| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 92245 | 2008-08-03 06:53:00 | HJT and AVG 7.5 trojan...pls help!!! | puffins808 (14043) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 694626 | 2008-08-04 12:35:00 | ***** NORMAL SCAN FOR ACTIVE MALWARE ***** Trojan Remover Ver 6.7.1.2538. For information, email support@simplysup1.com [Unregistered version] Scan started at: 1:41:59 AM 04 Aug 2008 Using Database v7088 Operating System: Windows XP SP3 [Windows XP Home Edition Service Pack 3 (Build 2600)] File System: NTFS Data directory: C:\Documents and Settings\Temp\Application Data\Simply Super Software\Trojan Remover\ Database directory: C:\Program Files\Trojan Remover\ Logfile directory: C:\Documents and Settings\Temp\My Documents\Simply Super Software\Trojan Remover Logfiles\ Program directory: C:\Program Files\Trojan Remover\ Running with Administrator privileges ************************************************** ********** The following Anti-Malware program(s) are loaded: Avast! Antivirus ************************************************** ********** ************************************************** ********** 1:41:59 AM: Scanning ----------WIN.INI----------- WIN.INI found in C:\WINXP ************************************************** ********** 1:41:59 AM: Scanning --------SYSTEM.INI--------- SYSTEM.INI found in C:\WINXP ************************************************** ********** 1:41:59 AM: ----- SCANNING FOR ROOTKIT SERVICES ----- No hidden Services were detected. ************************************************** ********** 1:42:00 AM: Scanning -----WINDOWS REGISTRY----- -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon This key's "Shell" value calls the following program(s): File: Explorer.exe C:\WINXP\Explorer.exe 1033728 bytes Created: 8/4/2004 Modified: 4/13/2008 Company: Microsoft Corporation ---------- This key's "Userinit" value calls the following program(s): File: C:\WINXP\system32\userinit.exe C:\WINXP\system32\userinit.exe 26112 bytes Created: 8/4/2004 Modified: 4/13/2008 Company: Microsoft Corporation ---------- This key's "System" value appears to be blank ---------- This key's "UIHost" value calls the following program: File: logonui.exe C:\WINXP\system32\logonui.exe 514560 bytes Created: 8/4/2004 Modified: 4/13/2008 Company: Microsoft Corporation ---------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Value Name: load -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Value Name: HotKeysCmds Value Data: C:\WINXP\system32\hkcmd.exe C:\WINXP\system32\hkcmd.exe 118784 bytes Created: 5/3/2007 Modified: 10/1/2003 Company: Intel Corporation -------------------- Value Name: AGRSMMSG Value Data: AGRSMMSG.exe C:\WINXP\AGRSMMSG.exe -R- 88363 bytes Created: 5/3/2007 Modified: 2/19/2004 Company: Agere Systems -------------------- Value Name: Apoint Value Data: C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Apoint2K\Apoint.exe -R- 163840 bytes Created: 9/17/2004 Modified: 7/2/2004 Company: Alps Electric Co., Ltd. -------------------- Value Name: IntelWireless Value Data: C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe 385024 bytes Created: 8/16/2004 Modified: 8/16/2004 Company: Intel Corporation -------------------- Value Name: EOUApp Value Data: C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe 356352 bytes Created: 8/16/2004 Modified: 8/16/2004 Company: Intel Corporation -------------------- Value Name: IndicatorUtility Value Data: C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe 81920 bytes Created: 9/17/2004 Modified: 8/4/2004 Company: FUJITSU LIMITED -------------------- Value Name: LoadFujitsuQuickTouch Value Data: C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe 242688 bytes Created: 9/17/2004 Modified: 8/10/2004 Company: FUJITSU LIMITED -------------------- Value Name: LoadBtnHnd Value Data: C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe 61440 bytes Created: 9/17/2004 Modified: 8/10/2004 Company: FUJITSU LIMITED -------------------- Value Name: DeviceDiscovery Value Data: C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe 229437 bytes Created: 5/21/2003 Modified: 5/21/2003 Company: Hewlett-Packard -------------------- Value Name: SPAMfighter Agent Value Data: "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60 C:\Program Files\SPAMfighter\SFAgent.exe 321160 bytes Created: 7/14/2008 Modified: 4/30/2008 Company: SPAMfighter ApS -------------------- Value Name: AppleSyncNotifier Value Data: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe 116040 bytes Created: 7/10/2008 Modified: 7/10/2008 Company: Apple Inc. -------------------- Value Name: iTunesHelper Value Data: "C:\Program Files\iTunes\iTunesHelper.exe" C:\Program Files\iTunes\iTunesHelper.exe 289064 bytes Created: 7/30/2008 Modified: 7/30/2008 Company: Apple Inc. -------------------- Value Name: avast! Value Data: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 78008 bytes Created: 8/3/2008 Modified: 7/19/2008 Company: ALWIL Software -------------------- Value Name: TrojanScanner Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot C:\Program Files\Trojan Remover\Trjscan.exe 909904 bytes Created: 8/4/2008 Modified: 7/30/2008 Company: Simply Super Software -------------------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Once This Registry Key appears to be empty -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run OnceEx This Registry Key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Value Name: DrvMon.exe Value Data: C:\WINXP\system32\DrvMon.exe C:\WINXP\system32\DrvMon.exe 53248 bytes Created: 7/13/2007 Modified: 6/14/2006 Company: Alcor Micro, Corp. -------------------- Value Name: ctfmon.exe Value Data: C:\WINXP\system32\ctfmon.exe C:\WINXP\system32\ctfmon.exe 15360 bytes Created: 8/4/2004 Modified: 4/13/2008 Company: Microsoft Corporation -------------------- Value Name: Aim6 Value Data: Blank entry: [] -------------------- Value Name: Value Data: Blank entry: [] -------------------- Value Name: Creative Detector Value Data: C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe 98304 bytes Created: 6/9/2008 Modified: 10/5/2004 Company: Creative Technology Ltd -------------------- Value Name: Performance Center Value Data: C:\Program Files\Ascentive\Performance Center\APCMain.exe -m C:\Program Files\Ascentive\Performance Center\APCMain.exe [file not found to scan] -------------------- -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Once This Registry Key appears to be empty ************************************************** ********** 1:42:03 AM: Scanning -----SHELLEXECUTEHOOKS----- ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972} File: shell32.dll - this file is expected and has been left in place ---------- ************************************************** ********** 1:42:03 AM: Scanning -----HIDDEN REGISTRY ENTRIES----- Taskdir check completed ---------- No Hidden File-loading Registry Entries found ---------- ************************************************** ********** 1:42:04 AM: Scanning -----ACTIVE SCREENSAVER----- No active ScreenSaver found to scan. ************************************************** ********** 1:42:04 AM: Scanning ----- REGISTRY ACTIVE SETUP KEYS ----- Key: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} Path: C:\WINXP\system32\ieudinit.exe C:\WINXP\system32\ieudinit.exe 13824 bytes Created: 11/7/2006 Modified: 4/21/2008 Company: Microsoft Corporation ---------- Key: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} Path: C:\WINXP\inf\unregmp2.exe /ShowWMP C:\WINXP\inf\unregmp2.exe 317440 bytes Created: 8/4/2004 Modified: 6/26/2007 Company: Microsoft Corporation ---------- Key: >{26923b43-4d38-484f-9b9e-de460746276c} Path: %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE C:\WINXP\system32\shmgrate.exe 45056 bytes Created: 8/4/2004 Modified: 4/13/2008 Company: Microsoft Corporation ---------- Key: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} Path: RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP C:\WINXP\system32\IEDKCS32.DLL 384512 bytes Created: 8/4/2004 Modified: 4/22/2008 Company: Microsoft Corporation ---------- Key: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS Path: RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP C:\WINXP\system32\IEDKCS32.DLL - file already scanned ---------- Key: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} Path: %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE C:\WINXP\system32\shmgrate.exe 45056 bytes Created: 8/4/2004 Modified: 4/13/2008 Company: Microsoft Corporation ---------- Key: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} Path: %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll C:\WINXP\system32\themeui.dll 385536 bytes Created: 8/4/2004 Modified: 4/13/2008 Company: Microsoft Corporation ---------- Key: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINXP\INF\msnetmtg.inf,NetMtg.Install.PerUser.N T C:\WINXP\system32\advpack.dll 124928 bytes Created: 8/4/2004 Modified: 4/22/2008 Company: Microsoft Corporation ---------- Key: {5945c046-1e7d-11d1-bc44-00c04fd912be} Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINXP\INF\msmsgs.inf,BLC.QuietInstall.PerUser C:\WINXP\system32\advpack.dll - file already scanned ---------- Key: {6BF52A52-394A-11d3-B153-00C04F79FAA6} Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINXP\INF\wmp11.inf,PerUserStub C:\WINXP\system32\advpack.dll - file already scanned ---------- Key: {89820200-ECBD-11cf-8B85-00AA005B4340} Path: regsvr32.exe /s /n /i:U shell32.dll C:\WINXP\system32\shell32.dll 8461312 bytes Created: 8/4/2004 Modified: 4/13/2008 Company: Microsoft Corporation ---------- Key: {89820200-ECBD-11cf-8B85-00AA005B4383} Path: C:\WINXP\system32\ie4uinit.exe -BaseSettings C:\WINXP\system32\ie4uinit.exe 70656 bytes Created: 8/4/2004 Modified: 4/21/2008 Company: Microsoft Corporation ---------- Key: {89B4C1CD-B018-4511-B0A1-5476DBF70820} Path: c:\WINXP\system32\Rundll32.exe c:\WINXP\system32\mscories.dll,Install c:\WINXP\system32\mscories.dll 84480 bytes Created: 10/24/2007 Modified: 10/24/2007 Company: Microsoft Corporation ---------- ************************************************** ********** 1:42:06 AM: Scanning ----- SERVICEDLL REGISTRY KEYS ----- Key: AppMgmt %SystemRoot%\System32\appmgmts.dll - file is globally excluded (file cannot be found) -------------------- Key: BITS Path: C:\WINXP\system32\qmgr.dll C:\WINXP\system32\qmgr.dll 409088 bytes