 p.m.: Scanning ----- USER STARTUP GROUPS ----- Checking Startup Group for: 12189 [C:\Users\12189\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup] C:\Users\12189\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\desktop.ini -HS- 174 bytes Created: 1/02/2009 9:59 p.m. Modified: 1/02/2009 9:59 p.m. Company: [no info] ---------- D:\Program Files\Rainmeter\Rainmeter.exe 139264 bytes Created: 22/01/2006 12:41 a.m. Modified: 22/01/2006 12:41 a.m. Company: [no info] Rainmeter.lnk - links to D:\Program Files\Rainmeter\Rainmeter.exe ---------- -------------------- ************************************************** ********** 5:29:38 p.m.: Scanning ----- SCHEDULED TASKS ----- Taskname: GoogleUpdateTaskUserS-1-5-21-643970264-1529554251-782984527-11869.job File: C:\Users\12189\AppData\Local\Google\Update\GoogleU pdate.exe C:\Users\12189\AppData\Local\Google\Update\GoogleU pdate.exe 133104 bytes Created: 2/02/2009 8:10 p.m. Modified: 2/02/2009 8:10 p.m. Company: Google Inc. Parameters: /c Next Run Time: Never Status: One or more of the properties that are needed to run this task on a schedule have not been set Creator: 12189 Comments: Google Update Task keeps your Google software up to date. If Google Update Task is disabled or stopped, your Google software may not be kept up to date, meaning we can't fix security vulnerabilities that may arise, and features in your Google software may not work. Google Update Task uninstalls itself when there is no Google software using it. It may take a few hours for Google Update to detect it is time to uninstall. ---------- ************************************************** ********** 5:29:38 p.m.: Scanning ----- SHELLICONOVERLAYIDENTIFIERS ----- Key: UEAFOverlay CLSID: {F2F31467-B1AC-4df0-AE79-FD5FA085E22B} File: C:\Program Files\Protector Suite QL\farchns.dll C:\Program Files\Protector Suite QL\farchns.dll 2854912 bytes Created: 4/12/2006 2:03 p.m. Modified: 4/12/2006 2:03 p.m. Company: UPEK Inc. ---------- Key: UEAFOverlayOpen CLSID: {A3E208F7-0E3A-4182-A7A6-B169D5D691AA} File: C:\Program Files\Protector Suite QL\farchns.dll C:\Program Files\Protector Suite QL\farchns.dll - file already scanned ---------- ************************************************** ********** 5:29:39 p.m.: ----- ADDITIONAL CHECKS ----- Heuristic checks for hidden files/drivers completed ---------- Layered Service Provider entries checks completed ---------- Windows Explorer Policies checks completed ---------- Desktop Wallpaper: C:\Users\12189\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg C:\Users\12189\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg 133622 bytes Created: 1/02/2009 10:42 p.m. Modified: 1/02/2009 10:42 p.m. Company: [no info] ---------- Web Desktop Wallpaper: %APPDATA%\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg C:\Users\12189\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg 133622 bytes Created: 1/02/2009 10:42 p.m. Modified: 1/02/2009 10:42 p.m. Company: [no info] ---------- Checks for rogue DNS NameServers completed ---------- ---------- Additional checks completed ************************************************** ********** 5:29:41 p.m.: Scanning ----- RUNNING PROCESSES ----- C:\Windows\System32\smss.exe -------------------- C:\Windows\system32\csrss.exe -------------------- C:\Windows\system32\csrss.exe -------------------- C:\Windows\system32\wininit.exe -------------------- C:\Windows\system32\services.exe -------------------- C:\Windows\system32\lsass.exe -------------------- C:\Windows\system32\lsm.exe -------------------- C:\Windows\system32\winlogon.exe -------------------- C:\Windows\system32\svchost.exe -------------------- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\Presen tationFontCache.exe -------------------- C:\Windows\system32\svchost.exe - file already scanned -------------------- C:\Windows\System32\svchost.exe - file already scanned -------------------- C:\Windows\System32\svchost.exe - file already scanned -------------------- C:\Windows\System32\svchost.exe - file already scanned -------------------- C:\Windows\system32\svchost.exe - file already scanned -------------------- C:\Windows\system32\AUDIODG.EXE -------------------- C:\Windows\system32\SLsvc.exe -------------------- C:\Windows\system32\svchost.exe - file already scanned -------------------- C:\Windows\system32\svchost.exe - file already scanned -------------------- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe - file already scanned -------------------- C:\Program Files\Alwil Software\Avast4\ashServ.exe - file already scanned -------------------- C:\Windows\System32\spoolsv.exe -------------------- C:\Windows\system32\svchost.exe - file already scanned -------------------- C:\Windows\system32\agrsmsvc.exe -------------------- C:\Windows\system32\svchost.exe - file already scanned -------------------- C:\Windows\system32\PSIService.exe - file already scanned -------------------- C:\Windows\system32\svchost.exe - file already scanned -------------------- C:\Windows\system32\ThpSrv.exe - file already scanned -------------------- C:\Windows\system32\TODDSrv.exe - file already scanned -------------------- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe - file already scanned -------------------- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe - file already scanned -------------------- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe - file already scanned -------------------- C:\Windows\System32\svchost.exe - file already scanned -------------------- C:\Windows\system32\SearchIndexer.exe -------------------- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe - file already scanned -------------------- C:\Windows\system32\taskeng.exe -------------------- C:\Program