Task Manager>CPU Usage 100% all the time!

[mad_max]

@Disc_Junkie, OFFTOPIC: Man, you speak of noob killer just like those hair growing/ height increasing/floor cleaning/Impact Tool kit-like ads. . No offence meant, mate!

heh once you're hooked on to something its hard to resist promoting it
like i always go kaspersky or mbam when i get a virus related question lol

and for a antivirus,kaspersky 7 FTW,but yea i haven't to this date seen an antivirus which is effective at removing trojans from an infected system.market forces can be an ugly thing*sigh*

 

[boom2709]

@Disc_Junkie

is this the right one ?
*www.freewarefiles.com/Noob-Killer_program_42299.html


@alexanderthegreat

my computer hangs everytime i click the little plus/arrow next to Administrative templates..





i found another tut on how to get rid of this virus
*amiworks.co.in/talk/how-to-remove-new-folderexe-or-regsvrexr-or-autoruninf-virus/

but here too im at a loss coz my msconfig wont run!

Is there any way out for me ?!?!

 

[furious_gamer]

Try KIS7...

Or try Avast and AVG and check whether they detect the virus. If they do so, then try to delete it or heal it. Whatever you want..

Or google hard to find any solution...

You had no options left again?

 

[boom2709]

@alexanderthegreat

as u pointed out, there are two instances of regsvr.exe, would it help if i fixed one of them with hijack-this ??
if so, then which one should it be ?

 

[boom2709]

@Disc_Junkie

i installed the noob killer and ran the 8XKill thing, now im left with only one instance of regsvr.exe but everything else is the same..
my CPU usage is still 100%
msconfig or regedit wont run

*i420.photobucket.com/albums/pp281/boom667/untitled-4.jpg

 

[mittyr]

@boom2709

Get "Trojan Remover" with full updated pack (Trial version has full options) & do the boot-time scan.

Also, in Contorl Panel>Scheduled Tasks. Check if any entires are there & delete it before the boot-up.

This should help

 

[rajhot]

That "regsvr.exe" comes b'coz of virus(mostly thru USB). Try googling for the solution
-----------------------------------------
Posted again:
-----------------------------------------
*www.file.net/process/regsvr.exe.html
-----------------------------------------
Posted again:
-----------------------------------------
*techsalsa.com/steps-to-remove-regsvrexe-virus/

 

[alexanderthegreat]

@boom2709: Try doing what I said in Safe mode. If it still doesn't work or if the safe mode has been assassinated by the virus, proceed with the following:-
Step 1> Try running "msconfig.exe" and not just msconfig. doesn't work? move on!
Step 2> Try running msconfig.exe manually from X:\Windows\pchealth\helpctr\binaries\. Doesn't work? move on!
Step 3> Press [Windows]+R and type in "sfc /scannow" without the quotes. Windows will try to repair all system files and may ask you to enter the Windows CD. Pop it in if it does so. Wait till the PC is repaired. If nothing is repaired, go for an online scan!

One more thing, did you fix those two lines from Hijackthis???

 

[boom2709]

@rajhot

u wont believe this, my comp has acquired some kinda AI, when ever i open any web page that offers any kinda on-line scan to remove this virus my browser immediately chrashes! and it never crashes otherwise and iev tried this with chrome,firefox and IE.

samething happens when i open this link -> Identify regsvr.exe related errors
on this web page -> *www.file.net/process/regsvr.exe.html

 

[boom2709]

@mittyr

i tried trojan remover, i believe the problem is fixed!

the CPU usage is down
msconfig is working

heres the scan log..


