pc's security down

Acer / Aspire 5633wlmi
April 20, 2009 at 05:43:13
Specs: Windows XP, 1GB
hey guys, im new around here. i've got this prob
bugging me from a month ago. i got infected via
someone's thumbdrive but at that moment i 'seemed'
to have managed to clean the trojan and worms with
avira. at the same time my pc also spotted a spybot
and malwarebytes as the other security softwares.
but.. from that day onwards i couldnt update avira and
malwarebytes. tried uninstalling and reinstalling them,
problem persist. even tried avast and bitdefender free
edition but couldn't get the updaters to run. then i tried
to access the security websites but couldn't (other
non-security related sites are accessible). online
scanners..negative as well. something inside the
system is blocking the security updaters and
preventing me from getting help. i ran malwarebytes
but detected nothing, spybot is the only security
programme i can still update. but everytime i scanned,
all i found is this:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSe
t\Services\wscsvc\Start(is not)w=2
i hit the fixed button to change it, even manually
change it via the regedit but the problem just re-
emerged when i restart my pc. the value returned to 4
and windows security centre is disabled. to
complicate matters, i can't go into safe mode for any
scanning to be done. each time i hit the safe mode
tab, i'll get a loading SPTD.sys and then a flicker of
blue screen with words on it. however i cant make out
the words as it flickered too fast. this brings out the
menu for the safe mode all over again. in a nutshell,
the snags are: updater failure, blocked accessibilty to
security related websites and disabled safe mode. im
trying my best not to reformat my pc as the other
progs in my pc are already optimized, the only prob
now is this mindboggling 'lurker' that cant seem to be
removed. need help! thanks..
i've seen jabuck help someone with a similar
problem,. but i cant proceed any further from SDFix
onwards as i cant reboot into safe mode. i would trully appreciate your help

See More: pcs security down

Report •


#1
April 22, 2009 at 09:45:15
You may also try SUPERAntiSpyware. The Free Edition should help you and the Pro Trial Edition will allow you to test the Real Time Protection for 15 days.

www.superantispyware.com


Report •

#2
April 22, 2009 at 10:09:37
Sounds like the Conflicker bug. You may want to read up on removal process.

Report •

#3
April 23, 2009 at 05:38:53

here's what i've tried, i installed a program -Trojan Remover
and it managed to remove something. after that, everything
returned to normal- i could run my updaters, go to security
websites and my windows security centre is no longer
disabled. but i still couldn't go into safe mode. here's the log
for Trojan Remover:~

***** THE SYSTEM HAS BEEN RESTARTED *****
4/20/2009 9:02:09 PM: Trojan Remover has been restarted
============================================
===========
Removing the following registry keys:
HKLM\SYSTEM\CurrentControlSet\Services\wuauman -
Ownership taken
HKLM\SYSTEM\CurrentControlSet\Services\wuauman -
already removed (or did not exist)
============================================
===========
4/20/2009 9:02:09 PM: Trojan Remover closed
************************************************************


***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.4.2551. For information, email
support@simplysup1.com
[Unregistered version]
Scan started at: 8:59:14 PM 20 Apr 2009
Using Database v7194
Operating System: Windows XP SP2 [Windows XP
Professional Service Pack 2 (Build 2600)]
File System: FAT32
Data directory: C:\Documents and
Settings\userxp\Application Data\Simply Super
Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\userxp\My
Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************
The following Anti-Malware program(s) are loaded:
Spyware Doctor
Avira AntiVir

************************************************************


************************************************************
8:59:14 PM: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS

************************************************************
8:59:14 PM: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS

************************************************************
8:59:14 PM: ----- SCANNING FOR ROOTKIT SERVICES ----
-
No hidden Services were detected.

