| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 95893 | 2008-12-20 08:48:00 | Windows Explorer Errors_crash &freeze com | gza (13233) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 731236 | 2008-12-20 08:48:00 | Past 2 days I have been plagued with Explorer Error Messages followed by the Dr. Watson De Bugger popups. Have sent umpteen reports to MS & not had a reply as of yet. Just had another one popup a second ago but this time the com isn't frozen. Googling the problem and following through advice given therein I have done the following: Tried to find/install WinExplorer7: can't find it. Updated Adobe Flash Player from .v9 to version 10. something( did this yesterday) D-loaded a 40 day full trial of Ashampoo Optimiser 6 and set that loose on the Registry & other places that it cleans up/out. (it went well but got hung up at the Remove Orphaned Icons stage, wouldn't complete, gave a reason why that ended with "Access Denied". Got a hold of "Error Repair Professional 3.8.5" and threw that in anongst the pidjins. It completed and I tried to open up com anew. Still getting the Error Messages tried a System Restore..all restore points have been wiped out,,,they were there last I knew yesterday. Opened com in Safe Mode, used 'Run>msconfig and set com to run with all drivers & devices loaded @ startup:: tried other options to run on basic startup drivers-services, didn't solve the problem. Also while in Safe Mode I set up chkdsk c:/f to run on next startup and I rebooted. Com hasn't given me any grief since then except for the popup 10 minutes back. This time the computer didn't freeze up though. The freeze was happening when I went to open or close a file/folder. Got the right hump with it happening no matter what. Basically, this all started after having spent 2 days removing old stuff from com, a good spring clean, on wednesday I thought I'd try out 'C Cleaner'. was impressed that it had found 1.02MB of crap that Disk Clean hadn't, so I gave it the order to put the lot of it.Sweet as, com purring. Thursday, MS Updates informs me SP3 is available, didn't want it as had trouble with it twice before,,,removed it from combox 3 weeks ago. Causes com to play up, stickyish. D-loaded it from MS site(took an hour to d-load the 68MB of it on the 1.6MB/s (avg.) DSL Broadband I use. 70 minutes to install itself (??) Seemed ok, then the expected happened. put up and tried to figure why/what/how but gave up on it. Out it went.( another hour to uninstall itself) Com still sticky after that, performed an sfc /scannow and let it run overnight because it takes an eon and I wanted some sleep (3am friday) Well that did a bit of wonders, but alas the cat came back, the very next day. Am I feeding it on Primo Creamo or what??? That brings me back to the top of the thread. Any ideas as to whats causing this annoyance of Explorer.?? (is there another option to Windows Explorer that runs in Windows???) :eek: HP Compaq Presario S3010AN WXP Pro SP2 MCE AMD XP200+ 1.67GHz 768MB DDR PC2700 RAM 80GB Western Digital EIDE HDD + 30GB Bigfoot HDD Asus 1814BL Dl Multi Lightscribe DVD RAM Radeon 9000 Series Graphics Card Bestec 250W PSU ( all hardware tested using Memtest, HD Drive Inspector, Sandra X11..blah blah) sorry about the double thread on this, when i pushed submit on the last one I was told that I wasn't signed in and when I did try to sign in was told that I couldn't. I hadn't left clicked/copy all that I had typed in case this not signed in stuff happened and had to start again.( its happened to me before, quite a lot in fact :< ) I searched to see if the other post was up on view, it wasn't. furthermore, I was bloody signed in!!! I did that when I opened PCW Pf1 Forums in Firefox to get in to type up the bad enough day its been only to get the message that I ain't What I is ( Zappa re-arrangement) |
gza (13233) | ||
| 731237 | 2008-12-20 09:06:00 | I would be careful, with WHAT program you install and use. For the registry Some of these programs are fake/rogue programs. And some will make your system WORSE I would get something better than a 250W PSU Whats Win Explorer 7? Or do you mean Internet Explorer 7? WHAT exactly do these popups say?? Look in event viewer |
Speedy Gonzales (78) | ||
| 731238 | 2008-12-20 09:11:00 | Dam you bet me speedy, id just copied the hijack this from your sig to post for him :-) hes right about the programs to, ive used ones that have destroyed my registry and some even have the added function of constantly reminding you to buy it good luck |
hueybot3000 (3646) | ||
| 731239 | 2008-12-20 09:14:00 | :p Well he can do that too, if he can |
Speedy Gonzales (78) | ||
| 731240 | 2008-12-20 09:59:00 | Speedy, I will get back to you on the content of the "Windows Explorer Error Message" messages that popup, basically they say that there's an error and Explorer has to shut down. Reference in the error reports that I have been sending to MS point to the state of Windows Explorer version 6 that is running on my com, and everytime there was a new occurrence there was a different offset group of numbers & letters. I'll find the things here and post back. My usage of Win-Explorer means Windows Explorer 7, not IE7. I have that. I searched for Windows Explorer 7 but most of the links to pages mentioned it but were more dedicated to IE7 issues. Right, heres the last instance of the Explorer error message:: Faulting application explorer .exe,version 6.0.2900.2180,faulting module unknown, version 0.0.0.0, fault address 0x03b916d3 the one before that @ 5.52 today is basically the same except for this information.. faulting module, iefdm2.dll, version 637.00.63, fault address 0x000016d3 with that there is the Dr Watson entry faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll,vesion 5.1.2600.2180, faulting address 0x0001295d ' there's more but those are the last of them that happened, they all point to the same thing, Windows Explorer6 I have done scans with HJT, Malwarebites and Trojan Remover, all clean there. I do know what you mean about Registry Repairers. And other Kwik-fix kits.. |
gza (13233) | ||
| 731241 | 2008-12-20 10:05:00 | as for the stops that occurred using Ashampoo Optimiser 6, the messages there were as follows "cannot open file 'C'\Documents and Settings\gza\Local Settings\TEMP\tempreg.reg" and trying to get it to complete another way bought this stop message " C:\Programs Files\Ashampoo\Ashampoo Windows Optimiser6\Backups\Registry Cleaner\gza\Saturday 20 December_1_08_14PMreg" Access Deniedspelling mistakes |