***** THE SYSTEM HAS BEEN RESTARTED *****
4/12/2009 2:20:19 AM: Trojan Remover has been restarted
=======================================================
Deleting the following registry value(s):
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\[Msn Messsenger] - already deleted
=======================================================
4/12/2009 2:20:19 AM: Trojan Remover closed
************************************************************


***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.6.2565. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 2:16:16 AM 12 Apr 2009
Using Database v7291
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Shantanu\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Shantanu\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************
The following Anti-Malware program(s) are loaded:
ESET NOD32 Antivirus

************************************************************


************************************************************
2:16:16 AM: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
2:16:16 AM: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [Explorer.exe regsvr.exe]
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1033728 bytes
Created: 4/14/2008 10:12 AM
Modified: 4/14/2008 10:12 AM
Company: Microsoft Corporation
----------
File: regsvr.exe
C:\WINDOWS\system32\regsvr.exe
-RHS- 1078945 bytes
Created: 4/7/2009 11:53 AM
Modified: 11/27/2008 8:21 PM
Company: [no info]
C:\WINDOWS\system32\regsvr.exe - running process located and terminated
C:\WINDOWS\system32\regsvr.exe - READ-ONLY, HIDDEN and SYSTEM file attributes removed
regsvr.exe - file renamed to: regsvr.exe.vir
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\WINDOWS\system32\userinit.exe,]
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26112 bytes
Created: 4/14/2008 10:12 AM
Modified: 4/14/2008 10:12 AM
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
Key value: [logonui.exe]
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
514560 bytes
Created: 4/14/2008 10:12 AM
Modified: 4/14/2008 10:12 AM
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: egui
Value Data: "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
2021400 bytes
Created: 2/6/2009 2:23 PM
Modified: 2/6/2009 2:23 PM
Company: ESET
--------------------
Value Name: NvCplDaemon
Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
C:\WINDOWS\system32\NvCpl.dll
-R- 3756032 bytes
Created: 4/7/2009 11:49 AM
Modified: 4/23/2004 9:54 AM
Company: NVIDIA Corporation
--------------------
Value Name: UnlockerAssistant
Value Data: "C:\Program Files\Unlocker\UnlockerAssistant.exe"
C:\Program Files\Unlocker\UnlockerAssistant.exe
15872 bytes
Created: 5/2/2008 9:45 AM
Modified: 5/2/2008 9:45 AM
Company: [no info]
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
1211784 bytes
Created: 4/12/2009 2:09 AM
Modified: 2/21/2009 6:30 PM
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: uTorrent
Value Data: "C:\Program Files\uTorrent\uTorrent.exe"
C:\Program Files\uTorrent\uTorrent.exe
281904 bytes
Created: 4/7/2009 12:20 PM
Modified: 4/9/2009 10:58 AM
Company: BitTorrent, Inc.
--------------------
Value Name: Msn Messsenger
Value Data: C:\WINDOWS\system32\regsvr.exe
C:\WINDOWS\system32\regsvr.exe - this registry value has been removed [file not found to scan]
--------------------

************************************************************
2:18:38 AM: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------

************************************************************
2:18:38 AM: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
2:18:38 AM: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver: C:\WINDOWS\System32\logon.scr
C:\WINDOWS\System32\logon.scr
220672 bytes
Created: 4/14/2008 10:12 AM
Modified: 4/14/2008 10:12 AM
Company: Microsoft Corporation
--------------------

************************************************************
2:18:38 AM: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----

************************************************************
2:18:38 AM: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------

