1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Audise.exe

Discussion in 'Virus & Other Malware Removal' started by kesticks, Feb 16, 2007.

Thread Status:
Not open for further replies.
  1. kesticks

    kesticks Thread Starter

    Joined:
    Feb 15, 2007
    Messages:
    1
    HI I don't mean to hijack this thread, but I am having the same problem. But when i rebott my computer it asks if i wasnt to run audise.exe. Obviously i click no, but i want it off my computer and Norton anti-virus and spyware doctor both didn't detect it. I followed the SDFix, but when I rebooted, it still asked if i wanted to run audise.exe

    And this was my report.


    SDFix: Version 1.65

    Run by: XXXXXXXXXXXX- Thu 02/15/2007 @ 22:45:30.20

    Microsoft Windows XP [Version 5.1.2600]

    Running From: C:\SDFix

    Safe Mode:
    Checking Services:

    Name:

    Path:


    Restoring Windows Registry Entries
    Restoring Default Hosts File


    Rebooting...

    Normal Mode:
    Checking Files:

    No Trojan Files Found..



    Folder C:\DOCUME~1\KATIES~1\LOCALS~1\Temp\ICD1.tmp - Removed

    ADS Check:

    C:\WINDOWS\system32
    No streams found.

    Final Check:


    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
    "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
    "C:\\Program Files\\Common Files\\AOL\\1134515589\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1134515589\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
    "C:\\Program Files\\Common Files\\AOL\\1134515589\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1134515589\\ee\\aim6.exe:*:Enabled:AIM"
    "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
    "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"


    Remaining Files:
    ---------------

    Backups Folder: - C:\SDFix\backups\backups.zip


    Checking For Files with Hidden Attributes :

    C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\0c44783ee6f825170d2765fb448927a9\BIT9.tmp
    C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\37eaf99bd2ebf4838afe42fd80f89dc5\BITE.tmp
    C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\73b38e6399921b83cdcc05584d085f4b\BIT10.tmp
    C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\9858dff7294cf5ec0cd2f86b87aa9b62\BITD.tmp
    C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\9dbaac1e50a4706a8b8dbd434a19e435\BIT12.tmp
    C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\a47321bdd5009003a9abdb62d9a718c7\BIT11.tmp
    C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\b68cb38dc8dc3be185a274d0a0d9edc5\BITF.tmp
    C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\b7338a44a2d58177630e18c98faad8c7\BITB.tmp
    C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\dc3d5e1c0c70bb9a1b890316e8665042\BITA.tmp
    C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\f22a422ace232baa69cc701d43e4621f\BITC.tmp

    Finished

    Plus out of curiosity, what file did it remove?

    Thanks,
    Katie
     
  2. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,988
    Hi and welcome to TSG,


    Click here to download HJTsetup.exe
    • Save HJTsetup.exe to your desktop.
    • Double click on the HJTsetup.exe icon on your desktop.
    • By default it will install to C:\Program Files\Hijack This.
    • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
    • Put a check by Create a desktop icon then click Next again.
    • Continue to follow the rest of the prompts from there.
    • At the final dialogue box click Finish and it will launch Hijack This.
    • Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
    • Click Save to save the log file and then the log will open in notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and Paste the log in your next reply.
    • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/544554

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice