| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 95284 | 2008-12-01 04:53:00 | Files changing their type & Com Freezing up. | gza (13233) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 724644 | 2008-12-01 05:54:00 | Speedy, Ok, I will get a HJT log and post it in very shortly | gza (13233) | ||
| 724645 | 2008-12-01 05:54:00 | Thats not a prob, I've sent a PM to the mods requesting a merge | Speedy Gonzales (78) | ||
| 724646 | 2008-12-01 06:03:00 | feersumendjinn: yep, I'll do all that you ask and will post them in asap. I do have the recovery discs I made year or so back. I can/will try that also. I was thinking a moment ago about trying to Repair using the OS CD. I have done a Scan Disk check, a very few lost files were recovered otherwise that was ok. I agree that I may have done some damage install/delete-ing progs.Did get the odd warning that removing such and such program can cause others to lose full functionality. Thanks for your help. I'll get on with the logs that you guys have requested. |
gza (13233) | ||
| 724647 | 2008-12-01 06:24:00 | I do have the recovery discs I made year or so back. Good man! So many people dont bother ('It wont happen to me, eh'). Good luck. You could also try using the sfc /scannow command from the Run command ( in the Start button menu). (See here (support.microsoft.com)). |
feersumendjinn (64) | ||
| 724648 | 2008-12-01 06:44:00 | Ok, here is the log from HJT ( v. 6.6.5 ). took a while to get as com stuck and HJT had to modify & create a lot of new folders etc. I'm using Comodo Firewall Pro. It filly up to date. As for Trojan Remover it delivered me this message ( close enough) " Trojan Remover (v. 6.6.5) couldn't create a temp file. Message was "make sure I am running TR from an account that has write access to the drive directory shown:: C\Documents and Settings\gza\Application Data\Simply Super Software\Trojan Remover\wdcda.exe " Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:28:06 PM, on 12/1/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\eHome\ehRecvr.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\HDDSvc.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\spupdsvc.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\ehome\medctrro.exe C:\Program Files\COMODO\Firewall\cfp.exe C:\WINDOWS\system32\devldr32.exe C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Free Download Manager\fdm.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Documents and Settings\gza\Desktop\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.kol.co.nz R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kol.co.nz/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = ihug Internet R3 - URLSearchHook: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe_.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe_.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\sw g.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe_.dll O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" O4 - HKLM\..\Run: [ avast! ] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\Firewall\cfp.exe" -h O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe O4 - Startup: Microsoft Office Groove.lnk = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.EXE O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - www.update.microsoft.com O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe O23 - Service: Droppix Service - Droppix - C:\Program Files\Common Files\Droppix\DxService.exe O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - C:\WINDOWS\system32\HDDSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file I will D-Load the TR in your sig and send that next |
gza (13233) | ||
| 724649 | 2008-12-01 06:48:00 | cheers feersumendjinn. I will get onto your suggestions soon as I get the log files up here. Ta | gza (13233) | ||
| 724650 | 2008-12-01 07:01:00 | Tick these then tick fix checked Uninstall all versions of Java, yours is out of date. Link below O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.EXE O4 - Startup: PowerReg Scheduler.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (file missing) I would disable indexing in Google Desktop |
Speedy Gonzales (78) | ||
| 724651 | 2008-12-01 07:44:00 | TR install had errors. 2nd one was " Error occurred ehile trying to create a file in the destination folder. Access is denied". Next one:: " An error occurred while trying to write rename a file in destination folder directory; MoveFile failed; code 5. Access denied". I clicked retry and it moved on the first two times. On the third and susequent times it was stuck on the extraction of filr zv.....nevermind, its just forced its way through. I see what it does and if its installed properly as soon as its finished getting past Comodo. Hopefully result soon. Its just finished as I type this. No wonder it was sticking, there were instances trying to install @ same time. That me clicking twice to get it moving at the start. Its installed but I get message that the 30 trial has expired. I'll uninstall & try to get it installed again. |
gza (13233) | ||
| 724652 | 2008-12-01 07:47:00 | TR install had errors. 2nd one was " Error occurred ehile trying to create a file in the destination folder. Access is denied " . Next one:: " An error occurred while trying to write rename a file in destination folder directory; MoveFile failed; code 5. Access denied " . I clicked retry and it moved on the first two times. On the third and susequent times it was stuck on the extraction of filr zv.....nevermind, its just forced its way through. I see what it does and if its installed properly as soon as its finished getting past Comodo. Hopefully result soon. Its just finished as I type this. No wonder it was sticking, there were instances trying to install @ same time. That me clicking twice to get it moving at the start. Its installed but when i try to open it from desktop it wants to start the install again ( I'm not clicking the TR SetUP icon). Going into the program folder and clicking in there I get message that the 30 trial has expired. I'll uninstall & try to get it installed again. |
gza (13233) | ||
| 724653 | 2008-12-01 09:06:00 | Cheers Speedy for your help and instruction on the HJT scan, Irecall reading that HJT was your forte. I'll get on with it in a minute. 30 minutes it took to install TR 6.7.4. Task Manager reveals that there are 56 Processes runninng; 294 MB availabe memory; and whenever Comodo asks to allow or block an action, allowing it sends CPU usage to 100% with cpf using 97% of it. Got there in the end and here is the log of the scan. It was performed with Avast Resident Shield running. Only one question was asked about continuing to allow a non existent shortcut to Microsoft clock be omitted or...., I left it as it is. The scan...... ***** NORMAL SCAN FOR ACTIVE MALWARE ***** Trojan Remover Ver 6.7.4.2554. For information, email support@simplysup1.com [Unregistered version] Scan started at: 9:33:06 PM 01 Dec 2008 Using Database v7215 Operating System: Windows XP SP2 [Windows XP Media Center Edition Service Pack 2 (Build 2600)] File System: NTFS Data directory: C:\Documents and Settings\gza\Application Data\Simply Super Software\Trojan Remover\ Database directory: C:\Program Files\Trojan Remover\ Logfile directory: C:\Documents and Settings\gza\My Documents\Simply Super Software\Trojan Remover Logfiles\ Program directory: C:\Program Files\Trojan Remover\ Running with Administrator privileges *********************************************** ************* The following Anti-Malware program(s) are loaded: Avast! Antivirus *********************************************** ************* *********************************************** ************* 9:33:06 PM: Scanning ----------WIN.INI----------- WIN.INI found in C:\WINDOWS *********************************************** ************* 9:33:06 PM: Scanning --------SYSTEM.INI--------- SYSTEM.INI found in C:\WINDOWS *********************************************** ************* 9:33:06 PM: ----- SCANNING FOR ROOTKIT SERVICES ----- No hidden Services were detected. *********************************************** ************* 9:33:57 PM: Scanning -----WINDOWS REGISTRY----- -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon This key's "Shell" value calls the following program(s): File: Explorer.exe C:\WINDOWS\Explorer.exe 1032192 bytes Created: 8/5/2004 Modified: 8/5/2004 Company: Microsoft Corporation ---------- This key's "Userinit" value calls the following program(s): File: C:\WINDOWS\system32\userinit.exe C:\WINDOWS\system32\userinit.exe 24576 bytes Created: 11/27/2008 Modified: 8/5/2004 Company: Microsoft Corporation ---------- This key's "System" value appears to be blank ---------- This key's "UIHost" value calls the following program: File: logonui.exe C:\WINDOWS\system32\logonui.exe 514560 bytes Created: 8/5/2004 Modified: 8/5/2004 Company: Microsoft Corporation ---------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Value Name: load -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Value Name: COMODO Firewall Pro Value Data: "C:\Program Files\COMODO\Firewall\cfp.exe" -h C:\Program Files\COMODO\Firewall\cfp.exe 1796856 bytes Created: 2/3/2008 Modified: 11/26/2008 Company: -------------------- Value Name: Adobe Reader Speed Launcher Value Data: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [file not found to scan] -------------------- Value Name: UpdReg Value Data: C:\WINDOWS\UpdReg.EXE C:\WINDOWS\UpdReg.EXE 90112 bytes Created: 3/9/2008 Modified: 5/11/2000 Company: Creative Technology Ltd. -------------------- Value Name: Jet Detection Value Data: "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe 28672 bytes Created: 3/9/2008 Modified: 11/29/2001 Company: -------------------- Value Name: WINDVDPatch Value Data: CTHELPER.EXE C:\WINDOWS\system32\CTHELPER.EXE 24576 bytes Created: 3/9/2008 Modified: 7/2/2002 Company: Creative Technology Ltd -------------------- Value Name: NeroFilterCheck Value Data: C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe 153136 bytes Created: 3/1/2007 Modified: 3/1/2007 Company: Nero AG -------------------- Value Name: NBKeyScan Value Data: "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe 1828136 bytes Created: 8/8/2007 Modified: 8/8/2007 Company: Nero AG -------------------- Value Name: iTunesHelper Value Data: "C:\Program Files\iTunes\iTunesHelper.exe" C:\Program Files\iTunes\iTunesHelper.exe 267064 bytes Created: 9/26/2007 Modified: 9/26/2007 Company: Apple Inc. -------------------- Value Name: ATIPTA Value Data: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe 344064 bytes Created: 8/29/2008 Modified: 11/30/2004 Company: ATI Technologies, Inc. -------------------- Value Name: CanonSolutionMenu Value Data: C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe 644696 bytes Created: 11/20/2008 Modified: 5/15/2007 Company: CANON INC. -------------------- Value Name: CanonMyPrinter Value Data: C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon C:\Program Files\Canon\MyPrinter\BJMyPrt.exe 1603152 bytes Created: 11/20/2008 Modified: 4/4/2007 Company: CANON INC. -------------------- Value Name: SSBkgdUpdate Value Data: "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe 210472 bytes Created: 10/25/2006 Modified: 10/25/2006 Company: Nuance Communications, Inc. -------------------- Value Name: OpwareSE4 Value Data: "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe 79400 bytes Created: 2/4/2007 Modified: 2/4/2007 Company: Nuance Communications, Inc. -------------------- Value Name: avast! Value Data: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 81000 bytes Created: 11/26/2008 Modified: 11/19/2008 Company: ALWIL Software -------------------- Value Name: COMODO Internet Security Value Data: "C:\Program Files\COMODO\Firewall\cfp.exe" -h C:\Program Files\COMODO\Firewall\cfp.exe 1796856 bytes Created: 2/3/2008 Modified: 11/26/2008 Company: -------------------- Value Name: PWRISOVM.EXE Value Data: C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\PowerISO\PWRISOVM.EXE 217088 bytes Created: 1/20/2008 Modified: 1/20/2008 Company: PowerISO Computing, Inc. -------------------- Value Name: GrooveMonitor Value Data: "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe 33648 bytes Created: 8/24/2007 Modified: 8/24/2007 Company: Microsoft Corporation -------------------- Value Name: TrojanScanner Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot C:\Program Files\Trojan Remover\Trjscan.exe 1231752 bytes Created: 12/1/2008 Modified: 11/29/2008 Company: Simply Super Software -------------------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Once This Registry Key appears to be empty -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Service s This Registry Key appears to be empty -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Service sOnce This Registry Key appears to be empty -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run OnceEx This Registry Key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Value Name: ctfmon.exe Value Data: C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\ctfmon.exe 15360 bytes Created: 8/5/2004 Modified: 8/5/2004 Company: Microsoft Corporation -------------------- Value Name: MSMSGS Value Data: "C:\Program Files\Messenger\msmsgs.exe" /background C:\Program Files\Messenger\msmsgs.exe 1694208 bytes Created: 2/3/2008 Modified: 10/14/2004 Company: Microsoft Corporation -------------------- Value Name: Picasa Media Detector Value Data: C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe 443968 bytes Created: 8/21/2008 Modified: 8/21/2008 Company: Google Inc. -------------------- Value Name: LightScribe Control Panel Value Data: C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe 2295072 bytes Created: 12/5/2007 Modified: 12/5/2007 Company: Hewlett-Packard Company -------------------- Value Name: SpybotSD TeaTimer Value Data: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe - this entry is globally excluded -------------------- Value Name: Free Download Manager Value Data: "C:\Program Files\Free Download Manager\fdm.exe" -autorun C:\Program Files\Free Download Manager\fdm.exe 2474031 bytes Created: 11/29/2008 Modified: 5/20/2008 Company: FreeDownloadManager.ORG -------------------- Value Name: DAEMON Tools Lite Value Data: "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun C:\Program Files\DAEMON Tools Lite\daemon.exe 490952 bytes Created: 7/25/2008 Modified: 7/25/2008 Company: DT Soft Ltd -------------------- Value Name: BitComet Value Data: "C:\Program Files\BitComet\BitComet.exe" /tray C:\Program Files\BitComet\BitComet.exe 2511672 bytes Created: 11/12/2008 Modified: 11/12/2008 Company: www.BitComet.com -------------------- Value Name: AlcoholAutomount Value Data: "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe 203720 bytes Created: 11/23/2008 Modified: 11/23/2008 Company: Alcohol Soft Development Team -------------------- -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Once This Registry Key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Services This Registry Key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Services Once This Registry Key appears to be empty *********************************************** ************* 9:34:02 PM: Scanning -----SHELLEXECUTEHOOKS----- ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972} File: shell32.dll - this file is expected and has been left in place ---------- ValueName: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} Value: Groove GFS Stub Execution Hook File: C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll 2212224 bytes Created: 8/24/2007 Modified: 8/24/2007 Company: Microsoft Corporation ---------- ValueName: {56F9679E-7826-4C84-81F3-532071A8BCC5} File: C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll 304128 bytes Created: 5/26/2008 Modified: 5/26/2008 Company: Microsoft Corporation ---------- *********************************************** ************* 9:34:02 PM: Scanning -----HIDDEN REGISTRY ENTRIES----- Taskdir check completed ---------- No Hidden File-loading Registry Entries found ---------- *********************************************** ************* 9:34:03 PM: Scanning -----ACTIVE SCREENSAVER----- ScreenSaver: C:\WINDOWS\system32\ssmyst.scr C:\WINDOWS\system32\ssmyst.scr 18944 bytes Created: 8/5/2004 Modified: 8/5/2004 Company: Microsoft Corporation -------------------- *********************************************** ************* 9:34:03 PM: Scanning ----- REGISTRY ACTIVE SETUP KEYS ----- Key: {10880D85-AAD9-4558-ABDC-2AB1552D831F} Path: "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" C:\Program Files\Common Files\LightScribe\LSRunOnce.exe 451872 bytes Created: 12/5/2007 Modified: 12/5/2007 Company: Hewlett-Packard Company ---------- Key: {F694A837-7963-14ED-7395-DDF81D882098} Path: C:\WINDOWS:pmagic85.exe C:\WINDOWS:pmagic85.exe [file not found to scan] ---------- *********************************************** ************* 9:34:04 PM: Scanning ----- SERVICEDLL REGISTRY KEYS ----- Key: HidServ %SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found) -------------------- *********************************************** ************* 9:34:05 PM: Scanning ----- SERVICES REGISTRY KEYS ----- Key: aawservice ImagePath: "C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe" C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe 561152 bytes Created: 7/6/2007 Modified: 7/6/2007 Company: Lavasoft AB ---------- Key: Ad-Watch Connect Filter ImagePath: \??\C:\WINDOWS\system32\drivers\NSDriver.sys C:\WINDOWS\system32\drivers\NSDriver.sys 9344 bytes Created: 6/4/2007 Modified: 6/4/2007 Company: Lavasoft AB ---------- Key: AmdK7 ImagePath: system32\DRIVERS\amdk7.sys C:\WINDOWS\system32\DRIVERS\amdk7.sys 37376 bytes Created: 11/27/2008 Modified: 8/5/2004 Company: Microsoft Corporation ---------- Key: aswFsBlk ImagePath: system32\DRIVERS\aswFsBlk.sys C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys 20560 bytes Created: 11/26/2008 Modified: 11/19/2008 Company: ALWIL Software ---------- Key: aswUpdSv ImagePath: "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 18752 bytes Created: 11/26/2008 Modified: 11/19/2008 Company: ALWIL Software ---------- Key: ATI Smart ImagePath: C:\WINDOWS\system32\ati2sgag.exe C:\WINDOWS\system32\ati2sgag.exe 516096 bytes Created: 8/29/2008 Modified: 11/30/2004 Company: ---------- Key: avast! Antivirus ImagePath: "C:\Program Files\Alwil Software\Avast4\ashServ.exe" C:\Program Files\Alwil Software\Avast4\ashServ.exe 155160 bytes Created: 11/26/2008 Modified: 11/19/2008 Company: ALWIL Software ---------- Key: avast! Mail Scanner ImagePath: "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 254040 bytes Created: 11/26/2008 Modified: 11/19/2008 Company: ALWIL Software ---------- Key: avast! Web Scanner ImagePath: "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 352920 bytes Created: 11/26/2008 Modified: 11/19/2008 Company: ALWIL Software ---------- Key: cmdAgent ImagePath: "C:\Program Files\COMODO\Firewall\cmdagent.exe" C:\Program Files\COMODO\Firewall\cmdagent.exe 618232 bytes Created: 2/3/2008 Modified: 11/26/2008 Company: ---------- Key: cmdGuard ImagePath: System32\DRIVERS\cmdguard.sys C:\WINDOWS\System32\DRIVERS\cmdguard.sys 99216 bytes Created: 2/3/2008 Modified: 11/26/2008 Company: COMODO ---------- Key: cmdHlp ImagePath: System32\DRIVERS\cmdhlp.sys C:\WINDOWS\System32\DRIVERS\cmdhlp.sys 31504 bytes Created: 2/3/2008 Modified: 11/26/2008 Company: COMODO ---------- Key: ctac32k ImagePath: System32\drivers\ctac32k.sys C:\WINDOWS\System32\drivers\ctac32k.sys 127948 bytes Created: 3/9/2008 Modified: 7/19/2002 Company: Creative Technology Ltd ---------- Key: ctaud2k ImagePath: system32\drivers\ctaud2k.sys C:\WINDOWS\system32\drivers\ctaud2k.sys 837548 bytes Created: 3/9/2008 Modified: 7/19/2002 Company: Creative Technology Ltd ---------- Key: ctprxy2k ImagePath: System32\drivers\ctprxy2k.sys C:\WINDOWS\System32\drivers\ctprxy2k.sys 11068 bytes Created: 3/9/2008 Modified: 7/19/2002 Company: Creative Technology Ltd ---------- Key: ctsfm2k ImagePath: System32\drivers\ctsfm2k.sys C:\WINDOWS\System32\drivers\ctsfm2k.sys 213860 bytes Created: 3/9/2008 Modified: 7/19/2002 Company: Creative Technology Ltd ---------- Key: Droppix Service ImagePath: "C:\Program Files\Common Files\Droppix\DxService.exe" C:\Program Files\Common Files\Droppix\DxService.exe 147456 bytes Created: 2/9/2008 Modified: 11/22/2007 Company: Droppix ---------- Key: ehRecvr ImagePath: C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehRecvr.exe 194560 bytes Created: 2/4/2008 Modified: 8/10/2004 Company: Microsoft Corporation ---------- Key: emupia ImagePath: System32\drivers\emupia2k.sys C:\WINDOWS\System32\drivers\emupia2k.sys 156604 bytes Created: 3/9/2008 Modified: 7/19/2002 Company: Creative Technology Ltd ---------- Key: GoogleDesktopManager-093007-112848 ImagePath: "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe 29744 bytes Created: 2/29/2008 Modified: 2/29/2008 Company: Google ---------- Key: gusvc ImagePath: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 168432 bytes Created: 2/29/2008 Modified: 11/27/2008 Company: Google ---------- Key: ha10kx2k ImagePath: system32\drivers\ha10kx2k.sys C:\WINDOWS\system32\drivers\ha10kx2k.sys 998004 bytes Created: 3/9/2008 Modified: 7/24/2002 Company: Creative Technology Ltd ---------- Key: HDDSvc ImagePath: C:\WINDOWS\system32\HDDSvc.exe C:\WINDOWS\system32\HDDSvc.exe 189704 bytes Created: 12/3/2007 Modified: 12/3/2007 Company: AltrixSoft (http://www.altrixsoft.com/) ---------- Key: HSFHWBS2 ImagePath: system32\DRIVERS\HSFBS2S2.sys C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys 220032 bytes Created: 2/4/2008 Modified: 8/4/2004 Company: Conexant Systems, Inc. ---------- Key: HSF_DP ImagePath: system32\DRIVERS\HSFDPSP2.sys C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys 1041536 bytes Created: 2/4/2008 Modified: 8/4/2004 Company: Conexant Systems, Inc. ---------- Key: IDriverT ImagePath: "C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe" C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe 69632 bytes Created: 11/14/2005 Modified: 11/14/2005 Company: Macrovision Corporation ---------- Key: Inspect ImagePath: System32\DRIVERS\inspect.sys C:\WINDOWS\System32\DRIVERS\inspect.sys 79504 bytes Created: 2/3/2008 Modified: 11/26/2008 Company: COMODO ---------- Key: LiveUpdate ImagePath: "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE 2541248 bytes Created: 9/27/2008 Modified: 10/31/2006 Company: Symantec Corporation ---------- Key: LMIInfo ImagePath: \??\C:\Program Files\LogMeIn\x86\RaInfo.sys C:\Program Files\LogMeIn\x86\RaInfo.sys [file not found to scan] ---------- Key: lmimirr ImagePath: system32\DRIVERS\lmimirr.sys C:\WINDOWS\system32\DRIVERS\lmimirr.sys 10144 bytes Created: 8/3/2007 Modified: 8/3/2007 Company: LogMeIn, Inc. ---------- Key: LMIRfsDriver ImagePath: \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys C:\WINDOWS\system32\drivers\LMIRfsDriver.sys 46112 bytes Created: 2/24/2008 Modified: 8/3/2007 Company: LogMeIn, Inc. ---------- Key: mcdbus ImagePath: system32\DRIVERS\mcdbus.sys C:\WINDOWS\system32\DRIVERS\mcdbus.sys 116736 bytes Created: 2/22/2008 Modified: 7/28/2008 Company: MagicISO, Inc. ---------- Key: MSSQL$MSSMLBIZ ImagePath: "c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe 28933976 bytes Created: 4/14/2006 Modified: 4/14/2006 Company: Microsoft Corporation ---------- Key: MSSQLServerADHelper ImagePath: "c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe" c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [file not found to scan] ---------- Key: NCHSSVAD ImagePath: system32\drivers\nchssvad.sys C:\WINDOWS\system32\drivers\nchssvad.sys 26112 bytes Created: 2/17/2008 Modified: 2/17/2008 Company: NCH Swift Sound ---------- Key: Nero BackItUp Scheduler 3 ImagePath: C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe 836904 bytes Created: 8/8/2007 Modified: 8/8/2007 Company: Nero AG ---------- Key: NMIndexingService ImagePath: "C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe" C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe 382248 bytes Created: 8/3/2007 Modified: 8/3/2007 Company: Nero AG ---------- Key: ossrv ImagePath: system32\drivers\ctoss2k.sys C:\WINDOWS\system32\drivers\ctoss2k.sys 195432 bytes Created: 3/9/2008 Modified: 7/19/2002 Company: Creative Technology Ltd. ---------- Key: pcouffin ImagePath: System32\Drivers\pcouffin.sys C:\WINDOWS\System32\Drivers\pcouffin.sys 47360 bytes Created: 2/20/2008 Modified: 2/20/2008 Company: VSO Software ---------- Key: PfModNT ImagePath: \??\C:\WINDOWS\system32\PfModNT.sys C:\WINDOWS\system32\PfModNT.sys 6752 bytes Created: 3/9/2008 Modified: 12/17/1999 Company: Creative Technology Ltd. ---------- Key: Secdrv ImagePath: system32\DRIVERS\secdrv.sys C:\WINDOWS\system32\DRIVERS\secdrv.sys 27440 bytes Created: 11/27/2008 Modified: 8/5/2004 Company: ---------- Key: sfman ImagePath: system32\drivers\sfmanm.sys C:\WINDOWS\system32\drivers\sfmanm.sys 36480 bytes Created: 3/8/2008 Modified: 8/17/2001 Company: Creative Technology Ltd. ---------- Key: sptd ImagePath: System32\Drivers\sptd.sys - this file is globally excluded ---------- Key: spupdsvc ImagePath: C:\WINDOWS\system32\spupdsvc.exe C:\WINDOWS\system32\spupdsvc.exe 26488 bytes Created: 2/4/2008 Modified: 8/10/2007 Company: Microsoft Corporation ---------- Key: SQLBrowser ImagePath: "c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe" c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [file not found to scan] ---------- Key: StarWindServiceAE ImagePath: C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe 275968 bytes Created: 5/29/2007 Modified: 5/29/2007 Company: Rocket Division Software ---------- Key: SwPrv ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{49616F02-7E33-43B4-9E8B-CD403DA9BBD2} C:\WINDOWS\system32\dllhost.exe 5120 bytes Created: 8/5/2004 Modified: 8/5/2004 Company: Microsoft Corporation ---------- Key: TVICHW32 ImagePath: \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS 23600 bytes Created: 2/9/2008 Modified: 12/4/2007 Company: EnTech Taiwan ---------- Key: usnjsvc ImagePath: "C:\Program Files\MSN Messenger\usnsvc.exe" C:\Program Files\MSN Messenger\usnsvc.exe 97136 bytes Created: 1/19/2007 Modified: 1/19/2007 Company: Microsoft Corporation ---------- Key: viaagp ImagePath: system32\DRIVERS\viaagp.sys C:\WINDOWS\system32\DRIVERS\viaagp.sys 42240 bytes Created: 11/27/2008 Modified: 8/4/2004 Company: Microsoft Corporation ---------- Key: viaagp1 ImagePath: system32\DRIVERS\viaagp1.sys C:\WINDOWS\system32\DRIVERS\viaagp1.sys 32128 bytes Created: 9/2/2008 Modified: 7/24/2002 Company: VIA Technologies, Inc. ---------- Key: VMnetAdapter ImagePath: system32\DRIVERS\vmnetadapter.sys C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys [file not found to scan] ---------- Key: VMnetBridge ImagePath: system32\DRIVERS\vmnetbridge.sys C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys [file not found to scan] ---------- Key: VMnetuserif ImagePath: \??\C:\WINDOWS\system32\drivers\vmnetuserif.sys C:\WINDOWS\system32\drivers\vmnetuserif.sys [file not found to scan] ---------- Key: winachsf ImagePath: system32\DRIVERS\HSFCXTS2.sys C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys 685056 bytes Created: 2/4/2008 Modified: 8/4/2004 Company: Conexant Systems, Inc. ---------- *********************************************** ************* 9:34:19 PM: Scanning -----VXD ENTRIES----- Checking the following VxD entries: *********************************************** ************* 9:34:20 PM: Scanning ----- WINLOGON\NOTIFY DLLS ----- Key : AtiExtEvent DLLName: Ati2evxx.dll C:\WINDOWS\system32\Ati2evxx.dll 94208 bytes Created: 12/1/2004 Modified: 12/1/2004 Company: ATI Technologies Inc. ---------- Key : LMIinit DLLName: LMIinit.dll C:\WINDOWS\system32\LMIinit.dll 87352 bytes Created: 2/24/2008 Modified: 11/15/2007 Company: LogMeIn, Inc. ---------- *********************************************** ************* 9:34:20 PM: Scanning ----- CONTEXTMENUHANDLERS ----- Key: avast CLSID: {472083B0-C522-11CF-8763-00608CC02F24} Path: C:\Program Files\Alwil Software\Avast4\ashShell.dll C:\Program Files\Alwil Software\Avast4\ashShell.dll 76880 bytes Created: 11/26/2008 Modified: 11/19/2008 Company: ALWIL Software ---------- Key: Cover Designer CLSID: {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} Path: C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll 2102568 bytes Created: 8/4/2007 Modified: 8/4/2007 Company: Nero AG ---------- Key: HexWorkshopContextMenu CLSID: {DB34D5DC-D41A-482E-A5EF-8FA0F88761DA} Path: C:\Program Files\BreakPoint Software\Hex Workshop v5\hwext.dll C:\Program Files\BreakPoint Software\Hex Workshop v5\hwext.dll 62120 bytes Created: 1/6/2008 Modified: 1/6/2008 Company: BreakPoint Software, Inc. ---------- Key: MagicISO CLSID: {DB85C504-C730-49DD-BEC1-7B39C6103B7A} Path: C:\Program Files\MagicISO\misosh.dll C:\Program Files\MagicISO\misosh.dll 20992 bytes Created: 2/3/2008 Modified: 6/5/2006 Company: MagicISO, Inc. ---------- Key: PowerISO CLSID: {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} Path: C:\Program Files\PowerISO\PWRISOSH.DLL C:\Program Files\PowerISO\PWRISOSH.DLL 208896 bytes Created: 1/20/2008 Modified: 1/20/2008 Company: PowerISO Computing, Inc. ---------- Key: {0BD4AC2F-20DA-43e6-A2BB-CCA4A39B930D} Path: C:\Program Files\Droppix\Droppix Recorder 2\Droppix Recorder\DxShImgFile.dll C:\Program Files\Droppix\Droppix Recorder 2\Droppix Recorder\DxShImgFile.dll 253952 bytes Created: 3/2/2008 Modified: 11/22/2007 Company: Droppix ---------- Key: {100BD527-7304-4b7f-BEE2-26D97B04EBA4} Path: C:\Program Files\Nero\Nero8\Nero BackItUp\NBShell.dll C:\Program Files\Nero\Nero8\Nero BackItUp\NBShell.dll 255272 bytes Created: 8/8/2007 Modified: 8/8/2007 Company: Nero AG ---------- *********************************************** ************* 9:34:22 PM: Scanning ----- FOLDER\COLUMNHANDLERS ----- Key: {7D4D6379-F301-4311-BEBA-E26EB0561882} File: C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll 1803560 bytes Created: 8/8/2007 Modified: 8/8/2007 Company: Nero AG ---------- Key: {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} File: "C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll" C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll [file not found to scan] ---------- *********************************************** ************* 9:34:22 PM: Scanning ----- BROWSER HELPER OBJECTS ----- Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} BHO: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll 62080 bytes Created: 10/22/2006 Modified: 10/22/2006 Company: Adobe Systems Incorporated ---------- Key: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} BHO: C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll 656696 bytes Created: 8/11/2008 Modified: 8/11/2008 Company: BitComet ---------- Key: {53707962-6F74-2D53-2644-206D7942484F} BHO: C:\PROGRA~1\SPYBOT~1\SDHelper.dll C:\PROGRA~1\SPYBOT~1\SDHelper.dll - file is excluded from scanning [SPYBOT S&D file] ---------- Key: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} BHO: C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll - file already scanned ---------- Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} BHO: C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll 501136 bytes Created: 2/3/2008 Modified: 9/25/2007 Company: Sun Microsystems, Inc. ---------- Key: {9030D464-4C02-4ABF-8ECC-5164760863C6} BHO: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll 322368 bytes Created: 8/31/2006 Modified: 8/31/2006 Company: Microsoft Corporation ---------- Key: {a33fa729-d155-4b23-842b-2c665ecabdb6} BHO: C:\Program Files\The_Pirate_Bay\tbThe_.dll C:\Program Files\The_Pirate_Bay\tbThe_.dll 1470488 bytes Created: 3/3/2008 Modified: 2/28/2008 Company: Conduit Ltd. ---------- Key: {AA58ED58-01DD-4d91-8333-CF10577473F7} BHO: c:\program files\google\googletoolbar1.dll c:\program files\google\googletoolbar1.dll -R- 2554944 bytes Created: 2/29/2008 Modified: 2/29/2008 Company: Google Inc. ---------- Key: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} BHO: C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\sw g.dll C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\sw g.dll 657904 bytes Created: 11/27/2008 Modified: 11/27/2008 Company: Google Inc. ---------- Key: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} BHO: C:\Program Files\Free Download Manager\iefdm2.dll C:\Program Files\Free Download Manager\iefdm2.dll 94208 bytes Created: 11/29/2008 Modified: 11/26/2007 Company: ---------- *********************************************** ************* 9:34:24 PM: Scanning ----- SHELLSERVICEOBJECTS ----- Key: WPDShServiceObj CLSID: {AAA288BA-9A4C-45B0-95D7-94D524869DB5} Path: C:\WINDOWS\system32\WPDShServiceObj.dll C:\WINDOWS\system32\WPDShServiceObj.dll 133632 bytes Created: 10/18/2006 Modified: 10/18/2006 Company: Microsoft Corporation ---------- *********************************************** ************* 9:34:25 PM: Scanning ----- SHAREDTASKSCHEDULER ENTRIES ----- *********************************************** ************* 9:34:25 PM: Scanning ----- IMAGEFILE DEBUGGERS ----- No "Debugger" entries found. *********************************************** ************* 9:34:25 PM: Scanning ----- APPINIT_DLLS ----- AppInitDLLs entry = [C:\WINDOWS\system32\guard32.dll C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL] File: C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\guard32.dll 143096 bytes Created: 2/3/2008 Modified: 11/26/2008 Company: ---------- File: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL 118784 bytes Created: 2/29/2008 Modified: 2/29/2008 Company: Google ---------- *********************************************** ************* 9:34:25 PM: Scanning ----- SECURITY PROVIDER DLLS ----- *********************************************** ************* 9:34:25 PM: Scanning ------ COMMON STARTUP GROUP ------ [C:\Documents and Settings\All Users\Start Menu\Programs\Startup] The Common Startup Group attempts to load the following file(s) at boot time: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe 113664 bytes Created: 11/29/2008 Modified: 11/4/1999 Company: Adobe Systems, Inc. Adobe Gamma Loader.lnk - links to C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe -------------------- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini -HS- 84 bytes Created: 2/4/2008 Modified: 9/2/2008 Company: -------------------- C:\Program Files\Windows Desktop Search\WindowsSearch.exe 123904 bytes Created: 5/26/2008 Modified: 5/26/2008 Company: Microsoft Corporation Windows Search.lnk - links to C:\Program Files\Windows Desktop Search\WindowsSearch.exe -------------------- *********************************************** ************* 9:34:26 PM: Scanning ------ USER STARTUP GROUPS ------ -------------------- Checking Startup Group for: gza [C:\Documents and Settings\gza\START MENU\PROGRAMS\STARTUP] The Startup Group for gza attempts to load the following file(s): C:\Documents and Settings\gza\START MENU\PROGRAMS\STARTUP\desktop.ini -HS- 84 bytes Created: 2/3/2008 Modified: 2/3/2008 Company: ---------- C:\Program Files\MagicDisc\MagicDisc.exe 575488 bytes Created: 2/22/2008 Modified: 7/28/2008 Company: MagicISO, Inc. MagicDisc.lnk - links to C:\Program Files\MagicDisc\MagicDisc.exe ---------- C:\Program Files\Microsoft Office\Office12\GROOVE.EXE 340856 bytes Created: 8/29/2007 Modified: 8/29/2007 Company: Microsoft Corporation Microsoft Office Groove.lnk - links to C:\Program Files\Microsoft Office\Office12\GROOVE.EXE ---------- Microsoft Works Calendar Reminders.lnk - links to C:\Program Files\MSWorks\Calendar\WKCALREM.EXE [file not found to scan] ---------- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE 101440 bytes Created: 12/7/2007 Modified: 12/7/2007 Company: Microsoft Corporation OneNote 2007 Screen Clipper and Launcher.lnk - links to C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE ---------- C:\Documents and Settings\gza\START MENU\PROGRAMS\STARTUP\PowerReg Scheduler.exe 256000 bytes Created: 5/13/2008 Modified: 5/13/2008 Company: ---------- *********************************************** ************* 9:35:14 PM: Scanning ----- SCHEDULED TASKS ----- Taskname: AppleSoftwareUpdate.job File: C:\Program Files\Apple Software Update\SoftwareUpdate.exe C:\Program Files\Apple Software Update\SoftwareUpdate.exe 566592 bytes Created: 7/30/2008 Modified: 7/30/2008 Company: Apple Inc. Parameters: -task Next Run Time: 12/6/2008 11:29:00 PM Status: The task is ready to run at its next scheduled time Creator: SYSTEM Comments: [blank] ---------- Taskname: Norton Security Scan.job File: C:\Program Files\Norton Security Scan\Nss.exe Parameters: /scan-full /scheduled Next Run Time: 12/5/2008 3:00:00 PM Status: The task is ready to run at its next scheduled time Creator: gza Comments: Norton Security Scan C:\Program Files\Norton Security Scan\Nss.exe [file not found to scan] ---------- Taskname: Windows Update.job File: C:\WINDOWS\system32\wupdmgr.exe C:\WINDOWS\system32\wupdmgr.exe 32256 bytes Created: 8/5/2004 Modified: 8/5/2004 Company: Microsoft Corporation Parameters: [blank] Next Run Time: Never Status: The task is ready to run at its next scheduled time Creator: gza Comments: [blank] ---------- *********************************************** ************* 9:35:14 PM: Scanning ----- SHELLICONOVERLAYIDENTIFIERS ----- *********************************************** ************* 9:35:14 PM: ----- ADDITIONAL CHECKS ----- PE386 rootkit checks completed ---------- Winlogon registry rootkit checks completed ---------- Heuristic checks for hidden files/drivers completed ---------- Layered Service Provider entries checks completed ---------- Windows Explorer Policies checks completed ---------- Desktop Wallpaper: C:\Documents and Settings\gza\Local Settings\Application Data\Microsoft\Wallpaper1.bmp C:\Documents and Settings\gza\Local Settings\Application Data\Microsoft\Wallpaper1.bmp 1440054 bytes Created: 9/1/2008 Modified: 10/8/2008 Company: ---------- Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp C:\Documents and Settings\gza\Local Settings\Application Data\Microsoft\Wallpaper1.bmp 1440054 bytes Created: 9/1/2008 Modified: 10/8/2008 Company: ---------- Checks for rogue DNS NameServers completed ---------- Additional checks completed *********************************************** ************* 9:35:15 PM: Scanning ----- RUNNING PROCESSES ----- C:\WINDOWS\System32\smss.exe -------------------- C:\WINDOWS\system32\csrss.exe -------------------- C:\WINDOWS\system32\winlogon.exe -------------------- C:\WINDOWS\system32\services.exe -------------------- C:\WINDOWS\system32\lsass.exe -------------------- C:\WINDOWS\system32\Ati2evxx.exe -------------------- C:\WINDOWS\system32\svchost.exe -------------------- C:\WINDOWS\system32\svchost.exe - file already scanned -------------------- C:\WINDOWS\System32\svchost.exe - file already scanned -------------------- C:\WINDOWS\system32\svchost.exe - file already scanned -------------------- C:\WINDOWS\system32\svchost.exe - file already scanned -------------------- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe - file already scanned -------------------- C:\Program Files\Alwil