Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Runscanner log [CLOSED]


  • This topic is locked This topic is locked

#1
pari53

pari53

    New Member

  • Member
  • Pip
  • 2 posts
Hello.
I post the log of runscanner.
Thanks for analysis.

Runscanner logfile http://www.runscanner.net

* = signed file
- = file not found

000 General info
----------------
Computer name : SERVER
Creation time : 31/1/2008 20.37.44
Hosts <> 127.0.0.1 : 0
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 7.0.6000.16575
OS : Windows Vista ™ Ultimate
OS Build : 6000
OS SP :
RunScanner Version : 1.6.1.0
User Language : Italiano (Italia)
User rights : Administrator
Windows folder : C:\Windows

001 Running processes
---------------------
c:\program files\asus\aasp\1.00.33\aacenter.exe
* c:\program files\common files\acronis\schedule2\schedul2.exe (Acronis)
* c:\program files\common files\acronis\schedule2\schedhlp.exe (Acronis)
* c:\program files\acronis\trueimagehome\trueimagemonitor.exe (Acronis)
c:\program files\iobit\advanced windowscare v2\awcl.exe (IObit)
c:\program files\antivir personaledition classic\avguard.exe (Avira GmbH)
c:\program files\antivir personaledition classic\sched.exe (Avira GmbH)
c:\program files\antivir personaledition classic\avgnt.exe (Avira GmbH)
* c:\windows\system32\winlogon.exe (Microsoft Corporation)
* c:\windows\system32\wininit.exe (Microsoft Corporation)
* c:\program files\windows media player\wmpnscfg.exe (Microsoft Corporation)
* c:\windows\system32\services.exe (Microsoft Corporation)
* c:\windows\system32\spoolsv.exe (Microsoft Corporation)
c:\program files\a-squared anti-dialer\a2adguard.exe (a-squared)
c:\program files\a-squared anti-dialer\a2service.exe (Emsi Software GmbH)
* c:\program files\alwil software\avast4\ashserv.exe (ALWIL Software)
* c:\program files\alwil software\avast4\aswupdsv.exe (ALWIL Software)
* c:\program files\alwil software\avast4\ashmaisv.exe (ALWIL Software)
* c:\program files\alwil software\avast4\ashdisp.exe (ALWIL Software)
* c:\program files\alwil software\avast4\ashwebsv.exe (ALWIL Software)
c:\program files\faxtalk communicator\ftctrl32.exe (Thought Communications, Inc.)
* c:\windows\windowsmobile\wmdc.exe (Microsoft Corporation)
* c:\program files\comodo\firewall\cmdagent.exe (COMODO)
c:\program files\comodo\cboclean\bocore.exe (COMODO)
c:\program files\comodo\cboclean\boc425.exe (COMODO)
* c:\windows\system32\conime.exe (Microsoft Corporation)
* c:\program files\eraser\eraser.exe (Heidi Computers Ltd)
* c:\windows\explorer.exe (Microsoft Corporation)
c:\program files\faxtalk communicator\fapiexe.exe (Thought Communications, Inc.)
* c:\windows\system32\dwm.exe (Microsoft Corporation)
c:\program files\google\google desktop search\googledesktop.exe (Google)
c:\program files\google\google desktop search\googledesktop.exe (Google)
c:\program files\google\google desktop search\googledesktop.exe (Google)
* C:\Windows\system32\audiodg.exe (Microsoft Corporation)
* c:\program files\java\jre1.6.0_03\bin\jusched.exe (Sun Microsystems, Inc.)
c:\program files\keepass password safe\keepass.exe (Dominik Reichl)
* c:\program files\common files\logitech\khalshared\khalmnpr.exe (Logitech Inc.)
c:\program files\logitech\setpoint\setpoint.exe (Logitech Inc.)
* c:\windows\ehome\ehmsas.exe (Microsoft Corporation)
* c:\windows\ehome\ehtray.exe (Microsoft Corporation)
* c:\windows\system32\mobsync.exe (Microsoft Corporation)
* c:\windows\system32\taskeng.exe (Microsoft Corporation)
* c:\windows\system32\taskeng.exe (Microsoft Corporation)
* c:\program files\acronis\trueimagehome\timountermonitor.exe (Acronis)
c:\windows\system32\nvraidservice.exe (NVIDIA Corporation)
c:\program files\poptray\poptray.exe (Renier Crause)
c:\program files\vidalia bundle\privoxy\privoxy.exe (The Privoxy team - www.privoxy.org)
c:\program files\asus\pc probe ii\probe2.exe (ASUS)
* c:\windows\system32\lsass.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\svchost.exe (Microsoft Corporation)
* c:\windows\system32\csrss.exe (Microsoft Corporation)
* c:\windows\system32\csrss.exe (Microsoft Corporation)
* c:\program files\runscanner\runscanner.exe (Runscanner.net)
* c:\program files\siteadvisor\6253\saservice.exe
* c:\program files\windows media player\wmpnetwk.exe (Microsoft Corporation)
* c:\windows\system32\slsvc.exe (Microsoft Corporation)
* c:\windows\system32\lsm.exe (Microsoft Corporation)
* c:\windows\system32\wbem\unsecapp.exe (Microsoft Corporation)
* c:\program files\siteadvisor\6253\siteadv.exe
* c:\program files\spybot - search & destroy\sdwinsec.exe (Safer Networking Ltd.)
* c:\program files\common files\acronis\fomatik\trueimagetrystartservice.exe
* c:\windows\system32\zonelabs\vsmon.exe (Check Point Software Technologies LTD)
c:\program files\unlocker\unlockerassistant.exe
* c:\program files\comodo\vengine\vengine.exe (Comodo CA Ltd.)
c:\program files\vidalia bundle\vidalia\vidalia.exe
c:\program files\weather watcher\ww.exe (Singer's Creations)
* c:\program files\windows defender\msascui.exe (Microsoft Corporation)
* c:\windows\system32\smss.exe (Microsoft Corporation)
* c:\windows\system32\wbem\wmiprvse.exe (Microsoft Corporation)
* c:\program files\xdrive\xdrive desktop\xdriveservice.exe (Xdrive LLC)
c:\program files\xdrive\xdrive desktop\xdrivetray.exe (Xdrive LLC)
* c:\program files\zone labs\zonealarm\zlclient.exe (Check Point Software Technologies LTD)

