Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Infection!


  • Please log in to reply
13 replies to this topic

#1 dortmund23

dortmund23

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:47 AM

Posted 12 December 2007 - 11:23 AM

I have three Trojan Horse IRC/Backdoor.SdBot3.CR. They all were caught by AVG's active monitor. They currently reside in my Virus vault. They have a red circle with a line through it and a exclamation mark in side a blue triangle next to all three of them. They came up when I plugged my PC into the internet for the first time. I want to plug my PC back into the internet but I am afraid that these Trojans will cause harm to my PC.

What should I do?

Thanks


one: plscd.exe

c://Windows/system32/plscd.exe
Backup Copy
Infected

two: A0032258.exe

c://System Volume Information/restore....exe
Backup Copy
Infected

three: A0037917.exe

c://System Volume Information/restore....exe
Backup Copy
Infected

BC AdBot (Login to Remove)

 


m

#2 buddy215

buddy215

  • BC Advisor
  • 12,617 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:47 AM

Posted 12 December 2007 - 01:01 PM

Assuming that AVG has correctly identified malware on your computer, you should read the info in the links
below. The malware identified has the ability to completely compromise your computer.

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
http://www.dslreports.com/faq/10451
When Should I Format, How Should I Reinstall?
http://www.dslreports.com/faq/10063

Edited by buddy215, 12 December 2007 - 01:02 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 dortmund23

dortmund23
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:47 AM

Posted 12 December 2007 - 01:30 PM

Assuming that AVG has correctly identified malware on your computer, you should read the info in the links
below. The malware identified has the ability to completely compromise your computer.

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
http://www.dslreports.com/faq/10451
When Should I Format, How Should I Reinstall?
http://www.dslreports.com/faq/10063


Okay. I do not want to reformat. I want to know if it is safe to delete these files through AVG or should I be doing something else? Is there and programs that are free that will remove these safely?

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:47 AM

Posted 12 December 2007 - 01:45 PM

One or more of the identified infections is a backdoor Trojan. Backdoor Trojans, IRCBots and Infostealers are very dangerous because they provide a means of accessing a computer system that bypasses security mechanisms and steal sensitive information like passwords, personal and financial data which they send back to the hacker. Remote attackers use backdoor Trojans as part of an exploit to to gain unauthorized access to a computer and take control of it without your knowledge. Read the Danger: Remote Access Trojans.

If your computer was used for online banking, has credit card information or other sensitive data on it, you should immediately disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to include those used for banking, email, eBay and forums. You should consider them to be compromised. They should be changed by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breach.

Although the backdoor Trojan has been identified and may be removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume that because the backdoor Trojan has been removed the computer is now secure. Many experts in the security community believe that once infected with this type of malware, the best course of action is to reformat and reinstall the OS as buddy215 has advised.

Since you do not want to follow that advice, we will do our best to help clean the computer of any infections but we cannot guarantee it to be trustworthy or that the removal will be successful.

Go ahead and delete the files in AVG quarantine.

Then download SDFix by AndyManchesta and save it to your desktop.
alternate download
When using this tool, you must use the Administrator's account or an account with "Administrative rights"
  • Double click SDFix.exe and it will extract the files to %systemdrive%
  • (this is the drive that contains the Windows Directory, typically C:\SDFix).
  • DO NOT use it just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Open the SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load, the SDFix report will open on screen and also save a copy into the SDFix folder as Report.txt.
  • Copy and paste the contents of Report.txt in your next reply.
-- If this error message is displayed when running SDFix: "The command prompt has been disabled by your administrator. Press any key to continue..."
Please go to Start Menu > Run > and copy/paste the following line:
%systemdrive%\SDFix\apps\swreg IMPORT %systemdrive%\SDFix\apps\Enable_Command_Prompt.reg
Press Ok and then run SDFix again.

-- If the Command Prompt window flashes on then off again on XP or Win 2000, please go to Start Menu > Run > and copy/paste the following line:
%systemdrive%\SDFix\apps\FixPath.exe /Q
Reboot and then run SDFix again.

-- If SDFix still does not run, check the %comspec% variable. Right-click My Computer > click Properties > Advanced > Environment Variables and check that the ComSpec variable points to cmd.exe.
%SystemRoot%\system32\cmd.exe

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 dortmund23

dortmund23
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:47 AM

Posted 12 December 2007 - 01:53 PM

What exactly does SD Fix do? So you are saying that it is safe to delete the Trojans from the AVG virus vault? I just don't want these Trojans to come back.

Can these Trojans that I have wipe my hard drive? I luckily don't have it hooked up rarely to the internet. I don't need to worry about passwords.

It when I hooked my PC up to the internet the Trojans appeared. I think that they need to internet to to unleash themselves.

Edited by dortmund23, 12 December 2007 - 02:00 PM.


#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:47 AM

Posted 12 December 2007 - 02:06 PM

SDFIX is a specialized file tool created by AndyManchesta to remove IRCBot Variants and the Rootkit components that come with them. It will also repair the damage caused by Bot variants, restore the HOSTS file and removes registry restrictions and Policy Run Keys (the malware may have created) if present.

When an anti-virus quarantines a file by moving it into a virus vault (chest), that file is essentially disabled and prevented from causing any harm to your system. The quarantined file is safely held there and no longer a threat until you take action to delete it. One reason for doing this is to prevent deletion of a crucial file that may have been flagged as a "False Positive". If that is the case, then you can restore the file. Doing this also allows you to view and investigate the files while keeping them from harming your computer. Quarantine is just an added safety measure. When the file in the vault is known to be bad, you can delete it at any time.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 buddy215

buddy215

  • BC Advisor
  • 12,617 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:47 AM

Posted 12 December 2007 - 02:29 PM

After following the advice of Quietman7, you should update all your programs with the latest security updates. To find the
most vulnerable programs that need updating to prevent malware from infecting your computer through known exploits, use the Secunia scan in the link below.

http://secunia.com/software_inspector/

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#8 dortmund23

dortmund23
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:47 AM

Posted 14 December 2007 - 10:36 AM

This is my system report.

System Report

*************



Run on Wed 12/12/2007 at 07:17 PM



Microsoft Windows XP [Version 5.1.2600]



Current user is an administrator



Running Processes:



\SystemRoot\System32\smss.exe [452]

\??\C:\WINDOWS\system32\csrss.exe [516]

\??\C:\WINDOWS\system32\winlogon.exe [540]

C:\WINDOWS\system32\services.exe [584]

C:\WINDOWS\system32\lsass.exe [596]

C:\WINDOWS\system32\svchost.exe [740]

C:\WINDOWS\system32\svchost.exe [816]

C:\WINDOWS\System32\svchost.exe [856]

C:\WINDOWS\system32\svchost.exe [892]

C:\WINDOWS\system32\svchost.exe [1072]

C:\WINDOWS\system32\svchost.exe [1104]

C:\WINDOWS\system32\spoolsv.exe [1176]

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [1280]

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [1296]

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe [1312]

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe [1352]

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe [1364]

C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [1464]

C:\WINDOWS\system32\nvsvc32.exe [1488]

C:\WINDOWS\system32\HPZipm12.exe [1568]

C:\WINDOWS\system32\svchost.exe [1620]

C:\WINDOWS\System32\alg.exe [2012]

C:\WINDOWS\Explorer.EXE [244]

C:\WINDOWS\system32\wscntfy.exe [500]

C:\WINDOWS\SOUNDMAN.EXE [772]

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe [880]

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [1020]

C:\Program Files\iTunes\iTunesHelper.exe [1120]

C:\WINDOWS\system32\RUNDLL32.EXE [1308]

C:\WINDOWS\system32\ctfmon.exe [1520]

C:\Program Files\iPod\bin\iPodService.exe [2196]

C:\WINDOWS\system32\wuauclt.exe [2536]





Drivers:



ADDRESS: IMAGE PATH:

804D7000: \WINDOWS\system32\ntkrnlpa.exe

806CE000: \WINDOWS\system32\hal.dll

F7B10000: \WINDOWS\system32\KDCOM.DLL

F7A20000: \WINDOWS\system32\BOOTVID.dll

F7425000: sptd.sys

F7B12000: \WINDOWS\System32\Drivers\WMILIB.SYS

F740D000: \WINDOWS\System32\Drivers\SCSIPORT.SYS

F73DF000: ACPI.sys

F73CE000: pci.sys

F7610000: isapnp.sys

F7B14000: avgarkt.sys

F7BD8000: pciide.sys

F7890000: \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

F7620000: MountMgr.sys

F73AF000: ftdisk.sys

F7898000: PartMgr.sys

F7630000: VolSnap.sys

F7397000: atapi.sys

F737E000: nvata.sys

F7640000: disk.sys

F7650000: \WINDOWS\system32\DRIVERS\CLASSPNP.SYS

F735E000: fltMgr.sys

F734C000: sr.sys

F7660000: PxHelp20.sys

F7335000: KSecDD.sys

F7322000: WudfPf.sys

F7295000: Ntfs.sys

F7268000: NDIS.sys

F724D000: Mup.sys

F7800000: \SystemRoot\system32\DRIVERS\AmdK8.sys

F6B53000: \SystemRoot\system32\DRIVERS\nv4_mini.sys

F6B3F000: \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

F7910000: \SystemRoot\system32\DRIVERS\usbohci.sys

F6B1C000: \SystemRoot\system32\DRIVERS\USBPORT.SYS

F7918000: \SystemRoot\system32\DRIVERS\usbehci.sys

F7810000: \SystemRoot\system32\DRIVERS\imapi.sys

F7820000: \SystemRoot\system32\DRIVERS\cdrom.sys

F7830000: \SystemRoot\system32\DRIVERS\redbook.sys

F6AF9000: \SystemRoot\system32\DRIVERS\ks.sys

F7920000: \SystemRoot\System32\Drivers\GEARAspiWDM.sys

F6722000: \SystemRoot\system32\drivers\ALCXWDM.SYS

F66FE000: \SystemRoot\system32\drivers\portcls.sys

F7840000: \SystemRoot\system32\drivers\drmk.sys

F7AFC000: \SystemRoot\system32\DRIVERS\nvnetbus.sys

F66B3000: \SystemRoot\system32\DRIVERS\NVNRM.SYS

F667C000: \SystemRoot\system32\DRIVERS\NVSNPU.SYS

F6615000: \SystemRoot\System32\Drivers\ad1htlz1.SYS

F7980000: \SystemRoot\system32\DRIVERS\fdc.sys

F7850000: \SystemRoot\system32\DRIVERS\serial.sys

F7209000: \SystemRoot\system32\DRIVERS\serenum.sys

F6601000: \SystemRoot\system32\DRIVERS\parport.sys

F7860000: \SystemRoot\system32\DRIVERS\i8042prt.sys

F7988000: \SystemRoot\system32\DRIVERS\mouclass.sys

F7990000: \SystemRoot\system32\DRIVERS\kbdclass.sys

F7C56000: \SystemRoot\system32\DRIVERS\audstub.sys

F7870000: \SystemRoot\system32\DRIVERS\rasl2tp.sys

F7205000: \SystemRoot\system32\DRIVERS\ndistapi.sys

F65EA000: \SystemRoot\system32\DRIVERS\ndiswan.sys

F7880000: \SystemRoot\system32\DRIVERS\raspppoe.sys

F7690000: \SystemRoot\system32\DRIVERS\raspptp.sys

F7998000: \SystemRoot\system32\DRIVERS\TDI.SYS

F65D9000: \SystemRoot\system32\DRIVERS\psched.sys

F76A0000: \SystemRoot\system32\DRIVERS\msgpc.sys

F79A0000: \SystemRoot\system32\DRIVERS\ptilink.sys

F79A8000: \SystemRoot\system32\DRIVERS\raspti.sys

F76B0000: \SystemRoot\System32\Drivers\Pcouffin.sys

F76C0000: \SystemRoot\system32\DRIVERS\termdd.sys

F7B2C000: \SystemRoot\system32\DRIVERS\swenum.sys

F64DD000: \SystemRoot\system32\DRIVERS\update.sys

F71F1000: \SystemRoot\system32\DRIVERS\mssmbios.sys

F76D0000: \SystemRoot\System32\Drivers\NDProxy.SYS

F76E0000: \SystemRoot\system32\DRIVERS\usbhub.sys

F7B30000: \SystemRoot\system32\DRIVERS\USBD.SYS

F79B8000: \SystemRoot\system32\DRIVERS\flpydisk.sys

F7B32000: \SystemRoot\System32\Drivers\Fs_Rec.SYS

F7CA1000: \SystemRoot\System32\Drivers\Null.SYS

F7B34000: \SystemRoot\System32\Drivers\Beep.SYS

F7CA2000: \SystemRoot\System32\DRIVERS\AvgArCln.sys

F7CA3000: \SystemRoot\System32\Drivers\avgclean.sys

F79C8000: \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

F79D0000: \SystemRoot\System32\drivers\vga.sys

F7B38000: \SystemRoot\System32\Drivers\mnmdd.SYS

F7B3A000: \SystemRoot\System32\DRIVERS\RDPCDD.sys

F79D8000: \SystemRoot\System32\Drivers\Msfs.SYS

F79E0000: \SystemRoot\System32\Drivers\Npfs.SYS

F7AEC000: \SystemRoot\system32\DRIVERS\rasacd.sys

F4382000: \SystemRoot\system32\DRIVERS\ipsec.sys

F432A000: \SystemRoot\system32\DRIVERS\tcpip.sys

F4302000: \SystemRoot\system32\DRIVERS\netbt.sys

F42E0000: \SystemRoot\System32\drivers\afd.sys

F7700000: \SystemRoot\system32\DRIVERS\netbios.sys

F79E8000: \SystemRoot\System32\Drivers\SCDEmu.SYS

F428D000: \SystemRoot\system32\DRIVERS\rdbss.sys

F421E000: \SystemRoot\system32\DRIVERS\mrxsmb.sys

F7720000: \SystemRoot\System32\Drivers\Fips.SYS

F41FD000: \SystemRoot\system32\DRIVERS\ipnat.sys

F7730000: \SystemRoot\system32\DRIVERS\wanarp.sys

F65CD000: \??\C:\WINDOWS\system32\drivers\BIOS.sys

F4134000: \SystemRoot\System32\Drivers\avg7core.sys

F7B3C000: \SystemRoot\System32\Drivers\avg7rsw.sys

F79F8000: \SystemRoot\System32\Drivers\avg7rsxp.sys

F4111000: \SystemRoot\System32\Drivers\Fastfat.SYS

F40D1000: \SystemRoot\System32\Drivers\dump_atapi.sys

F7B3E000: \SystemRoot\System32\Drivers\dump_WMILIB.SYS

BF800000: \SystemRoot\System32\win32k.sys

F43CD000: \SystemRoot\System32\drivers\Dxapi.sys

F7A00000: \SystemRoot\System32\watchdog.sys

BF9C3000: \SystemRoot\System32\drivers\dxg.sys

F7D15000: \SystemRoot\System32\drivers\dxgthk.sys

BF9D5000: \SystemRoot\System32\nv4_disp.dll

BAEE4000: \SystemRoot\system32\DRIVERS\ndisuio.sys

BAC8B000: \SystemRoot\system32\DRIVERS\mrxdav.sys

F7B5E000: \SystemRoot\System32\Drivers\ParVdm.SYS

F7B64000: \SystemRoot\System32\Drivers\avgtdi.sys

BAA59000: \SystemRoot\system32\DRIVERS\srv.sys

BAA44000: \SystemRoot\system32\drivers\wdmaud.sys

BAE08000: \SystemRoot\system32\drivers\sysaudio.sys

F78C0000: \??\C:\WINDOWS\system32\drivers\procguard.sys

BAC43000: \SystemRoot\system32\DRIVERS\secdrv.sys

F7CFE000: \SystemRoot\System32\drivers\zntport.sys

F7BA4000: \??\C:\WINDOWS\nvoclock.sys

BA3C3000: \SystemRoot\System32\Drivers\HTTP.sys

BA59C000: \??\C:\Program Files\RivaTuner v2.06\RivaTuner32.sys

BA45C000: \SystemRoot\System32\Drivers\Cdfs.SYS

B72AF000: \??\C:\DOCUME~1\Will\LOCALS~1\Temp\catchme.sys

7C900000: \WINDOWS\system32\ntdll.dll

10000000: \Program Files\DAEMON Tools\daemon.dll





Files Created/Modified - 60 Days :





C:\



Dec 12 2007 7:12:26p 1,610,612,736 A.SH. "C:\pagefile.sys"





C:\WINDOWS\



Dec 12 2007 7:12:34p 0 A.... "C:\WINDOWS\0.log"

Dec 12 2007 7:12:28p 2,048 A.S.. "C:\WINDOWS\bootstat.dat"

Nov 23 2007 3:11:06p 116 A.... "C:\WINDOWS\NeroDigital.ini"

Nov 5 2007 6:11:26p 528 ..SHR "C:\WINDOWS\PCGWIN32.LI4"

Dec 1 2007 4:24:06p 72 A.... "C:\WINDOWS\SCapPro.INI"

Dec 12 2007 7:11:08p 32,626 A.... "C:\WINDOWS\SchedLgU.Txt"

Nov 15 2007 7:57:44p 312 A.... "C:\WINDOWS\system.ini"

Dec 9 2007 5:13:06p 67 A.... "C:\WINDOWS\systemex.ini"

Nov 15 2007 7:57:44p 256 A.... "C:\WINDOWS\systemex.sp440"

Dec 12 2007 7:12:32p 159 A.... "C:\WINDOWS\wiadebug.log"

Dec 12 2007 7:12:32p 50 A.... "C:\WINDOWS\wiaservc.log"

Dec 12 2007 7:12:34p 1,374,292 A.... "C:\WINDOWS\WindowsUpdate.log"

Dec 12 2007 7:12:28p 0 A.... "C:\WINDOWS\Debug\PASSWD.LOG"

Nov 8 2007 4:04:54p 89,964 A.... "C:\WINDOWS\inf\oem22.PNF"

Nov 8 2007 4:06:34p 138,736 A.... "C:\WINDOWS\system32\nvapps.xml"

Nov 4 2007 10:32:56a 58,800 A.... "C:\WINDOWS\system32\perfc009.dat"

Nov 4 2007 10:32:56a 392,626 A.... "C:\WINDOWS\system32\perfh009.dat"

Nov 4 2007 10:32:56a 458,340 A.... "C:\WINDOWS\system32\PerfStringBackup.INI"

Dec 12 2007 7:12:34p 2,422 A.... "C:\WINDOWS\system32\wpa.dbl"

Dec 12 2007 7:12:30p 6 A..H. "C:\WINDOWS\Tasks\SA.DAT"

Dec 12 2007 7:12:34p 16,384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_5b8.dat"

Dec 12 2007 7:15:12p 0 A.... "C:\WINDOWS\Temp\scs6.tmp"

Dec 12 2007 7:12:34p 255 A.... "C:\WINDOWS\Temp\WGAErrLog.txt"

Dec 12 2007 7:12:38p 409 A.... "C:\WINDOWS\Temp\WGANotify.settings"

Oct 28 2007 6:11:02p 821,856 A.... "C:\WINDOWS\system32\drivers\avg7core.sys"

Oct 14 2007 7:27:22p 685,816 A.... "C:\WINDOWS\system32\drivers\sptd.sys"

Oct 31 2007 11:30:18p 30,759 ..S.. "C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem22.CAT"

Nov 8 2007 4:03:58p 8 A.... "C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TimeStamp"

Dec 12 2007 7:12:30p 4,096 A.... "C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl"

Nov 8 2007 4:19:02p 178,176 A.... "C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll"

Nov 8 2007 4:19:02p 303 A.... "C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini"

Nov 8 2007 4:19:00p 159,232 A.... "C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll"

Nov 8 2007 4:19:00p 303 A.... "C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini"

Nov 8 2007 4:19:02p 364,544 A.... "C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll"

Nov 8 2007 4:19:02p 301 A.... "C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini"

Nov 8 2007 4:19:00p 53,248 A.... "C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll"

Nov 8 2007 4:19:00p 317 A.... "C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini"

Nov 8 2007 4:19:00p 12,800 A.... "C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll"

Nov 8 2007 4:19:00p 303 A.... "C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini"

Nov 8 2007 4:19:00p 223,232 A.... "C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll"

Nov 8 2007 4:19:00p 279 A.... "C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini"

Nov 8 2007 4:19:00p 473,600 A.... "C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll"

Nov 8 2007 4:19:00p 297 A.... "C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini"

Nov 8 2007 4:19:00p 567,296 A.... "C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll"

Nov 8 2007 4:19:00p 299 A.... "C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\__AssemblyInfo__.ini"

Nov 8 2007 4:19:00p 145,920 A.... "C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll"

Nov 8 2007 4:19:00p 301 A.... "C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini"





C:\Program Files\



Oct 28 2007 4:03:24p 6,623 A.... "C:\Program Files\Audacity\unins000.dat"

Oct 28 2007 4:03:14p 674,074 A.... "C:\Program Files\Audacity\unins000.exe"

Oct 14 2007 7:29:12p 115,691 A.... "C:\Program Files\DAEMON Tools\uninst.exe"

Oct 30 2007 1:05:00p 61,440 A.... "C:\Program Files\RivaTuner v2.06\RivaTunerHooks.dll"

Oct 30 2007 1:05:00p 2,650,112 A.... "C:\Program Files\RivaTuner v2.06\RivaTuner.exe"

Oct 30 2007 1:05:00p 9,088 A.... "C:\Program Files\RivaTuner v2.06\RivaTuner32.sys"

Nov 9 2007 3:34:44p 19,952 A.... "C:\Program Files\RivaTuner v2.06\RivaTuner64.sys"

Nov 9 2007 3:34:38p 48,703 A.... "C:\Program Files\RivaTuner v2.06\Uninstall.exe"

Nov 15 2007 7:57:38p 6,226 A.... "C:\Program Files\Super Capture\unins000.dat"

Nov 15 2007 7:57:26p 640,957 A.... "C:\Program Files\Super Capture\unins000.exe"

Oct 28 2007 6:11:04p 435,712 A.... "C:\Program Files\Grisoft\AVG7\avgabout.dll"

Oct 28 2007 6:11:04p 418,816 A.... "C:\Program Files\Grisoft\AVG7\avgamsvr.exe"

Oct 28 2007 6:11:04p 579,072 A.... "C:\Program Files\Grisoft\AVG7\avgcc.exe"

Oct 28 2007 6:11:04p 582,144 A.... "C:\Program Files\Grisoft\AVG7\avgcckrn.dll"

Oct 28 2007 6:11:04p 572,928 A.... "C:\Program Files\Grisoft\AVG7\avgcfg.dll"

Oct 28 2007 6:11:02p 615,936 A.... "C:\Program Files\Grisoft\AVG7\avgcore.dll"

Oct 28 2007 6:11:04p 905,728 A.... "C:\Program Files\Grisoft\AVG7\avgctrl.dll"

Oct 28 2007 6:11:04p 406,528 A.... "C:\Program Files\Grisoft\AVG7\avgemc.exe"

Oct 28 2007 6:11:04p 416,768 A.... "C:\Program Files\Grisoft\AVG7\avgemsui.dll"

Oct 28 2007 6:11:04p 131,072 A.... "C:\Program Files\Grisoft\AVG7\avginet.dll"

Oct 28 2007 6:11:04p 510,976 A.... "C:\Program Files\Grisoft\AVG7\avginet.exe"

Oct 28 2007 6:11:04p 1,282,560 A.... "C:\Program Files\Grisoft\AVG7\avgres.dll"

Oct 28 2007 6:11:04p 392,704 A.... "C:\Program Files\Grisoft\AVG7\avgscan.dll"

Oct 28 2007 6:11:04p 467,456 A.... "C:\Program Files\Grisoft\AVG7\avgset.dll"

Oct 28 2007 6:11:06p 604,160 A.... "C:\Program Files\Grisoft\AVG7\avgtest.dll"

Oct 28 2007 6:11:06p 411,648 A.... "C:\Program Files\Grisoft\AVG7\avgtmgr.dll"

Oct 28 2007 6:11:06p 245,248 A.... "C:\Program Files\Grisoft\AVG7\avgtres.dll"

Oct 28 2007 6:10:50p 670,208 A.... "C:\Program Files\Grisoft\AVG7\avgupd.dll"

Oct 28 2007 6:11:06p 389,632 A.... "C:\Program Files\Grisoft\AVG7\avgvv.exe"

Oct 28 2007 6:11:06p 219,136 A.... "C:\Program Files\Grisoft\AVG7\avgw.exe"

Oct 28 2007 6:11:06p 328,192 A.... "C:\Program Files\Grisoft\AVG7\avgwb.dat"

Oct 28 2007 6:11:06p 123,904 A.... "C:\Program Files\Grisoft\AVG7\avgxch32.dll"

Oct 28 2007 6:11:06p 49,257 A.... "C:\Program Files\Grisoft\AVG7\dfncfg.dat"

Oct 28 2007 6:11:06p 49,215 A.... "C:\Program Files\Grisoft\AVG7\dfncfgfr.dat"

Oct 28 2007 6:06:06p 74,580 A.... "C:\Program Files\Grisoft\AVG Anti-Rootkit Free\Uninstall.exe"

Nov 8 2007 4:09:04p 380,928 A.... "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\_setup.dll"

Oct 30 2007 1:05:00p 19 A.... "C:\Program Files\RivaTuner v2.06\SDK\MakeUpdateFromCHM.bat"

Oct 14 2007 7:43:38p 176,874 A.... "C:\Program Files\VideoLAN\VLC\uninstall.exe"

Oct 30 2007 1:05:00p 34 A.... "C:\Program Files\RivaTuner v2.06\Graphics\LCD\font4x6.dat"

Oct 30 2007 1:05:00p 102 A.... "C:\Program Files\RivaTuner v2.06\Graphics\Tray\font5x7.dat"

Oct 30 2007 1:05:00p 102 A.... "C:\Program Files\RivaTuner v2.06\Graphics\Tray\font7x7.dat"

Oct 30 2007 1:05:00p 103 A.... "C:\Program Files\RivaTuner v2.06\Graphics\Tray\font7x9.dat"

Oct 30 2007 1:05:00p 24,576 A.... "C:\Program Files\RivaTuner v2.06\PlugIns\Monitoring\ADT7473.dll"

Oct 30 2007 1:05:00p 24,576 A.... "C:\Program Files\RivaTuner v2.06\PlugIns\Monitoring\CPU.dll"

Oct 30 2007 1:05:00p 28,672 A.... "C:\Program Files\RivaTuner v2.06\PlugIns\Monitoring\Everest.dll"

Oct 30 2007 1:05:00p 28,672 A.... "C:\Program Files\RivaTuner v2.06\PlugIns\Monitoring\F75373S.dll"

Oct 30 2007 1:05:00p 24,576 A.... "C:\Program Files\RivaTuner v2.06\PlugIns\Monitoring\GPUProbe.dll"

Oct 30 2007 1:05:00p 24,576 A.... "C:\Program Files\RivaTuner v2.06\PlugIns\Monitoring\LM63.dll"

Oct 30 2007 1:05:00p 24,576 A.... "C:\Program Files\RivaTuner v2.06\PlugIns\Monitoring\LM89.dll"

Oct 30 2007 1:05:00p 24,576 A.... "C:\Program Files\RivaTuner v2.06\PlugIns\Monitoring\MAX6648.dll"

Oct 30 2007 1:05:00p 24,576 A.... "C:\Program Files\RivaTuner v2.06\PlugIns\Monitoring\NVHwAccel.dll"

Oct 30 2007 1:05:00p 24,576 A.... "C:\Program Files\RivaTuner v2.06\PlugIns\Monitoring\NVSU.dll"

Oct 30 2007 1:05:00p 28,672 A.... "C:\Program Files\RivaTuner v2.06\PlugIns\Monitoring\NVThermalDiode.dll"

Oct 30 2007 1:05:00p 24,576 A.... "C:\Program Files\RivaTuner v2.06\PlugIns\Monitoring\SMART.dll"

Oct 30 2007 1:05:00p 24,576 A.... "C:\Program Files\RivaTuner v2.06\PlugIns\Monitoring\SysMem.dll"

Oct 30 2007 1:05:00p 24,576 A.... "C:\Program Files\RivaTuner v2.06\PlugIns\Monitoring\VidMem.dll"

Oct 30 2007 1:05:00p 28,672 A.... "C:\Program Files\RivaTuner v2.06\PlugIns\Monitoring\VT1103.dll"

Oct 30 2007 1:05:00p 28,672 A.... "C:\Program Files\RivaTuner v2.06\PlugIns\Monitoring\W83L785R.dll"

Oct 30 2007 1:05:00p 24,576 A.... "C:\Program Files\RivaTuner v2.06\PlugIns\RTS\BIOSChecksumGenerator.dll"

Oct 30 2007 1:05:00p 24,576 A.... "C:\Program Files\RivaTuner v2.06\PlugIns\RTS\DetonatorFXDecoder.dll"

Oct 30 2007 1:05:00p 24,576 A.... "C:\Program Files\RivaTuner v2.06\PlugIns\RTS\NV40BIOSHwUnitsMaskEliminator.dll"

Oct 30 2007 1:05:00p 75 A.... "C:\Program Files\RivaTuner v2.06\SDK\Updates\CPUPlugin.bat"

Nov 9 2007 3:34:44p 52 A.... "C:\Program Files\RivaTuner v2.06\SDK\Updates\Drivers.bat"

Oct 30 2007 1:05:00p 55 A.... "C:\Program Files\RivaTuner v2.06\SDK\Updates\RussianLocalization.bat"

Oct 30 2007 1:05:00p 28,672 A.... "C:\Program Files\RivaTuner v2.06\Tools\D3DOverrider\D3DOverriderHooks.dll"

Oct 30 2007 1:05:00p 53,248 A.... "C:\Program Files\RivaTuner v2.06\Tools\D3DOverrider\D3DOverrider.exe"

Oct 30 2007 1:05:00p 348 A.... "C:\Program Files\RivaTuner v2.06\Tools\NVStrap\NVStrap.reg"

Oct 30 2007 1:05:00p 75 A.... "C:\Program Files\RivaTuner v2.06\Tools\NVStrap\NVStrap uninstall.reg"

Oct 30 2007 1:05:00p 4,224 A.... "C:\Program Files\RivaTuner v2.06\Tools\NVStrap\NVStrap32.sys"

Nov 9 2007 3:34:44p 13,808 A.... "C:\Program Files\RivaTuner v2.06\Tools\NVStrap\NVStrap64.sys"

Oct 30 2007 1:05:00p 86,016 A.... "C:\Program Files\RivaTuner v2.06\Tools\NVXML\NVXML.exe"

Oct 30 2007 1:05:00p 122 A.... "C:\Program Files\RivaTuner v2.06\Tools\NVXML\NVXML.reg"

Oct 30 2007 1:05:00p 57,344 A.... "C:\Program Files\RivaTuner v2.06\Tools\RivaTunerStatisticsServer\RivaTunerStatisticsServer.exe"

Oct 30 2007 1:05:00p 40,960 A.... "C:\Program Files\RivaTuner v2.06\Tools\RivaTunerStatisticsServer\RTSSHooks.dll"

Oct 30 2007 1:05:00p 24,576 A.... "C:\Program Files\RivaTuner v2.06\SDK\Samples\Host\MonitoringHostSample\Release\CPU.dll"

Oct 30 2007 1:05:00p 32,768 A.... "C:\Program Files\RivaTuner v2.06\SDK\Samples\Host\MonitoringHostSample\Release\MonitoringHostSample.exe"

Oct 30 2007 1:05:00p 24,576 A.... "C:\Program Files\RivaTuner v2.06\SDK\Samples\Host\MonitoringHostSample\Release\SMART.dll"

Oct 30 2007 1:05:00p 24,576 A.... "C:\Program Files\RivaTuner v2.06\SDK\Samples\Host\MonitoringHostSample\Release\SysMem.dll"

Oct 30 2007 1:05:00p 24,576 A.... "C:\Program Files\RivaTuner v2.06\SDK\Samples\Host\MonitoringHostSample\Release\VidMem.dll"

Oct 30 2007 1:05:00p 24,576 A.... "C:\Program Files\RivaTuner v2.06\SDK\Samples\SharedMemory\RTEQSharedMemorySample\Release\RTEQSharedMemorySample.exe"

Oct 30 2007 1:05:00p 24,576 A.... "C:\Program Files\RivaTuner v2.06\SDK\Samples\SharedMemory\RTHMSharedMemorySample\Release\RTHMSharedMemorySample.exe"

Oct 30 2007 1:05:00p 28,672 A.... "C:\Program Files\RivaTuner v2.06\SDK\Samples\SharedMemory\RTSSSharedMemorySample\Release\RTSSSharedMemorySample.exe"

Oct 30 2007 1:05:00p 251 A.... "C:\Program Files\RivaTuner v2.06\SDK\Samples\Plugins\LCDHype\RivaTuner\Release\Parameters.dat"

Oct 30 2007 1:05:00p 24,576 A.... "C:\Program Files\RivaTuner v2.06\SDK\Samples\Plugins\LCDHype\RivaTuner\Release\RivaTuner.dll"

Oct 30 2007 1:05:00p 24,576 A.... "C:\Program Files\RivaTuner v2.06\SDK\Samples\Plugins\Monitoring\ADT7473\Release\ADT7473.dll"

Oct 30 2007 1:05:00p 24,576 A.... "C:\Program Files\RivaTuner v2.06\SDK\Samples\Plugins\Monitoring\CPU\Release\CPU.dll"

Oct 30 2007 1:05:00p 28,672 A.... "C:\Program Files\RivaTuner v2.06\SDK\Samples\Plugins\Monitoring\Everest\Release\Everest.dll"

Oct 30 2007 1:05:00p 28,672 A.... "C:\Program Files\RivaTuner v2.06\SDK\Samples\Plugins\Monitoring\F75373S\Release\F75373S.dll"

Oct 30 2007 1:05:00p 24,576 A.... "C:\Program Files\RivaTuner v2.06\SDK\Samples\Plugins\Monitoring\GPUProbe\Release\GPUProbe.dll"

Oct 30 2007 1:05:00p 24,576 A.... "C:\Program Files\RivaTuner v2.06\SDK\Samples\Plugins\Monitoring\LM63\Release\LM63.dll"

Oct 30 2007 1:05:00p 24,576 A.... "C:\Program Files\RivaTuner v2.06\SDK\Samples\Plugins\Monitoring\LM89\Release\LM89.dll"

Oct 30 2007 1:05:00p 24,576 A.... "C:\Program Files\RivaTuner v2.06\SDK\Samples\Plugins\Monitoring\MAX6648\Release\MAX6648.dll"

Oct 30 2007 1:05:00p 24,576 A.... "C:\Program Files\RivaTuner v2.06\SDK\Samples\Plugins\Monitoring\NVHwAccel\Release\NVHwAccel.dll"

Oct 30 2007 1:05:00p 24,576 A.... "C:\Program Files\RivaTuner v2.06\SDK\Samples\Plugins\Monitoring\NVSU\Release\NVSU.dll"

Oct 30 2007 1:05:00p 28,672 A.... "C:\Program Files\RivaTuner v2.06\SDK\Samples\Plugins\Monitoring\NVThermalDiode\Release\NVThermalDiode.dll"

Oct 30 2007 1:05:00p 24,576 A.... "C:\Program Files\RivaTuner v2.06\SDK\Samples\Plugins\Monitoring\SMART\Release\SMART.dll"

Oct 30 2007 1:05:00p 24,576 A.... "C:\Program Files\RivaTuner v2.06\SDK\Samples\Plugins\Monitoring\SysMem\Release\SysMem.dll"

Oct 30 2007 1:05:00p 24,576 A.... "C:\Program Files\RivaTuner v2.06\SDK\Samples\Plugins\Monitoring\VidMem\Release\VidMem.dll"

Oct 30 2007 1:05:00p 28,672 A.... "C:\Program Files\RivaTuner v2.06\SDK\Samples\Plugins\Monitoring\VT1103\Release\VT1103.dll"

Oct 30 2007 1:05:00p 28,672 A.... "C:\Program Files\RivaTuner v2.06\SDK\Samples\Plugins\Monitoring\W83L785R\Release\W83L785R.dll"

Oct 30 2007 1:05:00p 24,576 A.... "C:\Program Files\RivaTuner v2.06\SDK\Samples\Plugins\RTS\BIOSChecksumGenerator\Release\BIOSChecksumGenerator.dll"





Files with hidden attributes:



Mon 30 Apr 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"





Catchme:



catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-12 19:15:15

Windows 5.1.2600 Service Pack 2 NTFS



scanning hidden processes ...



scanning hidden services & system hive ...



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]

"s1"=dword:2df9c43f

"s2"=dword:110480d0

"h0"=dword:00000001



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"p0"="C:\Program Files\DAEMON Tools\"

"h0"=dword:00000000

"khjeh"=hex:ca,2d,a5,d8,e2,08,79,0b,38,06,48,e7,cd,19,6a,2d,6b,8d,12,dc,29,..



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,33,2e,3c,96,18,39,ae,45,2f,32,4b,76,85,11,51,81,f5,..

"khjeh"=hex:8b,6e,99,d3,3f,c7,4a,be,55,5b,13,42,c4,15,84,9f,16,8b,12,3a,dd,..



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:1e,2b,eb,94,34,b1,16,1a,01,7a,46,11,b5,46,d6,a8,44,aa,3f,4d,df,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"p0"="C:\Program Files\DAEMON Tools\"

"h0"=dword:00000000

"khjeh"=hex:ca,2d,a5,d8,e2,08,79,0b,38,06,48,e7,cd,19,6a,2d,6b,8d,12,dc,29,..



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,33,2e,3c,96,18,39,ae,45,2f,32,4b,76,85,11,51,81,f5,..

"khjeh"=hex:8b,6e,99,d3,3f,c7,4a,be,55,5b,13,42,c4,15,84,9f,16,8b,12,3a,dd,..



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:1e,2b,eb,94,34,b1,16,1a,01,7a,46,11,b5,46,d6,a8,44,aa,3f,4d,df,..



scanning hidden registry entries ...



scanning hidden files ...



scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0







Program Folders:



C:\Program Files\



Adobe

Ahead

Apple Software Update

Audacity

CCleaner

Common Files

CyberLink

DAEMON Tools

DIFX

DivX

Driver

DVD Shrink

EA GAMES

Frets on Fire

Futuremark

Grisoft

Hewlett-Packard

HP

InstallShield Installation Information

Internet Explorer

iPod

ITE

iTunes

Java

Lavalys

Lavasoft

Mediatwins software

Messenger

Microsoft ActiveSync

microsoft frontpage

Microsoft Games

Microsoft Office

Microsoft.NET

Movie Maker

Mozilla Firefox

MSN

MSN Gaming Zone

MSXML 4.0

Music Rescue

NetMeeting

NVIDIA Corporation

Online Services

Outlook Express

PowerISO

ProcessGuard

QuickTime

Realtek AC97

RivaTuner v2.06

Super Capture

Super DVD Creator 9.25.0

TweakNow RegCleaner Std

Uninstall Information

VideoLAN

VSO

Windows Media Connect 2

Windows Media Player

Windows NT

WindowsUpdate

WinRAR

xerox



C:\Program Files\Common Files\



Adobe

Ahead

Apple

DESIGNER

Hewlett-Packard

HP

InstallShield

Java

Microsoft Shared

MSSoap

Nero

ODBC

Services

SpeechEngines

System

Wise Installation Wizard





Add/Remove Programs:



Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)

AC3 Decoder

SuperCapture 6.11

Adobe Acrobat 4.0

Adobe Photoshop 7.0

Audacity 1.2.6

AVG 7.5

AVG Anti-Rootkit Free

CCleaner (remove only)

DVD Shrink 3.2

EVEREST Home Edition v2.20

Fraps

Frets On Fire

HijackThis 2.0.2

HP Imaging Device Functions 7.0

HP Solution Center 7.0

OCR Software by I.R.I.S 7.0

Microsoft Internationalized Domain Names Mitigation APIs

Windows Internet Explorer 7

NVIDIA nTune

Microsoft Flight Simulator X

Windows XP Hotfix - KB873339

Windows XP Hotfix - KB885835

Windows XP Hotfix - KB885836

Windows XP Hotfix - KB886185

Windows XP Hotfix - KB887472

Windows XP Hotfix - KB888302

Windows XP Hotfix - KB890859

Windows XP Hotfix - KB891781

Security Update for Windows XP (KB893756)

Windows Installer 3.1 (KB893803)

Update for Windows XP (KB894391)

Security Update for Windows XP (KB896358)

Security Update for Windows XP (KB896423)

Security Update for Windows XP (KB896428)

Update for Windows XP (KB898461)

Security Update for Windows XP (KB899587)

Security Update for Windows XP (KB899591)

Update for Windows XP (KB900485)

Security Update for Windows XP (KB900725)

Security Update for Windows XP (KB901017)

Security Update for Windows XP (KB901214)

Security Update for Windows XP (KB902400)

Security Update for Windows XP (KB904706)

Update for Windows XP (KB904942)

Security Update for Windows XP (KB905414)

Security Update for Windows XP (KB905749)

Security Update for Windows XP (KB908519)

Update for Windows XP (KB908531)

Update for Windows XP (KB910437)

Update for Windows XP (KB911164)

Update for Windows XP (KB911280)

Security Update for Windows XP (KB911562)

Security Update for Windows Media Player (KB911564)

Security Update for Windows XP (KB911927)

Security Update for Windows XP (KB913580)

Security Update for Windows XP (KB914388)

Security Update for Windows XP (KB914389)

Hotfix for Windows XP (KB914440)

Hotfix for Windows XP (KB915865)

Update for Windows XP (KB916595)

Security Update for Windows XP (KB917344)

Security Update for Windows XP (KB917422)

Security Update for Windows XP (KB917953)

Security Update for Windows XP (KB918118)

Security Update for Windows XP (KB918439)

Security Update for Windows XP (KB919007)

Security Update for Windows XP (KB920213)

Security Update for Windows XP (KB920670)

Security Update for Windows XP (KB920683)

Security Update for Windows XP (KB920685)

Update for Windows XP (KB920872)

Update for Windows XP (KB922582)

Security Update for Windows XP (KB922819)

Security Update for Windows XP (KB923191)

Security Update for Windows XP (KB923414)

Security Update for Windows XP (KB923694)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB923980)

Security Update for Windows XP (KB924191)

Security Update for Windows XP (KB924270)

Security Update for Windows XP (KB924496)

Security Update for Windows XP (KB924667)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB925902)

Hotfix for Windows XP (KB926239)

Security Update for Windows XP (KB926255)

Security Update for Windows XP (KB926436)

Security Update for Windows XP (KB927779)

Security Update for Windows XP (KB927802)

Security Update for Windows XP (KB928090)

Security Update for Windows XP (KB928255)

Security Update for Windows XP (KB928843)

Hotfix for Windows Media Format 11 SDK (KB929399)

Security Update for Windows XP (KB929969)

Security Update for Windows XP (KB930178)

Security Update for Windows XP (KB931261)

Security Update for Windows XP (KB931784)

Update for Windows XP (KB931836)

Security Update for Windows XP (KB932168)

Microsoft .NET Framework 2.0

Mozilla Firefox (2.0.0.3)

Microsoft Compression Client Pack 1.0 for Windows XP

Music Rescue 3.1.1

Nero Suite

Microsoft National Language Support Downlevel APIs

NVIDIA Drivers

PowerISO

RivaTuner v2.06

Super DVD Creator 9.25.0

TweakNow RegCleaner Standard

VideoLAN VLC media player 0.8.6c

Windows Genuine Advantage Validation Tool (KB892130)

Windows Genuine Advantage Notifications (KB905474)

Windows Media Format 11 runtime

Windows Media Player 11

WinRAR archiver

Windows Media Format 11 runtime

Windows Media Player 11

Microsoft User-Mode Driver Framework Feature Pack 1.0

Battlefield 2™

AutoUpdate

HPPhotoSmartExpress

PanoStandAlone

Smart Guardian

BufferChm

Apple Software Update

HPProductAssistant

iTunes

WebReg

eSupportQFolder

PowerDVD

AiOSoftwareNPI

Toolbox

HP Photosmart Essential

Microsoft .NET Framework 2.0

MSXML 4.0 SP2 Parser and SDK

Readme

Apple Mobile Device Support

DivX Codec

NVIDIA nTune

ProductContextNPI

3DMark06

Status

DocProcQFolder

DocProc

DivX Player

Unload

Microsoft Office Professional Edition 2003

Microsoft Flight Simulator X

QuickTime

ScannerCopy

c3100_Help

Microsoft Visual C++ 2005 Redistributable

HP Photosmart and Deskjet 7.0.A

DeviceManagementQFolder

DivX Converter

DivX Web Player

ConvertXtoDVD 2.2.2.256

HP Software Update

SolutionCenter

AiO_Scan_CDA

DivX Content Uploader

TrayApp

Ad-Aware 2007

Battlefield Vietnam™

C3100

InstantShareDevicesMFC

Scan

Fax_CDA

Realtek AC'97 Audio

Destinations

NewCopy_CDA





Run Values:



[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"SoundMan"="SOUNDMAN.EXE"

"NVIDIA nTune"="\"C:\\Program Files\\NVIDIA Corporation\\nTune\\nTuneCmd.exe\" clear"

"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"

"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"

"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""

"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"

"nwiz"="nwiz.exe /install"

"DRam prosessor"="plscd.exe"

"QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"

"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"

"RivaTunerStartupDaemon"="\"C:\\Program Files\\RivaTuner v2.06\\RivaTuner.exe\" /S"



[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]



[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]

"Installed"="1"



[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]

"Installed"="1"

"NoChange"="1"



[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]

"Installed"="1"



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"NVIDIA nTune"="\"C:\\Program Files\\NVIDIA Corporation\\nTune\\nTuneCmd.exe\" clear"

"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

"NBJ"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\""



[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]

"DRam prosessor"="plscd.exe"





Bot Check:



SERVICE_NAME: wscsvc

DISPLAY_NAME : Security Center

START_TYPE : 2 AUTO_START



SERVICE_NAME: sharedaccess

DISPLAY_NAME : Windows Firewall/Internet Connection Sharing (ICS)

START_TYPE : 2 AUTO_START



SERVICE_NAME: wuauserv

DISPLAY_NAME : Automatic Updates

START_TYPE : 2 AUTO_START



SERVICE_NAME: srservice

DISPLAY_NAME : System Restore Service

START_TYPE : 2 AUTO_START



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]

"EnableDCOM"="N"



[HKEY_CURRENT_USER\Software\Microsoft\OLE]

"DRam prosessor"="plscd.exe"



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"restrictanonymous"=dword:00000001



[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update]

"AUOptions"=dword:00000001



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify"=dword:00000000

"FirewallDisableNotify"=dword:00000000

"UpdatesDisableNotify"=dword:00000000

"AntiVirusOverride"=dword:00000000

"FirewallOverride"=dword:00000000



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control]

"WaitToKillServiceTimeout"="20000"



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"SFCDisable"=dword:00000000

"Shell"="Explorer.exe"

"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"



[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shell extensions]







[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters]

"TransportBindName"="\\Device\\"





ShellExecuteHooks:



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""







Environment:





HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\environment

ComSpec REG_EXPAND_SZ %SystemRoot%\system32\cmd.exe

Path REG_EXPAND_SZ %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\

windir REG_EXPAND_SZ %SystemRoot%

OS REG_SZ Windows_NT

PATHEXT REG_SZ .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

TEMP REG_EXPAND_SZ %SystemRoot%\TEMP

TMP REG_EXPAND_SZ %SystemRoot%\TEMP

CLASSPATH REG_SZ .;C:\Program Files\QuickTime\QTSystem\QTJava.zip

QTJAVA REG_SZ C:\Program Files\QuickTime\QTSystem\QTJava.zip



SecurityProviders:



HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders

SecurityProviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll





Authentication Packages:



HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

Authentication Packages REG_MULTI_SZ msv1_0\0\0





Non-Default IFEO Debugger:





Non-Default Installed Components:





Non-Default Safeboot Minimal:





HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice

<NO NAME> REG_SZ Service





File Associations:





[HKEY_CLASSES_ROOT\batfile\shell\open\command]

@="\"%1\" %*"



[HKEY_CLASSES_ROOT\cmdfile\shell\open\command]

@="\"%1\" %*"



[HKEY_CLASSES_ROOT\comfile\shell\open\command]

@="\"%1\" %*"



[HKEY_CLASSES_ROOT\exefile\shell\open\command]

@="\"%1\" %*"



[HKEY_CLASSES_ROOT\htafile\shell\open\command]

@="C:\\WINDOWS\\system32\\mshta.exe \"%1\" %*"



[HKEY_CLASSES_ROOT\http\shell\open\command]

@="C:\\PROGRA~1\\MOZILL~1\\FIREFOX.EXE -url \"%1\" -requestPending"



[HKEY_CLASSES_ROOT\https\shell\open\command]

@="C:\\PROGRA~1\\MOZILL~1\\FIREFOX.EXE -url \"%1\" -requestPending"



[HKEY_CLASSES_ROOT\htmlfile\shell\open\command]

@="\"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE\" -nohome"



[HKEY_CLASSES_ROOT\regedit\shell\open\command]

@="regedit.exe %1"



[HKEY_CLASSES_ROOT\regfile\shell\open\command]

@="regedit.exe \"%1\""



[HKEY_CLASSES_ROOT\scrfile\shell\open\command]

@="\"%1\" /S"



[HKEY_CLASSES_ROOT\txtfile\shell\open\command]

@="%SystemRoot%\system32\NOTEPAD.EXE %1"





Finished!

#9 dortmund23

dortmund23
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:47 AM

Posted 14 December 2007 - 10:37 AM

SDFix: Version 1.118



Run by Administrator on Wed 12/12/2007 at 10:25 PM



Microsoft Windows XP [Version 5.1.2600]



Running From: C:\SDFix



Safe Mode:

Checking Services:





Restoring Windows Registry Values

Restoring Windows Default Hosts File



Rebooting...





Normal Mode:

Checking Files:



No Trojan Files Found











Removing Temp Files...



ADS Check:



C:\WINDOWS

No streams found.



C:\WINDOWS\system32

No streams found.



C:\WINDOWS\system32\svchost.exe

No streams found.



C:\WINDOWS\system32\ntoskrnl.exe

No streams found.







Final Check:



catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-12 22:29:19

Windows 5.1.2600 Service Pack 2 NTFS



scanning hidden processes ...



scanning hidden services & system hive ...



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]

"s1"=dword:2df9c43f

"s2"=dword:110480d0

"h0"=dword:00000001



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"p0"="C:\Program Files\DAEMON Tools\"

"h0"=dword:00000000

"khjeh"=hex:ca,2d,a5,d8,e2,08,79,0b,38,06,48,e7,cd,19,6a,2d,6b,8d,12,dc,29,..



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,33,2e,3c,96,18,39,ae,45,2f,32,4b,76,85,11,51,81,f5,..

"khjeh"=hex:8b,6e,99,d3,3f,c7,4a,be,55,5b,13,42,c4,15,84,9f,16,8b,12,3a,dd,..



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:1e,2b,eb,94,34,b1,16,1a,01,7a,46,11,b5,46,d6,a8,44,aa,3f,4d,df,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"p0"="C:\Program Files\DAEMON Tools\"

"h0"=dword:00000000

"khjeh"=hex:ca,2d,a5,d8,e2,08,79,0b,38,06,48,e7,cd,19,6a,2d,6b,8d,12,dc,29,..



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,33,2e,3c,96,18,39,ae,45,2f,32,4b,76,85,11,51,81,f5,..

"khjeh"=hex:8b,6e,99,d3,3f,c7,4a,be,55,5b,13,42,c4,15,84,9f,16,8b,12,3a,dd,..



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:1e,2b,eb,94,34,b1,16,1a,01,7a,46,11,b5,46,d6,a8,44,aa,3f,4d,df,..



scanning hidden registry entries ...



scanning hidden files ...



scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0





Remaining Services:

------------------







Authorized Application Key Export:



[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"

"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"

"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"

"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"

"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"

"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"

"C:\\Program Files\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe"="C:\\Program Files\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe:*:Enabled:bfvietnam"

"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"

"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"="C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe:*:Enabled:Battlefield 2"



[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"



Remaining Files:

---------------





Files with Hidden Attributes:



Mon 30 Apr 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"



Finished!

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:47 AM

Posted 14 December 2007 - 11:04 AM

Edit: I did not realize that you made two replies and missed the report.txt when I first replied. Is AVG finding anything now?

Edited by quietman7, 14 December 2007 - 11:14 AM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 dortmund23

dortmund23
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:47 AM

Posted 14 December 2007 - 01:27 PM

I accidentally ran the SD Fix twice. Because i forgot to boot up in regular mode so it didn't finish completely when i rebooted because it was in safe mode. I hope that this wont mess up my PC. I finally realized the right way to do it. I then ran Avg and ad adware in safe mode before or after i cant remember but nothing turned up. I recently plugged into the internet and nothing happened (virus/Trojan wise)

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:47 AM

Posted 14 December 2007 - 01:29 PM

Good job.

If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 dortmund23

dortmund23
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:47 AM

Posted 14 December 2007 - 01:57 PM

I don't think that i have to create a restore point because Windows does very day you use the PC. Since i did use it the day after (yesterday) i don't think i need to but i will any ways. Thanks for all of your help. it is much appreciated.

#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:47 AM

Posted 14 December 2007 - 03:59 PM

Yes, by design System Restore runs in the background and will automatically create a new restore point every 24 hours (system checkpoints). But Restore points can also be manually created by the user at any time. I always recommend to manual create a new one with a name that you provide so you can easily identify it.

To protect yourself against malware and reduce the potential for re-infection, be sure to read:
"Simple and easy ways to keep your computer safe".
"How did I get infected?, With steps so it does not happen again!".
"Hardening Windows Security - Part 1" and "Hardening Windows Security - Part 2".
"IE Recommended Minimal Security Settings".

Safe surfing and have a malware free day.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users