| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 89337 | 2008-04-28 05:27:00 | Stupid Virus | Camiron (7092) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 663332 | 2008-04-28 05:27:00 | Hey all, i've got this really annoying virus that I cant get rid of....It's called W32/Sanit.A and I downloaded a removal tool (www.avira.com) but if I don't run to tool every day, then my antivirus Avira (www.avira.com) will tell me that it has been found and either repaired it or removed it.... I always disable System Restore when I do a virus scan, so I am unable to find where the little thing is hiding. Please help Thanks |
Camiron (7092) | ||
| 663333 | 2008-04-28 05:36:00 | Get a better virus scanner. - ie: NOD32 / Avast Thats not much of a removal tool, if you have to use it every day Get trojan remover in my sig, update it then click on scan. Then select all options under the utilities menu Once you remove it update windows. As it looks like this exploits a vulnerability (www.microsoft.com) Has this computer got SP1 or 2 on it?? |
Speedy Gonzales (78) | ||
| 663334 | 2008-04-28 05:39:00 | Welcome to Press F1 Camiron, First - is this PC on a network - if so it can infect others and thats one reason it is reinfecting. Other reasons are it has not been removed fully. Download a better AV as Speedy suggested, also download from my sig, Spybot S& D, run that then download Hijack This (www.trendsecure.com) run it, and select Save a Log, copy / paste the complete log file back here. |
wainuitech (129) | ||
| 663335 | 2008-04-28 07:07:00 | Um, XP Pro SP2, and yea, its a part of 2 networks. for some weeks now, I have not been able to update windows. I usually disable automatic updates, because it usually pops up a window, right when I am play a game, anyway the other day after I first got the virus, I tried to update windows, I have to use Firefox for this, as when ever I try to use IE, it crashes on me, and I cant figure out why, I have IE7 and have uninstalled it, then reinstalled it, and it still crashes, I have had to redownload all my software - as most of it was corrupted by the 1st infection. I might have to do a repair windows, but I have never done this and would rather a tech show me |
Camiron (7092) | ||
| 663336 | 2008-04-28 07:12:00 | Post a hijackthis log, we'll see whats in it. Its in my sig, and get a better AV program, it may save you doing a format or repair I would also disconnect the others, or you'll have to fix the others as well |
Speedy Gonzales (78) | ||
| 663337 | 2008-04-28 08:08:00 | well here is the log... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:05:26 p.m., on 28/04/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Browser Mouse\moffice.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\COMODO\Firewall\cfp.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Browser Mouse\MOUSE32A.EXE C:\WINDOWS\system32\netdde.exe C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\BOINC\boincmgr.exe C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe C:\Program Files\Xfire\xfire.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe C:\Program Files\COMODO\Firewall\cmdagent.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\BOINC\boinc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\rsvp.exe C:\WINDOWS\System32\snmp.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.2142-stats.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\s wg.dll O3 - Toolbar: Rightdown Software SearchBar - {D6F180CB-E683-41a3-8CD2-C53DBAA0530D} - C:\Program Files\Rightdown Software SearchBar\rssb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [MEDIAMOUSE] C:\Program Files\Browser Mouse\moffice.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe O4 - Startup: MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe O4 - Startup: xfire.lnk = C:\Program Files\Xfire\xfire.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O15 - Trusted Zone: http://download.windowsupdate.com O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - housecall65.trendmicro.com O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - messenger.zone.msn.com O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - messenger.zone.msn.com O17 - HKLM\System\CCS\Services\Tcpip\..\{2AE523C7-824D-4005-89B0-FB560002E5FE}: NameServer = 192.168.0.200 O17 - HKLM\System\CCS\Services\Tcpip\..\{C9FCBB27-7B6B-4CC8-B151-A391EA8B907D}: NameServer = 192.168.0.200 O17 - HKLM\System\CS4\Services\Tcpip\..\{2AE523C7-824D-4005-89B0-FB560002E5FE}: NameServer = 192.168.0.200 O17 - HKLM\System\CS5\Services\Tcpip\..