************************************************************
2:18:39 AM: Scanning ----- SERVICES REGISTRY KEYS -----
Key: .EsetTrialReset
ImagePath: C:\WINDOWS\system32\regedt32.exe /s C:\WINDOWS\esettrialreset.reg
C:\WINDOWS\system32\regedt32.exe
3584 bytes
Created: 8/23/2001 4:30 PM
Modified: 8/23/2001 4:30 PM
Company: Microsoft Corporation
----------
Key: AN983
ImagePath: system32\DRIVERS\AN983.sys
C:\WINDOWS\system32\DRIVERS\AN983.sys
36224 bytes
Created: 4/7/2009 5:01 PM
Modified: 4/14/2008 3:35 AM
Company: ADMtek Incorporated.
----------
Key: AsIO
ImagePath: system32\drivers\AsIO.sys
C:\WINDOWS\system32\drivers\AsIO.sys
12400 bytes
Created: 4/7/2009 11:52 AM
Modified: 12/17/2007 5:14 PM
Company: [no info]
----------
Key: AtcL002
ImagePath: system32\DRIVERS\l251x86.sys
C:\WINDOWS\system32\DRIVERS\l251x86.sys
30720 bytes
Created: 4/7/2009 11:03 AM
Modified: 10/17/2007 8:12 PM
Company: Atheros Communications, Inc.
----------
Key: d347bus
ImagePath: system32\DRIVERS\d347bus.sys
C:\WINDOWS\system32\DRIVERS\d347bus.sys
155136 bytes
Created: 4/7/2009 12:19 PM
Modified: 8/22/2004 4:31 PM
Company:
----------
Key: d347prt
ImagePath: System32\Drivers\d347prt.sys
C:\WINDOWS\System32\Drivers\d347prt.sys
5248 bytes
Created: 4/7/2009 12:19 PM
Modified: 8/22/2004 4:31 PM
Company:
----------
Key: eamon
ImagePath: system32\DRIVERS\eamon.sys
C:\WINDOWS\system32\DRIVERS\eamon.sys
113448 bytes
Created: 2/6/2009 2:19 PM
Modified: 2/6/2009 2:19 PM
Company: ESET
----------
Key: ehdrv
ImagePath: system32\DRIVERS\ehdrv.sys
C:\WINDOWS\system32\DRIVERS\ehdrv.sys
106208 bytes
Created: 2/6/2009 2:23 PM
Modified: 2/6/2009 2:23 PM
Company: ESET
----------
Key: EhttpSrv
ImagePath: "C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe"
C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
20680 bytes
Created: 2/6/2009 2:27 PM
Modified: 2/6/2009 2:27 PM
Company: ESET
----------
Key: ekrn
ImagePath: "C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
727720 bytes
Created: 2/6/2009 2:23 PM
Modified: 2/6/2009 2:23 PM
Company: ESET
----------
Key: epfwtdir
ImagePath: system32\DRIVERS\epfwtdir.sys
C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
93336 bytes
Created: 2/6/2009 2:24 PM
Modified: 2/6/2009 2:24 PM
Company: ESET
----------
Key: MTsensor
ImagePath: system32\DRIVERS\ASACPI.sys
C:\WINDOWS\system32\DRIVERS\ASACPI.sys
5810 bytes
Created: 4/7/2009 11:03 AM
Modified: 8/13/2004 10:56 AM
Company:
----------
Key: nvcap
ImagePath: system32\DRIVERS\nvcap.sys
C:\WINDOWS\system32\DRIVERS\nvcap.sys
120780 bytes
Created: 4/7/2009 11:50 AM
Modified: 4/9/2003 2:17 PM
Company: NVIDIA Corporation
----------
Key: nvTUNEP
ImagePath: system32\DRIVERS\nvtunep.sys
C:\WINDOWS\system32\DRIVERS\nvtunep.sys
20480 bytes
Created: 4/7/2009 11:50 AM
Modified: 4/9/2003 2:17 PM
Company: NVIDIA Corporation
----------
Key: nvtvSND
ImagePath: system32\DRIVERS\nvtvsnd.sys
C:\WINDOWS\system32\DRIVERS\nvtvsnd.sys
20224 bytes
Created: 4/7/2009 11:50 AM
Modified: 4/9/2003 2:17 PM
Company: NVIDIA Corporation
----------
Key: NVXBAR
ImagePath: system32\DRIVERS\NVxbar.sys
C:\WINDOWS\system32\DRIVERS\NVxbar.sys
13070 bytes
Created: 4/7/2009 11:50 AM
Modified: 4/9/2003 2:17 PM
Company: NVIDIA Corporation
----------
Key: sr
ImagePath: \SystemRoot\system32\DRIVERS\sr.sys
C:\WINDOWS\system32\DRIVERS\sr.sys
73472 bytes
Created: 4/7/2009 11:36 AM
Modified: 4/14/2008 4:36 AM
Company: Microsoft Corporation
----------
Key: SwPrv
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{7FF81429-F5E5-4E50-8F94-7DA1CF4CCCA0}
C:\WINDOWS\system32\dllhost.exe
5120 bytes
Created: 4/14/2008 10:12 AM
Modified: 4/14/2008 10:12 AM
Company: Microsoft Corporation
----------
Key: UnlockerDriver5
ImagePath: \??\C:\Program Files\Unlocker\UnlockerDriver5.sys
C:\Program Files\Unlocker\UnlockerDriver5.sys
4096 bytes
Created: 5/2/2008 9:45 AM
Modified: 5/2/2008 9:45 AM
Company: [no info]
----------

************************************************************
2:18:43 AM: Scanning -----VXD ENTRIES-----

************************************************************
2:18:43 AM: Scanning ----- WINLOGON\NOTIFY DLLS -----

************************************************************
2:18:43 AM: Scanning ----- CONTEXTMENUHANDLERS -----
Key: ESET Smart Security - Context Menu Shell Extension
CLSID: {B089FE88-FB52-11D3-BDF1-0050DA34150D}
Path: C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll
183880 bytes
Created: 2/6/2009 2:28 PM
Modified: 2/6/2009 2:28 PM
Company: ESET
----------

************************************************************
2:18:43 AM: Scanning ----- FOLDER\COLUMNHANDLERS -----

************************************************************
2:18:43 AM: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
BHO: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
75128 bytes
Created: 6/11/2008 10:33 PM
Modified: 6/11/2008 10:33 PM
Company: Adobe Systems Incorporated
----------
Key: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7}
BHO: C:\Program Files\FlashGet\jccatch.dll
C:\Program Files\FlashGet\jccatch.dll
94308 bytes
Created: 8/6/2007 2:41 PM
Modified: 8/6/2007 2:41 PM
Company: www.flashget.com
----------
Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
BHO: C:\Program Files\Java\jre6\bin\ssv.dll
C:\Program Files\Java\jre6\bin\ssv.dll
320920 bytes
Created: 4/7/2009 12:54 PM
Modified: 4/7/2009 12:54 PM
Company: Sun Microsystems, Inc.
----------
Key: {DBC80044-A445-435b-BC74-9C25C1C588A9}
BHO: C:\Program Files\Java\jre6\bin\jp2ssv.dll
C:\Program Files\Java\jre6\bin\jp2ssv.dll
34816 bytes
Created: 4/7/2009 12:54 PM
Modified: 4/7/2009 12:54 PM
Company: Sun Microsystems, Inc.
----------
Key: {F156768E-81EF-470C-9057-481BA8380DBA}
BHO: C:\Program Files\FlashGet\getflash.dll
C:\Program Files\FlashGet\getflash.dll
163840 bytes
Created: 5/18/2007 9:43 PM
Modified: 5/18/2007 9:43 PM
Company: www.flashget.com
----------

************************************************************
2:18:43 AM: Scanning ----- SHELLSERVICEOBJECTS -----

************************************************************
2:18:43 AM: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

************************************************************
2:18:43 AM: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************************
2:18:43 AM: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank or does not exist

************************************************************
2:18:44 AM: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************************
2:18:44 AM: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
-HS- 84 bytes
Created: 4/7/2009 4:58 PM
Modified: 4/7/2009 11:39 AM
Company: [no info]
--------------------

************************************************************
2:18:44 AM: Scanning ------ USER STARTUP GROUPS ------
--------------------
Checking Startup Group for: Shantanu
[C:\Documents and Settings\Shantanu\START MENU\PROGRAMS\STARTUP]
The Startup Group for Shantanu attempts to load the following file(s):
C:\Documents and Settings\Shantanu\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 4/7/2009 11:44 AM
Modified: 4/7/2009 11:39 AM
Company: [no info]
----------

************************************************************
2:18:44 AM: Scanning ----- SCHEDULED TASKS -----
Taskname: GoogleUpdateTaskUserS-1-5-21-1123561945-115176313-1644491937-1003.job
File: C:\Documents and Settings\Shantanu\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\Shantanu\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
133104 bytes
Created: 4/7/2009 1:14 PM
Modified: 4/7/2009 1:14 PM
Company: Google Inc.
Parameters: /c
Next Run Time: Never
Status: The task is currently running
Creator: Shantanu
Comments: Keeps your Google software up to date. If this task is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This task uninstalls itself when there is no Google software using it.
----------

************************************************************
2:18:44 AM: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----

************************************************************
2:18:44 AM: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
==============================
Restrictive Windows Explorer Policies found in force on this computer:
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
Value: DisableRegistryTools
All Policy Values listed have been removed or reset
==============================
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Documents and Settings\Shantanu\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Shantanu\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
5760054 bytes
Created: 4/7/2009 12:08 PM
Modified: 4/7/2009 4:02 PM
Company: [no info]
----------
Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Shantanu\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
5760054 bytes
Created: 4/7/2009 12:08 PM
Modified: 4/7/2009 4:02 PM
Company: [no info]
----------
DNS Server information:
Interface: ADMtek AN983 10/100 PCI Adapter
NameServers: 59.144.127.16,59.144.127.17
Checks for rogue DNS NameServers completed
----------
----------
Additional checks completed

************************************************************
2:18:58 AM: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
50688 bytes
Created: 4/14/2008 10:12 AM
Modified: 4/14/2008 10:12 AM
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\csrss.exe
6144 bytes
Created: 4/14/2008 10:12 AM
Modified: 4/14/2008 10:12 AM
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\winlogon.exe
507904 bytes
Created: 4/14/2008 10:12 AM
Modified: 4/14/2008 10:12 AM
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\services.exe
108544 bytes
Created: 4/14/2008 10:12 AM
Modified: 4/14/2008 10:12 AM
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\lsass.exe
13312 bytes
Created: 4/14/2008 10:12 AM
Modified: 4/14/2008 10:12 AM
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\svchost.exe
14336 bytes
Created: 4/14/2008 10:12 AM
Modified: 4/14/2008 10:12 AM
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\spoolsv.exe
57856 bytes
Created: 4/14/2008 10:12 AM
Modified: 4/14/2008 10:12 AM
Company: Microsoft Corporation
--------------------
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe - file already scanned
--------------------
C:\Program Files\Unlocker\UnlockerAssistant.exe - file already scanned
--------------------
C:\Program Files\uTorrent\uTorrent.exe - file already scanned
--------------------
C:\WINDOWS\system32\nvsvc32.exe
-R- 114755 bytes
Created: 4/7/2009 11:49 AM
Modified: 4/23/2004 9:54 AM
Company: NVIDIA Corporation
--------------------
C:\WINDOWS\System32\alg.exe
44544 bytes
Created: 4/14/2008 10:12 AM
Modified: 4/14/2008 10:12 AM
Company: Microsoft Corporation
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\DllHost.exe
5120 bytes
Created: 4/14/2008 10:12 AM
Modified: 4/14/2008 10:12 AM
Company: Microsoft Corporation
--------------------
C:\Documents and Settings\Shantanu\Local Settings\Application Data\Google\Update\GoogleUpdate.exe - file already scanned
--------------------
C:\WINDOWS\explorer.exe - file already scanned
--------------------
C:\Documents and Settings\Shantanu\Application Data\Simply Super Software\Trojan Remover\xurB61.exe
FileSize: 2933624
[This is a Trojan Remover component]
--------------------

************************************************************
2:19:00 AM: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
about:blank
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
*www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
*www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
*www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
*ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
*ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
about:blank
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
*www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

************************************************************
=== CHANGES WERE MADE TO THE WINDOWS REGISTRY ===
=== ONE OR MORE FILES WERE RENAMED OR REMOVED ===
Scan completed at: 2:19:00 AM 12 Apr 2009
Total Scan time: 00:02:44
-------------------------------------------------------------------------
One or more files could not be moved or renamed as requested.
They may be in use by Windows, so Trojan Remover needs
to restart the system in order to deal with these files.
4/12/2009 2:19:06 AM: restart commenced
************************************************************




thanks alot all u guys..

 

[mad_max]

@rajhot

u wont believe this, my comp has acquired some kinda AI, when ever i open any web page that offers any kinda on-line scan to remove this virus my browser immediately chrashes! and it never crashes otherwise and iev tried this with chrome,firefox and IE.

samething happens when i open this link -> Identify regsvr.exe related errors
on this web page -> *www.file.net/process/regsvr.exe.html

sounds like a conficker varient