************************************************************
8:59:15 PM: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
974336 bytes
Created: 12/31/2002
Modified: 12/31/2002
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
24576 bytes
Created: 12/31/2002
Modified: 12/31/2002
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
5650432 bytes
Created: 12/31/2002
Modified: 12/31/2002
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: LManager
Value Data: C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
593920 bytes
Created: 7/20/2006
Modified: 7/20/2006
Company: Dritek System Inc.
--------------------
Value Name: igfxtray
Value Data: C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxtray.exe
94208 bytes
Created: 5/7/2008
Modified: 3/23/2006
Company: Intel Corporation
--------------------
Value Name: RTHDCPL
Value Data: RTHDCPL.EXE
C:\WINDOWS\RTHDCPL.EXE
-R- 16248320 bytes
Created: 5/8/2008
Modified: 6/28/2006
Company: Realtek Semiconductor Corp.
--------------------
Value Name: Alcmtr
Value Data: ALCMTR.EXE
C:\WINDOWS\ALCMTR.EXE
-R- 69632 bytes
Created: 5/8/2008
Modified: 5/3/2005
Company: Realtek Semiconductor Corp.
--------------------
Value Name: AzMixerSel
Value Data: C:\Program
Files\Realtek\InstallShield\AzMixerSel.exe
C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
53248 bytes
Created: 5/8/2008
Modified: 12/21/2005
Company: Realtek Semiconductor Corp.
--------------------
Value Name: LanguageShortcut
Value Data: "C:\Program
Files\CyberLink\PowerDVD\Language\Language.exe"
C:\Program
Files\CyberLink\PowerDVD\Language\Language.exe
49152 bytes
Created: 5/8/2008
Modified: 5/18/2006
Company:
--------------------
Value Name: GrooveMonitor
Value Data: "C:\Program Files\Microsoft
Office\Office12\GrooveMonitor.exe"
C:\Program Files\Microsoft
Office\Office12\GrooveMonitor.exe
31016 bytes
Created: 10/27/2006
Modified: 10/27/2006
Company: Microsoft Corporation
--------------------
Value Name: SynTPEnh
Value Data: C:\Program
Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
761946 bytes
Created: 5/8/2008
Modified: 3/3/2006
Company: Synaptics, Inc.
--------------------
Value Name: SkyTel
Value Data: SkyTel.EXE
C:\WINDOWS\SkyTel.EXE
-R- 2879488 bytes
Created: 5/8/2008
Modified: 5/16/2006
Company: Realtek Semiconductor Corp.
--------------------
Value Name: avgnt
Value Data: "C:\Program Files\Avira\AntiVir PersonalEdition
Classic\avgnt.exe" /min
C:\Program Files\Avira\AntiVir PersonalEdition
Classic\avgnt.exe
266497 bytes
Created: 3/18/2009
Modified: 6/12/2008
Company: Avira GmbH
--------------------
Value Name: ISTray
Value Data: "C:\Program Files\Spyware
Doctor\pctsTray.exe"
C:\Program Files\Spyware Doctor\pctsTray.exe
1103240 bytes
Created: 3/26/2009
Modified: 2/1/2008
Company: PC Tools
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe
/boot
C:\Program Files\Trojan Remover\Trjscan.exe
1233800 bytes
Created: 4/20/2009
Modified: 11/8/2008
Company: Simply Super Software
--------------------
--------------------
Checking
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Once
This Registry Key appears to be empty
--------------------
Checking
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunS
ervices
This Registry Key appears to be empty
--------------------
Checking
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunS
ervicesOnce
This Registry Key appears to be empty
--------------------
Checking
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
OnceEx
This Registry Key appears to be empty
--------------------
Checking
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: ctfmon.exe
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 12/31/2002
Modified: 12/31/2002
Company: Microsoft Corporation
--------------------
Value Name: RocketDock
Value Data: "C:\Program
Files\RocketDock\RocketDock.exe"
C:\Program Files\RocketDock\RocketDock.exe
495616 bytes
Created: 2/3/2009
Modified: 9/2/2007
Company:
--------------------
Value Name: ares
Value Data: "C:\Program Files\Ares\Ares.exe" -h
C:\Program Files\Ares\Ares.exe
1004544 bytes
Created: 2/3/2009
Modified: 2/3/2009
Company: Ares Development Group
--------------------
Value Name: msnmsgr
Value Data: "C:\Program Files\MSN
Messenger\msnmsgr.exe" /background
C:\Program Files\MSN Messenger\msnmsgr.exe
5674352 bytes
Created: 1/19/2007
Modified: 1/19/2007
Company: Microsoft Corporation
--------------------
--------------------
Checking
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServi
ces
This Registry Key appears to be empty
--------------------
Checking
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServi
cesOnce
This Registry Key appears to be empty

************************************************************
8:59:18 PM: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in
place
----------
ValueName: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}
Value: Groove GFS Stub Execution Hook
File:
C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
2210608 bytes
Created: 10/27/2006
Modified: 10/27/2006
Company: Microsoft Corporation
----------

************************************************************
8:59:19 PM: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
8:59:19 PM: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.