\{2AE523C7-824D-4005-89B0-FB560002E5FE}: NameServer = 192.168.0.200 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe -- End of file - 8488 bytes hope this helps me to get rid of it.....i have run the trojan remover and here are those results ***** NORMAL SCAN FOR ACTIVE MALWARE ***** Trojan Remover Ver 6.6.9.2528. For information, email support@simplysup1.com [Unregistered version] Scan started at: 18:52:02 28 Apr 2008 Using Database v6981 Operating System: Windows XP SP2 [Windows XP Professional Service Pack 2 (Build 2600)] File System: NTFS Data directory: C:\Documents and Settings\Steve\Application Data\Simply Super Software\Trojan Remover\ Logfile directory: D:\All Documents\Simply Super Software\Trojan Remover Logfiles\ Program directory: C:\Program Files\Trojan Remover\ Running with Administrator privileges ************************************************** The following Anti-Malware program(s) are loaded: Avira AntiVir ************************************************** ************************************************** 18:52:02: Scanning ----------WIN.INI----------- WIN.INI found in C:\WINDOWS ************************************************** 18:52:02: Scanning --------SYSTEM.INI--------- SYSTEM.INI found in C:\WINDOWS ************************************************** 18:52:02: ----- SCANNING FOR ROOTKIT SERVICES ----- No hidden Services were detected. ************************************************** 18:52:02: Scanning -----WINDOWS REGISTRY----- -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon This key's "Shell" value calls the following program(s): File: Explorer.exe C:\WINDOWS\Explorer.exe 1033216 bytes Created: 5/08/2004 Modified: 13/06/2007 Company: Microsoft Corporation ---------- This key's "Userinit" value calls the following program(s): File: C:\WINDOWS\system32\userinit.exe C:\WINDOWS\system32\userinit.exe 24576 bytes Created: 5/08/2004 Modified: 5/08/2004 Company: Microsoft Corporation ---------- This key's "System" value appears to be blank ---------- This key's "UIHost" value calls the following program: File: logonui.exe C:\WINDOWS\system32\logonui.exe 514560 bytes Created: 5/08/2004 Modified: 5/08/2004 Company: Microsoft Corporation ---------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Value Name: NvCplDaemon Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup C:\WINDOWS\system32\NvCpl.dll 8523776 bytes Created: 11/02/2008 Modified: 5/12/2007 Company: NVIDIA Corporation -------------------- Value Name: nwiz Value Data: nwiz.exe /install C:\WINDOWS\system32\nwiz.exe 1626112 bytes Created: 11/02/2008 Modified: 5/12/2007 Company: -------------------- Value Name: RTHDCPL Value Data: RTHDCPL.EXE C:\WINDOWS\RTHDCPL.EXE -R- 16208384 bytes Created: 21/02/2008 Modified: 27/05/2006 Company: Realtek Semiconductor Corp. -------------------- Value Name: SkyTel Value Data: SkyTel.EXE C:\WINDOWS\SkyTel.EXE -R- 2879488 bytes Created: 21/02/2008 Modified: 16/05/2006 Company: Realtek Semiconductor Corp. -------------------- Value Name: Alcmtr Value Data: ALCMTR.EXE C:\WINDOWS\ALCMTR.EXE -R- 69632 bytes Created: 21/02/2008 Modified: 3/05/2005 Company: Realtek Semiconductor Corp. -------------------- Value Name: itype Value Data: "C:\Program Files\Microsoft IntelliType Pro\itype.exe" C:\Program Files\Microsoft IntelliType Pro\itype.exe 988584 bytes Created: 1/09/2007 Modified: 1/09/2007 Company: Microsoft Corporation -------------------- Value Name: MEDIAMOUSE Value Data: C:\Program Files\Browser Mouse\moffice.exe C:\Program Files\Browser Mouse\moffice.exe 806912 bytes Created: 21/02/2008 Modified: 21/02/2008 Company: -------------------- Value Name: avgnt Value Data: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe 262401 bytes Created: 21/02/2008 Modified: 23/04/2008 Company: Avira GmbH -------------------- Value Name: COMODO Firewall Pro Value Data: "C:\Program Files\COMODO\Firewall\cfp.exe" -h C:\Program Files\COMODO\Firewall\cfp.exe 1572608 bytes Created: 21/02/2008 Modified: 20/04/2008 Company: COMODO -------------------- Value Name: UnlockerAssistant Value Data: "C:\Program Files\Unlocker\UnlockerAssistant.exe" C:\Program Files\Unlocker\UnlockerAssistant.exe 15872 bytes Created: 1/03/2008 Modified: 1/03/2008 Company: -------------------- Value Name: NeroFilterCheck Value Data: C:\WINDOWS\system32\NeroCheck.exe C:\WINDOWS\system32\NeroCheck.exe 155648 bytes Created: 21/02/2008 Modified: 9/07/2001 Company: Ahead Software Gmbh -------------------- Value Name: amd_dc_opt Value Data: C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe 77824 bytes Created: 23/07/2007 Modified: 23/07/2007 Company: AMD -------------------- Value Name: NvMediaCenter Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit C:\WINDOWS\system32\NvMcTray.dll 81920 bytes Created: 11/02/2008 Modified: 5/12/2007 Company: NVIDIA Corporation -------------------- Value Name: TrojanScanner Value Data: C:\Program Files\Trojan Remover\Trjscan.exe C:\Program Files\Trojan Remover\Trjscan.exe 877136 bytes Created: 28/04/2008 Modified: 24/04/2008 Company: Simply Super Software -------------------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Once This Registry Key appears to be empty -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run OnceEx This Registry Key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Value Name: ctfmon.exe Value Data: C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\ctfmon.exe 15360 bytes Created: 5/08/2004 Modified: 5/08/2004 Company: Microsoft Corporation -------------------- Value Name: MsnMsgr Value Data: "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe 5724184 bytes Created: 18/10/2007 Modified: 18/10/2007 Company: Microsoft Corporation -------------------- Value Name: Gadwin PrintScreen Value Data: C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe 495616 bytes Created: 20/08/2007 Modified: 20/08/2007 Company: Gadwin Systems, Inc -------------------- Value Name: uTorrent Value Data: "C:\Program Files\uTorrent\uTorrent.exe" C:\Program Files\uTorrent\uTorrent.exe 219952 bytes Created: 21/02/2008 Modified: 30/03/2008 Company: -------------------- Value Name: Skype Value Data: "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized C:\Program Files\Skype\Phone\Skype.exe -R- 21898024 bytes Created: 3/04/2008 Modified: 3/04/2008 Company: Skype Technologies S.A. -------------------- ************************************************** 18:52:05: Scanning -----SHELLEXECUTEHOOKS----- ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972} File: shell32.dll - this file is expected and has been left in place ---------- ************************************************** 18:52:05: Scanning -----HIDDEN REGISTRY ENTRIES----- Taskdir check completed ---------- No Hidden File-loading Registry Entries found ---------- ************************************************** 18:52:05: Scanning -----ACTIVE SCREENSAVER----- ScreenSaver: boinc.scr C:\WINDOWS\boinc.scr 696320 bytes Created: 23/08/2007 Modified: 23/08/2007 Company: Space Sciences Laboratory -------------------- ************************************************** 18:52:05: Scanning ----- REGISTRY ACTIVE SETUP KEYS ----- ************************************************** 18:52:05: Scanning ----- SERVICEDLL REGISTRY KEYS ----- ************************************************** 18:52:05: Scanning ----- SERVICES REGISTRY KEYS ----- Key: ALSysIO ImagePath: \??\C:\DOCUME~1\Steve\LOCALS~1\Temp\ALSysIO.sys C:\DOCUME~1\Steve\LOCALS~1\Temp\ALSysIO.sys - this registry value has been removed [file not found to scan] ---------- Key: AmdLLD ImagePath: system32\DRIVERS\AmdLLD.sys C:\WINDOWS\system32\DRIVERS\AmdLLD.sys 34304 bytes Created: 4/04/2008 Modified: 29/06/2007 Company: AMD, Inc. ---------- Key: AmdPPM ImagePath: system32\DRIVERS\AmdPPM.sys C:\WINDOWS\system32\DRIVERS\AmdPPM.sys 33792 bytes Created: 16/04/2007 Modified: 16/04/2007 Company: Advanced Micro Devices ---------- Key: AntiVirScheduler ImagePath: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe" C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe 68865 bytes Created: 21/02/2008 Modified: 15/04/2008 Company: Avira GmbH ---------- Key: AntiVirService ImagePath: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe" C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe 147201 bytes Created: 21/02/2008 Modified: 15/04/2008 Company: Avira GmbH ---------- Key: avgio ImagePath: \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys 11840 bytes Created: 21/02/2008 Modified: 27/02/2007 Company: Avira GmbH ---------- Key: avgntflt ImagePath: \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys 49472 bytes Created: 21/02/2008 Modified: 15/04/2008 Company: Avira GmbH ---------- Key: avipbb ImagePath: system32\DRIVERS\avipbb.sys C:\WINDOWS\system32\DRIVERS\avipbb.sys 79424 bytes Created: 21/02/2008 Modified: 15/04/2008 Company: Avira GmbH ---------- Key: BANTExt ImagePath: \SystemRoot\System32\Drivers\BANTExt.sys C:\WINDOWS\System32\Drivers\BANTExt.sys 3840 bytes Created: 16/03/2008 Modified: 27/02/2008 Company: ---------- Key: cmdAgent ImagePath: "C:\Program Files\COMODO\Firewall\cmdagent.exe" C:\Program Files\COMODO\Firewall\cmdagent.exe 507648 bytes Created: 21/02/2008 Modified: 20/04/2008 Company: COMODO ---------- Key: cmdGuard ImagePath: System32\DRIVERS\cmdguard.sys C:\WINDOWS\System32\DRIVERS\cmdguard.sys 87312 bytes Created: 21/02/2008 Modified: 20/04/2008 Company: COMODO ---------- Key: cmdHlp ImagePath: System32\DRIVERS\cmdhlp.sys C:\WINDOWS\System32\DRIVERS\cmdhlp.sys 23824 bytes Created: 21/02/2008 Modified: 20/04/2008 Company: COMODO ---------- Key: cpuz ImagePath: \??\G:\Gigabyte\A64Tweaker_V0.6beta\cpuz.sys G:\Gigabyte\A64Tweaker_V0.6beta\cpuz.sys - this registry value has been removed [file not found to scan] ---------- Key: ENTECH ImagePath: \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys C:\WINDOWS\system32\DRIVERS\ENTECH.sys 27672 bytes Created: 7/03/2008 Modified: 7/09/2007 Company: EnTech Taiwan ---------- Key: FontCache3.0.0.0 ImagePath: C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\Presen tationFontCache.exe C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\Presen tationFontCache.exe 36864 bytes Created: 20/10/2006 Modified: 20/10/2006 Company: Microsoft Corporation ---------- Key: gdrv ImagePath: \??\C:\WINDOWS\gdrv.sys C:\WINDOWS\gdrv.sys 4501 bytes Created: 21/02/2008 Modified: 21/02/2008 Company: Windows (R) 2000 DDK provider ---------- Key: gusvc ImagePath: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 138680 bytes Created: 10/04/2008 Modified: 10/04/2008 Company: Google ---------- Key: HDAudBus ImagePath: system32\DRIVERS\HDAudBus.sys C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 138752 bytes Created: 7/01/2005 Modified: 7/01/2005 Company: Windows (R) Server 2003 DDK provider ---------- Key: IDriverT ImagePath: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 73728 bytes Created: 3/04/2005 Modified: 30/03/2008 Company: Macrovision Corporation ---------- Key: idsvc ImagePath: "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 741376 bytes Created: 30/10/2006 Modified: 30/10/2006 Company: Microsoft Corporation ---------- Key: Inspect ImagePath: System32\DRIVERS\inspect.sys C:\WINDOWS\System32\DRIVERS\inspect.sys 79760 bytes Created: 21/02/2008 Modified: 20/04/2008 Company: COMODO ---------- Key: IntcAzAudAddService ImagePath: system32\drivers\RtkHDAud.sys C:\WINDOWS\system32\drivers\RtkHDAud.sys -R- 4279296 bytes Created: 21/02/2008 Modified: 26/05/2006 Company: Realtek Semiconductor Corp. ---------- Key: moufiltr ImagePath: system32\DRIVERS\moufiltr.sys C:\WINDOWS\system32\DRIVERS\moufiltr.sys 62592 bytes Created: 21/02/2008 Modified: 21/02/2008 Company: Chic Tech. ---------- Key: NPF ImagePath: system32\drivers\npf.sys C:\WINDOWS\system32\drivers\npf.sys 42512 bytes Created: 29/06/2007 Modified: 29/06/2007 Company: CACE Technologies ---------- Key: nvata ImagePath: system32\DRIVERS\nvata.sys C:\WINDOWS\system32\DRIVERS\nvata.sys 100736 bytes Created: 24/04/2006 Modified: 24/04/2006 Company: NVIDIA Corporation ---------- Key: NVENETFD ImagePath: system32\DRIVERS\NVENETFD.sys C:\WINDOWS\system32\DRIVERS\NVENETFD.sys -R- 52736 bytes Created: 21/02/2008 Modified: 22/03/2006 Company: NVIDIA Corporation ---------- Key: nvnetbus ImagePath: system32\DRIVERS\nvnetbus.sys C:\WINDOWS\system32\DRIVERS\nvnetbus.sys -R- 18944 bytes Created: 21/02/2008 Modified: 22/03/2006 Company: NVIDIA Corporation ---------- Key: NwlnkIpx ImagePath: system32\DRIVERS\nwlnkipx.sys C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys 88448 bytes Created: 5/08/2004 Modified: 5/08/2004 Company: Microsoft Corporation ---------- Key: NwlnkNb ImagePath: system32\DRIVERS\nwlnknb.sys C:\WINDOWS\system32\DRIVERS\nwlnknb.sys 63232 bytes Created: 5/08/2004 Modified: 5/08/2004 Company: Microsoft Corporation ---------- Key: NwlnkSpx ImagePath: system32\DRIVERS\nwlnkspx.sys C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys 55936 bytes Created: 5/08/2004 Modified: 5/08/2004 Company: Microsoft Corporation ---------- Key: RivaTuner32 ImagePath: \??\C:\Program Files\RivaTuner v2.06\RivaTuner32.sys C:\Program Files\RivaTuner v2.06\RivaTuner32.sys 9088 bytes Created: 31/10/2007 Modified: 31/10/2007 Company: ---------- Key: rpcapd ImagePath: "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" C:\Program Files\WinPcap\rpcapd.exe 90112 bytes Created: 29/06/2007 Modified: 30/03/2008 Company: CACE Technologies ---------- Key: Secdrv ImagePath: system32\DRIVERS\secdrv.sys C:\WINDOWS\system32\DRIVERS\secdrv.sys 20480 bytes Created: 5/08/2004 Modified: 13/11/2007 Company: Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. ---------- Key: SNMP ImagePath: %SystemRoot%\System32\snmp.exe C:\WINDOWS\System32\snmp.exe 33280 bytes Created: 21/02/2008 Modified: 20/11/2006 Company: Microsoft Corporation ---------- Key: sptd ImagePath: System32\Drivers\sptd.sys - this file is globally excluded ---------- Key: SRS_SSCFilter ImagePath: system32\drivers\srs_sscfilter_i386.sys C:\WINDOWS\system32\drivers\srs_sscfilter_i386.sys -R- 39808 bytes Created: 25/03/2008 Modified: 26/07/2007 Company: ---------- Key: sscdbus ImagePath: system32\DRIVERS\sscdbus.sys C:\WINDOWS\system32\DRIVERS\sscdbus.sys 80552 bytes Created: 22/02/2008 Modified: 3/07/2007 Company: MCCI Corporation ---------- Key: sscdmdfl ImagePath: system32\DRIVERS\sscdmdfl.sys C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys 11944 bytes Created: 22/02/2008 Modified: 3/07/2007 Company: MCCI Corporation ---------- Key: sscdmdm ImagePath: system32\DRIVERS\sscdmdm.sys C:\WINDOWS\system32\DRIVERS\sscdmdm.sys 106792 bytes Created: 22/02/2008 Modified: 3/07/2007 Company: MCCI Corporation ---------- Key: ssmdrv ImagePath: system32\DRIVERS\ssmdrv.sys C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 28352 bytes Created: 21/02/2008 Modified: 1/03/2007 Company: Avira GmbH ---------- Key: SwPrv ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{3CEC0356-5E44-41A7-B285-0C068DF6BE99} C:\WINDOWS\system32\dllhost.exe 5120 bytes Created: 5/08/2004 Modified: 5/08/2004 Company: Microsoft Corporation ---------- Key: tmcomm ImagePath: \??\C:\WINDOWS\system32\drivers\tmcomm.sys C:\WINDOWS\system32\drivers\tmcomm.sys 102664 bytes Created: 25/03/2008 Modified: 25/03/2008 Company: Trend Micro Inc. ---------- Key: UnlockerDriver5 ImagePath: \??\C:\Program Files\Unlocker\UnlockerDriver5.sys C:\Program Files\Unlocker\UnlockerDriver5.sys 4096 bytes Created: 1/03/2008 Modified: 1/03/2008 Company: ---------- Key: usnjsvc ImagePath: "C:\Program Files\Windows Live\Messenger\usnsvc.exe" C:\Program Files\Windows Live\Messenger\usnsvc.exe 98328 bytes Created: 18/10/2007 Modified: 18/10/2007 Company: Microsoft Corporation ---------- Key: WLSetupSvc ImagePath: "C:\Program Files\Windows Live\installer\WLSetupSvc.exe" C:\Program Files\Windows Live\installer\WLSetupSvc.exe 270336 bytes Created: 25/10/2007 Modified: 30/03/2008 Company: Microsoft Corporation ---------- ************************************************** 18:54:44: Scanning -----VXD ENTRIES----- ************************************************** 18:54:44: Scanning ----- WINLOGON\NOTIFY DLLS ----- ************************************************** 18:54:44: Scanning ----- CONTEXTMENUHANDLERS ----- Key: Androsa FileProtector CLSID: {0C0F74CC-F421-48E5-8C6F-BCD0D7CA141D} Path: C:\PROGRA~1\ANDROS~1\ANDROS~1\tools\ShExt.dll C:\PROGRA~1\ANDROS~1\ANDROS~1\tools\ShExt.dll 49152 bytes Created: 7/12/2007 Modified: 27/05/2007 Company: AndrosaSoft© ---------- Key: MagicISO CLSID: {DB85C504-C730-49DD-BEC1-7B39C6103B7A} Path: C:\Program Files\MagicISO\misosh.dll C:\Program Files\MagicISO\misosh.dll 20992 bytes Created: 21/02/2008 Modified: 5/06/2006 Company: MagicISO, Inc. ---------- Key: Offline Files CLSID: {750fdf0e-2a26-11d1-a3ea-080036587f03} Path: %SystemRoot%\System32\cscui.dll C:\WINDOWS\System32\cscui.dll 326656 bytes Created: 5/08/2004 Modified: 5/08/2004 Company: Microsoft Corporation ---------- Key: Open With CLSID: {09799AFB-AD67-11d1-ABCD-00C04FC30936} Path: %SystemRoot%\system32\SHELL32.dll C:\WINDOWS\system32\SHELL32.dll 8454656 bytes Created: 5/08/2004 Modified: 26/10/2007 Company: Microsoft Corporation ---------- Key: Open With EncryptionMenu CLSID: {A470F8CF-A1E8-4f65-8335-227475AA5C46} Path: %SystemRoot%\system32\SHELL32.dll C:\WINDOWS\system32\SHELL32.dll 8454656 bytes Created: 5/08/2004 Modified: 26/10/2007 Company: Microsoft Corporation ---------- Key: Trojan Remover CLSID: {52B87208-9CCF-42C9-B88E-069281105805} Path: C:\PROGRA~1\TROJAN~1\Trshlex.dll C:\PROGRA~1\TROJAN~1\Trshlex.dll 467552 bytes Created: 28/04/2008 Modified: 5/02/2007 Company: Simply Super Software ---------- Key: WinRAR CLSID: {B41DB860-8EE4-11D2-9906-E49FADC173CA} Path: C:\Program Files\WinRAR\rarext.dll C:\Program Files\WinRAR\rarext.dll 126464 bytes Created: 21/02/2008 Modified: 13/09/2006 Company: ---------- Key: {a2a9545d-a0c2-42b4-9708-a0b2badd77c8} Path: %SystemRoot%\system32\SHELL32.dll C:\WINDOWS\system32\SHELL32.dll 8454656 bytes Created: 5/08/2004 Modified: 26/10/2007 Company: Microsoft Corporation ---------- ************************************************** 18:54:44: Scanning ----- FOLDER\COLUMNHANDLERS ----- Key: {0561EC90-CE54-4f0c-9C55-E226110A740C} File: C:\Program Files\K-Lite Codec Pack\Filters\Haali\mmfinfo.dll C:\Program Files\K-Lite Codec Pack\Filters\Haali\mmfinfo.dll 159744 bytes Created: 21/02/2008 Modified: 29/12/2007 Company: ---------- Key: {0D2E74C4-3C34-11d2-A27E-00C04FC30871} File: %SystemRoot%\system32\SHELL32.dll C:\WINDOWS\system32\SHELL32.dll 8454656 bytes Created: 5/08/2004 Modified: 26/10/2007 Company: Microsoft Corporation ---------- Key: {24F14F01-7B1C-11d1-838f-0000F80461CF} File: %SystemRoot%\system32\SHELL32.dll C:\WINDOWS\system32\SHELL32.dll 8454656 bytes Created: 5/08/2004 Modified: 26/10/2007 Company: Microsoft Corporation ---------- Key: {24F14F02-7B1C-11d1-838f-0000F80461CF} File: %SystemRoot%\system32\SHELL32.dll C:\WINDOWS\system32\SHELL32.dll 8454656 bytes Created: 5/08/2004 Modified: 26/10/2007 Company: Microsoft Corporation ---------- Key: {66742402-F9B9-11D1-A202-0000F81FEDEE} File: %SystemRoot%\system32\SHELL32.dll C:\WINDOWS\system32\SHELL32.dll 8454656 bytes Created: 5/08/2004 Modified: 26/10/2007 Company: Microsoft Corporation ---------- Key: {F9DB5320-233E-11D1-9F84-707F02C10627} File: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll 372736 bytes Created: 10/05/2007 Modified: 10/05/2007 Company: Adobe Systems, Inc. ---------- ************************************************** 18:54:44: Scanning ----- BROWSER HELPER OBJECTS ----- Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} BHO: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll 62080 bytes Created: 22/10/2006 Modified: 22/10/2006 Company: Adobe Systems Incorporated ---------- Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} BHO: C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll 509328 bytes Created: 10/04/2008 Modified: 22/02/2008 Company: Sun Microsystems, Inc. ---------- Key: {9030D464-4C02-4ABF-8ECC-5164760863C6} BHO: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll 392240 bytes Created: 14/12/2007 Modified: 14/12/2007 Company: Microsoft Corporation ---------- Key: {AA58ED58-01DD-4d91-8333-CF10577473F7} BHO: c:\program files\google\googletoolbar1.dll c:\program files\google\googletoolbar1.dll -R- 2403392 bytes Created: 10/04/2008 Modified: 10/04/2008 Company: Google Inc. ---------- Key: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} BHO: C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\s wg.dll C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\s wg.dll 654320 bytes Created: 10/04/2008 Modified: 10/04/2008 Company: Google Inc. ---------- ************************************************** 18:54:45: Scanning ----- SHELLSERVICEOBJECTS ----- Key: PostBootReminder CLSID: {7849596a-48ea-486e-8937-a2a3009f31a9} Path: %SystemRoot%\system32\SHELL32.dll C:\WINDOWS\system32\SHELL32.dll 8454656 bytes Created: 5/08/2004 Modified: 26/10/2007 Company: Microsoft Corporation ---------- Key: CDBurn CLSID: {fbeb8a05-beee-4442-804e-409d6c4515e9} Path: %SystemRoot%\system32\SHELL32.dll C:\WINDOWS\system32\SHELL32.dll 8454656 bytes Created: 5/08/2004 Modified: 26/10/2007 Company: Microsoft Corporation ---------- Key: WebCheck CLSID: {E6FB5E20-DE35-11CF-9C87-00AA005127ED} Path: C:\WINDOWS\system32\webcheck.dll C:\WINDOWS\system32\webcheck.dll 233472 bytes Created: 5/08/2004 Modified: 2/03/2008 Company: Microsoft Corporation ---------- Key: SysTray CLSID: {35CEC8A3-2BE6-11D2-8773-92E220524153} Path: C:\WINDOWS\system32\stobject.dll C:\WINDOWS\system32\stobject.dll 121856 bytes Created: 5/08/2004 Modified: 5/08/2004 Company: Microsoft Corporation ---------- Key: WPDShServiceObj CLSID: {AAA288BA-9A4C-45B0-95D7-94D524869DB5} Path: C:\WINDOWS\system32\WPDShServiceObj.dll C:\WINDOWS\system32\WPDShServiceObj.dll 133632 bytes Created: 18/10/2006 Modified: 18/10/2006 Company: Microsoft Corporation ---------- Key: UPnPMonitor CLSID: {e57ce738-33e8-4c51-8354-bb4de9d215d1} Path: C:\WINDOWS\system32\upnpui.dll C:\WINDOWS\system32\upnpui.dll 239616 bytes Created: 5/08/2004 Modified: 5/08/2004 Company: Microsoft Corporation ---------- ************************************************** 18:54:45: Scanning ----- SHAREDTASKSCHEDULER ENTRIES ----- Value: {438755C2-A8BA-11D1-B96B-00A0C90312E1} Comment: Browseui preloader File: %SystemRoot%\system32\browseui.dll C:\WINDOWS\system32\browseui.dll 1023488 bytes Created: 5/08/2004 Modified: 7/12/2007 Company: Microsoft Corporation ---------- Value: {8C7461EF-2B13-11d2-BE35-3078302C2030} Comment: Component Categories cache daemon File: %SystemRoot%\system32\browseui.dll C:\WINDOWS\system32\browseui.dll 1023488 bytes Created: 5/08/2004 Modified: 7/12/2007 Company: Microsoft Corporation ---------- ************************************************** 18:54:45: Scanning ----- IMAGEFILE DEBUGGERS ----- No "Debugger" entries found. ************************************************** 18:54:45: Scanning ----- APPINIT_DLLS ----- AppInitDLLs entry = [C:\WINDOWS\system32\guard32.dll] File: C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\guard32.dll 139008 bytes Created: 21/02/2008 Modified: 20/04/2008 Company: ---------- ************************************************** 18:54:45: Scanning ----- SECURITY PROVIDER DLLS ----- DLL: msapsspc.dll C:\WINDOWS\system32\msapsspc.dll 86016 bytes Created: 5/08/2004 Modified: 5/08/2004 Company: Microsoft Corporation ---------- DLL: schannel.dll C:\WINDOWS\system32\schannel.dll 144896 bytes Created: 5/08/2004 Modified: 26/04/2007 Company: Microsoft Corporation ---------- DLL: digest.dll C:\WINDOWS\system32\digest.dll 68608 bytes Created: 5/08/2004 Modified: 5/08/2004 Company: Microsoft Corporation ---------- DLL: msnsspc.dll C:\WINDOWS\system32\msnsspc.dll 290816 bytes Created: 5/08/2004 Modified: 5/08/2004 Company: Microsoft Corporation ---------- ************************************************** 18:54:45: Scanning ------ COMMON STARTUP GROUP ------ [C:\Documents and Settings\All Users\Start Menu\Programs\Startup] The Common Startup Group attempts to load the following file(s) at boot time: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini -HS- 84 bytes Created: 22/02/2008 Modified: 21/02/2008 Company: -------------------- ************************************************** 18:54:45: Scanning ------ USER STARTUP GROUPS ------ -------------------- Checking Startup Group for: Steve [C:\Documents and Settings\Steve\START MENU\PROGRAMS\STARTUP] The Startup Group for Steve attempts to load the following file(s): C:\Program Files\BOINC\boincmgr.exe 4141056 bytes Created: 23/08/2007 Modified: 23/08/2007 Company: Space Sciences Laboratory BOINC Manager.lnk - links to C:\Program Files\BOINC\boincmgr.exe ---------- C:\Documents and Settings\Steve\START MENU\PROGRAMS\STARTUP\desktop.ini -HS- 84 bytes Created: 21/02/2008 Modified: 21/02/2008 Company: ---------- C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe 16671744 bytes Created: 22/02/2008 Modified: 30/03/2008 Company: Firetrust Ltd MailWasherPro.lnk - links to C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe ---------- C:\Program Files\Xfire\xfire.exe 2987856 bytes Created: 3/04/2008 Modified: 3/04/2008 Company: Xfire Inc. xfire.lnk - links to C:\Program Files\Xfire\xfire.exe ---------- ************************************************** 18:54:46: Scanning ----- SCHEDULED TASKS ----- Taskname: RegCure Program Check.job File: C:\Program Files\RegCure\RegCure.exe C:\Program Files\RegCure\RegCure.exe 11511104 bytes Created: 30/03/2008 Modified: 30/03/2008 Company: Parameters: ShowReminders Next Run Time: 29/04/2008 17:00:00 Status: The task is ready to run at its next scheduled time Creator: Steve Comments: Checks status of application. ---------- Taskname: RegCure.job File: C:\Program Files\RegCure\RegCure.exe C:\Program Files\RegCure\RegCure.exe 11511104 bytes Created: 30/03/2008 Modified: 30/03/2008 Company: Parameters: -t Next Run Time: 29/04/2008 2:00:00 Status: The task is ready to run at its next scheduled time Creator: Steve Comments: Runs RegCure at Scheduled Time. ---------- ************************************************** 18:54:46: ----- ADDITIONAL CHECKS ----- PE386 rootkit checks completed ---------- Winlogon registry rootkit checks completed ---------- Heuristic checks for hidden files/drivers completed ---------- Layered Service Provider entries checks completed --------- Windows Explorer Policies checks completed ---------- Desktop Wallpaper: C:\Documents and Settings\Steve\Local Settings\Application Data\Microsoft\Wallpaper1.bmp C:\Documents and Settings\Steve\Local Settings\Application Data\Microsoft\Wallpaper1.bmp 18048054 bytes Created: 22/02/2008 Modified: 27/03/2008 Company: ---------- Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp C:\Documents and Settings\Steve\Local Settings\Application Data\Microsoft\Wallpaper1.bmp 18048054 bytes Created: 22/02/2008 Modified: 27/03/2008 Company: ---------- Additional file checks completed --------- ************************************************** 18:54:47: Scanning ----- RUNNING PROCESSES ----- C:\WINDOWS\System32\smss.exe -------------------- C:\WINDOWS\system32\csrss.exe -------------------- C:\WINDOWS\system32\winlogon.exe -------------------- C:\WINDOWS\system32\services.exe -------------------- C:\WINDOWS\system32\lsass.exe -------------------- C:\WINDOWS\system32\svchost.exe -------------------- C:\WINDOWS\system32\svchost.exe -------------------- C:\WINDOWS\System32\svchost.exe -------------------- C:\WINDOWS\system32\svchost.exe -------------------- C:\WINDOWS\system32\svchost.exe -------------------- C:\WINDOWS\system32\spoolsv.exe -------------------- C:\WINDOWS\Explorer.EXE -------------------- C:\WINDOWS\RTHDCPL.EXE -------------------- C:\Program Files\Microsoft IntelliType Pro\itype.exe -------------------- C:\Program Files\Browser Mouse\moffice.exe -------------------- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe -------------------- C:\WINDOWS\system32\netdde.exe -------------------- C:\Program Files\Unlocker\UnlockerAssistant.exe -------------------- C:\Program Files\Browser Mouse\MOUSE32A.EXE -------------------- C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe -------------------- C:\WINDOWS\system32\ctfmon.exe -------------------- C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe -------------------- C:\Program Files\uTorrent\uTorrent.exe -------------------- C:\Program Files\Skype\Phone\Skype.exe -------------------- C:\Program Files\BOINC\boincmgr.exe -------------------- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspn et_state.exe -------------------- C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe -------------------- C:\Program Files\Xfire\xfire.exe -------------------- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe -------------------- C:\Program Files\COMODO\Firewall\cmdagent.exe -------------------- C:\Program Files\BOINC\boinc.exe -------------------- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -------------------- C:\WINDOWS\system32\nvsvc32.exe -------------------- C:\WINDOWS\System32\snmp.exe -------------------- C:\WINDOWS\System32\alg.exe -------------------- C:\Program Files\Skype\Plugin Manager\skypePM.exe -------------------- C:\WINDOWS\System32\svchost.exe -------------------- C:\Program Files\Windows Live\Messenger\usnsvc.exe -------------------- C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe -------------------- C:\Documents and Settings\Steve\Application Data\Simply Super Software\Trojan Remover\oxa4.exe FileSize: 2478656 [This is a Trojan Remover component] -------------------- -------------------- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -------------------- ************************************************** 18:54:49: Checking AUTOEXEC.BAT file AUTOEXEC.BAT found in C:\ No malicious entries were found in the AUTOEXEC.BAT file ************************************************** 18:54:49: Checking AUTOEXEC.NT file AUTOEXEC.NT found in C:\WINDOWS\system32 No malicious entries were found in the AUTOEXEC.NT file ************************************************** 18:54:49: Checking HOSTS file No malicious entries were found in the HOSTS file ************************************************** ------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------ HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Start Page": go.microsoft.com HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Search Page": go.microsoft.com HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL": go.microsoft.com HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL": go.microsoft.com HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch": ie.search.msn.com HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"SearchAssistant": ie.search.msn.com HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Start Page": www.2142-stats.com HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Search Page": www.microsoft.com HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch": ie.search.msn.com HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\"SearchAssistant": ie.search.msn.com ************************************************** === CHANGES WERE MADE TO THE WINDOWS REGISTRY === Scan completed at: 28/04/2008 18:54:49 ************************************************** ********** dang, this has to be my biggest post ever on a forum....lol |
Camiron (7092) | ||
| 663338 | 2008-04-28 08:25:00 | Also, my sounds keep on resetting to no sounds - every couple of weeks....for no reason. And also my task bar doesnt always show all the running programs At the mo I am aparently running 8, but in fact im running 12. here is a nice pic...i made it specially for you all...lol img.photobucket.com |
Camiron (7092) | ||
| 663339 | 2008-04-28 09:21:00 | Tick these then tick fix checked Close browsers O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) Uninstall / tick this 03 - Toolbar: Rightdown Software SearchBar - {D6F180CB-E683-41a3-8CD2-C53DBAA0530D} - C:\Program Files\Rightdown Software SearchBar\rssb.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install Uninstall this and install Avast Home instead O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit Utorrent is probably how you got it in the first place Then reboot, then get rogueremover in my sig, update it then click on scan Get rogueremover |
Speedy Gonzales (78) | ||
| 663340 | 2008-04-28 09:39:00 | Hmm This entry that was removed Key: ALSysIO ImagePath: \??\C:\DOCUME~1\Steve\LOCALS~1\Temp\ALSysIO.sys C:\DOCUME~1\Steve\LOCALS~1\Temp\ALSysIO.sys - this registry value has been removed [file not found to scan] Because the file wasnt there, may have something to do with your sound not working. Is there anything in device manager for the soundcard?? Or if you go to control panel / sounds / audio tab, whats the default device? Click on the < (why yours is > I have no idea) ! on the taskbar bottom right. The rest of the programs running are hidden. Click on it |
Speedy Gonzales (78) | ||
| 663341 | 2008-04-28 09:56:00 | ok it was like that because it was expanded, i took the shot after i pressed the < and the default device is Realtek HD Audio output....my sound card is onboard and is 7.1....lol ok, I think these are a part of my display drivers O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit & O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup & I got this regarding " O4 - HKLM\..\Run: [nwiz] nwiz.exe /install" nwiz.exe is a part of NVidia's Nview features installable alongside it's graphics hardware products. This application will give the user access to additional features which allow the configuration of up to 32 monitors on a host, or to expand the desktop across many monitors. This is a non-essential process. Disabling or enabling it is down to user preference. If I get rid of these will my display stop? |
Camiron (7092) | ||
| 1 2 | |||||