Software\Avast4\ashServ.exe - file already scanned -------------------- C:\WINDOWS\system32\spoolsv.exe -------------------- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe - file already scanned -------------------- C:\Program Files\COMODO\Firewall\cmdagent.exe - file already scanned -------------------- C:\WINDOWS\eHome\ehRecvr.exe - file already scanned -------------------- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe - file already scanned -------------------- C:\WINDOWS\system32\HDDSvc.exe - file already scanned -------------------- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -------------------- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe - file already scanned -------------------- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe - file already scanned -------------------- C:\WINDOWS\system32\spupdsvc.exe - file already scanned -------------------- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -------------------- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe - file already scanned -------------------- C:\WINDOWS\system32\svchost.exe - file already scanned -------------------- C:\WINDOWS\system32\SearchIndexer.exe -------------------- C:\WINDOWS\ehome\medctrro.exe -------------------- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe - file already scanned -------------------- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe - file already scanned -------------------- C:\WINDOWS\System32\alg.exe -------------------- C:\WINDOWS\system32\Ati2evxx.exe -------------------- C:\WINDOWS\Explorer.EXE - file already scanned -------------------- C:\WINDOWS\system32\wuauclt.exe -------------------- C:\WINDOWS\system32\devldr32.exe -------------------- C:\Program Files\COMODO\Firewall\cfp.exe - file already scanned -------------------- C:\WINDOWS\system32\CTHELPER.EXE - file already scanned -------------------- C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe - file already scanned -------------------- C:\Program Files\iTunes\iTunesHelper.exe - file already scanned -------------------- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe - file already scanned -------------------- C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe - file already scanned -------------------- C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe - file already scanned -------------------- C:\Program Files\PowerISO\PWRISOVM.EXE - file already scanned -------------------- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe - file already scanned -------------------- C:\WINDOWS\system32\ctfmon.exe - file already scanned -------------------- C:\Program Files\Messenger\msmsgs.exe - file already scanned -------------------- C:\Program Files\Free Download Manager\fdm.exe - file already scanned -------------------- C:\Program Files\DAEMON Tools Lite\daemon.exe - file already scanned -------------------- C:\Program Files\BitComet\BitComet.exe - file already scanned -------------------- C:\Program Files\Windows Desktop Search\WindowsSearch.exe -------------------- C:\Program Files\iPod\bin\iPodService.exe -------------------- C:\WINDOWS\system32\taskmgr.exe -------------------- C:\Documents and Settings\gza\Application Data\Simply Super Software\Trojan Remover\xij24.exe FileSize: 2884472 [This is a Trojan Remover component] -------------------- C:\WINDOWS\system32\notepad.exe -------------------- *********************************************** ************* 9:35:22 PM: Checking AUTOEXEC.BAT file AUTOEXEC.BAT found in C:\ No malicious entries were found in the AUTOEXEC.BAT file *********************************************** ************* 9:35:22 PM: Checking AUTOEXEC.NT file AUTOEXEC.NT found in C:\WINDOWS\system32 No malicious entries were found in the AUTOEXEC.NT file *********************************************** ************* 9:35:22 PM: Checking HOSTS file No malicious entries were found in the HOSTS file *********************************************** ************* ------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------ HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page": go.microsoft.com HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page": %SystemRoot%\system32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page": go.microsoft.com HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL": go.microsoft.com HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL": go.microsoft.com HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch": ie.search.msn.com m HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant": ie.search.msn.com m HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page": http://www.kol.co.nz/ HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page": C:\WINDOWS\system32\blank.htm HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page": http://www.google.com HKCU\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL": http://www.kol.co.nz HKCU\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL": www.google.com *********************************************** ************* === NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES === Scan completed at: 9:35:22 PM 01 Dec 2008 Total Scan time: 00:02:15 *********************************************** ************* I'll be back with info on com behaviour after recommended fixes. I'm certain and confident your pointers will make an improvement to the com. I know, I still need more RAM. Perhaps I don't have the resources to effectively run MS Office Enterprise 2007 on this machine. First things first though. Thanks to all of you. gza. |
gza (13233) | ||
| 1 2 3 | |||||