PDA

View Full Version : Stupid Virus



Camiron
28-04-2008, 05:27 PM
Hey all, i've got this really annoying virus that I cant get rid of....It's called W32/Sanit.A and I downloaded a removal tool (http://www.avira.com/en/threats/section/fulldetails/id_vir/2661/w32_stanit.html) but if I don't run to tool every day, then my antivirus Avira (http://www.avira.com/en) will tell me that it has been found and either repaired it or removed it....
I always disable System Restore when I do a virus scan, so I am unable to find where the little thing is hiding.
Please help

Thanks

Speedy Gonzales
28-04-2008, 05:36 PM
Get a better virus scanner. - ie: NOD32 / Avast

Thats not much of a removal tool, if you have to use it every day

Get trojan remover in my sig, update it then click on scan.

Then select all options under the utilities menu

Once you remove it update windows. As it looks like this exploits a vulnerability (http://www.microsoft.com/technet/security/bulletin/MS03-026.mspx)

Has this computer got SP1 or 2 on it??

wainuitech
28-04-2008, 05:39 PM
Welcome to Press F1 Camiron,

First - is this PC on a network - if so it can infect others and thats one reason it is reinfecting.

Other reasons are it has not been removed fully.

Download a better AV as Speedy suggested, also download from my sig, Spybot S& D, run that then download Hijack This (http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis) run it, and select Save a Log, copy / paste the complete log file back here.

Camiron
28-04-2008, 07:07 PM
Um, XP Pro SP2, and yea, its a part of 2 networks.
for some weeks now, I have not been able to update windows. I usually disable automatic updates, because it usually pops up a window, right when I am play a game, anyway the other day after I first got the virus, I tried to update windows, I have to use Firefox for this, as when ever I try to use IE, it crashes on me, and I cant figure out why, I have IE7 and have uninstalled it, then reinstalled it, and it still crashes, I have had to redownload all my software - as most of it was corrupted by the 1st infection.
I might have to do a repair windows, but I have never done this and would rather a tech show me

Speedy Gonzales
28-04-2008, 07:12 PM
Post a hijackthis log, we'll see whats in it. Its in my sig, and get a better AV program, it may save you doing a format or repair

I would also disconnect the others, or you'll have to fix the others as well

Camiron
28-04-2008, 08:08 PM
well here is the log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:05:26 p.m., on 28/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Browser Mouse\moffice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Browser Mouse\MOUSE32A.EXE
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
C:\Program Files\Xfire\xfire.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\BOINC\boinc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\rsvp.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.2142-stats.com/Commandcenter/gamenicks.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\s wg.dll
O3 - Toolbar: Rightdown Software SearchBar - {D6F180CB-E683-41a3-8CD2-C53DBAA0530D} - C:\Program Files\Rightdown Software SearchBar\rssb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [MEDIAMOUSE] C:\Program Files\Browser Mouse\moffice.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Startup: MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
O4 - Startup: xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2AE523C7-824D-4005-89B0-FB560002E5FE}: NameServer = 192.168.0.200
O17 - HKLM\System\CCS\Services\Tcpip\..\{C9FCBB27-7B6B-4CC8-B151-A391EA8B907D}: NameServer = 192.168.0.200
O17 - HKLM\System\CS4\Services\Tcpip\..\{2AE523C7-824D-4005-89B0-FB560002E5FE}: NameServer = 192.168.0.200
O17 - HKLM\System\CS5\Services\Tcpip\..\{2AE523C7-824D-4005-89B0-FB560002E5FE}: NameServer = 192.168.0.200
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 8488 bytes



hope this helps me to get rid of it.....i have run the trojan remover and here are those results


***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.6.9.2528. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 18:52:02 28 Apr 2008
Using Database v6981
Operating System: Windows XP SP2 [Windows XP Professional Service Pack 2 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\Steve\Application Data\Simply Super Software\Trojan Remover\
Logfile directory: D:\All Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges


**************************************************
The following Anti-Malware program(s) are loaded:
Avira AntiVir

**************************************************


**************************************************
18:52:02: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS

**************************************************
18:52:02: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS

**************************************************
18:52:02: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

**************************************************
18:52:02: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1033216 bytes
Created: 5/08/2004
Modified: 13/06/2007
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
24576 bytes
Created: 5/08/2004
Modified: 5/08/2004
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
514560 bytes
Created: 5/08/2004
Modified: 5/08/2004
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: NvCplDaemon
Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
C:\WINDOWS\system32\NvCpl.dll
8523776 bytes
Created: 11/02/2008
Modified: 5/12/2007
Company: NVIDIA Corporation
--------------------
Value Name: nwiz
Value Data: nwiz.exe /install
C:\WINDOWS\system32\nwiz.exe
1626112 bytes
Created: 11/02/2008
Modified: 5/12/2007
Company:
--------------------
Value Name: RTHDCPL
Value Data: RTHDCPL.EXE
C:\WINDOWS\RTHDCPL.EXE
-R- 16208384 bytes
Created: 21/02/2008
Modified: 27/05/2006
Company: Realtek Semiconductor Corp.
--------------------
Value Name: SkyTel
Value Data: SkyTel.EXE
C:\WINDOWS\SkyTel.EXE
-R- 2879488 bytes
Created: 21/02/2008
Modified: 16/05/2006
Company: Realtek Semiconductor Corp.
--------------------
Value Name: Alcmtr
Value Data: ALCMTR.EXE
C:\WINDOWS\ALCMTR.EXE
-R- 69632 bytes
Created: 21/02/2008
Modified: 3/05/2005
Company: Realtek Semiconductor Corp.
--------------------
Value Name: itype
Value Data: "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
C:\Program Files\Microsoft IntelliType Pro\itype.exe
988584 bytes
Created: 1/09/2007
Modified: 1/09/2007
Company: Microsoft Corporation
--------------------
Value Name: MEDIAMOUSE
Value Data: C:\Program Files\Browser Mouse\moffice.exe
C:\Program Files\Browser Mouse\moffice.exe
806912 bytes
Created: 21/02/2008
Modified: 21/02/2008
Company:
--------------------
Value Name: avgnt
Value Data: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
262401 bytes
Created: 21/02/2008
Modified: 23/04/2008
Company: Avira GmbH
--------------------
Value Name: COMODO Firewall Pro
Value Data: "C:\Program Files\COMODO\Firewall\cfp.exe" -h
C:\Program Files\COMODO\Firewall\cfp.exe
1572608 bytes
Created: 21/02/2008
Modified: 20/04/2008
Company: COMODO
--------------------
Value Name: UnlockerAssistant
Value Data: "C:\Program Files\Unlocker\UnlockerAssistant.exe"
C:\Program Files\Unlocker\UnlockerAssistant.exe
15872 bytes
Created: 1/03/2008
Modified: 1/03/2008
Company:
--------------------
Value Name: NeroFilterCheck
Value Data: C:\WINDOWS\system32\NeroCheck.exe
C:\WINDOWS\system32\NeroCheck.exe
155648 bytes
Created: 21/02/2008
Modified: 9/07/2001
Company: Ahead Software Gmbh
--------------------
Value Name: amd_dc_opt
Value Data: C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
77824 bytes
Created: 23/07/2007
Modified: 23/07/2007
Company: AMD
--------------------
Value Name: NvMediaCenter
Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
C:\WINDOWS\system32\NvMcTray.dll
81920 bytes
Created: 11/02/2008
Modified: 5/12/2007
Company: NVIDIA Corporation
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe
C:\Program Files\Trojan Remover\Trjscan.exe
877136 bytes
Created: 28/04/2008
Modified: 24/04/2008
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Once
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run OnceEx
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: ctfmon.exe
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 5/08/2004
Modified: 5/08/2004
Company: Microsoft Corporation
--------------------
Value Name: MsnMsgr
Value Data: "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
5724184 bytes
Created: 18/10/2007
Modified: 18/10/2007
Company: Microsoft Corporation
--------------------
Value Name: Gadwin PrintScreen
Value Data: C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
495616 bytes
Created: 20/08/2007
Modified: 20/08/2007
Company: Gadwin Systems, Inc
--------------------
Value Name: uTorrent
Value Data: "C:\Program Files\uTorrent\uTorrent.exe"
C:\Program Files\uTorrent\uTorrent.exe
219952 bytes
Created: 21/02/2008
Modified: 30/03/2008
Company:
--------------------
Value Name: Skype
Value Data: "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
C:\Program Files\Skype\Phone\Skype.exe
-R- 21898024 bytes
Created: 3/04/2008
Modified: 3/04/2008
Company: Skype Technologies S.A.
--------------------

**************************************************
18:52:05: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------

**************************************************
18:52:05: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

**************************************************
18:52:05: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver: boinc.scr
C:\WINDOWS\boinc.scr
696320 bytes
Created: 23/08/2007
Modified: 23/08/2007
Company: Space Sciences Laboratory
--------------------