************************************************************
8:59:19 PM: Scanning ----- REGISTRY ACTIVE SETUP
KEYS -----
Key: {6BF52A52-394A-11d3-B153-00C04F79FAA6}
Path: rundll32.exe advpack.dll,LaunchINFSection
C:\WINDOWS\INF\wmp10.inf,PerUserStub
C:\WINDOWS\INF\wmp10.inf
34751 bytes
Created: 5/8/2008
Modified: 9/22/2004
Company:
----------

************************************************************
8:59:20 PM: Scanning ----- SERVICEDLL REGISTRY KEYS
-----

************************************************************
8:59:20 PM: Scanning ----- SERVICES REGISTRY KEYS ---
--
Key: acedrv10
ImagePath: \??
\C:\WINDOWS\system32\drivers\acedrv10.sys
C:\WINDOWS\system32\drivers\acedrv10.sys
583128 bytes
Created: 10/28/2007
Modified: 10/28/2007
Company: Protect Software GmbH
----------
Key: acehlp10
ImagePath: \??
\C:\WINDOWS\system32\drivers\acehlp10.sys
C:\WINDOWS\system32\drivers\acehlp10.sys
250560 bytes
Created: 10/26/2007
Modified: 10/26/2007
Company: Protect Software GmbH
----------
Key: AntiVirScheduler
ImagePath: "C:\Program Files\Avira\AntiVir PersonalEdition
Classic\sched.exe"
C:\Program Files\Avira\AntiVir PersonalEdition
Classic\sched.exe
68865 bytes
Created: 3/18/2009
Modified: 10/15/2008
Company: Avira GmbH
----------
Key: AntiVirService
ImagePath: "C:\Program Files\Avira\AntiVir PersonalEdition
Classic\avguard.exe"
C:\Program Files\Avira\AntiVir PersonalEdition
Classic\avguard.exe
151297 bytes
Created: 3/18/2009
Modified: 10/15/2008
Company: Avira GmbH
----------
Key: avgio
ImagePath: \??\C:\Program Files\Avira\AntiVir
PersonalEdition Classic\avgio.sys
C:\Program Files\Avira\AntiVir PersonalEdition
Classic\avgio.sys
11840 bytes
Created: 3/18/2009
Modified: 2/27/2007
Company: Avira GmbH
----------
Key: avgntflt
ImagePath: \??\C:\Program Files\Avira\AntiVir
PersonalEdition Classic\avgntflt.sys
C:\Program Files\Avira\AntiVir PersonalEdition
Classic\avgntflt.sys
52032 bytes
Created: 3/18/2009
Modified: 5/20/2008
Company: Avira GmbH
----------
Key: avipbb
ImagePath: system32\DRIVERS\avipbb.sys
C:\WINDOWS\system32\DRIVERS\avipbb.sys
75072 bytes
Created: 3/18/2009
Modified: 10/30/2008
Company: Avira GmbH
----------
Key: bcm4sbxp
ImagePath: system32\DRIVERS\bcm4sbxp.sys
C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
45312 bytes
Created: 5/7/2008
Modified: 10/31/2005
Company: Broadcom Corporation
----------
Key: BTSERIAL
ImagePath: \??\C:\WINDOWS\system32\drivers\btserial.sys
C:\WINDOWS\system32\drivers\btserial.sys
23271 bytes
Created: 1/17/2006
Modified: 1/17/2006
Company: Broadcom Corporation.
----------
Key: DKbFltr
ImagePath: system32\DRIVERS\DKbFltr.sys
C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
16896 bytes
Created: 12/8/2004
Modified: 12/8/2004
Company: Dritek System Inc.
----------
Key: EMSCR
ImagePath: system32\DRIVERS\EMS7SK.sys
C:\WINDOWS\system32\DRIVERS\EMS7SK.sys
-R- 61056 bytes
Created: 5/8/2008
Modified: 6/16/2006
Company: ENE Technology Inc.
----------
Key: ESDCR
ImagePath: system32\DRIVERS\ESD7SK.sys
C:\WINDOWS\system32\DRIVERS\ESD7SK.sys
-R- 40064 bytes
Created: 5/8/2008
Modified: 6/16/2006
Company: ENE Technology Inc.
----------
Key: ESMCR
ImagePath: system32\DRIVERS\ESM7SK.sys
C:\WINDOWS\system32\DRIVERS\ESM7SK.sys
-R- 74752 bytes
Created: 5/8/2008
Modified: 6/16/2006
Company: ENE Technology Inc.
----------
Key: HDAudBus
ImagePath: system32\DRIVERS\HDAudBus.sys
C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
138752 bytes
Created: 1/7/2005
Modified: 1/7/2005
Company: Windows (R) Server 2003 DDK provider
----------
Key: HSFHWAZL
ImagePath: system32\DRIVERS\HSFHWAZL.sys
C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
-R- 209664 bytes
Created: 5/8/2008
Modified: 12/22/2006
Company: Conexant Systems, Inc.
----------
Key: ialm
ImagePath: system32\DRIVERS\ialmnt5.sys
C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
-R- 1166972 bytes
Created: 5/7/2008
Modified: 3/23/2006
Company: Intel Corporation
----------
Key: IKFileSec
ImagePath: system32\drivers\ikfilesec.sys
C:\WINDOWS\system32\drivers\ikfilesec.sys
42376 bytes
Created: 3/26/2009
Modified: 2/1/2008
Company: PCTools Research Pty Ltd.
----------
Key: IKSysFlt
ImagePath: system32\drivers\iksysflt.sys
C:\WINDOWS\system32\drivers\iksysflt.sys
66952 bytes
Created: 3/26/2009
Modified: 12/10/2007
Company: PCTools Research Pty Ltd.
----------
Key: IKSysSec
ImagePath: system32\drivers\iksyssec.sys
C:\WINDOWS\system32\drivers\iksyssec.sys
81288 bytes
Created: 3/26/2009
Modified: 12/10/2007
Company: PCTools Research Pty Ltd.
----------
Key: IntcAzAudAddService
ImagePath: system32\drivers\RtkHDAud.sys
C:\WINDOWS\system32\drivers\RtkHDAud.sys
-R- 4304384 bytes
Created: 5/8/2008
Modified: 6/28/2006
Company: Realtek Semiconductor Corp.
----------
Key: Pml Driver HPZ12
ImagePath: C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\HPZipm12.exe
69632 bytes
Created: 5/8/2008
Modified: 3/3/2006
Company: HP
----------
Key: RichVideo
ImagePath: "C:\Program Files\CyberLink\Shared
files\RichVideo.exe"
C:\Program Files\CyberLink\Shared files\RichVideo.exe
167936 bytes
Created: 5/8/2008
Modified: 8/8/2005
Company:
----------
Key: sdAuxService
ImagePath: C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
747912 bytes
Created: 3/26/2009
Modified: 2/1/2008
Company: PC Tools
----------
Key: sdCoreService
ImagePath: C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
948616 bytes
Created: 3/26/2009
Modified: 3/4/2008
Company: PC Tools
----------
Key: Secdrv
ImagePath: system32\DRIVERS\secdrv.sys
C:\WINDOWS\system32\DRIVERS\secdrv.sys
12400 bytes
Created: 12/31/2002
Modified: 1/1/2009
Company: Macrovision Europe Ltd
----------
Key: sptd
ImagePath: System32\Drivers\sptd.sys - this file is globally
excluded
----------
Key: ssmdrv
ImagePath: system32\DRIVERS\ssmdrv.sys
C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
28352 bytes
Created: 3/18/2009
Modified: 3/1/2007
Company: Avira GmbH
----------
Key: SwPrv
ImagePath: C:\WINDOWS\system32\dllhost.exe
/Processid:{513597F1-457B-47A3-A646-3FF9887E380D}
C:\WINDOWS\system32\dllhost.exe
5120 bytes
Created: 12/31/2002
Modified: 12/31/2002
Company: Microsoft Corporation
----------
Key: SynTP
ImagePath: system32\DRIVERS\SynTP.sys
C:\WINDOWS\system32\DRIVERS\SynTP.sys
192672 bytes
Created: 5/8/2008
Modified: 3/3/2006
Company: Synaptics, Inc.
----------
Key: usbvideo
ImagePath: System32\Drivers\usbvideo.sys
C:\WINDOWS\System32\Drivers\usbvideo.sys
78464 bytes
Created: 5/7/2008
Modified: 8/3/2004
Company: Microsoft Corporation
----------
Key: usnjsvc
ImagePath: "C:\Program Files\MSN Messenger\usnsvc.exe"
C:\Program Files\MSN Messenger\usnsvc.exe
97136 bytes
Created: 1/19/2007
Modified: 1/19/2007
Company: Microsoft Corporation
----------
Key: w39n51
ImagePath: system32\DRIVERS\w39n51.sys
C:\WINDOWS\system32\DRIVERS\w39n51.sys
1429632 bytes
Created: 5/7/2008
Modified: 4/4/2006
Company: IntelĀ® Corporation
----------
Key: WpdUsb
ImagePath: System32\Drivers\wpdusb.sys
C:\WINDOWS\System32\Drivers\wpdusb.sys
18944 bytes
Created: 1/28/2005
Modified: 9/22/2004
Company: Microsoft Corporation
----------