gza (13233) | ||
| 731242 | 2008-12-20 10:06:00 | Uninstall free download manager. (close IE, and my computer, while you do it) That maybe crashing it. Thats what iefdm2.dll belongs to. Thats what this error refers to: faulting module, iefdm2.dll, version 637.00.63, fault address 0x000016d3. It maybe corrupt, why its crashing Is this the latest version of free download manager?? |
Speedy Gonzales (78) | ||
| 731243 | 2008-12-20 10:24:00 | i have just googled iefdm2.dll and it is to do with the Free download Manager that I have installed. Shortly before these problems started, Free Download Manager did start to not d-load, ie. click to d-load to it and it would start briefly ( half a second) and then would say " STOPPED". I haven't tried to use it again, I wantes d-loads to ga through my uTorrent anyway;;;I'll uninstall FDM for a start. | gza (13233) | ||
| 731244 | 2008-12-20 10:41:00 | thanks Speedy, the version of Free Download Manager is 2.5.758 The thought came on seeing the reference to iefdm2.dll that it belongs to Free Download Manager. Didn't think to Google the faulting module code, never have done hat before. Well I know to do first, so in future. I got this @ one page www.file.net I will now do as you suggest and post back. Thanks |
gza (13233) | ||
| 731245 | 2008-12-20 12:05:00 | Late back but here goes:::uninstalled FDM via Add/Remove Programs,informed some I have to do manually. Went Start>My Computer> C drive> Programme Files>FDM directory. Inside is the 92.0KB iefdm2.dll file. It doesn't want to be ousted, try to delete it ( I know that you said to close My Computer) and am told that its being used by another process.: what that is I don't know....probably " My Computer"? Anyway, I can find my way around the registry via regedit and see if I can delete the iefdm2.dll file from in there. Or is there another way you can suggest? The HJT, Trojan Remover & Malwarebites scan logs are below, I just did them.Much obliged to you for your comments and suggestions. ;) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:33:17 AM, on 12/21/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\msofree\Business Contact Manager\BcmSqlStartupSvc.exe C:\Program Files\COMODO\Firewall\cmdagent.exe C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe C:\WINDOWS\eHome\ehRecvr.exe C:\Program Files\NCH Software\Eyeline\eyeline.exe C:\WINDOWS\system32\HDDSvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\spupdsvc.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\Program Files\COMODO\Firewall\cfp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Hard Drive Inspector\HDInspector.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\NCH Software\Eyeline\eyeline.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\RapidSolution\Tunebite\Tunebite.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\ehome\medctrro.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\MagicDisc\MagicDisc.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\gza\Desktop\TOOLS\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.kol.co.nz R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = ihug Internet R3 - URLSearchHook: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe_.dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe_.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\sw g.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe_.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\Firewall\cfp.exe" -h O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [HDInspector.exe] C:\Program Files\Hard Drive Inspector\HDInspector.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [EyelineRun] "C:\Program Files\NCH Software\Eyeline\eyeline.exe" -logon O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ avast! ] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Tunebite] C:\Program Files\RapidSolution\Tunebite\Tunebite.exe -tray O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Startup: Connection Keeper.lnk = C:\Program Files\Connection Keeper\conkeepm.exe O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Tirminal.lnk = C:\Program Files\Tirminal\Tirminal.exe O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Add to Windows &Live Favorites - favorites.live.com O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\ Yahoo! \Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - www.update.microsoft.com O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com O17 - HKLM\System\CCS\Services\Tcpip\..\{46766C25-4984-41FE-A35D-8BA3138A5186}: NameServer = 192.168.1.1 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe O23 - Service: Droppix Service - Droppix - C:\Program Files\Common Files\Droppix\DxService.exe O23 - Service: Eyeline Service (EyelineService) - Unknown owner - C:\Program Files\NCH Software\Eyeline\eyeline.exe O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - C:\WINDOWS\system32\HDDSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\Win32\RpcDataSrv.exe O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\RpcSandraSrv.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 14294 bytes .................................................. .................................................. .............. ***** NORMAL SCAN FOR ACTIVE MALWARE ***** Trojan Remover Ver 6.7.4.2554. For information, email support@simplysup1.com [Unregistered version] Scan started at: 10:42:13 AM 17 Dec 2008 Using Database v7215 Operating System: Windows XP SP2 [Windows XP Media Center Edition Service Pack 2 (Build 2600)] File System: NTFS Data directory: C:\Documents and Settings\gza\Application Data\Simply Super Software\Trojan Remover\ Database directory: C:\Program Files\Trojan Remover\ Logfile directory: C:\Documents and Settings\gza\My Documents\Simply Super Software\Trojan Remover Logfiles\ Program directory: C:\Program Files\Trojan Remover\ Running with Administrator privileges ************************************************** ********** The following Anti-Malware program(s) are loaded: Avast! Antivirus ************************************************** ********** ************************************************** ********** 10:42:13 AM: Scanning ----------WIN.INI----------- WIN.INI found in C:\WINDOWS ************************************************** ********** 10:42:13 AM: Scanning --------SYSTEM.INI--------- SYSTEM.INI found in C:\WINDOWS ************************************************** ********** 10:42:13 AM: ----- SCANNING FOR ROOTKIT SERVICES ----- No hidden Services were detected. ************************************************** ********** 10:42:15 AM: Scanning -----WINDOWS REGISTRY----- -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon This key's "Shell" value calls the following program(s): File: Explorer.exe C:\WINDOWS\Explorer.exe 1032192 bytes Created: 8/5/2004 Modified: 8/5/2004 Company: Microsoft Corporation ---------- This key's "Userinit" value calls the following program(s): File: C:\WINDOWS\system32\userinit.exe C:\WINDOWS\system32\userinit.exe 24576 bytes Created: 11/27/2008 Modified: 8/5/2004 Company: Microsoft Corporation ---------- This key's "System" value appears to be blank ---------- This key's "UIHost" value calls the following program: File: logonui.exe C:\WINDOWS\system32\logonui.exe 514560 bytes Created: 8/5/2004 Modified: 8/5/2004 Company: Microsoft Corporation ---------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Value Name: load -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Value Name: COMODO Firewall Pro Value Data: "C:\Program Files\COMODO\Firewall\cfp.exe" -h C:\Program Files\COMODO\Firewall\cfp.exe 1797880 bytes Created: 2/3/2008 Modified: 1/1/2003 Company: -------------------- Value Name: NBKeyScan Value Data: "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe 1828136 bytes Created: 8/8/2007 Modified: 8/8/2007 Company: Nero AG -------------------- Value Name: ATIPTA Value Data: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe 344064 bytes Created: 8/29/2008 Modified: 11/30/2004 Company: ATI Technologies, Inc. -------------------- Value Name: CanonSolutionMenu Value Data: C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe 644696 bytes Created: 11/20/2008 Modified: 5/15/2007 Company: CANON INC. -------------------- Value Name: CanonMyPrinter Value Data: C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon C:\Program Files\Canon\MyPrinter\BJMyPrt.exe 1603152 bytes Created: 11/20/2008 Modified: 4/4/2007 Company: CANON INC. -------------------- Value Name: OpwareSE4 Value Data: "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe 79400 bytes Created: 2/4/2007 Modified: 2/4/2007 Company: Nuance Communications, Inc. -------------------- Value Name: avast! Value Data: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 81000 bytes Created: 11/26/2008 Modified: 11/27/2008 Company: ALWIL Software -------------------- Value Name: COMODO Internet Security Value Data: "C:\Program Files\COMODO\Firewall\cfp.exe" -h C:\Program Files\COMODO\Firewall\cfp.exe 1797880 bytes Created: 2/3/2008 Modified: 1/1/2003 Company: -------------------- Value Name: GrooveMonitor Value Data: "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe 33648 bytes Created: 8/24/2007 Modified: 8/24/2007 Company: Microsoft Corporation -------------------- Value Name: iTunesHelper Value Data: "C:\Program Files\iTunes\iTunesHelper.exe" C:\Program Files\iTunes\iTunesHelper.exe 267064 bytes Created: 9/26/2007 Modified: 9/26/2007 Company: Apple Inc. -------------------- Value Name: SoundMan Value Data: SOUNDMAN.EXE C:\WINDOWS\SOUNDMAN.EXE 577536 bytes Created: 12/12/2008 Modified: 4/16/2007 Company: Realtek Semiconductor Corp. -------------------- Value Name: Adobe Reader Speed Launcher Value Data: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe 40048 bytes Created: 5/11/2007 Modified: 5/11/2007 Company: Adobe Systems Incorporated -------------------- Value Name: KernelFaultCheck Value Data: %systemroot%\system32\dumprep 0 -k C:\WINDOWS\system32\dumprep.exe 10752 bytes Created: 8/5/2004 Modified: 8/5/2004 Company: Microsoft Corporation -------------------- Value Name: MSConfig Value Data: C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe 158208 bytes Created: 2/3/2008 Modified: 8/5/2004 Company: Microsoft Corporation -------------------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Once This Registry Key appears to be empty -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Services This Registry Key appears to be empty -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ServicesOnce This Registry Key appears to be empty -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run OnceEx This Registry Key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Value Name: ctfmon.exe Value Data: C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\ctfmon.exe 15360 bytes Created: 8/5/2004 Modified: 8/5/2004 Company: Microsoft Corporation -------------------- Value Name: MSMSGS Value Data: "C:\Program Files\Messenger\msmsgs.exe" /background C:\Program Files\Messenger\msmsgs.exe 1694208 bytes Created: 2/3/2008 Modified: 10/14/2004 Company: Microsoft Corporation -------------------- Value Name: AlcoholAutomount Value Data: "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe 203720 bytes Created: 11/23/2008 Modified: 11/23/2008 Company: Alcohol Soft Development Team -------------------- -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Once This Registry Key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Services This Registry Key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run ServicesOnce This Registry Key appears to be empty ************************************************** ********** 10:42:20 AM: Scanning -----SHELLEXECUTEHOOKS----- ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972} File: shell32.dll - this file is expected and has been left in place ---------- ValueName: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} Value: Groove GFS Stub Execution Hook File: C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll 2212224 bytes Created: 8/24/2007 Modified: 8/24/2007 Company: Microsoft Corporation ---------- ValueName: {56F9679E-7826-4C84-81F3-532071A8BCC5} File: C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll 304128 bytes Created: 5/26/2008 Modified: 5/26/2008 Company: Microsoft Corporation ---------- ************************************************** ********** 10:42:20 AM: Scanning -----HIDDEN REGISTRY ENTRIES----- Taskdir check completed ---------- No Hidden File-loading Registry Entries found ---------- ************************************************** ********** 10:42:21 AM: Scanning -----ACTIVE SCREENSAVER----- ScreenSaver: C:\WINDOWS\system32\ssmyst.scr C:\WINDOWS\system32\ssmyst.scr 18944 bytes Created: 8/5/2004 Modified: 8/5/2004 Company: Microsoft Corporation -------------------- ************************************************** ********** 10:42:21 AM: Scanning ----- REGISTRY ACTIVE SETUP KEYS ----- Key: {10880D85-AAD9-4558-ABDC-2AB1552D831F} Path: "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" C:\Program Files\Common Files\LightScribe\LSRunOnce.exe 451872 bytes Created: 12/5/2007 Modified: 12/5/2007 Company: Hewlett-Packard Company ---------- Key: {621FCD24-4498-4324-A81E-07D331376EDF} Path: C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe 7680 bytes Created: 9/19/2007 Modified: 9/19/2007 Company: ---------- Key: {F694A837-7963-14ED-7395-DDF81D882098} Path: C:\WINDOWS:pmagic85.exe C:\WINDOWS:pmagic85.exe [file not found to scan] ---------- ************************************************** ********** 10:42:22 AM: Scanning ----- SERVICEDLL REGISTRY KEYS ----- ************************************************** ********** 10:42:23 AM: Scanning ----- SERVICES REGISTRY KEYS ----- Key: Ad-Watch Connect Filter ImagePath: \??