[Need Help Removing A Virus[RESOLVED]]

ok I tried using the program Malwarebytes' Anti-Malware, which was the first thing sarahw suggested me to do the time she helped me, after doing a full scan it removed some malware entries, and it seems that I can access hijackthis now, here's the log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:06:12 AM, on 12/25/2004

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\PROGRAM FILES\A-SQUARED FREE\a2service.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe

C:\WINDOWS\System32\ezSP_Px.exe

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\Documents and Settings\Max\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [CreateCD_Reminder] C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [VAIO Recovery] C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Max\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKLM\..\Policies\Explorer\Run: [explorer] C:\WINDOWS\system32\wuauclt.exe

O4 - HKLM\..\Policies\Explorer\Run: [internetnet] C:\WINDOWS\system32\spoolsv.exe

O4 - Startup: Dropbox.lnk = C:\Program Files\Dropbox\Dropbox.exe

O4 - Startup: Product Registration.lnk = C:\Program Files\Common Files\LogiShared\eReg\SetPoint\eReg.exe

O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE

O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\PROGRAM FILES\A-SQUARED FREE\a2service.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\WINDOWS\system32\spoolsv.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe

O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe

O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe

O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe

O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe

O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe

O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

--

End of file - 8829 bytes

Unfortunately, I still can't access my drive C or D

Thanks in advance to anyone who can help

[Need Help Removing A Virus[RESOLVED]]

The computer got infected with a virus, and it's a strange one, this is what happens:

I can't launch avast or hijackthis at all (I'm guessing) it's work of the virus, every time I click any of the two it says there is an error and won't let me run them.

I can't access any of my 2 drives (whether C or D) I get a virus message and no access at all.

How can a virus be removed without the help of Avast or Hijackthis? Does anyone know how to?

[Need Help Removing A Virus]

The computer got infected with a virus, and it's a strange one, this is what happens:

I can't launch avast at all (I'm guessing) it's work of the virus, every time I click avast it says there is an error and it won't let me run it.

I can't access any of my 2 drives (whether C or D) I get a virus message and no access at all.

Does anyone know how can I get rid of him, without the help of avast, since it has been knocked out?

[Trying To Revive An Old Desktop]

thx for all the suggestions guys, shanenin I tried the second sytem recovery and now it goes straight to the desktop without stumbling into an error, thanks!

[Trying To Revive An Old Desktop]

I found out I can skip the error message by using f8 as soon as the system boots and from there in the options that follow choose to "start windows XP normally" still, I'm trying the suggestions you guys gave me since it would be rather troublesome having to use f8 every single time I turn on this computer.

[Trying To Revive An Old Desktop]

This machine has a recovery partition instead of a disk

[Trying To Revive An Old Desktop]

I'm trying to revive an old desktop with windows XP in it, nothing seemed to be wrong with it except that it was extremely slow (had too many programs, spyware and very few memory in it). So, I decided to use the recovery partition that the system had, and after having made a full system recovery I proceeded to power the system and it was back to it's initial state. Granted, this means that it has all the crapware that came along with it, so I decided to uninstall some programs. I started with Norton Antivirus, and after uninstalling it went on with the usual "restart the system" requirement.

So now here comes the problem, after restarting the system I run into a message that says:

Windows could not restart because the following file is missing or corrupt:

<Windows root>\system32\hal.dll

Please re-install a copy of the above file

I have no idea what this file is, or where I can get it. Does anyone know how to fix this problem?

[Best File Sharing Program?]

Can anyone post a beginner's guide on how to use hamachi for transferring folders and big files? I tried their forums but it didn't have any how-to guide.

[Dvd Drive Issue]

Sometimes the DVD drive on our computer desktop doesn't read some discs, and I know the discs aren't damaged since I have tried them on the DVD player on the living room. Why is it that a computer DVD drive can't read the discs while a normal DVD player can? How can this problem be fixed?

[I'd Like To Learn More About Programming]

I'm looking for a beginners textbook, something to read for someone who's starting from zero. Does anyone know of any good recommendations? I've heard that it helps if you start learning about basic notions of algorithms and data structure. Is this true? and if so, which book on the subject would you recommend?

[Having Problems With External Hard Drive]

thx Pete it worked

[Can't Access My D: Drive (hijacklogthis Log Included)[RESOLVED]]

Just one small question do I have to reinstall the programs that I had installed b4 in drive D?

[Can't Access My D: Drive (hijacklogthis Log Included)[RESOLVED]]

Finally! I was able to gain access!!

Thx sarahw!!

[Can't Access My D: Drive (hijacklogthis Log Included)[RESOLVED]]

Here's the log:

Explorer killed successfully

d:\autorun.inf moved successfully.

Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09072008_223122

I'm rebooting the computer right now

[Can't Access My D: Drive (hijacklogthis Log Included)[RESOLVED]]

The first 2 gibberish options don't appear on drive C when I right-click it, I'll proceed to follow your instructions using MoveIt right now.

[Can't Access My D: Drive (hijacklogthis Log Included)[RESOLVED]]

hi

can you click start, then run and type:

cmd then press enter.

In the black window that opens, type type:

d: and press enter.

does the computer access the d:\ ?

Yes, it does, it changes from C:\ to D:\

[Can't Access My D: Drive (hijacklogthis Log Included)[RESOLVED]]

still same result as my last 2 screenshots, here's the last OTMoveit log:

Explorer killed successfully

File/Folder d:\autorun not found.

Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09072008_213946

I also see a couple of options in gibberish if I happen to right-click the drive:

[Can't Access My D: Drive (hijacklogthis Log Included)[RESOLVED]]

I still can't access the drive, here's what I get instead when I try to do it:

[Having Problems With External Hard Drive]

I bought a LaCie 1TB external hard drive after seeing the review made in this site about it, the drive seems fine except for one thing:

Every time I select the "Eject/Remove Hardware" icon on the task bar to unmount the drive through the "Safely Remove Hardware" window, the process starts but never finishes, it just hangs in there, and it never unmounts the drive.

I'm worried that in the long run, this problem causes data to be lost. Does anyone know how to solve this issue? Thanks in advance.

[Can't Access My D: Drive (hijacklogthis Log Included)[RESOLVED]]

OTMoveit log:

D:\Software Backup recent\ShrzaDowns\232.Images.Of.The.Universe.HiRes.zip moved successfully.

File/Folder D:\Software Backup recent\ShrzaDowns\80.Motorcycles.Wallpaper.1024x768.and.Easyriders.Magazine.May.2006.ebook.zi not found.

File/Folder p not found.

D:\explorer.exe moved successfully.

C:\cg2\docfromsandiskFD\ut2004_Demo3334.exe moved successfully.

D:\GLXB.PIF moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09072008_140332

[Can't Access My D: Drive (hijacklogthis Log Included)[RESOLVED]]

3.

• Open HiJackThis
  
• Click on the "Config..." button on the bottom right
  
• Click on the tab "Misc Tools"
  
• Check off the 2 boxes next to the Box that says "Generate StartupList log"
  
• Click on the button "Generate StartupList log"
  
• Copy and past the StartupList from the notepad into your next post
  

Here's the Hijackthis report:

StartupList report, 9/6/2008, 2:30:57 PM

StartupList version: 1.52.2

Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE

Detected: Windows XP SP3 (WinNT 5.01.2600)

Detected: Internet Explorer v6.00 SP3 (6.00.2900.5512)

* Using default options

* Including empty and uninteresting sections

* Showing rarely important sections

==================================================

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton Internet Security\NISUM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Norton Internet Security\ccPxySvc.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe

C:\WINDOWS\System32\ezSP_Px.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Documents and Settings\Max\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:

[C:\Documents and Settings\Max\Start Menu\Programs\Startup]

Product Registration.lnk = C:\Program Files\Common Files\LogiShared\eReg\SetPoint\eReg.exe

Shell folders AltStartup:

*Folder not found*

User shell folders Startup:

*Folder not found*

User shell folders AltStartup:

*Folder not found*

Shell folders Common Startup:

[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]

Billminder.lnk = C:\Program Files\Quicken\billmind.exe

Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

Norton Internet Security.lnk = C:\Program Files\Norton Internet Security\nisfirst.exe

Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe

Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE

Shell folders Common AltStartup:

*Folder not found*

User shell folders Common Startup:

*Folder not found*

User shell folders Alternate Common Startup:

*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]

*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

nwiz = nwiz.exe /install

ATIModeChange = Ati2mdxx.exe

CreateCD_Reminder = C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe

QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime

ezShieldProtector for Px = C:\WINDOWS\System32\ezSP_Px.exe

ZTgServerSwitch = "c:\program files\support.com\client\bin\tgcmd.exe" /server

ATIPTA = C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

IgfxTray = C:\WINDOWS\System32\igfxtray.exe

HotKeysCmds = C:\WINDOWS\System32\hkcmd.exe

AGRSMMSG = AGRSMMSG.exe

ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

ccRegVfy = "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

VAIO Recovery = C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe

NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

Kernel and Hardware Abstraction Layer = KHALMNPR.EXE

SunJavaUpdateSched = "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Google Update = "C:\Documents and Settings\Max\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

File association entry for .EXE:

HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:

HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:

HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:

HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:

HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .HTA:

HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:

HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:

HKLM\Software\Microsoft\Active Setup\Installed Components

(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

StubPath = C:\WINDOWS\INF\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *

StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *

StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *

StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *

StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{4b218e3e-bc98-4770-93d3-2731b9329278}] *

StubPath = %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *

StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *

StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *

StubPath = %SystemRoot%\system32\ie4uinit.exe

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:

HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*

run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\Windows: load=

HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*

SCRNSAVE.EXE=*INI section not found*

drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe

SCRNSAVE.EXE=*Registry value not found*

drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*

HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present

C:\WINDOWS\Explorer\Explorer.exe: not present

C:\WINDOWS\System\Explorer.exe: not present

C:\WINDOWS\System32\Explorer.exe: not present

C:\WINDOWS\Command\Explorer.exe: not present

C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)

.pif: HIDDEN! (arrow overlay: yes)

.exe: not hidden

.com: not hidden

.bat: not hidden

.hta: not hidden

.scr: not hidden

.shs: HIDDEN!

.shb: HIDDEN!

.vbs: not hidden

.vbe: not hidden

.wsh: not hidden

.scf: HIDDEN! (arrow overlay: NO!)

.url: HIDDEN! (arrow overlay: yes)

.js: not hidden

.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS

- .reg open command is normal (regedit.exe %1 %*)

- Company name OK: 'Microsoft Corporation'

- Original filename OK: 'REGEDIT.EXE'

- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

(no name) - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

NAV Helper - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

(no name) - (no file) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC}

--------------------------------------------------

Enumerating Task Scheduler jobs:

GoogleUpdateTaskUser.job

Registration reminder 1.job

Registration reminder 2.job

Registration reminder 3.job

--------------------------------------------------

Enumerating Download Program Files:

[DirectAnimation Java Classes]

CODEBASE = file://C:\WINDOWS\Java\classes\dajava.cab

OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

[Microsoft XML Parser for Java]

CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab

OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[Java Plug-in 1.6.0_07]

InProcServer32 = C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

CODEBASE = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab

[{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]

CODEBASE = http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab

[Java Plug-in 1.6.0_07]

InProcServer32 = C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

CODEBASE = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab

[Java Plug-in 1.6.0_07]

InProcServer32 = C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll

CODEBASE = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll

NameSpace #2: C:\WINDOWS\System32\winrnr.dll

NameSpace #3: C:\WINDOWS\System32\mswsock.dll

Protocol #1: C:\WINDOWS\system32\mswsock.dll

Protocol #2: C:\WINDOWS\system32\mswsock.dll

Protocol #3: C:\WINDOWS\system32\mswsock.dll

Protocol #4: C:\WINDOWS\system32\rsvpsp.dll

Protocol #5: C:\WINDOWS\system32\rsvpsp.dll

Protocol #6: C:\WINDOWS\system32\mswsock.dll

Protocol #7: C:\WINDOWS\system32\mswsock.dll

Protocol #8: C:\WINDOWS\system32\mswsock.dll

Protocol #9: C:\WINDOWS\system32\mswsock.dll

Protocol #10: C:\WINDOWS\system32\mswsock.dll

Protocol #11: C:\WINDOWS\system32\mswsock.dll

Protocol #12: C:\WINDOWS\system32\mswsock.dll

Protocol #13: C:\WINDOWS\system32\mswsock.dll

Protocol #14: C:\WINDOWS\system32\mswsock.dll

Protocol #15: C:\WINDOWS\system32\mswsock.dll

Protocol #16: C:\WINDOWS\system32\mswsock.dll

Protocol #17: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)

aeaudio: system32\drivers\aeaudio.sys (manual start)

Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)

AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (system)

Agere Systems Soft Modem: System32\DRIVERS\AGRSM.sys (manual start)

Intel AGP Bus Filter: System32\DRIVERS\agp440.sys (system)

Service for Realtek AC97 Audio (WDM): system32\drivers\ALCXWDM.SYS (manual start)

Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)

Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)

Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

1394 ARP Client Protocol: System32\DRIVERS\arp1394.sys (manual start)

RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)

Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)

ati2mtag: System32\DRIVERS\ati2mtag.sys (manual start)

ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)

Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)

Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Closed Caption Decoder: System32\DRIVERS\CCDECODE.sys (manual start)

Symantec Event Manager: "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" (autostart)

Symantec Password Validation Service: "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe" (manual start)

Symantec Proxy Service: "C:\Program Files\Norton Internet Security\ccPxySvc.exe" (autostart)

CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)

Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)

ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)

COM+ System Application: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)

Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)

DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Disk Driver: System32\DRIVERS\disk.sys (system)

Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)

dmboot: System32\drivers\dmboot.sys (disabled)

Sony DMI Call service: System32\DRIVERS\DMICall.sys (system)

dmio: System32\drivers\dmio.sys (disabled)

dmload: System32\drivers\dmload.sys (disabled)

Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)

DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)

Wired AutoConfig: %SystemRoot%\System32\svchost.exe -k dot3svc (manual start)

Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)

Intel® PRO/1000 Adapter Driver: System32\DRIVERS\e1000325.sys (manual start)

Intel® PRO Adapter Driver: System32\DRIVERS\e100b325.sys (manual start)

Extensible Authentication Protocol Service: %SystemRoot%\System32\svchost.exe -k eapsvcs (manual start)

3Com EtherLink XL 90X Adapter Driver: System32\DRIVERS\el90xnd5.sys (manual start)

Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Event Log: %SystemRoot%\system32\services.exe (autostart)

COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)

Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)

Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)

FltMgr: system32\drivers\fltmgr.sys (system)

Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)

Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)

Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)

Microsoft HID Class Driver: System32\DRIVERS\hidusb.sys (manual start)

Health Key and Certificate Management Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

HTTP: System32\Drivers\HTTP.sys (manual start)

HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)

i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)

ialm: System32\DRIVERS\ialmnt5.sys (manual start)

CD-Burning Filter Driver: System32\DRIVERS\imapi.sys (system)

IMAPI CD-Burning COM Service: C:\WINDOWS\System32\imapi.exe (manual start)

IntelIde: System32\DRIVERS\intelide.sys (system)

Intel Processor Driver: System32\DRIVERS\intelppm.sys (system)

IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)

IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)

IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)

IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)

IPSEC driver: System32\DRIVERS\ipsec.sys (system)

IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)

PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)

Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)

Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)

Logitech SetPoint Keyboard Driver: system32\DRIVERS\L8042Kbd.sys (manual start)

Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Logitech Bluetooth Service: C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (manual start)

Logitech SetPoint KMDF HID Filter Driver: system32\DRIVERS\LHidFilt.Sys (manual start)

TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)

Logitech SetPoint KMDF Mouse Filter Driver: system32\DRIVERS\LMouFilt.Sys (manual start)

Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)

NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)

Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)

Mouse HID Driver: System32\DRIVERS\mouhid.sys (manual start)

WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)

MRXSMB: System32\DRIVERS\mrxsmb.sys (system)

Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)

Windows Installer: C:\WINDOWS\System32\msiexec.exe /V (manual start)

Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)

Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)

Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)

Microsoft System Management BIOS Driver: System32\DRIVERS\mssmbios.sys (manual start)

Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)

NABTS/FEC VBI Codec: System32\DRIVERS\NABTSFEC.sys (manual start)

Network Access Protection Agent: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Norton AntiVirus Auto Protect Service: "C:\Program Files\Norton AntiVirus\navapsvc.exe" (autostart)

NAVENG: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20030212.004\NAVENG.SYS (manual start)

NAVEX15: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20030212.004\NAVEX15.SYS (manual start)

Microsoft TV/Video Connection: System32\DRIVERS\NdisIP.sys (manual start)

Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)

NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)

Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)

NetBIOS Interface: System32\DRIVERS\netbios.sys (system)

NetBios over Tcpip: System32\DRIVERS\netbt.sys (system)

Network DDE: %SystemRoot%\system32\netdde.exe (disabled)

Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)

Net Logon: %SystemRoot%\System32\lsass.exe (manual start)

Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

1394 Net Driver: System32\DRIVERS\nic1394.sys (manual start)

Norton Internet Security Accounts Manager: "C:\Program Files\Norton Internet Security\NISUM.EXE" (autostart)

Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)

Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

nv: System32\DRIVERS\nv4_mini.sys (manual start)

NVIDIA Display Driver Service: %SystemRoot%\system32\nvsvc32.exe (autostart)

IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)

IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)

NEC FireWarden OHCI Compliant IEEE 1394 Host Controller: System32\DRIVERS\ohci1394.sys (system)

Parallel port driver: System32\DRIVERS\parport.sys (manual start)

PCI Bus Driver: System32\DRIVERS\pci.sys (system)

PCIIde: System32\DRIVERS\pciide.sys (system)

Plug and Play: %SystemRoot%\system32\services.exe (autostart)

IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)

WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)

Processor Driver: System32\DRIVERS\processr.sys (system)

Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)

QoS Packet Scheduler: System32\DRIVERS\psched.sys (manual start)

Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)

PxHelp20: System32\DRIVERS\PxHelp20.sys (system)

Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)

Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)

Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)

Direct Parallel: System32\DRIVERS\raspti.sys (manual start)

Rdbss: System32\DRIVERS\rdbss.sys (system)

RDPCDD: System32\DRIVERS\RDPCDD.sys (system)

Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)

Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)

Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)

Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)

Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)

QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)

Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver: System32\DRIVERS\R8139n51.SYS (manual start)

Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)

SAVRT: \??\C:\WINDOWS\System32\Drivers\SAVRT.SYS (manual start)

SAVRTPEL: \??\C:\WINDOWS\System32\Drivers\SAVRTPEL.SYS (autostart)

SBP-2 Transport/Protocol Bus Driver: system32\DRIVERS\sbp2port.sys (system)

Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)

Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Secdrv: System32\DRIVERS\secdrv.sys (manual start)

Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)

Serial port driver: System32\DRIVERS\serial.sys (system)

Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

BDA Slip De-Framer: System32\DRIVERS\SLIP.sys (manual start)

Sony MPEG RealTime encoder board: System32\DRIVERS\smrt.sys (manual start)

smwdm: system32\drivers\smwdm.sys (manual start)

Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)

Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)

Sony SPTI Service: C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe (manual start)

System Restore Filter Driver: System32\DRIVERS\sr.sys (system)

System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Srv: System32\DRIVERS\srv.sys (manual start)

SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)

Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (manual start)

BDA IPSink: System32\DRIVERS\StreamIP.sys (manual start)

Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)

Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)

MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{673E76E7-C3B0-4D4D-A10F-5C59950158A0} (manual start)

SymEvent: \??\C:\Program Files\Symantec\SYMEVENT.SYS (manual start)

SYMREDRV: \SystemRoot\System32\Drivers\SYMREDRV.SYS (manual start)

SYMTDI: \SystemRoot\System32\Drivers\SYMTDI.SYS (system)

Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)

Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)

Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)

Terminal Device Driver: System32\DRIVERS\termdd.sys (system)

Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)

Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Microcode Update Driver: System32\DRIVERS\update.sys (manual start)

Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)

Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)

Microsoft USB Generic Parent Driver: System32\DRIVERS\usbccgp.sys (manual start)

Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.sys (manual start)

Microsoft USB Standard Hub Driver: System32\DRIVERS\usbhub.sys (manual start)

USB Mass Storage Driver: System32\DRIVERS\USBSTOR.SYS (manual start)

Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start)

VAIO Media Music Server: "C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server" (manual start)

VAIO Media Music Server (HTTP): "C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP" (manual start)

VAIO Media Music Server (UPnP): C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (manual start)

VAIO Media Photo Server: C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe (manual start)

VAIO Media Photo Server (HTTP): "C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP" (manual start)

VAIO Media Photo Server (UPnP): C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (manual start)

VAIO Media Video Server: "C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server" (manual start)

VAIO Media Video Server (HTTP): "C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP" (manual start)

VAIO Media Video Server (UPnP): C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (manual start)

VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system)

Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)

Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)

Wdf01000: system32\DRIVERS\Wdf01000.sys (manual start)

Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)

WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)

Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)

Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)

Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

World Standard Teletext Codec: System32\DRIVERS\WSTCODEC.SYS (manual start)

Automatic Updates: %systemRoot%\System32\svchost.exe -k netsvcs (autostart)

Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Intel® Graphics Platform (SoftBIOS) Driver: system32\drivers\ialmsbw.sys (manual start)

Intel® Graphics Chipset (KCH) Driver: system32\drivers\ialmkchw.sys (manual start)

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:

*No scripts set to run*

Windows NT checkdisk command:

BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':

PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll

CDBurn: C:\WINDOWS\system32\SHELL32.dll

WebCheck: C:\WINDOWS\System32\webcheck.dll

SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 36,723 bytes

Report generated in 0.250 seconds

Command line options:

/verbose - to add additional info on each section

/complete - to include empty sections and unsuspicious data

/full - to include several rarely-important sections

/force9x - to include Win9x-only startups even if running on WinNT

/forcent - to include WinNT-only startups even if running on Win9x

/forceall - to include all Win9x and WinNT startups, regardless of platform

/history - to list version history only

[Can't Access My D: Drive (hijacklogthis Log Included)[RESOLVED]]

Here's the kaspersky report:

Program database last update: Saturday, September 06, 2008 15:47:35

Records in database: 1198581

--------------------------------------------------------------------------------

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

Scan area - My Computer:

A:\

C:\

D:\

E:\

F:\

Scan statistics:

Files scanned: 70719

Threat name: 4

Infected objects: 6

Suspicious objects: 0

Duration of the scan: 01:36:20

File name / Threat name / Threats count

C:\cg2\docfromsandiskFD\ut2004_Demo3334.exe Infected: Virus.Win32.Alman.b 1

D:\Avastfi\DATA\moved\iexplorer.exe.vir Infected: Worm.Win32.Downloader.fn 1

D:\explorer.exe Infected: Worm.Win32.Downloader.fn 1

D:\Software Backup recent\ShrzaDowns\232.Images.Of.The.Universe.HiRes.zip Infected: not-virus:Hoax.Win32.Agent.s 1

D:\Software Backup recent\ShrzaDowns\80.Motorcycles.Wallpaper.1024x768.and.Easyriders.Magazine.May.2006.ebook.zi

p Infected: not-virus:Hoax.Win32.Agent.s 1

The selected area was scanned.

I will ask who downloaded these and got the home computer infected with these files.

[Can't Access My D: Drive (hijacklogthis Log Included)[RESOLVED]]

At the bottom of that page there should be a Accept button.

You miught have to resize the window to see it, or perhaps your resolution is too low.

You were right in your assumptions sarahw, thanks

[Can't Access My D: Drive (hijacklogthis Log Included)[RESOLVED]]

2.

Click HERE and run an online scan with Kaspersky WebScanner

• Click on Kaspersky Online Scanner
  
• You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
    
  • Once the files have been downloaded click on NEXT
    
  • Now click on Scan Settings
    
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended (if available otherwise Standard)
      
    • Scan Options:
      Scan Archives
      Scan Mail Bases
      

  [*]Click OK

  [*]Now under select a target to scan:

  • Select My Computer
    

  [*]This will program will start and scan your system.

  [*]The scan will take a while so be patient and let it run.

  [*]Once the scan is complete it will display if your system has been infected.

  • Now click on the Save as Text button:
    

  [*]Save the file to your desktop.

  [*]Copy and paste that information into your next post.

I didn't get any "install Active X message"

Also there isn't a single link to access in that Kapersky screen.

[Can't Access My D: Drive (hijacklogthis Log Included)[RESOLVED]]

Hello sarahw, thx for the help, here's the Malwarebyte's Anti-Malware log:

Malwarebytes' Anti-Malware 1.26

Database version: 1113

Windows 5.1.2600 Service Pack 2

9/4/2008 3:18:34 PM

mbam-log-2008-09-04 (15-18-34).txt

Scan type: Full Scan (C:\|D:\|)

Objects scanned: 99065

Time elapsed: 29 minute(s), 30 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

The link for Deckard's System Scanner doesn't work anymore.