002 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (+subkeys)
-----------------------------------------------------------------
* c:\program files\common files\acronis\schedule2\schedhlp.exe (Acronis)
* c:\program files\acronis\trueimagehome\timountermonitor.exe (Acronis)
c:\program files\a-squared anti-dialer\a2adguard.exe (a-squared)
* c:\progra~1\alwils~1\avast4\ashdisp.exe (ALWIL Software)
c:\program files\antivir personaledition classic\avgnt.exe (Avira GmbH)
c:\progra~1\comodo\cboclean\boc425.exe (COMODO)
c:\program files\faxtalk communicator\ftctrl32.exe (Thought Communications, Inc.)
c:\program files\google\google desktop search\googledesktop.exe (Google)
c:\windows\jm\jminside.exe
c:\program files\asus\pc probe ii\probe2.exe (ASUS)
* C:\Windows\khalmnpr.exe (Logitech Inc.)
c:\windows\system32\nvraidservice.exe (NVIDIA Corporation)
c:\program files\quicktime\qttask.exe (Apple Inc.)
* c:\program files\siteadvisor\6253\siteadv.exe
* c:\program files\acronis\trueimagehome\trueimagemonitor.exe (Acronis)
c:\program files\unlocker\unlockerassistant.exe
* c:\program files\zone labs\zonealarm\zlclient.exe (Check Point Software Technologies LTD)

003 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (+subkeys)
-----------------------------------------------------------------
* c:\program files\eraser\eraser.exe (Heidi Computers Ltd)
c:\program files\keepass password safe\keepass.exe (Dominik Reichl)
c:\program files\innovatools\uninstallability\uability.exe (Aurelitec, Inc.)
c:\program files\vidalia bundle\vidalia\vidalia.exe
c:\program files\weather watcher\ww.exe (Singer's Creations)
c:\program files\xdrive\xdrive desktop\xdrivetray.exe (Xdrive LLC)