\C:\WINDOWS\system32\drivers\NSDriver.sys C:\WINDOWS\system32\drivers\NSDriver.sys [file not found to scan] ---------- Key: AmdK7 ImagePath: system32\DRIVERS\amdk7.sys C:\WINDOWS\system32\DRIVERS\amdk7.sys 37376 bytes Created: 11/27/2008 Modified: 8/5/2004 Company: Microsoft Corporation ---------- Key: aswFsBlk ImagePath: system32\DRIVERS\aswFsBlk.sys C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys 20560 bytes Created: 11/26/2008 Modified: 11/27/2008 Company: ALWIL Software ---------- Key: aswUpdSv ImagePath: "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 18752 bytes Created: 11/26/2008 Modified: 11/27/2008 Company: ALWIL Software ---------- Key: ATI Smart ImagePath: C:\WINDOWS\system32\ati2sgag.exe C:\WINDOWS\system32\ati2sgag.exe 516096 bytes Created: 8/29/2008 Modified: 11/30/2004 Company: ---------- Key: avast! Antivirus ImagePath: "C:\Program Files\Alwil Software\Avast4\ashServ.exe" C:\Program Files\Alwil Software\Avast4\ashServ.exe 155160 bytes Created: 11/26/2008 Modified: 11/27/2008 Company: ALWIL Software ---------- Key: avast! Mail Scanner ImagePath: "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 254040 bytes Created: 11/26/2008 Modified: 11/27/2008 Company: ALWIL Software ---------- Key: avast! Web Scanner ImagePath: "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 352920 bytes Created: 11/26/2008 Modified: 11/27/2008 Company: ALWIL Software ---------- Key: BroadCamService ImagePath: "C:\Program Files\NCH Software\BroadCam\broadCam.exe" -service C:\Program Files\NCH Software\BroadCam\broadCam.exe 368644 bytes Created: 12/3/2008 Modified: 12/3/2008 Company: ---------- Key: cmdAgent ImagePath: "C:\Program Files\COMODO\Firewall\cmdagent.exe" C:\Program Files\COMODO\Firewall\cmdagent.exe 618232 bytes Created: 2/3/2008 Modified: 1/1/2003 Company: ---------- Key: cmdGuard ImagePath: System32\DRIVERS\cmdguard.sys C:\WINDOWS\System32\DRIVERS\cmdguard.sys 101776 bytes Created: 2/3/2008 Modified: 1/1/2003 Company: COMODO ---------- Key: cmdHlp ImagePath: System32\DRIVERS\cmdhlp.sys C:\WINDOWS\System32\DRIVERS\cmdhlp.sys 31504 bytes Created: 2/3/2008 Modified: 11/26/2008 Company: COMODO ---------- Key: ctac32k ImagePath: System32\drivers\ctac32k.sys C:\WINDOWS\System32\drivers\ctac32k.sys 127948 bytes Created: 3/9/2008 Modified: 7/19/2002 Company: Creative Technology Ltd ---------- Key: ctaud2k ImagePath: system32\drivers\ctaud2k.sys C:\WINDOWS\system32\drivers\ctaud2k.sys 837548 bytes Created: 3/9/2008 Modified: 7/19/2002 Company: Creative Technology Ltd ---------- Key: ctprxy2k ImagePath: System32\drivers\ctprxy2k.sys C:\WINDOWS\System32\drivers\ctprxy2k.sys 11068 bytes Created: 3/9/2008 Modified: 7/19/2002 Company: Creative Technology Ltd ---------- Key: ctsfm2k ImagePath: System32\drivers\ctsfm2k.sys C:\WINDOWS\System32\drivers\ctsfm2k.sys 213860 bytes Created: 3/9/2008 Modified: 7/19/2002 Company: Creative Technology Ltd ---------- Key: Droppix Service ImagePath: "C:\Program Files\Common Files\Droppix\DxService.exe" C:\Program Files\Common Files\Droppix\DxService.exe 147456 bytes Created: 2/9/2008 Modified: 11/22/2007 Company: Droppix ---------- Key: ehRecvr ImagePath: C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehRecvr.exe 194560 bytes Created: 2/4/2008 Modified: 8/10/2004 Company: Microsoft Corporation ---------- Key: emupia ImagePath: System32\drivers\emupia2k.sys C:\WINDOWS\System32\drivers\emupia2k.sys 156604 bytes Created: 3/9/2008 Modified: 7/19/2002 Company: Creative Technology Ltd ---------- Key: EyelineService ImagePath: "C:\Program Files\NCH Software\Eyeline\eyeline.exe" -service C:\Program Files\NCH Software\Eyeline\eyeline.exe 425988 bytes Created: 12/3/2008 Modified: 12/3/2008 Company: ---------- Key: GoogleDesktopManager-093007-112848 ImagePath: "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe 29744 bytes Created: 2/29/2008 Modified: 2/29/2008 Company: Google ---------- Key: gusvc ImagePath: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 168432 bytes Created: 2/29/2008 Modified: 11/27/2008 Company: Google ---------- Key: ha10kx2k ImagePath: system32\drivers\ha10kx2k.sys C:\WINDOWS\system32\drivers\ha10kx2k.sys 998004 bytes Created: 3/9/2008 Modified: 7/24/2002 Company: Creative Technology Ltd ---------- Key: HDDSvc ImagePath: C:\WINDOWS\system32\HDDSvc.exe C:\WINDOWS\system32\HDDSvc.exe 189704 bytes Created: 12/3/2007 Modified: 12/3/2007 Company: AltrixSoft (http://www.altrixsoft.com/) ---------- Key: HSFHWBS2 ImagePath: system32\DRIVERS\HSFBS2S2.sys C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys 220032 bytes Created: 2/4/2008 Modified: 8/4/2004 Company: Conexant Systems, Inc. ---------- Key: HSF_DP ImagePath: system32\DRIVERS\HSFDPSP2.sys C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys 1041536 bytes Created: 2/4/2008 Modified: 8/4/2004 Company: Conexant Systems, Inc. ---------- Key: IDriverT ImagePath: "C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe" C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe 69632 bytes Created: 11/14/2005 Modified: 11/14/2005 Company: Macrovision Corporation ---------- Key: imagedrv ImagePath: System32\Drivers\imagedrv.sys C:\WINDOWS\System32\Drivers\imagedrv.sys 11304 bytes Created: 8/8/2007 Modified: 8/8/2007 Company: Ahead Software AG ---------- Key: imagesrv ImagePath: system32\DRIVERS\imagesrv.sys C:\WINDOWS\system32\DRIVERS\imagesrv.sys 132904 bytes Created: 8/8/2007 Modified: 8/8/2007 Company: Ahead Software AG ---------- Key: Inspect ImagePath: System32\DRIVERS\inspect.sys C:\WINDOWS\System32\DRIVERS\inspect.sys 79504 bytes Created: 2/3/2008 Modified: 11/26/2008 Company: COMODO ---------- Key: JavaQuickStarterService ImagePath: "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" C:\Program Files\Java\jre6\bin\jqs.exe 152984 bytes Created: 12/1/2008 Modified: 12/1/2008 Company: Sun Microsystems, Inc. ---------- Key: LMIInfo ImagePath: \??