Files\Protector Suite QL\upeksvr.exe -------------------- C:\Windows\system32\taskeng.exe -------------------- C:\Windows\system32\Dwm.exe -------------------- C:\Windows\Explorer.EXE - file already scanned -------------------- C:\Program Files\Apoint2K\Apoint.exe - file already scanned -------------------- C:\Windows\System32\ThpSrv.exe - file already scanned -------------------- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe - file already scanned -------------------- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe - file already scanned -------------------- C:\Program Files\PMM\WsUIMgr.exe - file already scanned -------------------- C:\Program Files\Alwil Software\Avast4\ashDisp.exe -------------------- D:\Program Files\Rainmeter\Rainmeter.exe -------------------- C:\Program Files\Apoint2K\ApMsgFwd.exe -------------------- C:\Program Files\Protector Suite QL\psqltray.exe -------------------- C:\Windows\System32\mobsync.exe -------------------- C:\Program Files\Apoint2K\Apntex.exe -------------------- C:\Program Files\FirstClass\fcc32.exe -------------------- C:\Windows\system32\taskeng.exe -------------------- C:\Program Files\Trojan Remover\Rmvtrjan.exe FileSize: 2933624 [This is a Trojan Remover component] -------------------- C:\Program Files\Internet Explorer\iexplore.exe -------------------- P:\TTFind.exe -------------------- ************************************************** ********** 5:30:29 p.m.: Checking HOSTS file No malicious entries were found in the HOSTS file ************************************************** ********** ------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------ HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page": go.microsoft.com HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page": go.microsoft.com HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL": go.microsoft.com HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL": go.microsoft.com HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page": http://www.saintkentigern.com/ HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page": go.microsoft.com ************************************************** ********** === NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES === Scan completed at: 5:30:29 p.m. 03 Feb 2009 Total Scan time: 00:03:15 ************************************************** ********** |
Blam (54) | ||
| 744343 | 2009-02-03 04:41:00 | I also have a hijackthis log if it helps: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:33:06 p.m., on 3/02/2009 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16757) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Apoint2K\Apoint.exe C:\Windows\System32\ThpSrv.exe C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe C:\Program Files\PMM\WsUIMgr.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe D:\Program Files\Rainmeter\Rainmeter.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Program Files\Protector Suite QL\psqltray.exe C:\Windows\System32\mobsync.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\FirstClass\fcc32.exe C:\Program Files\Trojan Remover\Rmvtrjan.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\NOTEPAD.EXE D:\Downloads\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.saintkentigern.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = skcproxy R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [ThpSrv] C:\Windows\system32\thpsrv /logon O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe O4 - HKLM\..\Run: [WsUiMgr] C:\Program Files\PMM\WsUIMgr.exe O4 - HKLM\..\Run: [ avast! ] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = student.sk.edu O17 - HKLM\Software\..\Telephony: DomainName = student.sk.edu O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = student.sk.edu O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = student.sk.edu O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\Windows\system32\ThpSrv.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: Websense Desktop Client (WebsenseDesktopClient) - Websense - C:\Program Files\PMM\WDC.exe -- End of file - 5994 bytes |
Blam (54) | ||
| 744344 | 2009-02-03 04:57:00 | I'm going to try another system restore-as things seem to have gotten worse... And by the looks of it..seems like my dvd drive doesn't show up in my computer anymore...may have infected drivers too...checked in device manager, Exclaimation mark next to the drive.... |
Blam (54) | ||
| 744345 | 2009-02-03 05:13:00 | Now windows vista thinks I'm a "Victim of Software Conterfeiting" F^%&* virus :( |
Blam (54) | ||
| 744346 | 2009-02-03 05:52:00 | This isnt 64 bit Vista is it?? Because trojan remover doesnt work with 64 bit If you've got the cd, put it in and type in sfc / scannow If you've got SP1 install it, it may install userinit.exe If you have / had this ImagePath: \??\C:\Windows\system32\drivers\glaide32.sys C:\Windows\system32\drivers\glaide32.sys [file not found to scan] On your system, it looks like it belongs to rustock (www.symantec.com) a rootkit |
Speedy Gonzales (78) | ||
| 744347 | 2009-02-03 06:06:00 | this is 32bit vista business. I don't have a vista cd... I've system restored back a bit and it seems like everything is working OK now. Except this happens everytime I launch FF |
Blam (54) | ||
| 744348 | 2009-02-03 06:13:00 | Run FF in safe mode from the programs menus and see if it crashes . Its probably an addon thats crashing . Disable them then run it again Does IE crash? Select all options under utilities as well in TR . If you havent yet |
Speedy Gonzales (78) | ||
| 744349 | 2009-02-03 06:34:00 | Tried safe mode already, no luck. IE works fine, using it now I have selected all options already Blam |
Blam (54) | ||
| 1 2 | |||||