**************************************************
18:52:05: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----

**************************************************
18:52:05: Scanning ----- SERVICEDLL REGISTRY KEYS -----

**************************************************
18:52:05: Scanning ----- SERVICES REGISTRY KEYS -----
Key: ALSysIO
ImagePath: \??\C:\DOCUME~1\Steve\LOCALS~1\Temp\ALSysIO.sys
C:\DOCUME~1\Steve\LOCALS~1\Temp\ALSysIO.sys - this registry value has been removed [file not found to scan]
----------
Key: AmdLLD
ImagePath: system32\DRIVERS\AmdLLD.sys
C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
34304 bytes
Created: 4/04/2008
Modified: 29/06/2007
Company: AMD, Inc.
----------
Key: AmdPPM
ImagePath: system32\DRIVERS\AmdPPM.sys
C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
33792 bytes
Created: 16/04/2007
Modified: 16/04/2007
Company: Advanced Micro Devices
----------
Key: AntiVirScheduler
ImagePath: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe"
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
68865 bytes
Created: 21/02/2008
Modified: 15/04/2008
Company: Avira GmbH
----------
Key: AntiVirService
ImagePath: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe"
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
147201 bytes
Created: 21/02/2008
Modified: 15/04/2008
Company: Avira GmbH
----------
Key: avgio
ImagePath: \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys
11840 bytes
Created: 21/02/2008
Modified: 27/02/2007
Company: Avira GmbH
----------
Key: avgntflt
ImagePath: \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
49472 bytes
Created: 21/02/2008
Modified: 15/04/2008
Company: Avira GmbH
----------
Key: avipbb
ImagePath: system32\DRIVERS\avipbb.sys
C:\WINDOWS\system32\DRIVERS\avipbb.sys
79424 bytes
Created: 21/02/2008
Modified: 15/04/2008
Company: Avira GmbH
----------
Key: BANTExt
ImagePath: \SystemRoot\System32\Drivers\BANTExt.sys
C:\WINDOWS\System32\Drivers\BANTExt.sys
3840 bytes
Created: 16/03/2008
Modified: 27/02/2008
Company:
----------
Key: cmdAgent
ImagePath: "C:\Program Files\COMODO\Firewall\cmdagent.exe"
C:\Program Files\COMODO\Firewall\cmdagent.exe
507648 bytes
Created: 21/02/2008
Modified: 20/04/2008
Company: COMODO
----------
Key: cmdGuard
ImagePath: System32\DRIVERS\cmdguard.sys
C:\WINDOWS\System32\DRIVERS\cmdguard.sys
87312 bytes
Created: 21/02/2008
Modified: 20/04/2008
Company: COMODO
----------
Key: cmdHlp
ImagePath: System32\DRIVERS\cmdhlp.sys
C:\WINDOWS\System32\DRIVERS\cmdhlp.sys
23824 bytes
Created: 21/02/2008
Modified: 20/04/2008
Company: COMODO
----------
Key: cpuz
ImagePath: \??\G:\Gigabyte\A64Tweaker_V0.6beta\cpuz.sys
G:\Gigabyte\A64Tweaker_V0.6beta\cpuz.sys - this registry value has been removed [file not found to scan]
----------
Key: ENTECH
ImagePath: \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys
C:\WINDOWS\system32\DRIVERS\ENTECH.sys
27672 bytes
Created: 7/03/2008
Modified: 7/09/2007
Company: EnTech Taiwan
----------
Key: FontCache3.0.0.0
ImagePath: C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\Presen tationFontCache.exe
C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\Presen tationFontCache.exe
36864 bytes
Created: 20/10/2006
Modified: 20/10/2006
Company: Microsoft Corporation
----------
Key: gdrv
ImagePath: \??\C:\WINDOWS\gdrv.sys
C:\WINDOWS\gdrv.sys
4501 bytes
Created: 21/02/2008
Modified: 21/02/2008
Company: Windows (R) 2000 DDK provider
----------
Key: gusvc
ImagePath: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
138680 bytes
Created: 10/04/2008
Modified: 10/04/2008
Company: Google
----------
Key: HDAudBus
ImagePath: system32\DRIVERS\HDAudBus.sys
C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
138752 bytes
Created: 7/01/2005
Modified: 7/01/2005
Company: Windows (R) Server 2003 DDK provider
----------
Key: IDriverT
ImagePath: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
73728 bytes
Created: 3/04/2005
Modified: 30/03/2008
Company: Macrovision Corporation
----------
Key: idsvc
ImagePath: "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
741376 bytes
Created: 30/10/2006
Modified: 30/10/2006
Company: Microsoft Corporation
----------
Key: Inspect
ImagePath: System32\DRIVERS\inspect.sys
C:\WINDOWS\System32\DRIVERS\inspect.sys
79760 bytes
Created: 21/02/2008
Modified: 20/04/2008
Company: COMODO
----------
Key: IntcAzAudAddService
ImagePath: system32\drivers\RtkHDAud.sys
C:\WINDOWS\system32\drivers\RtkHDAud.sys
-R- 4279296 bytes
Created: 21/02/2008
Modified: 26/05/2006
Company: Realtek Semiconductor Corp.
----------
Key: moufiltr
ImagePath: system32\DRIVERS\moufiltr.sys
C:\WINDOWS\system32\DRIVERS\moufiltr.sys
62592 bytes
Created: 21/02/2008
Modified: 21/02/2008
Company: Chic Tech.
----------
Key: NPF
ImagePath: system32\drivers\npf.sys
C:\WINDOWS\system32\drivers\npf.sys
42512 bytes
Created: 29/06/2007
Modified: 29/06/2007
Company: CACE Technologies
----------
Key: nvata
ImagePath: system32\DRIVERS\nvata.sys
C:\WINDOWS\system32\DRIVERS\nvata.sys
100736 bytes
Created: 24/04/2006
Modified: 24/04/2006
Company: NVIDIA Corporation
----------
Key: NVENETFD
ImagePath: system32\DRIVERS\NVENETFD.sys
C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
-R- 52736 bytes
Created: 21/02/2008
Modified: 22/03/2006
Company: NVIDIA Corporation
----------
Key: nvnetbus
ImagePath: system32\DRIVERS\nvnetbus.sys
C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
-R- 18944 bytes
Created: 21/02/2008
Modified: 22/03/2006
Company: NVIDIA Corporation
----------
Key: NwlnkIpx
ImagePath: system32\DRIVERS\nwlnkipx.sys
C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
88448 bytes
Created: 5/08/2004
Modified: 5/08/2004
Company: Microsoft Corporation
----------
Key: NwlnkNb
ImagePath: system32\DRIVERS\nwlnknb.sys
C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
63232 bytes
Created: 5/08/2004
Modified: 5/08/2004
Company: Microsoft Corporation
----------
Key: NwlnkSpx
ImagePath: system32\DRIVERS\nwlnkspx.sys
C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
55936 bytes
Created: 5/08/2004
Modified: 5/08/2004
Company: Microsoft Corporation
----------
Key: RivaTuner32
ImagePath: \??\C:\Program Files\RivaTuner v2.06\RivaTuner32.sys
C:\Program Files\RivaTuner v2.06\RivaTuner32.sys
9088 bytes
Created: 31/10/2007
Modified: 31/10/2007
Company:
----------
Key: rpcapd
ImagePath: "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini"
C:\Program Files\WinPcap\rpcapd.exe
90112 bytes
Created: 29/06/2007
Modified: 30/03/2008
Company: CACE Technologies
----------
Key: Secdrv
ImagePath: system32\DRIVERS\secdrv.sys
C:\WINDOWS\system32\DRIVERS\secdrv.sys
20480 bytes
Created: 5/08/2004
Modified: 13/11/2007
Company: Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.
----------
Key: SNMP
ImagePath: %SystemRoot%\System32\snmp.exe
C:\WINDOWS\System32\snmp.exe
33280 bytes
Created: 21/02/2008
Modified: 20/11/2006
Company: Microsoft Corporation
----------
Key: sptd
ImagePath: System32\Drivers\sptd.sys - this file is globally excluded
----------
Key: SRS_SSCFilter
ImagePath: system32\drivers\srs_sscfilter_i386.sys
C:\WINDOWS\system32\drivers\srs_sscfilter_i386.sys
-R- 39808 bytes
Created: 25/03/2008
Modified: 26/07/2007
Company:
----------
Key: sscdbus
ImagePath: system32\DRIVERS\sscdbus.sys
C:\WINDOWS\system32\DRIVERS\sscdbus.sys
80552 bytes
Created: 22/02/2008
Modified: 3/07/2007
Company: MCCI Corporation
----------
Key: sscdmdfl
ImagePath: system32\DRIVERS\sscdmdfl.sys
C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
11944 bytes
Created: 22/02/2008
Modified: 3/07/2007
Company: MCCI Corporation
----------
Key: sscdmdm
ImagePath: system32\DRIVERS\sscdmdm.sys
C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
106792 bytes
Created: 22/02/2008
Modified: 3/07/2007
Company: MCCI Corporation
----------
Key: ssmdrv
ImagePath: system32\DRIVERS\ssmdrv.sys
C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
28352 bytes
Created: 21/02/2008
Modified: 1/03/2007
Company: Avira GmbH
----------
Key: SwPrv
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{3CEC0356-5E44-41A7-B285-0C068DF6BE99}
C:\WINDOWS\system32\dllhost.exe
5120 bytes
Created: 5/08/2004
Modified: 5/08/2004
Company: Microsoft Corporation
----------
Key: tmcomm
ImagePath: \??\C:\WINDOWS\system32\drivers\tmcomm.sys
C:\WINDOWS\system32\drivers\tmcomm.sys
102664 bytes
Created: 25/03/2008
Modified: 25/03/2008
Company: Trend Micro Inc.
----------
Key: UnlockerDriver5
ImagePath: \??\C:\Program Files\Unlocker\UnlockerDriver5.sys
C:\Program Files\Unlocker\UnlockerDriver5.sys
4096 bytes
Created: 1/03/2008
Modified: 1/03/2008
Company:
----------
Key: usnjsvc
ImagePath: "C:\Program Files\Windows Live\Messenger\usnsvc.exe"
C:\Program Files\Windows Live\Messenger\usnsvc.exe
98328 bytes
Created: 18/10/2007
Modified: 18/10/2007
Company: Microsoft Corporation
----------
Key: WLSetupSvc
ImagePath: "C:\Program Files\Windows Live\installer\WLSetupSvc.exe"
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
270336 bytes
Created: 25/10/2007
Modified: 30/03/2008
Company: Microsoft Corporation
----------

**************************************************
18:54:44: Scanning -----VXD ENTRIES-----

**************************************************
18:54:44: Scanning ----- WINLOGON\NOTIFY DLLS -----

**************************************************
18:54:44: Scanning ----- CONTEXTMENUHANDLERS -----
Key: Androsa FileProtector
CLSID: {0C0F74CC-F421-48E5-8C6F-BCD0D7CA141D}
Path: C:\PROGRA~1\ANDROS~1\ANDROS~1\tools\ShExt.dll
C:\PROGRA~1\ANDROS~1\ANDROS~1\tools\ShExt.dll
49152 bytes
Created: 7/12/2007
Modified: 27/05/2007
Company: AndrosaSoftİ
----------
Key: MagicISO
CLSID: {DB85C504-C730-49DD-BEC1-7B39C6103B7A}
Path: C:\Program Files\MagicISO\misosh.dll
C:\Program Files\MagicISO\misosh.dll
20992 bytes
Created: 21/02/2008
Modified: 5/06/2006
Company: MagicISO, Inc.
----------
Key: Offline Files
CLSID: {750fdf0e-2a26-11d1-a3ea-080036587f03}
Path: %SystemRoot%\System32\cscui.dll
C:\WINDOWS\System32\cscui.dll
326656 bytes
Created: 5/08/2004
Modified: 5/08/2004
Company: Microsoft Corporation
----------
Key: Open With
CLSID: {09799AFB-AD67-11d1-ABCD-00C04FC30936}
Path: %SystemRoot%\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll
8454656 bytes
Created: 5/08/2004
Modified: 26/10/2007
Company: Microsoft Corporation
----------
Key: Open With EncryptionMenu
CLSID: {A470F8CF-A1E8-4f65-8335-227475AA5C46}
Path: %SystemRoot%\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll
8454656 bytes
Created: 5/08/2004
Modified: 26/10/2007
Company: Microsoft Corporation
----------
Key: Trojan Remover
CLSID: {52B87208-9CCF-42C9-B88E-069281105805}
Path: C:\PROGRA~1\TROJAN~1\Trshlex.dll
C:\PROGRA~1\TROJAN~1\Trshlex.dll
467552 bytes
Created: 28/04/2008
Modified: 5/02/2007
Company: Simply Super Software
----------
Key: WinRAR
CLSID: {B41DB860-8EE4-11D2-9906-E49FADC173CA}
Path: C:\Program Files\WinRAR\rarext.dll
C:\Program Files\WinRAR\rarext.dll
126464 bytes
Created: 21/02/2008
Modified: 13/09/2006
Company:
----------
Key: {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Path: %SystemRoot%\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll
8454656 bytes
Created: 5/08/2004
Modified: 26/10/2007
Company: Microsoft Corporation
----------

**************************************************
18:54:44: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {0561EC90-CE54-4f0c-9C55-E226110A740C}
File: C:\Program Files\K-Lite Codec Pack\Filters\Haali\mmfinfo.dll
C:\Program Files\K-Lite Codec Pack\Filters\Haali\mmfinfo.dll
159744 bytes
Created: 21/02/2008
Modified: 29/12/2007
Company:
----------
Key: {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
File: %SystemRoot%\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll
8454656 bytes
Created: 5/08/2004
Modified: 26/10/2007
Company: Microsoft Corporation
----------
Key: {24F14F01-7B1C-11d1-838f-0000F80461CF}
File: %SystemRoot%\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll
8454656 bytes
Created: 5/08/2004
Modified: 26/10/2007
Company: Microsoft Corporation
----------
Key: {24F14F02-7B1C-11d1-838f-0000F80461CF}
File: %SystemRoot%\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll
8454656 bytes
Created: 5/08/2004
Modified: 26/10/2007
Company: Microsoft Corporation
----------
Key: {66742402-F9B9-11D1-A202-0000F81FEDEE}
File: %SystemRoot%\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll
8454656 bytes
Created: 5/08/2004
Modified: 26/10/2007
Company: Microsoft Corporation
----------
Key: {F9DB5320-233E-11D1-9F84-707F02C10627}
File: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
372736 bytes
Created: 10/05/2007
Modified: 10/05/2007
Company: Adobe Systems, Inc.
----------

**************************************************
18:54:44: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
BHO: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
62080 bytes
Created: 22/10/2006
Modified: 22/10/2006
Company: Adobe Systems Incorporated
----------
Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
BHO: C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
509328 bytes
Created: 10/04/2008
Modified: 22/02/2008
Company: Sun Microsystems, Inc.
----------
Key: {9030D464-4C02-4ABF-8ECC-5164760863C6}
BHO: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
392240 bytes
Created: 14/12/2007
Modified: 14/12/2007
Company: Microsoft Corporation
----------
Key: {AA58ED58-01DD-4d91-8333-CF10577473F7}
BHO: c:\program files\google\googletoolbar1.dll
c:\program files\google\googletoolbar1.dll
-R- 2403392 bytes
Created: 10/04/2008
Modified: 10/04/2008
Company: Google Inc.
----------
Key: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
BHO: C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\s wg.dll
C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\s wg.dll
654320 bytes
Created: 10/04/2008
Modified: 10/04/2008
Company: Google Inc.
----------

**************************************************
18:54:45: Scanning ----- SHELLSERVICEOBJECTS -----
Key: PostBootReminder
CLSID: {7849596a-48ea-486e-8937-a2a3009f31a9}
Path: %SystemRoot%\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll
8454656 bytes
Created: 5/08/2004
Modified: 26/10/2007
Company: Microsoft Corporation
----------
Key: CDBurn
CLSID: {fbeb8a05-beee-4442-804e-409d6c4515e9}
Path: %SystemRoot%\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll
8454656 bytes
Created: 5/08/2004
Modified: 26/10/2007
Company: Microsoft Corporation
----------
Key: WebCheck
CLSID: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Path: C:\WINDOWS\system32\webcheck.dll
C:\WINDOWS\system32\webcheck.dll
233472 bytes
Created: 5/08/2004
Modified: 2/03/2008
Company: Microsoft Corporation
----------
Key: SysTray
CLSID: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Path: C:\WINDOWS\system32\stobject.dll
C:\WINDOWS\system32\stobject.dll
121856 bytes
Created: 5/08/2004
Modified: 5/08/2004
Company: Microsoft Corporation
----------
Key: WPDShServiceObj
CLSID: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
Path: C:\WINDOWS\system32\WPDShServiceObj.dll
C:\WINDOWS\system32\WPDShServiceObj.dll
133632 bytes
Created: 18/10/2006
Modified: 18/10/2006
Company: Microsoft Corporation
----------
Key: UPnPMonitor
CLSID: {e57ce738-33e8-4c51-8354-bb4de9d215d1}
Path: C:\WINDOWS\system32\upnpui.dll
C:\WINDOWS\system32\upnpui.dll
239616 bytes
Created: 5/08/2004
Modified: 5/08/2004
Company: Microsoft Corporation
----------

**************************************************
18:54:45: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
Value: {438755C2-A8BA-11D1-B96B-00A0C90312E1}
Comment: Browseui preloader
File: %SystemRoot%\system32\browseui.dll
C:\WINDOWS\system32\browseui.dll
1023488 bytes
Created: 5/08/2004
Modified: 7/12/2007
Company: Microsoft Corporation
----------
Value: {8C7461EF-2B13-11d2-BE35-3078302C2030}
Comment: Component Categories cache daemon
File: %SystemRoot%\system32\browseui.dll
C:\WINDOWS\system32\browseui.dll
1023488 bytes
Created: 5/08/2004
Modified: 7/12/2007
Company: Microsoft Corporation
----------

**************************************************
18:54:45: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

**************************************************
18:54:45: Scanning ----- APPINIT_DLLS -----
AppInitDLLs entry = [C:\WINDOWS\system32\guard32.dll]
File: C:\WINDOWS\system32\guard32.dll
C:\WINDOWS\system32\guard32.dll
139008 bytes
Created: 21/02/2008
Modified: 20/04/2008
Company:
----------

**************************************************
18:54:45: Scanning ----- SECURITY PROVIDER DLLS -----
DLL: msapsspc.dll
C:\WINDOWS\system32\msapsspc.dll
86016 bytes
Created: 5/08/2004
Modified: 5/08/2004
Company: Microsoft Corporation
----------
DLL: schannel.dll
C:\WINDOWS\system32\schannel.dll
144896 bytes
Created: 5/08/2004
Modified: 26/04/2007
Company: Microsoft Corporation
----------
DLL: digest.dll
C:\WINDOWS\system32\digest.dll
68608 bytes
Created: 5/08/2004
Modified: 5/08/2004
Company: Microsoft Corporation
----------
DLL: msnsspc.dll
C:\WINDOWS\system32\msnsspc.dll
290816 bytes
Created: 5/08/2004
Modified: 5/08/2004
Company: Microsoft Corporation
----------

**************************************************
18:54:45: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
-HS- 84 bytes
Created: 22/02/2008
Modified: 21/02/2008
Company:
--------------------

**************************************************
18:54:45: Scanning ------ USER STARTUP GROUPS ------
--------------------
Checking Startup Group for: Steve
[C:\Documents and Settings\Steve\START MENU\PROGRAMS\STARTUP]
The Startup Group for Steve attempts to load the following file(s):
C:\Program Files\BOINC\boincmgr.exe
4141056 bytes
Created: 23/08/2007
Modified: 23/08/2007
Company: Space Sciences Laboratory
BOINC Manager.lnk - links to C:\Program Files\BOINC\boincmgr.exe
----------
C:\Documents and Settings\Steve\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 21/02/2008
Modified: 21/02/2008
Company:
----------
C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
16671744 bytes
Created: 22/02/2008
Modified: 30/03/2008
Company: Firetrust Ltd
MailWasherPro.lnk - links to C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
----------
C:\Program Files\Xfire\xfire.exe
2987856 bytes
Created: 3/04/2008
Modified: 3/04/2008
Company: Xfire Inc.
xfire.lnk - links to C:\Program Files\Xfire\xfire.exe
----------

**************************************************
18:54:46: Scanning ----- SCHEDULED TASKS -----
Taskname: RegCure Program Check.job
File: C:\Program Files\RegCure\RegCure.exe
C:\Program Files\RegCure\RegCure.exe
11511104 bytes
Created: 30/03/2008
Modified: 30/03/2008
Company:
Parameters: ShowReminders
Next Run Time: 29/04/2008 17:00:00
Status: The task is ready to run at its next scheduled time
Creator: Steve
Comments: Checks status of application.
----------
Taskname: RegCure.job
File: C:\Program Files\RegCure\RegCure.exe
C:\Program Files\RegCure\RegCure.exe
11511104 bytes
Created: 30/03/2008
Modified: 30/03/2008
Company:
Parameters: -t
Next Run Time: 29/04/2008 2:00:00
Status: The task is ready to run at its next scheduled time
Creator: Steve
Comments: Runs RegCure at Scheduled Time.
----------

**************************************************
18:54:46: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
---------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Documents and Settings\Steve\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Steve\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
18048054 bytes
Created: 22/02/2008
Modified: 27/03/2008
Company:
----------
Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Steve\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
18048054 bytes
Created: 22/02/2008
Modified: 27/03/2008
Company:
----------
Additional file checks completed
---------

**************************************************
18:54:47: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
--------------------
C:\WINDOWS\system32\csrss.exe
--------------------
C:\WINDOWS\system32\winlogon.exe
--------------------
C:\WINDOWS\system32\services.exe
--------------------
C:\WINDOWS\system32\lsass.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\System32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\spoolsv.exe
--------------------
C:\WINDOWS\Explorer.EXE
--------------------
C:\WINDOWS\RTHDCPL.EXE
--------------------
C:\Program Files\Microsoft IntelliType Pro\itype.exe
--------------------
C:\Program Files\Browser Mouse\moffice.exe
--------------------
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
--------------------
C:\WINDOWS\system32\netdde.exe
--------------------
C:\Program Files\Unlocker\UnlockerAssistant.exe
--------------------
C:\Program Files\Browser Mouse\MOUSE32A.EXE
--------------------
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
--------------------
C:\WINDOWS\system32\ctfmon.exe
--------------------
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
--------------------
C:\Program Files\uTorrent\uTorrent.exe
--------------------
C:\Program Files\Skype\Phone\Skype.exe
--------------------
C:\Program Files\BOINC\boincmgr.exe
--------------------
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspn et_state.exe
--------------------
C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
--------------------
C:\Program Files\Xfire\xfire.exe
--------------------
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe
--------------------
C:\Program Files\COMODO\Firewall\cmdagent.exe
--------------------
C:\Program Files\BOINC\boinc.exe
--------------------
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
--------------------
C:\WINDOWS\system32\nvsvc32.exe
--------------------
C:\WINDOWS\System32\snmp.exe
--------------------
C:\WINDOWS\System32\alg.exe
--------------------
C:\Program Files\Skype\Plugin Manager\skypePM.exe
--------------------
C:\WINDOWS\System32\svchost.exe
--------------------
C:\Program Files\Windows Live\Messenger\usnsvc.exe
--------------------
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
--------------------
C:\Documents and Settings\Steve\Application Data\Simply Super Software\Trojan Remover\oxa4.exe
FileSize: 2478656
[This is a Trojan Remover component]
--------------------
--------------------
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
--------------------

**************************************************
18:54:49: Checking AUTOEXEC.BAT file
AUTOEXEC.BAT found in C:\
No malicious entries were found in the AUTOEXEC.BAT file

**************************************************
18:54:49: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file

**************************************************
18:54:49: Checking HOSTS file
No malicious entries were found in the HOSTS file

**************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.2142-stats.com/Commandcenter/gamenicks.html
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

**************************************************
=== CHANGES WERE MADE TO THE WINDOWS REGISTRY ===
Scan completed at: 28/04/2008 18:54:49
************************************************** **********

dang, this has to be my biggest post ever on a forum....lol

Camiron
28-04-2008, 08:25 PM
Also, my sounds keep on resetting to no sounds - every couple of weeks....for no reason.
And also my task bar doesnt always show all the running programs
At the mo I am aparently running 8, but in fact im running 12.
here is a nice pic...i made it specially for you all...lol
http://img.photobucket.com/albums/v400/Caimiron/000007.png

Speedy Gonzales
28-04-2008, 09:21 PM
Tick these then tick fix checked

Close browsers

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Uninstall / tick this

03 - Toolbar: Rightdown Software SearchBar - {D6F180CB-E683-41a3-8CD2-C53DBAA0530D} - C:\Program Files\Rightdown Software SearchBar\rssb.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

Uninstall this and install Avast Home instead

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

Utorrent is probably how you got it in the first place

Then reboot, then get rogueremover in my sig, update it then click on scan


Get rogueremover

Speedy Gonzales
28-04-2008, 09:39 PM
Hmm

This entry that was removed

Key: ALSysIO
ImagePath: \??\C:\DOCUME~1\Steve\LOCALS~1\Temp\ALSysIO.sys
C:\DOCUME~1\Steve\LOCALS~1\Temp\ALSysIO.sys - this registry value has been removed [file not found to scan]

Because the file wasnt there, may have something to do with your sound not working.

Is there anything in device manager for the soundcard??

Or if you go to control panel / sounds / audio tab, whats the default device?

Click on the < (why yours is > I have no idea) ! on the taskbar bottom right.

The rest of the programs running are hidden. Click on it

Camiron
28-04-2008, 09:56 PM
ok it was like that because it was expanded, i took the shot after i pressed the <

and the default device is Realtek HD Audio output....my sound card is onboard and is 7.1....lol

ok, I think these are a part of my display drivers
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
&
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
&
I got this regarding "O4 - HKLM\..\Run: [nwiz] nwiz.exe /install"
nwiz.exe is a part of NVidia's Nview features installable alongside it's graphics hardware products. This application will give the user access to additional features which allow the configuration of up to 32 monitors on a host, or to expand the desktop across many monitors. This is a non-essential process. Disabling or enabling it is down to user preference.
If I get rid of these will my display stop?

Speedy Gonzales
28-04-2008, 09:57 PM
ok, I think these are a part of my display drivers
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
&
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
&
I got this regarding "O4 - HKLM\..\Run: [nwiz] nwiz.exe /install"
nwiz.exe is a part of NVidia's Nview features installable alongside it's graphics hardware products. This application will give the user access to additional features which allow the configuration of up to 32 monitors on a host, or to expand the desktop across many monitors. This is a non-essential process. Disabling or enabling it is down to user preference.
If I get rid of these will my display stop?


Yes theyre to do with your videocard, and no ticking them wont stop you seeing anything

Have you got 2-32 monitors?

Camiron
28-04-2008, 10:04 PM
ok, no i have 1 20" monitor, but 2 cards in sli

Speedy Gonzales
28-04-2008, 10:07 PM
You can leave them there if you like. Not a prob