\C:\Program Files\LogMeIn\x86\RaInfo.sys C:\Program Files\LogMeIn\x86\RaInfo.sys [file not found to scan] ---------- Key: lmimirr ImagePath: system32\DRIVERS\lmimirr.sys C:\WINDOWS\system32\DRIVERS\lmimirr.sys 10144 bytes Created: 8/3/2007 Modified: 8/3/2007 Company: LogMeIn, Inc. ---------- Key: LMIRfsDriver ImagePath: \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys C:\WINDOWS\system32\drivers\LMIRfsDriver.sys 46112 bytes Created: 2/24/2008 Modified: 8/3/2007 Company: LogMeIn, Inc. ---------- Key: mcdbus ImagePath: system32\DRIVERS\mcdbus.sys C:\WINDOWS\system32\DRIVERS\mcdbus.sys 116736 bytes Created: 2/22/2008 Modified: 7/28/2008 Company: MagicISO, Inc. ---------- Key: MSSQL$MSSMLBIZ ImagePath: "c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe 28933976 bytes Created: 4/14/2006 Modified: 4/14/2006 Company: Microsoft Corporation ---------- Key: MSSQLServerADHelper ImagePath: "c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe" c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [file not found to scan] ---------- Key: NCHSSVAD ImagePath: system32\drivers\nchssvad.sys C:\WINDOWS\system32\drivers\nchssvad.sys 26112 bytes Created: 2/17/2008 Modified: 2/17/2008 Company: NCH Swift Sound ---------- Key: Nero BackItUp Scheduler 3 ImagePath: C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe 836904 bytes Created: 8/8/2007 Modified: 8/8/2007 Company: Nero AG ---------- Key: NMIndexingService ImagePath: "C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe" C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe 382248 bytes Created: 8/3/2007 Modified: 8/3/2007 Company: Nero AG ---------- Key: Norton Ghost ImagePath: C:\Program Files\Norton Ghost\Agent\VProSvc.exe C:\Program Files\Norton Ghost\Agent\VProSvc.exe 3290728 bytes Created: 3/28/2007 Modified: 3/28/2007 Company: Symantec Corporation ---------- Key: ossrv ImagePath: system32\drivers\ctoss2k.sys C:\WINDOWS\system32\drivers\ctoss2k.sys 195432 bytes Created: 3/9/2008 Modified: 7/19/2002 Company: Creative Technology Ltd. ---------- Key: pcouffin ImagePath: System32\Drivers\pcouffin.sys C:\WINDOWS\System32\Drivers\pcouffin.sys 47360 bytes Created: 2/20/2008 Modified: 2/20/2008 Company: VSO Software ---------- Key: PfModNT ImagePath: \??\C:\WINDOWS\system32\PfModNT.sys C:\WINDOWS\system32\PfModNT.sys 6752 bytes Created: 3/9/2008 Modified: 12/17/1999 Company: Creative Technology Ltd. ---------- Key: SANDRA ImagePath: \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\Sandra.sys C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\Sandra.sys 20384 bytes Created: 12/12/2008 Modified: 11/9/2006 Company: SiSoftware ---------- Key: SandraDataSrv ImagePath: C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\Win32\RpcDataSrv.exe C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\Win32\RpcDataSrv.exe 123064 bytes Created: 12/12/2008 Modified: 11/16/2006 Company: SiSoftware ---------- Key: SandraTheSrv ImagePath: C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\RpcSandraSrv.exe C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\RpcSandraSrv.exe 1138880 bytes Created: 12/12/2008 Modified: 11/16/2006 Company: SiSoftware ---------- Key: Secdrv ImagePath: system32\DRIVERS\secdrv.sys C:\WINDOWS\system32\DRIVERS\secdrv.sys 27440 bytes Created: 11/27/2008 Modified: 8/5/2004 Company: ---------- Key: SerialKeys ImagePath: C:\WINDOWS\system32\skeys.exe C:\WINDOWS\system32\skeys.exe 26112 bytes Created: 8/5/2004 Modified: 8/5/2004 Company: Microsoft Corporation ---------- Key: sfman ImagePath: system32\drivers\sfmanm.sys C:\WINDOWS\system32\drivers\sfmanm.sys 36480 bytes Created: 3/8/2008 Modified: 8/17/2001 Company: Creative Technology Ltd. ---------- Key: sptd ImagePath: System32\Drivers\sptd.sys - this file is globally excluded ---------- Key: spupdsvc ImagePath: C:\WINDOWS\system32\spupdsvc.exe C:\WINDOWS\system32\spupdsvc.exe 26488 bytes Created: 2/4/2008 Modified: 8/10/2007 Company: Microsoft Corporation ---------- Key: SQLBrowser ImagePath: "c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe" c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [file not found to scan] ---------- Key: StarWindServiceAE ImagePath: C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe 275968 bytes Created: 5/29/2007 Modified: 5/29/2007 Company: Rocket Division Software ---------- Key: SwPrv ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{49616F02-7E33-43B4-9E8B-CD403DA9BBD2} C:\WINDOWS\system32\dllhost.exe 5120 bytes Created: 8/5/2004 Modified: 8/5/2004 Company: Microsoft Corporation ---------- Key: symsnap ImagePath: system32\DRIVERS\symsnap.sys C:\WINDOWS\system32\DRIVERS\symsnap.sys 131944 bytes Created: 2/3/2008 Modified: 3/28/2007 Company: StorageCraft ---------- Key: tbhsd ImagePath: system32\drivers\tbhsd.sys C:\WINDOWS\system32\drivers\tbhsd.sys 26784 bytes Created: 12/2/2008 Modified: 12/11/2007 Company: RapidSolution Software AG ---------- Key: TVICHW32 ImagePath: \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS 23600 bytes Created: 2/9/2008 Modified: 12/4/2007 Company: EnTech Taiwan ---------- Key: usnjsvc ImagePath: "C:\Program Files\MSN Messenger\usnsvc.exe" C:\Program Files\MSN Messenger\usnsvc.exe 97136 bytes Created: 1/19/2007 Modified: 1/19/2007 Company: Microsoft Corporation ---------- Key: v2imount ImagePath: system32\DRIVERS\v2imount.sys C:\WINDOWS\system32\DRIVERS\v2imount.sys 37864 bytes Created: 2/3/2008 Modified: 3/28/2007 Company: Symantec Corporation ---------- Key: viaagp ImagePath: system32\DRIVERS\viaagp.sys C:\WINDOWS\system32\DRIVERS\viaagp.sys 42240 bytes Created: 11/27/2008 Modified: 8/4/2004 Company: Microsoft Corporation ---------- Key: viaagp1 ImagePath: system32\DRIVERS\viaagp1.sys C:\WINDOWS\system32\DRIVERS\viaagp1.sys 32128 bytes Created: 9/2/2008 Modified: 7/24/2002 Company: VIA Technologies, Inc. ---------- Key: vmkbd ImagePath: \??