004 C:\Users\paolo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
--------------------------------------------------------------------------------
c:\progra~1\poptray\poptray.exe (Renier Crause)

005 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
----------------------------------------------------------------
c:\progra~1\logitech\setpoint\setpoint.exe (Logitech Inc.)
c:\progra~1\vidali~1\privoxy\privoxy.exe (The Privoxy team - www.privoxy.org)

006 %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup
-------------------------------------------------------------------
c:\progra~1\logitech\setpoint\setpoint.exe (Logitech Inc.)
c:\progra~1\vidali~1\privoxy\privoxy.exe (The Privoxy team - www.privoxy.org)

007 %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
-------------------------------------------------------------------------------
c:\progra~1\poptray\poptray.exe (Renier Crause)

010 HKLM\SYSTEM\CurrentControlSet\Services (Services)
-----------------------------------------------------
* c:\program files\common files\acronis\schedule2\schedul2.exe (Acronis Scheduler2 Service)
* c:\program files\common files\acronis\fomatik\trueimagetrystartservice.exe (Acronis Try And Decide Service)
* c:\program files\lavasoft\ad-aware 2007\aawservice.exe (Ad-Aware 2007 Service)
c:\program files\antivir personaledition classic\avguard.exe (AntiVir PersonalEdition Classic Guard)
c:\program files\antivir personaledition classic\sched.exe (AntiVir PersonalEdition Classic Scheduler)
c:\program files\a-squared anti-dialer\a2service.exe (a-squared Anti-Dialer Service)
c:\program files\a-squared free\a2service.exe (a-squared Free Service)
* c:\program files\alwil software\avast4\ashserv.exe (avast! Antivirus)
* c:\program files\alwil software\avast4\aswupdsv.exe (avast! iAVS4 Control Service)
* c:\program files\alwil software\avast4\ashmaisv.exe (avast! Mail Scanner)
* c:\program files\alwil software\avast4\ashwebsv.exe (avast! Web Scanner)
c:\program files\comodo\cboclean\bocore.exe (BOCore)
c:\program files\google\google desktop search\googledesktop.exe (GoogleDesktopManager)
* c:\program files\spybot - search & destroy\sdwinsec.exe (SBSD Security Center Service)
* c:\program files\siteadvisor\6253\saservice.exe (Servizio SiteAdvisor)
* c:\windows\system32\zonelabs\vsmon.exe (TrueVector Internet Monitor)
* c:\program files\xdrive\xdrive desktop\xdriveservice.exe (Xdrive Service)

011 HKLM\SYSTEM\CurrentControlSet\Services (drivers)
----------------------------------------------------
* C:\Windows\system32\drivers\snapman.sys (Acronis Snapshots Manager)
* C:\Windows\system32\drivers\timntr.sys (Acronis True Image Backup Archive Explorer)
* C:\Windows\system32\drivers\tifsfilt.sys (Acronis True Image FS Filter)
* C:\Windows\system32\drivers\tdrpman.sys (Acronis Try&Decide and Restore Points filter)
* C:\Windows\system32\drivers\asio.sys (AsIO)
* C:\Windows\system32\drivers\aswmonflt.sys (aswMonFlt)
* c:\windows\system32\drivers\aswrdr.sys (aswRdr)
* c:\windows\system32\drivers\aswtdi.sys (avast! Network Shield Support)
* c:\program files\antivir personaledition classic\avgio.sys (avgio)
* c:\program files\antivir personaledition classic\avgntflt.sys (avgntflt)
* C:\Windows\system32\drivers\avipbb.sys (avipbb)
* c:\program files\comodo\cboclean\bocdrive.sys (BOClean Kernel Monitor.)
c:\program files\asus\asusupdate\bs_def.sys (BS_DEF)
c:\windows\system32\drivers\eio.sys (EIO)
* C:\Windows\system32\drivers\l8042kbd.sys (Logitech SetPoint Keyboard Driver)
* C:\Windows\system32\drivers\nvmfdx32.sys (NVIDIA nForce Networking Controller Driver)
* C:\Windows\system32\drivers\lmouke.sys (SetPoint Mouse Filter Driver)
* C:\Windows\system32\drivers\l8042mou.sys (SetPoint PS/2 Mouse Filter Driver)
* C:\Windows\system32\drivers\ssmdrv.sys (ssmdrv)
c:\program files\unlocker\unlockerdriver5.sys (UnlockerDriver5)
* C:\Windows\system32\drivers\3c1807pd.sys (USRobotics V.92 Voice Win Int)
* C:\Windows\system32\drivers\vsdatant.sys (Zone Alarm Firewall Driver)