Created: 5/2/2007 Modified: 4/13/2008 Company: Microsoft Corporation -------------------- Key: EventSystem Path: C:\WINXP\system32\es.dll C:\WINXP\system32\es.dll 246272 bytes Created: 8/4/2004 Modified: 4/13/2008 Company: Microsoft Corporation -------------------- Key: srservice Path: C:\WINXP\system32\srsvc.dll C:\WINXP\system32\srsvc.dll 171008 bytes Created: 5/2/2007 Modified: 4/13/2008 Company: Microsoft Corporation -------------------- Key: W32Time Path: C:\WINXP\system32\w32time.dll C:\WINXP\system32\w32time.dll 175104 bytes Created: 8/4/2004 Modified: 4/13/2008 Company: Microsoft Corporation -------------------- Key: WmdmPmSN Path: C:\WINXP\system32\MsPMSNSv.dll C:\WINXP\system32\MsPMSNSv.dll 27136 bytes Created: 8/4/2004 Modified: 10/18/2006 Company: Microsoft Corporation -------------------- Key: wuauserv Path: C:\WINXP\system32\wuauserv.dll C:\WINXP\system32\wuauserv.dll 6656 bytes Created: 5/2/2007 Modified: 4/13/2008 Company: Microsoft Corporation -------------------- ************************************************** ********** 1:42:10 AM: Scanning ----- SERVICES REGISTRY KEYS ----- Key: AegisP ImagePath: system32\DRIVERS\AegisP.sys C:\WINXP\system32\DRIVERS\AegisP.sys 17056 bytes Created: 5/3/2007 Modified: 5/3/2007 Company: Meetinghouse Data Communications ---------- Key: Afc ImagePath: system32\drivers\Afc.sys C:\WINXP\system32\drivers\Afc.sys 11776 bytes Created: 6/8/2008 Modified: 2/23/2005 Company: Arcsoft, Inc. ---------- Key: ApfiltrService ImagePath: system32\DRIVERS\Apfiltr.sys C:\WINXP\system32\DRIVERS\Apfiltr.sys -R- 103391 bytes Created: 5/3/2007 Modified: 7/4/2004 Company: Alps Electric Co., Ltd. ---------- Key: Apple Mobile Device ImagePath: "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 116040 bytes Created: 7/22/2008 Modified: 7/22/2008 Company: Apple Inc. ---------- Key: aswFsBlk ImagePath: system32\DRIVERS\aswFsBlk.sys C:\WINXP\system32\DRIVERS\aswFsBlk.sys 20560 bytes Created: 8/3/2008 Modified: 7/19/2008 Company: ALWIL Software ---------- Key: aswUpdSv ImagePath: "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 16056 bytes Created: 8/3/2008 Modified: 7/19/2008 Company: ALWIL Software ---------- Key: atksgt ImagePath: system32\DRIVERS\atksgt.sys C:\WINXP\system32\DRIVERS\atksgt.sys 271360 bytes Created: 7/10/2007 Modified: 7/10/2007 Company: ---------- Key: avast! Antivirus ImagePath: "C:\Program Files\Alwil Software\Avast4\ashServ.exe" C:\Program Files\Alwil Software\Avast4\ashServ.exe 147640 bytes Created: 8/3/2008 Modified: 7/19/2008 Company: ALWIL Software ---------- Key: avast! Mail Scanner ImagePath: "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 250040 bytes Created: 8/3/2008 Modified: 7/19/2008 Company: ALWIL Software ---------- Key: avast! Web Scanner ImagePath: "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 348344 bytes Created: 8/3/2008 Modified: 7/23/2008 Company: ALWIL Software ---------- Key: bioschk ImagePath: System32\Drivers\bioschk.sys C:\WINXP\System32\Drivers\bioschk.sys -R- 3909 bytes Created: 5/3/2007 Modified: 2/27/2004 Company: Fujitsu PC Corporation ---------- Key: Bonjour Service ImagePath: "C:\Program Files\Bonjour\mDNSResponder.exe" C:\Program Files\Bonjour\mDNSResponder.exe 229376 bytes Created: 7/24/2007 Modified: 7/24/2007 Company: Apple Inc. ---------- Key: BRGSp50 ImagePath: System32\Drivers\BRGSp50.sys C:\WINXP\System32\Drivers\BRGSp50.sys 20608 bytes Created: 7/11/2007 Modified: 6/8/2005 Company: Printing Communications Assoc., Inc. (PCAUSA) ---------- Key: BtnHnd ImagePath: \??\C:\Program Files\Fujitsu\BtnHnd\BtnHnd.sys C:\Program Files\Fujitsu\BtnHnd\BtnHnd.sys 21120 bytes Created: 9/17/2004 Modified: 8/10/2004 Company: FUJITSU LIMITED ---------- Key: clr_optimization_v2.0.50727_32 ImagePath: C:\WINXP\Microsoft.NET\Framework\v2.0.50727\mscors vw.exe C:\WINXP\Microsoft.NET\Framework\v2.0.50727\mscors vw.exe 70144 bytes Created: 10/24/2007 Modified: 10/24/2007 Company: Microsoft Corporation ---------- Key: COMSysApp ImagePath: C:\WINXP\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} C:\WINXP\system32\dllhost.exe 5120 bytes Created: 8/4/2004 Modified: 4/13/2008 Company: Microsoft Corporation ---------- Key: Creative Service for CDROM Access ImagePath: C:\WINXP\system32\CTsvcCDA.EXE C:\WINXP\system32\CTsvcCDA.EXE 44032 bytes Created: 6/9/2008 Modified: 12/12/1999 Company: Creative Technology Ltd ---------- Key: EvtEng ImagePath: C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe 86016 bytes Created: 8/16/2004 Modified: 8/16/2004 Company: Intel Corporation ---------- Key: FontCache3.0.0.0 ImagePath: c:\WINXP\Microsoft.Net\Framework\v3.0\WPF\Presenta tionFontCache.exe c:\WINXP\Microsoft.Net\Framework\v3.0\WPF\Presenta tionFontCache.exe 36864 bytes Created: 10/20/2006 Modified: 10/20/2006 Company: Microsoft Corporation ---------- Key: FUJ02B1 ImagePath: system32\DRIVERS\FUJ02B1.sys C:\WINXP\system32\DRIVERS\FUJ02B1.sys -R- 5248 bytes Created: 5/3/2007 Modified: 8/1/2001 Company: FUJITSU LIMITED ---------- Key: Hiptop ImagePath: System32\Drivers\Hiptop.sys C:\WINXP\System32\Drivers\Hiptop.sys 109600 bytes Created: 9/25/2007 Modified: 9/25/2007 Company: Danger ---------- Key: hpdj3600 ImagePath: C:\DOCUME~1\Temp\LOCALS~1\Temp\hpdj3600.exe -servicerunning=true -uninstall=hp deskjet 3600 series -product=3600 C:\DOCUME~1\Temp\LOCALS~1\Temp\hpdj3600.exe [file not found to scan] ---------- Key: HPZid412 ImagePath: system32\DRIVERS\HPZid412.sys C:\WINXP\system32\DRIVERS\HPZid412.sys 49664 bytes Created: 5/17/2008 Modified: 4/12/2006 Company: HP ---------- Key: HPZius12 ImagePath: system32\DRIVERS\HPZius12.sys C:\WINXP\system32\DRIVERS\HPZius12.sys 21568 bytes Created: 5/17/2008 Modified: 4/12/2006 Company: HP ---------- Key: ialm ImagePath: system32\DRIVERS\ialmnt5.sys C:\WINXP\system32\DRIVERS\ialmnt5.sys 93979 bytes Created: 5/3/2007 Modified: 10/7/2003 Company: Intel Corporation ---------- Key: IDriverT ImagePath: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 69632 bytes Created: 4/3/2005 Modified: 4/3/2005 Company: Macrovision Corporation ---------- Key: idsvc ImagePath: "C:\WINXP\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" C:\WINXP\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 741376 bytes Created: 10/30/2006 Modified: 10/30/2006 Company: Microsoft Corporation ---------- Key: ImapiService ImagePath: C:\WINXP\system32\imapi.exe C:\WINXP\system32\imapi.exe 150528 bytes Created: 8/4/2004 Modified: 4/13/2008 Company: Microsoft Corporation ---------- Key: IWCA ImagePath: system32\DRIVERS\iwca.sys C:\WINXP\system32\DRIVERS\iwca.sys 234496 bytes Created: 8/12/2004 Modified: 8/12/2004 Company: Intel Corporation ---------- Key: Jukebox3 ImagePath: system32\DRIVERS\ctpdusb.sys C:\WINXP\system32\DRIVERS\ctpdusb.sys 16880 bytes Created: 6/9/2008 Modified: 9/30/2004 Company: Creative Technology Ltd. ---------- Key: lirsgt ImagePath: system32\DRIVERS\lirsgt.sys C:\WINXP\system32\DRIVERS\lirsgt.sys 18048 bytes Created: 7/10/2007 Modified: 7/10/2007 Company: ---------- Key: MBAMSwissArmy ImagePath: \??\C:\WINXP\system32\drivers\mbamswissarmy.sys C:\WINXP\system32\drivers\mbamswissarmy.sys 38472 bytes Created: 8/3/2008 Modified: 7/30/2008 Company: Malwarebytes Corporation ---------- Key: mnmsrvc ImagePath: C:\WINXP\system32\mnmsrvc.exe C:\WINXP\system32\mnmsrvc.exe 32768 bytes Created: 5/2/2007 Modified: 4/13/2008 Company: Microsoft Corporation ---------- Key: MSDTC ImagePath: C:\WINXP\system32\msdtc.exe C:\WINXP\system32\msdtc.exe 6144 bytes Created: 5/2/2007 Modified: 4/13/2008 Company: Microsoft Corporation ---------- Key: MSIServer ImagePath: C:\WINXP\system32\msiexec.exe /V C:\WINXP\system32\msiexec.exe 78848 bytes Created: 8/4/2004 Modified: 4/13/2008 Company: Microsoft Corporation ---------- Key: OwnershipProtocol ImagePath: C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe 98304 bytes Created: 8/16/2004 Modified: 8/16/2004 Company: Intel Corporation ---------- Key: PAC207 ImagePath: system32\DRIVERS\PFC027.SYS C:\WINXP\system32\DRIVERS\PFC027.SYS 508416 bytes Created: 6/12/2007 Modified: 6/12/2007 Company: PixArt Imaging Inc. ---------- Key: Pml Driver HPZ12 ImagePath: C:\WINXP\system32\HPZipm12.exe C:\WINXP\system32\HPZipm12.exe 73728 bytes Created: 6/11/2007 Modified: 8/8/2007 Company: HP ---------- Key: R592 ImagePath: system32\DRIVERS\R592.sys C:\WINXP\system32\DRIVERS\R592.sys 54912 bytes Created: 5/3/2007 Modified: 1/18/2004 Company: REDC ---------- Key: RDSessMgr ImagePath: C:\WINXP\system32\sessmgr.exe C:\WINXP\system32\sessmgr.exe 141312 bytes Created: 5/2/2007 Modified: 4/13/2008 Company: Microsoft Corporation ---------- Key: RegSrvc ImagePath: C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe 139264 bytes Created: 8/16/2004 Modified: 8/16/2004 Company: Intel Corporation ---------- Key: RimSerPort ImagePath: system32\DRIVERS\RimSerial.sys C:\WINXP\system32\DRIVERS\RimSerial.sys -R- 26496 bytes Created: 6/28/2007 Modified: 1/18/2007 Company: Research in Motion Ltd ---------- Key: RimUsb ImagePath: System32\Drivers\RimUsb.sys C:\WINXP\System32\Drivers\RimUsb.sys [file not found to scan] ---------- Key: RimVSerPort ImagePath: system32\DRIVERS\RimSerial.sys C:\WINXP\system32\DRIVERS\RimSerial.sys -R- 26496 bytes Created: 6/28/2007 Modified: 1/18/2007 Company: Research in Motion Ltd ---------- Key: RTL8023xp ImagePath: system32\DRIVERS\Rtnicxp.sys C:\WINXP\system32\DRIVERS\Rtnicxp.sys 85120 bytes Created: 12/14/2006 Modified: 12/14/2006 Company: Realtek Semiconductor Corporation ---------- Key: rtl8139 ImagePath: system32\DRIVERS\RTL8139.SYS C:\WINXP\system32\DRIVERS\RTL8139.SYS 46080 bytes Created: 5/2/2007 Modified: 2/5/2004 Company: Realtek Semiconductor Corporation ---------- Key: S24EventMonitor ImagePath: C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe 360521 bytes Created: 8/16/2004 Modified: 8/16/2004 Company: Intel Corporation ---------- Key: s24trans ImagePath: system32\DRIVERS\s24trans.sys C:\WINXP\system32\DRIVERS\s24trans.sys 11354 bytes Created: 8/6/2004 Modified: 8/6/2004 Company: Intel Corporation ---------- Key: SbcpHid ImagePath: \??\C:\WINXP\system32\Drivers\SbcpHid.sys C:\WINXP\system32\Drivers\SbcpHid.sys 37408 bytes Created: 2/2/2001 Modified: 2/2/2001 Company: ---------- Key: SMCIRDA ImagePath: system32\DRIVERS\smcirda.sys C:\WINXP\system32\DRIVERS\smcirda.sys 35913 bytes Created: 5/2/2007 Modified: 8/17/2001 Company: SMC ---------- Key: SPAMfighter Update Service ImagePath: "C:\Program Files\SPAMfighter\sfus.exe" C:\Program Files\SPAMfighter\sfus.exe 184968 bytes Created: 7/14/2008 Modified: 4/30/2008 Company: SPAMfighter ApS ---------- Key: sr ImagePath: \SystemRoot\system32\DRIVERS\sr.sys C:\WINXP\system32\DRIVERS\sr.sys 73472 bytes Created: 5/2/2007 Modified: 4/13/2008 Company: Microsoft Corporation ---------- Key: STAC97 ImagePath: system32\drivers\stac97.sys C:\WINXP\system32\drivers\stac97.sys -R- 256688 bytes Created: 5/3/2007 Modified: 1/5/2004 Company: SigmaTel, Inc. ---------- Key: SwPrv ImagePath: C:\WINXP\system32\dllhost.exe /Processid:{C556A4D4-EDB7-49AF-A8F1- 976994ED93F5} C:\WINXP\system32\dllhost.exe 5120 bytes Created: 8/4/2004 Modified: 4/13/2008 Company: Microsoft Corporation ---------- Key: USBAAPL ImagePath: System32\Drivers\usbaapl.sys C:\WINXP\System32\Drivers\usbaapl.sys 32000 bytes Created: 10/20/2007 Modified: 7/10/2008 Company: Apple, Inc. ---------- Key: usnjsvc ImagePath: "C:\Program Files\MSN Messenger\usnsvc.exe" C:\Program Files\MSN Messenger\usnsvc.exe 97136 bytes Created: 1/19/2007 Modified: 1/19/2007 Company: Microsoft Corporation ---------- Key: Viewpoint Manager Service ImagePath: "C:\Program Files\Viewpoint\Common\ViewpointService.exe" C:\Program Files\Viewpoint\Common\ViewpointService.exe 24652 bytes Created: 10/12/2007 Modified: 1/4/2007 Company: Viewpoint Corporation ---------- Key: w29n51 ImagePath: system32\DRIVERS\w29n51.sys C:\WINXP\system32\DRIVERS\w29n51.sys 3210496 bytes Created: 8/7/2004 Modified: 8/7/2004 Company: Intel® Corporation ---------- Key: WmiApSrv ImagePath: C:\WINXP\system32\wbem\wmiapsrv.exe C:\WINXP\system32\wbem\wmiapsrv.exe 126464 bytes Created: 5/2/2007 Modified: 4/13/2008 Company: Microsoft Corporation ---------- Key: WpdUsb ImagePath: system32\DRIVERS\wpdusb.sys C:\WINXP\system32\DRIVERS\wpdusb.sys 38528 bytes Created: 10/18/2006 Modified: 10/18/2006 Company: Microsoft Corporation ---------- Key: ZD1211BU(WLAN) ImagePath: system32\DRIVERS\zd1211Bu.sys C:\WINXP\system32\DRIVERS\zd1211Bu.sys 402432 bytes Created: 7/11/2007 Modified: 10/28/2005 Company: ZyDAS Technology Corporation ---------- Key: ZDPSp50 ImagePath: System32\Drivers\ZDPSp50.sys C:\WINXP\System32\Drivers\ZDPSp50.sys 17664 bytes Created: 7/11/2007 Modified: 10/25/2004 Company: Printing Communications Assoc., Inc. (PCAUSA) ---------- Key: {6080A529-897E-4629-A488-ABA0C29B635E} ImagePath: system32\drivers\ialmsbw.sys C:\WINXP\system32\drivers\ialmsbw.sys 120830 bytes Created: 5/3/2007 Modified: 10/7/2003 Company: Intel Corporation ---------- Key: {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} ImagePath: system32\drivers\ialmkchw.sys C:\WINXP\system32\drivers\ialmkchw.sys 98842 bytes Created: 5/3/2007 Modified: 10/7/2003 Company: Intel Corporation ---------- Key: {E2B953A6-195A-44F9-9BA3-3D5F4E32BB55} ImagePath: system32\drivers\wA301a.sys C:\WINXP\system32\drivers\wA301a.sys 33847 bytes Created: 5/3/2007 Modified: 10/7/2003 Company: Intel Corporation ---------- ************************************************** ********** 1:42:31 AM: Scanning -----VXD ENTRIES----- ************************************************** ********** 1:42:31 AM: Scanning ----- WINLOGON\NOTIFY DLLS ----- Key: igfxcui DLL: igfxsrvc.dll C:\WINXP\system32\igfxsrvc.dll 319488 bytes Created: 5/3/2007 Modified: 10/1/2003 Company: Intel Corporation ---------- Key: IntelWireless DLL: C:\Program Files\Intel\Wireless\Bin\LgNotify.dll C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 110592 bytes Created: 8/16/2004 Modified: 8/16/2004 Company: Intel Corporation ---------- ************************************************** ********** 1:42:32 AM: Scanning ----- CONTEXTMENUHANDLERS ----- Key: avast CLSID: {472083B0-C522-11CF-8763-00608CC02F24} Path: C:\Program Files\Alwil Software\Avast4\ashShell.dll C:\Program Files\Alwil Software\Avast4\ashShell.dll 73912 bytes Created: 8/3/2008 Modified: 7/19/2008 Company: ALWIL Software ---------- ************************************************** ********** 1:42:32 AM: Scanning ----- FOLDER\COLUMNHANDLERS ----- ************************************************** ********** 1:42:32 AM: Scanning ----- BROWSER HELPER OBJECTS ----- Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} BHO: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll 62080 bytes Created: 10/22/2006 Modified: 10/22/2006 Company: Adobe Systems Incorporated ---------- Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} BHO: C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll 509328 bytes Created: 7/14/2008 Modified: 6/10/2008 Company: Sun Microsystems, Inc. ---------- Key: {8FD66659-A7AF-4641-9999-C56607D3A0AB} BHO: C:\Program Files\Mpire\Mpire Plugin\MPBand.dll C:\Program Files\Mpire\Mpire Plugin\MPBand.dll 81920 bytes Created: 8/8/2007 Modified: 8/8/2007 Company: ---------- Key: {9030D464-4C02-4ABF-8ECC-5164760863C6} BHO: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll 322368 bytes Created: 8/31/2006 Modified: 8/31/2006 Company: Microsoft Corporation ---------- Key: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} BHO: C:\Program Files\Windows Live Toolbar\msntb.dll C:\Program Files\Windows Live Toolbar\msntb.dll 546320 bytes Created: 10/19/2007 Modified: 10/19/2007 Company: Microsoft Corporation ---------- ************************************************** ********** 1:42:33 AM: Scanning ----- SHELLSERVICEOBJECTS ----- Key: WebCheck CLSID: {E6FB5E20-DE35-11CF-9C87-00AA005127ED} Path: C:\WINXP\system32\webcheck.dll C:\WINXP\system32\webcheck.dll 233472 bytes Created: 8/4/2004 Modified: 4/22/2008 Company: Microsoft Corporation ---------- Key: SysTray CLSID: {35CEC8A3-2BE6-11D2-8773-92E220524153} Path: C:\WINXP\system32\stobject.dll C:\WINXP\system32\stobject.dll 121856 bytes Created: 8/4/2004 Modified: 4/13/2008 Company: Microsoft Corporation ---------- Key: WPDShServiceObj CLSID: {AAA288BA-9A4C-45B0-95D7-94D524869DB5} Path: C:\WINXP\system32\WPDShServiceObj.dll C:\WINXP\system32\WPDShServiceObj.dll 133632 bytes Created: 10/18/2006 Modified: 10/18/2006 Company: Microsoft Corporation ---------- ************************************************** ********** 1:42:33 AM: Scanning ----- SHAREDTASKSCHEDULER ENTRIES ----- ************************************************** ********** 1:42:33 AM: Scanning ----- IMAGEFILE DEBUGGERS ----- No "Debugger" entries found. ************************************************** ********** 1:42:33 AM: Scanning ----- APPINIT_DLLS ----- The AppInit_DLLs value is blank ************************************************** ********** 1:42:33 AM: Scanning ----- SECURITY PROVIDER DLLS ----- ************************************************** ********** 1:42:33 AM: Scanning ------ COMMON STARTUP GROUP ------ [C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Startup] The Common Startup Group attempts to load the following file(s) at boot time: Desktop Manager.lnk - links to C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe [file not found to scan] -------------------- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Startup\desktop.ini -HS- 84 bytes Created: 5/2/2007 Modified: 5/2/2007 Company: -------------------- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe 288472 bytes Created: 2/19/2006 Modified: 2/19/2006 Company: Hewlett-Packard Development Company, L.P. HP Digital Imaging Monitor.lnk - links to C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe -------------------- ************************************************** ********** 1:45:19 AM: Scanning ------ USER STARTUP GROUPS ------ -------------------- Checking Startup Group for: Administrator [C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP] The Startup Group for Administrator attempts to load the following file(s): C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP\desktop.ini -HS- 84 bytes Created: 5/3/2007 Modified: 5/2/2007 Company: ---------- -------------------- Checking Startup Group for: All Users.WINXP [C:\Documents and Settings\All Users.WINXP\START MENU\PROGRAMS\STARTUP] The Startup Group for All Users.WINXP attempts to load the following file(s): Desktop Manager.lnk - links to C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe [file not found to scan] ---------- C:\Documents and Settings\All Users.WINXP\START MENU\PROGRAMS\STARTUP\desktop.ini -HS- 84 bytes Created: 5/2/2007 Modified: 5/2/2007 Company: ---------- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe 288472 bytes Created: 2/19/2006 Modified: 2/19/2006 Company: Hewlett-Packard Development Company, L.P. HP Digital Imaging Monitor.lnk - links to C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe ---------- -------------------- Checking Startup Group for: Owner [C:\Documents and Settings\Owner\START MENU\PROGRAMS\STARTUP] The Startup Group for Owner attempts to load the following file(s): C:\Documents and Settings\Owner\START MENU\PROGRAMS\STARTUP\desktop.ini -HS- 84 bytes Created: 9/17/2004 Modified: 9/17/2004 Company: C:\Documents and Settings\Owner\START MENU\PROGRAMS\STARTUP\desktop.ini appears to be in- use/locked ---------- LifeDrive™ Manager.lnk - links to a nonexistent file ---------- palmOne Registration.lnk - links to a nonexistent file ---------- -------------------- Checking Startup Group for: Temp [C:\Documents and Settings\Temp\START MENU\PROGRAMS\STARTUP] The Startup Group for Temp attempts to load the following file(s): C:\Documents and Settings\Temp\START MENU\PROGRAMS\STARTUP\desktop.ini -HS- 84 bytes Created: 5/3/2007 Modified: 5/2/2007 Company: ---------- ************************************************** ********** 1:47:25 AM: Scanning ----- SCHEDULED TASKS ----- Taskname: AppleSoftwareUpdate.job File: C:\Program Files\Apple Software Update\SoftwareUpdate.exe C:\Program Files\Apple Software Update\SoftwareUpdate.exe 566592 bytes Created: 4/11/2008 Modified: 4/11/2008 Company: Apple Inc. Parameters: -task Next Run Time: 8/4/2008 9:30:00 PM Status: The task is ready to run at its next scheduled time Creator: SYSTEM Comments: [blank] ---------- Taskname: Check Updates for Windows Live Toolbar.job File: C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE 99856 bytes Created: 10/19/2007 Modified: 10/19/2007 Company: Microsoft Corporation Parameters: [blank] Next Run Time: 8/4/2008 2:03:00 AM Status: The task is ready to run at its next scheduled time Creator: Temp Comments: [blank] ---------- Taskname: HP DArC Task #Hewlett-Packard#deskjet3600#TH3AR1413D6B.job File: C:\Program Files\HP\hpcoretech\comp\hpdarc.exe Parameters: /#Hewlett-Packard#deskjet3600#TH3AR1413D6B Next Run Time: 8/22/2008 5:59:00 PM Status: The task has not yet run Creator: Temp Comments: [blank] C:\Program Files\HP\hpcoretech\comp\hpdarc.exe [file not found to scan] ---------- Taskname: rpc.job File: C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean. exe Parameters: /ac Next Run Time: 8/7/2008 9:00:00 AM Status: The task has not yet run Creator: WSTF Comments: [blank] C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean. exe - has a *known* Malware filename: PUS.REGPOWERCLEAN C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean. exe - no action taken on this file [file not found to scan] ---------- ************************************************** ********** 1:47:44 AM: Scanning ----- SHELLICONOVERLAYIDENTIFIERS ----- ************************************************** ********** 1:47:45 AM: ----- ADDITIONAL CHECKS ----- PE386 rootkit checks completed ---------- Winlogon registry rootkit checks completed ---------- Heuristic checks for hidden files/drivers completed ---------- Layered Service Provider entries checks completed ---------- Restrictive Windows Explorer Policies are in force on this computer These Policies have been left in place at the request of the user Windows Explorer Policies checks completed ---------- Desktop Wallpaper: C:\Documents and Settings\Temp\Local Settings\Application Data\Microsoft\Wallpaper1.bmp C:\Documents and Settings\Temp\Local Settings\Application Data\Microsoft\Wallpaper1.bmp 1440054 bytes Created: 6/24/2007 Modified: 11/17/2007 Company: ---------- Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp C:\Documents and Settings\Temp\Local Settings\Application Data\Microsoft\Wallpaper1.bmp 1440054 bytes Created: 6/24/2007 Modified: 11/17/2007 Company: ---------- Additional checks completed ************************************************** ********** 1:52:29 AM: Scanning ----- RUNNING PROCESSES ----- C:\WINXP\System32\smss.exe -------------------- C:\WINXP\system32\csrss.exe -------------------- C:\WINXP\system32\winlogon.exe -------------------- C:\WINXP\system32\services.exe -------------------- C:\WINXP\system32\lsass.exe -------------------- C:\WINXP\system32\svchost.exe -------------------- C:\WINXP\system32\svchost.exe -------------------- C:\WINXP\System32\svchost.exe -------------------- C:\WINXP\system32\svchost.exe -------------------- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -------------------- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -------------------- C:\WINXP\system32\svchost.exe -------------------- C:\WINXP\system32\svchost.exe -------------------- C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe -------------------- C:\WINXP\Explorer.EXE -------------------- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -------------------- C:\Program Files\Alwil Software\Avast4\ashServ.exe -------------------- C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe -------------------- C:\WINXP\system32\hkcmd.exe -------------------- C:\WINXP\AGRSMMSG.exe -------------------- C:\Program Files\Apoint2K\Apoint.exe -------------------- C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe -------------------- C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe -------------------- C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe -------------------- C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe -------------------- C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe -------------------- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe -------------------- C:\Program Files\SPAMfighter\SFAgent.exe -------------------- C:\Program Files\iTunes\iTunesHelper.exe -------------------- C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe -------------------- C:\WINXP\system32\DrvMon.exe -------------------- C:\Program Files\Apoint2K\Apntex.exe -------------------- C:\Program Files\Apoint2K\HidFind.exe -------------------- C:\WINXP\system32\ctfmon.exe -------------------- C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe -------------------- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe -------------------- C:\WINXP\system32\spoolsv.exe -------------------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -------------------- C:\Program Files\Bonjour\mDNSResponder.exe -------------------- C:\WINXP\system32\CTsvcCDA.EXE -------------------- C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe -------------------- C:\WINXP\system32\HPZipm12.exe -------------------- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -------------------- C:\Program Files\SPAMfighter\sfus.exe -------------------- C:\WINXP\system32\svchost.exe -------------------- C:\Program Files\Viewpoint\Common\ViewpointService.exe -------------------- C:\Program Files\iPod\bin\iPodService.exe -------------------- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -------------------- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -------------------- C:\WINXP\System32\alg.exe -------------------- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe -------------------- C:\Documents and Settings\Temp\Application Data\Simply Super Software\Trojan Remover\tah51.exe FileSize: 2540096 [This is a Trojan Remover component] -------------------- -------------------- ************************************************** ********** 1:52:37 AM: Checking AUTOEXEC.BAT file AUTOEXEC.BAT found in C:\ No malicious entries were found in the AUTOEXEC.BAT file ************************************************** ********** 1:52:37 AM: Checking AUTOEXEC.NT file AUTOEXEC.NT found in C:\WINXP\system32 No malicious entries were found in the AUTOEXEC.NT file ************************************************** ********** 1:52:37 AM: Checking HOSTS file No malicious entries were found in the HOSTS file ************************************************** ********** ------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------ HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page": go.microsoft.com HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page": %SystemRoot%\system32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page": go.microsoft.com HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL": go.microsoft.com HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL": go.microsoft.com HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch": ie.search.msn.com HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant": ie.search.msn.com HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page": http://msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page": C:\WINXP\system32\blank.htm HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page": g.msn.com HKCU\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch": ie.search.msn.com HKCU\Software\Microsoft\Internet Explorer\Search\"SearchAssistant": ie.search.msn.com ************************************************** ********** === NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES === Scan completed at: 1:52:37 AM 04 Aug 2008 ************************************************** ********** |
puffins808 (14043) | ||
| 694627 | 2008-08-04 12:47:00 | Restrictive windows explorer policies found as well on Trojan Remover. Is there a safe way to remove programs from my registry that I no longer use to clean up my registry? Will I be permanently be disabling System Restore? | puffins808 (14043) | ||
| 694628 | 2008-08-04 19:58:00 | Select all options under the utilities menu After you remove whatever you have, you can turn system restore back on Dont post the malwarebytes / trojan remover logs here. It just fills this thread up with crap |
Speedy Gonzales (78) | ||
| 694629 | 2008-08-04 20:07:00 | So, everything that malwarebytes picked up to remove it? As for Trojan Remover the same? | puffins808 (14043) | ||
| 694630 | 2008-08-04 20:17:00 | Do another scan with malwarebytes. Once its finished click on remove to remove them | Speedy Gonzales (78) | ||
| 694631 | 2008-08-05 06:33:00 | I have completed Avast, Trojan Remover and Malwarebytes scan came back no infections. Everything seems good. Thank you for all of your help. Your awsome. I wanted somemore advise from you. Could you tell me other than basic cleaning in internet explorer and disk cleanup and defrag is there something else I can do to clean my computer? Also, could you explain to me how to clean my register for programs that I no longer use? Thank you again. | puffins808 (14043) | ||
| 694632 | 2008-08-05 06:40:00 | Cool, thats good its clean ! Be careful what program you use to clean invalid entries in the registry Some programs can totally ruin a system, because they remove the wrong entries, and you wont be able to boot into windows Remember to uninstall whatever program first , before you get rid of its invalid entries in the registry This cleans temp files and removes invalid entries (www.ccleaner.com) You can use XP's defrag program, but do it in safe mode There are free and small defrag programs around. I just cant remember the names of any of them |
Speedy Gonzales (78) | ||
| 694633 | 2008-08-05 07:10:00 | Thank you for the info on defrag on safe mode. Wow...I was never told to do that. Can I ask why? Thanks again for helping me with my computer. Hubby downloads too much crap and does not know what he is doing but comes to me to fix (LOL). He will be getting his own. What are your reviews on IrfanView? SORRY if this is not the place to ask. | puffins808 (14043) | ||
| 694634 | 2008-08-05 07:15:00 | Oh, I also did a scan on CCleaner for my registry. Would I be able to post that here for your help as well? | puffins808 (14043) | ||
| 694635 | 2008-08-05 07:23:00 | If you use XP's defrag in normal windows, if you do anything it'll take forever to finish (it'll restart all the time). Doing it in safe mode, there's nothing running in the background. So, it'll finish faster. Irfanview is OK, I have used it (a while ago). Its good for a free program. Tell ccleaner to remove the registry entries ( you can make a backup just in case). No dont post the log here, it'll be too long I see in the trojan remover log, this is here C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean. exe - has a *known* Malware Uninstall it, as it says its malware |
Speedy Gonzales (78) | ||
| 1 2 3 4 | |||||