\C:\WINDOWS\system32\drivers\VMkbd.sys C:\WINDOWS\system32\drivers\VMkbd.sys [file not found to scan] ---------- Key: VMnetAdapter ImagePath: system32\DRIVERS\vmnetadapter.sys C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys [file not found to scan] ---------- Key: VMnetBridge ImagePath: system32\DRIVERS\vmnetbridge.sys C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys [file not found to scan] ---------- Key: VMnetDHCP ImagePath: C:\WINDOWS\system32\vmnetdhcp.exe C:\WINDOWS\system32\vmnetdhcp.exe [file not found to scan] ---------- Key: VMnetuserif ImagePath: \??\C:\WINDOWS\system32\drivers\vmnetuserif.sys C:\WINDOWS\system32\drivers\vmnetuserif.sys [file not found to scan] ---------- Key: VMware NAT Service ImagePath: C:\WINDOWS\system32\vmnat.exe C:\WINDOWS\system32\vmnat.exe [file not found to scan] ---------- Key: VProEventMonitor ImagePath: system32\DRIVERS\vproeventmonitor.sys C:\WINDOWS\system32\DRIVERS\vproeventmonitor.sys 14072 bytes Created: 2/3/2008 Modified: 3/28/2007 Company: Symantec Corporation ---------- Key: WimFltr ImagePath: system32\DRIVERS\wimfltr.sys C:\WINDOWS\system32\DRIVERS\wimfltr.sys 128104 bytes Created: 2/3/2008 Modified: 3/28/2007 Company: Microsoft Corporation ---------- Key: winachsf ImagePath: system32\DRIVERS\HSFCXTS2.sys C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys 685056 bytes Created: 2/4/2008 Modified: 8/4/2004 Company: Conexant Systems, Inc. ---------- ************************************************** ********** 10:42:39 AM: Scanning -----VXD ENTRIES----- Checking the following VxD entries: ************************************************** ********** 10:42:39 AM: Scanning ----- WINLOGON\NOTIFY DLLS ----- Key : AtiExtEvent DLLName: Ati2evxx.dll C:\WINDOWS\system32\Ati2evxx.dll 94208 bytes Created: 12/1/2004 Modified: 12/1/2004 Company: ATI Technologies Inc. ---------- Key : LMIinit DLLName: LMIinit.dll C:\WINDOWS\system32\LMIinit.dll 87352 bytes Created: 2/24/2008 Modified: 11/15/2007 Company: LogMeIn, Inc. ---------- ************************************************** ********** 10:42:39 AM: Scanning ----- CONTEXTMENUHANDLERS ----- Key: avast CLSID: {472083B0-C522-11CF-8763-00608CC02F24} Path: C:\Program Files\Alwil Software\Avast4\ashShell.dll C:\Program Files\Alwil Software\Avast4\ashShell.dll 76880 bytes Created: 11/26/2008 Modified: 11/27/2008 Company: ALWIL Software ---------- Key: Cover Designer CLSID: {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} Path: C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll 2102568 bytes Created: 8/4/2007 Modified: 8/4/2007 Company: Nero AG ---------- Key: HexWorkshopContextMenu CLSID: {DB34D5DC-D41A-482E-A5EF-8FA0F88761DA} Path: C:\Program Files\BreakPoint Software\Hex Workshop v5\hwext.dll C:\Program Files\BreakPoint Software\Hex Workshop v5\hwext.dll 62120 bytes Created: 1/6/2008 Modified: 1/6/2008 Company: BreakPoint Software, Inc. ---------- Key: MagicISO CLSID: {DB85C504-C730-49DD-BEC1-7B39C6103B7A} Path: C:\Program Files\MagicISO\misosh.dll C:\Program Files\MagicISO\misosh.dll 20992 bytes Created: 2/3/2008 Modified: 6/5/2006 Company: MagicISO, Inc. ---------- Key: PowerISO CLSID: {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} Path: C:\Program Files\PowerISO\PWRISOSH.DLL C:\Program Files\PowerISO\PWRISOSH.DLL 208896 bytes Created: 1/20/2008 Modified: 1/20/2008 Company: PowerISO Computing, Inc. ---------- Key: {0BCE32B2-DA1B-41D7-A71F-C02A7D633CE5} Path: C:\Program Files\Norton Ghost\Browser\VProShellExt.dll C:\Program Files\Norton Ghost\Browser\VProShellExt.dll 2070128 bytes Created: 3/28/2007 Modified: 3/28/2007 Company: Symantec Corporation ---------- Key: {0BD4AC2F-20DA-43e6-A2BB-CCA4A39B930D} Path: C:\Program Files\Droppix\Droppix Recorder 2\Droppix Recorder\DxShImgFile.dll C:\Program Files\Droppix\Droppix Recorder 2\Droppix Recorder\DxShImgFile.dll 253952 bytes Created: 3/2/2008 Modified: 11/22/2007 Company: Droppix ---------- Key: {100BD527-7304-4b7f-BEE2-26D97B04EBA4} Path: C:\Program Files\Nero\Nero8\Nero BackItUp\NBShell.dll C:\Program Files\Nero\Nero8\Nero BackItUp\NBShell.dll 255272 bytes Created: 8/8/2007 Modified: 8/8/2007 Company: Nero AG ---------- ************************************************** ********** 10:42:41 AM: Scanning ----- FOLDER\COLUMNHANDLERS ----- Key: {7D4D6379-F301-4311-BEBA-E26EB0561882} File: C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll 1803560 bytes Created: 8/8/2007 Modified: 8/8/2007 Company: Nero AG ---------- Key: {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} File: "C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll" C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll [file not found to scan] ---------- ************************************************** ********** 10:42:41 AM: Scanning ----- BROWSER HELPER OBJECTS ----- Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} BHO: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll 62080 bytes Created: 10/22/2006 Modified: 10/22/2006 Company: Adobe Systems Incorporated ---------- Key: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} BHO: C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll 656696 bytes Created: 8/11/2008 Modified: 8/11/2008 Company: BitComet ---------- Key: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} BHO: C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll - file already scanned ---------- Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} BHO: C:\Program Files\Java\jre6\bin\ssv.dll C:\Program Files\Java\jre6\bin\ssv.dll 320920 bytes Created: 12/1/2008 Modified: 12/1/2008 Company: Sun Microsystems, Inc. ---------- Key: {9030D464-4C02-4ABF-8ECC-5164760863C6} BHO: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll 322368 bytes Created: 8/31/2006 Modified: 8/31/2006 Company: Microsoft Corporation ---------- Key: {a33fa729-d155-4b23-842b-2c665ecabdb6} BHO: C:\Program Files\The_Pirate_Bay\tbThe_.dll C:\Program Files\The_Pirate_Bay\tbThe_.dll 1470488 bytes Created: 3/3/2008 Modified: 2/28/2008 Company: Conduit Ltd. ---------- Key: {AA58ED58-01DD-4d91-8333-CF10577473F7} BHO: c:\program files\google\googletoolbar1.dll c:\program files\google\googletoolbar1.dll -R- 2554944 bytes Created: 2/29/2008 Modified: 2/29/2008 Company: Google Inc. ---------- Key: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} BHO: C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\sw g.dll C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\sw g.dll 657904 bytes Created: 11/27/2008 Modified: 11/27/2008 Company: Google Inc. ---------- Key: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} BHO: C:\Program Files\Free Download Manager\iefdm2.dll C:\Program Files\Free Download Manager\iefdm2.dll 94208 bytes Created: 11/29/2008 Modified: 