031 HKLM\SOFTWARE\Classes\PROTOCOLS\Handler
-------------------------------------------
* c:\program files\siteadvisor\6253\siteadv.dll {3A5DC592-7723-4EAA-9EE6-AF4222BCF879}

041 HKLM-HKCU\Software\Microsoft\Internet Explorer\Toolbar
----------------------------------------------------------
* c:\program files\siteadvisor\6253\siteadv.dll {0BF43445-2F28-4351-9252-17FE6E806AA0}

042 HKLM\Software\Microsoft\Internet Explorer\Extensions
--------------------------------------------------------
GUID / CLSID not found {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
GUID / CLSID not found {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}
GUID / CLSID not found {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}
GUID / CLSID not found {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}
GUID / CLSID not found {92780B25-18CC-41C8-B9BE-3C9C571A8263}

052 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
----------------------------------------------------------------------------------
* c:\progra~1\spybot~1\sdhelper.dll (Safer Networking Limited) {53707962-6F74-2D53-2644-206D7942484F}
c:\progra~1\stardo~1\sdieint.dll {FFFFFEF0-5B30-21D4-945D-000000000000}
* c:\program files\siteadvisor\6253\siteadv.dll {089FD14D-132B-48FC-8861-0048AE113215}

061 HKLM-HCKU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
---------------------------------------------------------------------------------
c:\program files\7-zip\7-zip.dll (Igor Pavlov) {23170F69-40C1-278A-1000-000100020000}
* c:\program files\acronis\trueimagehome\tishell.dll (Acronis) {C539A15A-3AF9-4c92-B771-50CB78F5C751}
* c:\program files\acronis\trueimagehome\tishell.dll (Acronis) {C539A15B-3AF9-4c92-B771-50CB78F5C751}
c:\program files\a-squared free\a2freecontmenu.dll (Emsi Software GmbH) {A155339D-CCCD-4714-85EB-3754B804C9DF}
* c:\program files\alwil software\avast4\ashshell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24}
c:\program files\bulk rename utility\bruhere.dll (Bulk Rename Utility) {5D924130-4CB1-11DB-B0DE-0800200C9A66}
* c:\windows\system32\erasext.dll (-) {8BE13461-936F-11D1-A87D-444553540000}
c:\program files\logitech\setpoint\mcplext.dll (Logitech Inc.) {B9B9F083-2B04-452A-8691-83694AC1037B}
c:\program files\logitech\setpoint\kbcplext.dll (Logitech Inc.) {DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C}
c:\program files\antivir personaledition classic\shlext.dll (Avira GmbH) {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
c:\program files\unlocker\unlockercom.dll {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}
c:\program files\xdrive\xdrive desktop\propext.dll {802293E4-9A69-4387-A084-42814E0BAE29}
c:\program files\xdrive\xdrive desktop\overlay.dll (XDrive) {5D64CBA3-BDEC-427C-8A7F-8CB7C9EA7C74}
c:\program files\xdrive\xdrive desktop\overlay.dll (XDrive) {7C541B8D-BD5A-4687-9010-50E2B5D4A8E4}
c:\program files\xdrive\xdrive desktop\overlay.dll (XDrive) {39C2972F-3338-471B-8D67-FA82E46E3AC2}

062 HKLM-HKCU\Software\Classes\Folder\Shellex\ColumnHandlers
------------------------------------------------------------
c:\program files\common files\adobe\acrobat\activex\pdfshell.dll (Adobe Systems, Inc.) {F9DB5320-233E-11D1-9F84-707F02C10627}

063 HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\BootExecute
---------------------------------------------------------------------
- autocheck
* C:\Windows\system32\lsdelete.exe