************************************************************
8:59:27 PM: Scanning -----VXD ENTRIES-----
Checking the following VxD entries:

************************************************************
8:59:27 PM: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key : igfxcui
DLLName: igfxdev.dll
C:\WINDOWS\system32\igfxdev.dll
-R- 139264 bytes
Created: 5/7/2008
Modified: 3/23/2006
Company: Intel Corporation
----------

************************************************************
8:59:27 PM: Scanning ----- CONTEXTMENUHANDLERS -----
Key: Glary Utilities
CLSID: {72923739-5A47-40A3-9895-25AF0DFBB9E4}
Path: C:\PROGRA~1\GLARYU~1\CONTEX~1.DLL
C:\PROGRA~1\GLARYU~1\CONTEX~1.DLL
30208 bytes
Created: 11/2/2008
Modified: 8/20/2007
Company: GlarySoft,Inc.
----------
Key: Shell Extension for Malware scanning
CLSID: {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
Path: C:\Program Files\Avira\AntiVir PersonalEdition
Classic\shlext.dll
C:\Program Files\Avira\AntiVir PersonalEdition
Classic\shlext.dll
65793 bytes
Created: 3/18/2009
Modified: 6/12/2008
Company: Avira GmbH
----------
Key: wodShellMenu
CLSID: {E54B19BC-69B6-43B2-A1F2-15BBC1D72C93}
Path: C:\WINDOWS\system32\sql.dll
C:\WINDOWS\system32\sql.dll
212992 bytes
Created: 2/7/2009
Modified: 11/14/2004
Company: WeOnlyDo! COM
----------
Key: XXX Groove GFS Context Menu Handler XXX
CLSID: {6C467336-8281-4E60-8204-430CED96822D}
Path: C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
2210608 bytes
Created: 10/27/2006
Modified: 10/27/2006
Company: Microsoft Corporation
----------

************************************************************
8:59:27 PM: Scanning ----- FOLDER\COLUMNHANDLERS ---
--
Key: {7D4D6379-F301-4311-BEBA-E26EB0561882}
File: C:\Program Files\Common
Files\Ahead\Lib\NeroDigitalExt.dll
C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
1807920 bytes
Created: 2/22/2007
Modified: 2/22/2007
Company: Nero AG
----------

************************************************************
8:59:28 PM: Scanning ----- BROWSER HELPER OBJECTS -
----
Key: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7}
BHO: C:\Program Files\FlashGet\jccatch.dll
C:\Program Files\FlashGet\jccatch.dll
94308 bytes
Created: 8/6/2007
Modified: 8/6/2007
Company: www.flashget.com
----------
Key: {53707962-6F74-2D53-2644-206D7942484F}
BHO: C:\PROGRA~1\SPYBOT~1\SDHelper.dll
C:\PROGRA~1\SPYBOT~1\SDHelper.dll - file is excluded
from scanning [SPYBOT S&D file]
----------
Key: {72853161-30C5-4D22-B7F9-0BBC1D38A37E}
BHO: C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL - file
already scanned
----------
Key: {9030D464-4C02-4ABF-8ECC-5164760863C6}
BHO: C:\Program Files\Common Files\Microsoft
Shared\Windows Live\WindowsLiveLogin.dll
C:\Program Files\Common Files\Microsoft Shared\Windows
Live\WindowsLiveLogin.dll
322368 bytes
Created: 8/31/2006
Modified: 8/31/2006
Company: Microsoft Corporation
----------
Key: {F156768E-81EF-470C-9057-481BA8380DBA}
BHO: C:\Program Files\FlashGet\getflash.dll
C:\Program Files\FlashGet\getflash.dll
163840 bytes
Created: 5/19/2007
Modified: 5/19/2007
Company: www.flashget.com
----------

************************************************************
8:59:28 PM: Scanning ----- SHELLSERVICEOBJECTS -----

************************************************************
8:59:28 PM: Scanning ----- SHAREDTASKSCHEDULER
ENTRIES -----

************************************************************
8:59:28 PM: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************************
8:59:28 PM: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank or does not exist

************************************************************
8:59:29 PM: Scanning ----- SECURITY PROVIDER DLLS ----
-

************************************************************
8:59:29 PM: Scanning ------ COMMON STARTUP GROUP ---
---
[C:\Documents and Settings\All Users\Start
Menu\Programs\Startup]
The Common Startup Group attempts to load the following
file(s) at boot time:
C:\Documents and Settings\All Users\Start
Menu\Programs\Startup\desktop.ini
-HS- 84 bytes
Created: 5/7/2008
Modified: 5/7/2008
Company:
--------------------
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
618557 bytes
Created: 1/17/2006
Modified: 1/17/2006
Company: Broadcom Corporation.
Bluetooth.lnk - links to C:\Program
Files\WIDCOMM\Bluetooth Software\BTTray.exe
--------------------

************************************************************
8:59:29 PM: Scanning ------ USER STARTUP GROUPS ------
--------------------
Checking Startup Group for: Administrator
[C:\Documents and Settings\Administrator\START
MENU\PROGRAMS\STARTUP]
The Startup Group for Administrator attempts to load the
following file(s):
C:\Documents and Settings\Administrator\START
MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 5/7/2008
Modified: 5/7/2008
Company:
----------
--------------------
Checking Startup Group for: userxp
[C:\Documents and Settings\userxp\START
MENU\PROGRAMS\STARTUP]
--------------------
Checking Startup Group for: Guest
[C:\Documents and Settings\Guest\START
MENU\PROGRAMS\STARTUP]
The Startup Group for Guest attempts to load the following
file(s):
C:\Documents and Settings\Guest\START
MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 8/12/2008
Modified: 5/7/2008
Company:
----------

************************************************************
8:59:30 PM: Scanning ----- SCHEDULED TASKS -----
No Scheduled Tasks found to scan

************************************************************
8:59:30 PM: Scanning -----
SHELLICONOVERLAYIDENTIFIERS -----
Key: Groove Explorer Icon Overlay 1 (GFS Unread Stub)
CLSID: {99FD978C-D287-4F50-827F-B2C658EDA8E7}
File: C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL - file
already scanned
----------
Key: Groove Explorer Icon Overlay 2 (GFS Stub)
CLSID: {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}
File: C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL - file
already scanned
----------
Key: Groove Explorer Icon Overlay 2.5 (GFS Unread
Folder)
CLSID: {920E6DB1-9907-4370-B3A0-BAFC03D81399}
File: C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL - file
already scanned
----------
Key: Groove Explorer Icon Overlay 3 (GFS Folder)
CLSID: {16F3DD56-1AF5-4347-846D-7C10C4192619}
File: C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL - file
already scanned
----------
Key: Groove Explorer Icon Overlay 4 (GFS Unread Mark)
CLSID: {2916C86E-86A6-43FE-8112-43ABE6BF8DCC}
File: C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL - file
already scanned
----------

************************************************************
8:59:30 PM: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Hidden or inaccessible Services entry: [wuauman]
Entry has been scheduled for deletion when the PC is
restarted
%SystemRoot%\system32\svchost.exe -k netsvcs - no
action requested on this file
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Documents and
Settings\userxp\Local Settings\Application
Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\userxp\Local
Settings\Application Data\Microsoft\Wallpaper1.bmp
5292054 bytes
Created: 5/20/2008
Modified: 3/24/2009
Company:
----------
Web Desktop Wallpaper: %USERPROFILE%\Local
Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\userxp\Local
Settings\Application Data\Microsoft\Wallpaper1.bmp
5292054 bytes
Created: 5/20/2008
Modified: 3/24/2009
Company:
----------
Additional checks completed

************************************************************
9:00:04 PM: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
--------------------
C:\WINDOWS\system32\csrss.exe
--------------------
C:\WINDOWS\system32\winlogon.exe
--------------------
C:\WINDOWS\system32\services.exe
--------------------
C:\WINDOWS\system32\lsass.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\spoolsv.exe
--------------------
C:\Program Files\Avira\AntiVir PersonalEdition
Classic\sched.exe - file already scanned
--------------------
C:\WINDOWS\Explorer.EXE - file already scanned
--------------------
C:\PROGRA~1\LAUNCH~1\LManager.exe - file already
scanned
--------------------
C:\WINDOWS\system32\igfxtray.exe - file already scanned
--------------------
C:\WINDOWS\system32\igfxsrvc.exe
--------------------
C:\WINDOWS\RTHDCPL.EXE - file already scanned
--------------------
C:\Program Files\Microsoft
Office\Office12\GrooveMonitor.exe - file already scanned
--------------------
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe - file
already scanned
--------------------
C:\Program Files\Avira\AntiVir PersonalEdition
Classic\avgnt.exe - file already scanned
--------------------
C:\Program Files\Spyware Doctor\pctsTray.exe - file already
scanned
--------------------
C:\WINDOWS\system32\ctfmon.exe - file already scanned
--------------------
C:\Program Files\RocketDock\RocketDock.exe - file already
scanned
--------------------
C:\Program Files\Ares\Ares.exe - file already scanned
--------------------
C:\Program Files\MSN Messenger\msnmsgr.exe - file
already scanned
--------------------
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
--------------------
C:\Program Files\Avira\AntiVir PersonalEdition
Classic\avguard.exe - file already scanned
--------------------
C:\Program Files\WIDCOMM\Bluetooth
Software\bin\btwdins.exe
--------------------
C:\Program Files\CyberLink\Shared files\RichVideo.exe - file
already scanned
--------------------
C:\WINDOWS\system32\igfxext.exe
--------------------
C:\Program Files\Spyware Doctor\pctsAuxs.exe - file already
scanned
--------------------
C:\Program Files\Spyware Doctor\pctsSvc.exe - file already
scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\wdfmgr.exe
--------------------
C:\DOCUME~1\userxp\LOCALS~1\Temp\RtkBtMnt.exe
--------------------
C:\WINDOWS\System32\alg.exe
--------------------
C:\Program Files\Winamp\winamp.exe
--------------------
C:\Program Files\Safari\Safari.exe
--------------------
C:\WINDOWS\system32\taskmgr.exe
--------------------
C:\Documents and Settings\userxp\Application Data\Simply
Super Software\Trojan Remover\brl8F.exe
FileSize: 2888568
[This is a Trojan Remover component]
--------------------
--------------------

************************************************************
9:00:08 PM: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file

************************************************************
9:00:08 PM: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH
SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start
Page":
http://www.microsoft.com/isapi/redi...
prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&
ar=home
HKLM\Software\Microsoft\Internet Explorer\Main\"Local
Page":
%SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search
Page":
http://www.microsoft.com/isapi/redi...
HKLM\Software\Microsoft\Internet
Explorer\Main\"Default_Page_URL":
http://www.microsoft.com/isapi/redi...
prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet
Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/redi...
HKLM\Software\Microsoft\Internet
Explorer\Search\"CustomizeSearch":
http://ie.search.msn.com/{SUB_RFC17...
.htm
HKLM\Software\Microsoft\Internet
Explorer\Search\"SearchAssistant":
http://ie.search.msn.com/{SUB_RFC17...
.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Start
Page":
http://runonce.msn.com/?v=msgrv75
HKCU\Software\Microsoft\Internet Explorer\Main\"Local
Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search
Page":
http://www.microsoft.com/isapi/redi...

************************************************************
=== CHANGES WERE MADE TO THE WINDOWS
REGISTRY ===
Scan completed at: 9:00:08 PM 20 Apr 2009
Total Scan time: 00:00:53
-------------------------------------------------------------------------
One or more files could not be moved or renamed as
requested.
They may be in use by Windows, so Trojan Remover needs
to restart the system in order to deal with these files.
4/20/2009 9:00:19 PM: restart commenced
************************************************************

i think this must be what my problem is about-
[B][B]Removing the following registry keys:
HKLM\SYSTEM\CurrentControlSet\Services\wuauman -
Ownership taken
HKLM\SYSTEM\CurrentControlSet\Services\wuauman -
already removed (or did not exist)[/B][/B][B][/B][B][/B][B][/B]

anyone knows what this is? and could anyone check from
this log if there is anything else not right in my system?
ironically, after Trojan Remover solved my problem, avira
tagged it as a virus and subsequently cleaned it.
now my only remaining problem is that i still couldn't go into
safe mode


Report •

Related Solutions


Ask Question