11/26/2007 Company: ---------- Key: {DBC80044-A445-435b-BC74-9C25C1C588A9} BHO: C:\Program Files\Java\jre6\bin\jp2ssv.dll C:\Program Files\Java\jre6\bin\jp2ssv.dll 34816 bytes Created: 12/1/2008 Modified: 12/1/2008 Company: Sun Microsystems, Inc. ---------- Key: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} BHO: C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll 73728 bytes Created: 12/1/2008 Modified: 12/1/2008 Company: Sun Microsystems, Inc. ---------- ************************************************** ********** 10:42:43 AM: Scanning ----- SHELLSERVICEOBJECTS ----- Key: WPDShServiceObj CLSID: {AAA288BA-9A4C-45B0-95D7-94D524869DB5} Path: C:\WINDOWS\system32\WPDShServiceObj.dll C:\WINDOWS\system32\WPDShServiceObj.dll 133632 bytes Created: 10/18/2006 Modified: 10/18/2006 Company: Microsoft Corporation ---------- ************************************************** ********** 10:42:44 AM: Scanning ----- SHAREDTASKSCHEDULER ENTRIES ----- ************************************************** ********** 10:42:44 AM: Scanning ----- IMAGEFILE DEBUGGERS ----- No "Debugger" entries found. ************************************************** ********** 10:42:44 AM: Scanning ----- APPINIT_DLLS ----- AppInitDLLs entry = [C:\WINDOWS\system32\guard32.dll C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL] File: C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\guard32.dll 147192 bytes Created: 2/3/2008 Modified: 1/1/2003 Company: ---------- File: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL 118784 bytes Created: 2/29/2008 Modified: 2/29/2008 Company: Google ---------- ************************************************** ********** 10:42:44 AM: Scanning ----- SECURITY PROVIDER DLLS ----- ************************************************** ********** 10:42:44 AM: Scanning ------ COMMON STARTUP GROUP ------ [C:\Documents and Settings\All Users\Start Menu\Programs\Startup] The Common Startup Group attempts to load the following file(s) at boot time: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe 113664 bytes Created: 11/29/2008 Modified: 11/4/1999 Company: Adobe Systems, Inc. Adobe Gamma Loader.lnk - links to C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe -------------------- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini -HS- 84 bytes Created: 2/4/2008 Modified: 9/2/2008 Company: -------------------- C:\Program Files\Windows Desktop Search\WindowsSearch.exe 123904 bytes Created: 5/26/2008 Modified: 5/26/2008 Company: Microsoft Corporation Windows Search.lnk - links to C:\Program Files\Windows Desktop Search\WindowsSearch.exe -------------------- ************************************************** ********** 10:42:44 AM: Scanning ------ USER STARTUP GROUPS ------ -------------------- Checking Startup Group for: Administrator [C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP] The Startup Group for Administrator attempts to load the following file(s): C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP\desktop.ini -HS- 84 bytes Created: 12/9/2008 Modified: 9/2/2008 Company: ---------- -------------------- Checking Startup Group for: gza [C:\Documents and Settings\gza\START MENU\PROGRAMS\STARTUP] The Startup Group for gza attempts to load the following file(s): C:\Documents and Settings\gza\START MENU\PROGRAMS\STARTUP\desktop.ini -HS- 84 bytes Created: 2/3/2008 Modified: 2/3/2008 Company: ---------- C:\Program Files\Microsoft Office\Office12\GROOVE.EXE 340856 bytes Created: 8/29/2007 Modified: 8/29/2007 Company: Microsoft Corporation Microsoft Office Groove.lnk - links to C:\Program Files\Microsoft Office\Office12\GROOVE.EXE ---------- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE 101440 bytes Created: 12/7/2007 Modified: 12/7/2007 Company: Microsoft Corporation OneNote 2007 Screen Clipper and Launcher.lnk - links to C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE ---------- ************************************************** ********** 10:42:45 AM: Scanning ----- SCHEDULED TASKS ----- Taskname: AppleSoftwareUpdate.job File: C:\Program Files\Apple Software Update\SoftwareUpdate.exe C:\Program Files\Apple Software Update\SoftwareUpdate.exe 566592 bytes Created: 7/30/2008 Modified: 7/30/2008 Company: Apple Inc. Parameters: -task Next Run Time: 12/20/2008 11:29:00 PM Status: The task is ready to run at its next scheduled time Creator: SYSTEM Comments: [blank] ---------- Taskname: Norton Security Scan.job File: C:\Program Files\Norton Security Scan\Nss.exe Parameters: /scan-full /scheduled Next Run Time: 12/19/2008 3:00:00 PM Status: The task is ready to run at its next scheduled time Creator: gza Comments: Norton Security Scan C:\Program Files\Norton Security Scan\Nss.exe [file not found to scan] ---------- Taskname: Windows Update.job File: C:\WINDOWS\system32\wupdmgr.exe C:\WINDOWS\system32\wupdmgr.exe 32256 bytes Created: 8/5/2004 Modified: 8/5/2004 Company: Microsoft Corporation Parameters: [blank] Next Run Time: Never Status: The task is ready to run at its next scheduled time Creator: gza Comments: [blank] ---------- ************************************************** ********** 10:42:46 AM: Scanning ----- SHELLICONOVERLAYIDENTIFIERS ----- ************************************************** ********** 10:42:46 AM: ----- ADDITIONAL CHECKS ----- PE386 rootkit checks completed ---------- Winlogon registry rootkit checks completed ---------- Heuristic checks for hidden files/drivers completed ---------- Layered Service Provider entries checks completed ---------- Windows Explorer Policies checks completed ---------- Desktop Wallpaper: C:\Documents and Settings\gza\Local Settings\Application Data\Microsoft\Wallpaper1.bmp C:\Documents and Settings\gza\Local Settings\Application Data\Microsoft\Wallpaper1.bmp 1440054 bytes Created: 9/1/2008 Modified: 10/8/2008 Company: ---------- Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp C:\Documents and Settings\gza\Local Settings\Application Data\Microsoft\Wallpaper1.bmp 1440054 bytes Created: 9/1/2008 Modified: 10/8/2008 Company: ---------- Checks for rogue DNS NameServers completed ---------- Additional checks completed ************************************************** ********** 10:42:47 AM: Scanning ----- RUNNING PROCESSES ----- C:\WINDOWS\System32\smss.exe -------------------- C:\WINDOWS\system32\csrss.exe -------------------- C:\WINDOWS\system32\winlogon.exe -------------------- C:\WINDOWS\system32\services.exe -------------------- C:\WINDOWS\system32\lsass.exe -------------------- C:\WINDOWS\system32\Ati2evxx.exe -------------------- C:\WINDOWS\system32\svchost.exe -------------------- C:\WINDOWS\system32\svchost.exe - file already scanned -------------------- C:\WINDOWS\System32\svchost.exe - file already scanned -------------------- C:\WINDOWS\system32\svchost.exe - file already scanned -------------------- C:\WINDOWS\system32\svchost.exe - file already scanned -------------------- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe - file already scanned -------------------- C:\Program Files\Alwil Software\Avast4\ashServ.exe - file already scanned -------------------- C:\WINDOWS\system32\Ati2evxx.exe -------------------- C:\WINDOWS\system32\spoolsv.exe -------------------- C:\Program Files\COMODO\Firewall\cfp.exe - file already scanned -------------------- C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe - file already scanned -------------------- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe - file already scanned -------------------- C:\Program Files\Canon\MyPrinter\BJMyPrt.exe - file already scanned -------------------- C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe - file already scanned -------------------- C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe - file already scanned -------------------- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe - file already scanned -------------------- C:\WINDOWS\SOUNDMAN.EXE - file already scanned -------------------- C:\Program Files\NCH Software\BroadCam\broadCam.exe - file already scanned -------------------- C:\WINDOWS\system32\ctfmon.exe - file already scanned -------------------- C:\Program Files\Messenger\msmsgs.exe - file already scanned -------------------- C:\Program Files\COMODO\Firewall\cmdagent.exe - file already scanned -------------------- C:\Program Files\Windows Desktop Search\WindowsSearch.exe -------------------- C:\WINDOWS\eHome\ehRecvr.exe - file already scanned -------------------- C:\Program Files\NCH Software\Eyeline\eyeline.exe - file already scanned -------------------- C:\WINDOWS\system32\HDDSvc.exe - file already scanned -------------------- C:\Program Files\Java\jre6\bin\jqs.exe - file already scanned -------------------- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -------------------- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe - file already scanned -------------------- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe - file already scanned -------------------- C:\Program Files\Norton Ghost\Agent\VProSvc.exe - file already scanned -------------------- C:\WINDOWS\system32\spupdsvc.exe - file already scanned -------------------- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -------------------- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe - file already scanned -------------------- C:\WINDOWS\system32\svchost.exe - file already scanned -------------------- C:\WINDOWS\system32\SearchIndexer.exe -------------------- C:\WINDOWS\ehome\medctrro.exe -------------------- C:\WINDOWS\System32\alg.exe -------------------- C:\Program Files\uTorrent\uTorrent.exe -------------------- C:\WINDOWS\system32\taskmgr.exe -------------------- C:\Program Files\VideoLAN\VLC\vlc.exe -------------------- C:\Program Files\iTunes\iTunes.exe -------------------- C:\Program Files\VideoLAN\VLC\vlc.exe -------------------- C:\WINDOWS\explorer.exe - file already scanned -------------------- C:\Documents and Settings\gza\Application Data\Simply Super Software\Trojan Remover\ehcCA.exe FileSize: 2884472 [This is a Trojan Remover component] -------------------- C:\WINDOWS\system32\wscntfy.exe -------------------- ************************************************** ********** 10:42:57 AM: Checking AUTOEXEC.BAT file AUTOEXEC.BAT found in C:\ No malicious entries were found in the AUTOEXEC.BAT file ************************************************** ********** 10:42:57 AM: Checking AUTOEXEC.NT file AUTOEXEC.NT found in C:\WINDOWS\system32 No malicious entries were found in the AUTOEXEC.NT file ************************************************** ********** 10:42:57 AM: Checking HOSTS file No malicious entries were found in the HOSTS file ************************************************** ********** ------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------ HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page": go.microsoft.com HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page": %SystemRoot%\system32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page": go.microsoft.com HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL": go.microsoft.com HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL": go.microsoft.com HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch": ie.search.msn.com HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant": ie.search.msn.com HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page": about:blank HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page": C:\WINDOWS\system32\blank.htm HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page": http://www.google.com HKCU\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL": http://www.kol.co.nz HKCU\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL": www.google.com ************************************************** ********** === NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES === Scan completed at: 10:42:57 AM 17 Dec 2008 Total Scan time: 00:00:44 ************************************************** ********** ***** NORMAL SCAN FOR ACTIVE MALWARE ***** Trojan Remover Ver 6.7.4.2554. For information, email support@simplysup1.com [Unregistered version] Scan started at: 5:07:51 PM 09 Dec 2008 Using Database v7215 Operating System: Windows XP SP2 [Windows XP Media Center Edition Service Pack 2 (Build 2600)] File System: NTFS Data directory: C:\Documents and Settings\gza\Application Data\Simply Super Software\Trojan Remover\ Database directory: C:\Program Files\Trojan Remover\ Logfile directory: C:\Documents and Settings\gza\My Documents\Simply Super Software\Trojan Remover Logfiles\ Program directory: C:\Program Files\Trojan Remover\ Running with Administrator privileges ************************************************** ********** The following Anti-Malware program(s) are loaded: Avast! Antivirus ************************************************** ********** ************************************************** ********** 5:07:51 PM: Scanning |
gza (13233) | ||
| 1 2 | |||||