069 HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
--------------------------------------------------------
* C:\Windows\system32\dopdfmn5.dll (Softland)
C:\Windows\system32\ftcumn47.dll (Thought Communications, Inc.)
c:\windows\system32\ventmon.dll

070 HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages
---------------------------------------------------------------------
C:\Windows\system32\relog_ap.dll (Acronis)

073 %windir%\Tasks
------------------
Advanced WindowsCare Personal Startup.job : c:\program files\iobit\advanced windowscare v2\awcl.exe (IObit)
Spybot - Search & Destroy - Scheduled Task.job : c:\program files\spybot - search & destroy\spybotsd.exe (Safer Networking Limited)
SyncBack Altri files di configurazione.job : c:\program files\2brightsparks\syncback\syncback.exe (2BrightSparks)
SyncBack Backup su Z.job : c:\program files\2brightsparks\syncback\syncback.exe (2BrightSparks)
Xdrive Backup - Foto.job : c:\program files\xdrive\xdrive desktop\xdrunner.exe (Xdrive Inc.)

104 HKLM\Software\Microsoft\Code Store Database\Distribution Units
------------------------------------------------------------------
* c:\program files\quicktime\qtplugin.ocx (Apple Inc.) {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
GUID / CLSID not found {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}

105 HKCU\Software\Microsoft\Internet Explorer\MenuExt
-----------------------------------------------------
&Windows Live Search : res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
Add to Windows &Live Favorites : http://favorites.liv...m/quickadd.aspx
Download With &SeqDownload : file://C:\Program Files\SeqDownload\iemenu.htm
E&sporta in Microsoft Excel : res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
Salva oggetto con Star Downloader : C:\Program Files\Star Downloader\sdie.htm
Save to &Xdrive : res://C:\Program Files\Xdrive\Xdrive Desktop\xdrive.exe/std.html

120 Domain/DNS hijacking
------------------------
NameServer {3094439B-966B-477F-B684-56046A2CF6DB} : 212.216.172.62,212.216.112.112

121 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs
--------------------------------------------------------------------------
c:\progra~1\google\google~2\goec62~1.dll (Google)

173 HKCR\*\shellex\ContextMenuHandlers
--------------------------------------
c:\program files\7-zip\7-zip.dll (Igor Pavlov) {23170F69-40C1-278A-1000-000100020000}
c:\program files\xdrive\xdrive desktop\rightclickext.dll {3C6CC269-AFF3-4D07-BB07-B26A86A4FEED}
c:\program files\antivir personaledition classic\shlext.dll (Avira GmbH) {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
* c:\program files\alwil software\avast4\ashshell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24}
c:\program files\bulk rename utility\bruhere.dll (Bulk Rename Utility) {5D924130-4CB1-11DB-B0DE-0800200C9A66}
c:\program files\xdrive\xdrive desktop\propext.dll {802293E4-9A69-4387-A084-42814E0BAE29}
* c:\windows\system32\erasext.dll (-) {8BE13461-936F-11D1-A87D-444553540000}
c:\program files\powerarchiver\pashlext.dll (eFront Media, Inc.) {d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e}
c:\program files\crittografia\bfacslib.dll {FBEA4C34-00F5-11d3-A707-0000B4432A4C}
* c:\program files\acronis\trueimagehome\tishell.dll (Acronis)

177 HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes
----------------------------------------------------------------------------
0.0.0.0,0.0.0.0,192.168.0.1,-1
  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Can you zip the .run file and attach it here
  • 0

#3
pari53

pari53

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Thanks for your message.
I attach the runscanner log (*.run)
Attached File  runscanner.zip   131.77KB   51 downloads
  • 0

#4
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

You have two anti-virus programs, AntiVir and Avast, this causes a lot of problems so you need to remove one of these

You have two firewalls, Comodo and ZoneAlarm so you need to remove one of these as well



Download the zipped attachment at the end of this post(this will be your runscanner as fixed by me)

  • Unzip it to your desktop then double click the runscanner icon this will run the program.
  • Click on the "Item Fixer" tab
  • You will notice several entries with a tick in red, click Fix checked.
  • Accept the warning then repeat until they are all gone.

Please post back with a new .run file and tell me how your PC is running now and if you had any problems.
  • 0

#5
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP