PDA

View Full Version : CPU usage is 100%



gigster
05-02-2009, 06:57 PM
My cpu usage is @ 100% here's my Hijackthis log. Could u please help me?

Logfile of HijackThis v1.99.1
Scan saved at 4:19:15 PM, on 5/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
C:\Program Files\Logitech\iTouch\kbdtray.exe
C:\Program Files\Common Files\System\update.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://au.rd.yahoo.com/customize/ycomp/defaults/su/*http://au.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [Windows Update] C:\Program Files\Common Files\System\update.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKfox000
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1200623839238
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DL L
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

Thanx
gigster

Speedy Gonzales
05-02-2009, 07:12 PM
Tick these entries then tick fix checked

Close browsers

Disable system restore

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

This looks suss / nasty

You may have delf troj, which is a trojan.

O4 - HKLM\..\Run: [Windows Update] C:\Program Files\Common Files\System\update.exe

Uninstall mywebsearch / myway in add/remove programs

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...tml?p=ZKfox000

Then get trojan remover (http://www.simplysup3.com/download/dl/trjsetup675.exe) update it then scan

Then select all options under the utilities menu

Then reboot then get malwarebytes below update it then scan

gigster
06-02-2009, 12:06 AM
OK done, i think, wasn't too sure about the
"Uninstall mywebsearch / myway in add/remove programs"
as it wasn't in add/remove programs in control panel.

so here is the log from malwarebytes, both before and after i removed the suss entries.

before.

Malwarebytes' Anti-Malware 1.33
Database version: 1654
Windows 5.1.2600 Service Pack 3

5/02/2009 9:28:25 PM
mbam-log-2009-02-05 (21-28-20).txt

Scan type: Full Scan (C:\|)
Objects scanned: 103907
Time elapsed: 33 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 20

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{621feacd-8857-43a6-ae26-451d670d5370} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-f3embed (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\W MPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll (Adware.MyWebSearch) -> No action taken.
C:\QooBox\Quarantine\C\Program Files\Internet Explorer\msimg32.dll.vir (Adware.MyWebSearch) -> No action taken.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3BROVLY.DLL.vir (Adware.MyWebSearch) -> No action taken.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL.vir (Adware.MyWebSearch) -> No action taken.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL.vir (Adware.MyWebSearch) -> No action taken.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL.vir (Adware.MyWebSearch) -> No action taken.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL.vir (Adware.MyWebSearch) -> No action taken.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL.vir (Adware.MyWebSearch) -> No action taken.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL.vir (Adware.MyWebSearch) -> No action taken.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL.vir (Adware.MyWebSearch) -> No action taken.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE.vir (Adware.MyWebSearch) -> No action taken.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL.vir (Adware.MyWebSearch) -> No action taken.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL.vir (Adware.MyWebSearch) -> No action taken.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL.vir (Adware.MyWebSearch) -> No action taken.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE.vir (Adware.MyWebSearch) -> No action taken.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE.vir (Adware.MyWebSearch) -> No action taken.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE.vir (Adware.MyWebSearch) -> No action taken.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL.vir (Adware.MyWebSearch) -> No action taken.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL.vir (Adware.MyWebSearch) -> No action taken.
C:\Program Files\Common Files\System\update.exe (Backdoor.Bot) -> No action taken.

and after

Malwarebytes' Anti-Malware 1.33
Database version: 1654
Windows 5.1.2600 Service Pack 3

5/02/2009 9:28:32 PM
mbam-log-2009-02-05 (21-28-32).txt

Scan type: Full Scan (C:\|)
Objects scanned: 103907
Time elapsed: 33 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 20

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{621feacd-8857-43a6-ae26-451d670d5370} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-f3embed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\W MPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\Internet Explorer\msimg32.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3BROVLY.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\System\update.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

and here's a Hijachthis log,

Logfile of HijackThis v1.99.1
Scan saved at 9:42:09 PM, on 5/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
C:\Program Files\Logitech\iTouch\kbdtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://au.rd.yahoo.com/customize/ycomp/defaults/su/*http://au.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1200623839238
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DL L
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

Regards and Hanx

Phil

Speedy Gonzales
06-02-2009, 12:14 AM
You can tick these entries then tick fix checked

Close browsers

Did you click on remove selected after you did a scan?

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Then select all options under utilities in trojan remover (if you didnt before)

Is it better than before now?

gigster
06-02-2009, 02:00 AM
It BETTER here's the Trojan Log and the Hijackthis Log

First the Trojan log,

***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.5.2562. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 11:28:01 PM 05 Feb 2009
Using Database v7279
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Gigster\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Gigster\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************** **********
The following Anti-Malware program(s) are loaded:
AVG Anti-Virus

************************************************** **********


************************************************** **********
11:28:01 PM: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS

************************************************** **********
11:28:01 PM: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS

************************************************** **********
11:28:01 PM: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************** **********
11:28:01 PM: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [Explorer.exe]
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1033728 bytes
Created: 31/03/2003 10:30 PM
Modified: 14/04/2008 10:42 AM
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\WINDOWS\system32\userinit.exe,]
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26112 bytes
Created: 31/03/2003 10:30 PM
Modified: 14/04/2008 10:42 AM
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
Key value: [logonui.exe]
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
514560 bytes
Created: 31/03/2003 10:30 PM
Modified: 14/04/2008 10:42 AM
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: AVG7_CC
Value Data: C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
590848 bytes
Created: 18/01/2008 3:38 PM
Modified: 17/10/2008 10:41 AM
Company: GRISOFT, s.r.o.
--------------------
Value Name: NvCplDaemon
Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
C:\WINDOWS\system32\NvCpl.dll
7700480 bytes
Created: 22/10/2006 12:22 PM
Modified: 22/10/2006 12:22 PM
Company: NVIDIA Corporation
--------------------
Value Name: nwiz
Value Data: nwiz.exe /install
C:\WINDOWS\system32\nwiz.exe
1622016 bytes
Created: 22/10/2006 12:22 PM
Modified: 22/10/2006 12:22 PM
Company: NVIDIA Corporation
--------------------
Value Name: NvMediaCenter
Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
C:\WINDOWS\system32\NvMcTray.dll
86016 bytes
Created: 22/10/2006 12:22 PM
Modified: 22/10/2006 12:22 PM
Company: NVIDIA Corporation
--------------------
Value Name: zBrowser Launcher
Value Data: C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
204800 bytes
Created: 21/01/2008 10:57 AM
Modified: 20/12/2001 1:59 AM
Company: Logitech Inc.
--------------------
Value Name: EM_EXEC
Value Data: C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
35328 bytes
Created: 21/01/2008 10:57 AM
Modified: 20/12/2001 9:42 AM
Company: Logitech Inc.
--------------------
Value Name:
Value Data:
Blank entry: []
--------------------
Value Name: Sony Ericsson PC Suite
Value Data: "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
-R- 159744 bytes
Created: 26/10/2005 4:17 PM
Modified: 26/10/2005 4:17 PM
Company: Sony Ericsson Mobile Communications AB
--------------------
Value Name: Lexmark X6100 Series
Value Data: "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
57344 bytes
Created: 12/01/2009 1:58 PM
Modified: 23/09/2003 2:01 AM
Company: Lexmark International, Inc.
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
1231752 bytes
Created: 5/02/2009 8:18 PM
Modified: 1/01/2009 8:43 PM
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Once
Value Name: Malwarebytes' Anti-Malware
Value Data: C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
399504 bytes
Created: 5/02/2009 8:37 PM
Modified: 14/01/2009 4:11 PM
Company: Malwarebytes Corporation
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Services
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\Run
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: CTFMON.EXE
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 31/03/2003 10:30 PM
Modified: 14/04/2008 10:42 AM
Company: Microsoft Corporation
--------------------
Value Name: MsnMsgr
Value Data: "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
5724184 bytes
Created: 18/10/2007 11:34 AM
Modified: 18/10/2007 11:34 AM
Company: Microsoft Corporation
--------------------
Value Name: SUPERAntiSpyware
Value Data: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
1830128 bytes
Created: 1/05/2007 10:29 AM
Modified: 3/02/2009 7:46 PM
Company: SUPERAntiSpyware.com
--------------------
Value Name: AlcoholAutomount
Value Data: "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe
217544 bytes
Created: 22/02/2008 10:00 PM
Modified: 22/02/2008 10:00 PM
Company: Alcohol Soft Development Team
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Once
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Services
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run ServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\Run
This Registry Key appears to be empty

************************************************** **********
11:28:03 PM: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------
ValueName: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}
File: C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
77824 bytes
Created: 20/12/2006 2:55 PM
Modified: 22/05/2008 9:49 AM
Company: SuperAdBlocker.com
----------

************************************************** **********
11:28:03 PM: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************** **********
11:28:03 PM: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.
--------------------

************************************************** **********
11:28:03 PM: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: {6BF52A52-394A-11d3-B153-00C04F79FAA6}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
C:\WINDOWS\INF\wmp11.inf
2428 bytes
Created: 25/08/2006 5:09 PM
Modified: 25/08/2006 5:09 PM
Company: [no info]
----------

************************************************** **********
11:28:03 PM: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------

************************************************** **********
11:28:04 PM: Scanning ----- SERVICES REGISTRY KEYS -----
Key: ALCXWDM
ImagePath: system32\drivers\ALCXWDM.SYS
C:\WINDOWS\system32\drivers\ALCXWDM.SYS
303948 bytes
Created: 18/01/2008 1:00 PM
Modified: 25/03/2002 10:43 PM
Company: Avance Logic, Inc.
----------
Key: Aspi32
ImagePath: System32\drivers\aspi32.sys
C:\WINDOWS\System32\drivers\aspi32.sys
16512 bytes
Created: 30/11/2008 11:01 PM
Modified: 21/11/2005 4:18 PM
Company: Adaptec
----------
Key: Avg7Alrt
ImagePath: C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
418816 bytes
Created: 18/01/2008 3:38 PM
Modified: 18/01/2008 3:38 PM
Company: GRISOFT, s.r.o.
----------
Key: Avg7Core
ImagePath: \SystemRoot\System32\Drivers\avg7core.sys
C:\WINDOWS\System32\Drivers\avg7core.sys
821856 bytes
Created: 18/01/2008 3:38 PM
Modified: 18/01/2008 3:38 PM
Company: GRISOFT, s.r.o.
----------
Key: Avg7RsW
ImagePath: \SystemRoot\System32\Drivers\avg7rsw.sys
C:\WINDOWS\System32\Drivers\avg7rsw.sys
4224 bytes
Created: 18/01/2008 3:38 PM
Modified: 18/01/2008 3:38 PM
Company: GRISOFT, s.r.o.
----------
Key: Avg7RsXP
ImagePath: \SystemRoot\System32\Drivers\avg7rsxp.sys
C:\WINDOWS\System32\Drivers\avg7rsxp.sys
27776 bytes
Created: 18/01/2008 3:38 PM
Modified: 18/01/2008 3:38 PM
Company: GRISOFT, s.r.o.
----------
Key: Avg7UpdSvc
ImagePath: C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
49664 bytes
Created: 18/01/2008 3:38 PM
Modified: 18/01/2008 3:38 PM
Company: GRISOFT, s.r.o.
----------
Key: AvgClean
ImagePath: \SystemRoot\System32\Drivers\avgclean.sys
C:\WINDOWS\System32\Drivers\avgclean.sys
10760 bytes
Created: 18/01/2008 3:38 PM
Modified: 18/01/2008 3:42 PM
Company: GRISOFT, s.r.o.
----------
Key: AVGEMS
ImagePath: C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
406528 bytes
Created: 18/01/2008 3:38 PM
Modified: 18/01/2008 3:42 PM
Company: GRISOFT, s.r.o.
----------
Key: AvgTdi
ImagePath: \SystemRoot\System32\Drivers\avgtdi.sys
C:\WINDOWS\System32\Drivers\avgtdi.sys
4960 bytes
Created: 18/01/2008 3:38 PM
Modified: 18/01/2008 3:38 PM
Company: GRISOFT, s.r.o.
----------
Key: BANTExt
ImagePath: \SystemRoot\System32\Drivers\BANTExt.sys
C:\WINDOWS\System32\Drivers\BANTExt.sys
3840 bytes
Created: 24/01/2008 7:37 PM
Modified: 7/04/2005 5:18 PM
Company: [no info]
----------
Key: catchme
ImagePath: \??\C:\Combo-Fix\catchme.sys - this file is globally excluded
----------
Key: ImapiService
ImagePath: %systemroot%\system32\imapi.exe
C:\WINDOWS\system32\imapi.exe
150528 bytes
Created: 31/03/2003 10:30 PM
Modified: 14/04/2008 10:42 AM
Company: Microsoft Corporation
----------
Key: itchfltr
ImagePath: system32\DRIVERS\itchfltr.sys
C:\WINDOWS\system32\DRIVERS\itchfltr.sys
10496 bytes
Created: 21/01/2008 10:57 AM
Modified: 17/12/2001 8:12 PM
Company: Logitech Inc.
----------
Key: JavaQuickStarterService
ImagePath: "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
C:\Program Files\Java\jre6\bin\jqs.exe
152984 bytes
Created: 30/11/2008 2:31 PM
Modified: 10/11/2008 5:43 AM
Company: Sun Microsystems, Inc.
----------
Key: LexBceS
ImagePath: C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXBCES.EXE
303104 bytes
Created: 12/01/2009 1:59 PM
Modified: 23/09/2003 1:42 AM
Company: Lexmark International, Inc.
----------
Key: pfsvgae
ImagePath: \??\C:\DOCUME~1\Gigster\LOCALS~1\Temp\pfsvgae.sys
C:\DOCUME~1\Gigster\LOCALS~1\Temp\pfsvgae.sys [file not found to scan]
----------
Key: prodrv06
ImagePath: \SystemRoot\System32\drivers\prodrv06.sys
C:\WINDOWS\System32\drivers\prodrv06.sys
53920 bytes
Created: 9/08/2004 9:59 PM
Modified: 9/08/2004 9:59 PM
Company: Protection Technology
----------
Key: prohlp02
ImagePath: System32\drivers\prohlp02.sys
C:\WINDOWS\System32\drivers\prohlp02.sys
114016 bytes
Created: 9/08/2004 10:03 PM
Modified: 9/08/2004 10:03 PM
Company: Protection Technology
----------
Key: prosync1
ImagePath: System32\drivers\prosync1.sys
C:\WINDOWS\System32\drivers\prosync1.sys
7040 bytes
Created: 20/07/2004 1:19 AM
Modified: 20/07/2004 1:19 AM
Company: Protection Technology
----------
Key: RTL8023xp
ImagePath: system32\DRIVERS\Rtnicxp.sys
C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
104320 bytes
Created: 20/11/2007 11:09 AM
Modified: 20/11/2007 11:09 AM
Company: Realtek Semiconductor Corporation
----------
Key: SASDIFSV
ImagePath: \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
8944 bytes
Created: 10/10/2006 2:53 PM
Modified: 22/05/2008 9:49 AM
Company: SUPERAdBlocker.com and SUPERAntiSpyware.com
----------
Key: SASENUM
ImagePath: \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
-R- 4096 bytes
Created: 16/02/2006 6:51 PM
Modified: 16/02/2006 6:51 PM
Company: SuperAdBlocker, Inc.
----------
Key: SASKUTIL
ImagePath: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
55024 bytes
Created: 27/02/2007 1:39 PM
Modified: 22/05/2008 9:49 AM
Company: SUPERAdBlocker.com and SUPERAntiSpyware.com
----------
Key: SE2Cbus
ImagePath: system32\DRIVERS\SE2Cbus.sys
C:\WINDOWS\system32\DRIVERS\SE2Cbus.sys
-R- 61600 bytes
Created: 24/04/2008 6:08 PM
Modified: 10/11/2006 10:54 AM
Company: MCCI
----------
Key: SE2Cmdfl
ImagePath: system32\DRIVERS\SE2Cmdfl.sys
C:\WINDOWS\system32\DRIVERS\SE2Cmdfl.sys
-R- 9360 bytes
Created: 4/12/2008 10:33 AM
Modified: 10/11/2006 9:54 AM
Company: MCCI
----------
Key: SE2Cmdm
ImagePath: system32\DRIVERS\SE2Cmdm.sys
C:\WINDOWS\system32\DRIVERS\SE2Cmdm.sys
-R- 97184 bytes
Created: 4/12/2008 10:33 AM
Modified: 10/11/2006 9:54 AM
Company: MCCI
----------
Key: SE2Cmgmt
ImagePath: system32\DRIVERS\SE2Cmgmt.sys
C:\WINDOWS\system32\DRIVERS\SE2Cmgmt.sys
-R- 88688 bytes
Created: 4/12/2008 10:33 AM
Modified: 10/11/2006 9:54 AM
Company: MCCI
----------
Key: se2Cnd5
ImagePath: system32\DRIVERS\se2Cnd5.sys
C:\WINDOWS\system32\DRIVERS\se2Cnd5.sys
-R- 18704 bytes
Created: 4/12/2008 10:34 AM
Modified: 10/11/2006 9:54 AM
Company: MCCI
----------
Key: SE2Cobex
ImagePath: system32\DRIVERS\SE2Cobex.sys
C:\WINDOWS\system32\DRIVERS\SE2Cobex.sys
-R- 86560 bytes
Created: 4/12/2008 10:33 AM
Modified: 10/11/2006 9:54 AM
Company: MCCI
----------
Key: se2Cunic
ImagePath: system32\DRIVERS\se2Cunic.sys
C:\WINDOWS\system32\DRIVERS\se2Cunic.sys
-R- 90800 bytes
Created: 4/12/2008 10:34 AM
Modified: 10/11/2006 9:54 AM
Company: MCCI
----------
Key: sfhlp01
ImagePath: System32\drivers\sfhlp01.sys
C:\WINDOWS\System32\drivers\sfhlp01.sys
4832 bytes
Created: 2/12/2003 1:50 AM
Modified: 2/12/2003 1:50 AM
Company: Protection Technology
----------
Key: sptd
ImagePath: System32\Drivers\sptd.sys - this file is globally excluded
----------
Key: StarWindServiceAE
ImagePath: C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
275968 bytes
Created: 29/05/2007 3:27 AM
Modified: 29/05/2007 3:27 AM
Company: Rocket Division Software
----------
Key: SwPrv
ImagePath: C:\WINDOWS\System32\dllhost.exe /Processid:{AD623655-EF04-4C37-9BEB-30243CD66548}
C:\WINDOWS\System32\dllhost.exe
5120 bytes
Created: 31/03/2003 10:30 PM
Modified: 14/04/2008 10:42 AM
Company: Microsoft Corporation
----------
Key: usbbus
ImagePath: system32\DRIVERS\lgusbbus.sys
C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [file not found to scan]
----------
Key: USBModem
ImagePath: system32\DRIVERS\lgusbmodem.sys
C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [file not found to scan]
----------
Key: usnjsvc
ImagePath: "C:\Program Files\Windows Live\Messenger\usnsvc.exe"
C:\Program Files\Windows Live\Messenger\usnsvc.exe
98328 bytes
Created: 18/10/2007 11:31 AM
Modified: 18/10/2007 11:31 AM
Company: Microsoft Corporation
----------
Key: WLSetupSvc
ImagePath: "C:\Program Files\Windows Live\installer\WLSetupSvc.exe"
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
266240 bytes
Created: 25/10/2007 3:27 PM
Modified: 25/10/2007 3:27 PM
Company: Microsoft Corporation
----------

************************************************** **********
11:28:09 PM: Scanning -----VXD ENTRIES-----
Checking the following VxD entries:

************************************************** **********
11:28:09 PM: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key : !SASWinLogon
DLLName: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
356352 bytes
Created: 19/04/2007 2:41 PM
Modified: 6/01/2009 5:26 PM
Company: SUPERAntiSpyware.com
----------

************************************************** **********
11:28:09 PM: Scanning ----- CONTEXTMENUHANDLERS -----
Key: AVG7 Shell Extension
CLSID: {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
Path: C:\Program Files\Grisoft\AVG7\avgse.dll
C:\Program Files\Grisoft\AVG7\avgse.dll
50688 bytes
Created: 18/01/2008 3:38 PM
Modified: 18/01/2008 3:38 PM
Company: GRISOFT, s.r.o.
----------
Key: ShellExtension
CLSID: [empty]
----------
Key: {CA8ACAFA-5FBB-467B-B348-90DD488DE003}
Path: C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL
C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL
61440 bytes
Created: 27/02/2007 1:39 PM
Modified: 27/02/2007 1:39 PM
Company: SUPERAntiSpyware.com
----------

************************************************** **********
11:28:09 PM: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {7D4D6379-F301-4311-BEBA-E26EB0561882}
File: [CLSID does not appear to reference a file]

************************************************** **********
11:28:09 PM: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {02478D38-C3F9-4EFB-9B51-7695ECA05670}
BHO: C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
440384 bytes
Created: 10/12/2008 11:13 AM
Modified: 26/10/2006 10:28 AM
Company: Yahoo! Inc.
----------
Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
BHO: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
62080 bytes
Created: 22/10/2006 11:08 PM
Modified: 22/10/2006 11:08 PM
Company: Adobe Systems Incorporated
----------
Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
BHO: C:\Program Files\Java\jre6\bin\ssv.dll
C:\Program Files\Java\jre6\bin\ssv.dll
320920 bytes
Created: 30/11/2008 2:31 PM
Modified: 10/11/2008 5:43 AM
Company: Sun Microsystems, Inc.
----------
Key: {9030D464-4C02-4ABF-8ECC-5164760863C6}
BHO: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
392240 bytes
Created: 14/12/2007 12:54 PM
Modified: 14/12/2007 12:54 PM
Company: Microsoft Corporation
----------
Key: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
BHO: C:\Program Files\Windows Live Toolbar\msntb.dll
C:\Program Files\Windows Live Toolbar\msntb.dll
546320 bytes
Created: 19/10/2007 11:20 AM
Modified: 19/10/2007 11:20 AM
Company: Microsoft Corporation
----------
Key: {DBC80044-A445-435b-BC74-9C25C1C588A9}
BHO: C:\Program Files\Java\jre6\bin\jp2ssv.dll
C:\Program Files\Java\jre6\bin\jp2ssv.dll
34816 bytes
Created: 30/11/2008 2:31 PM
Modified: 10/11/2008 5:43 AM
Company: Sun Microsystems, Inc.
----------
Key: {E7E6F031-17CE-4C07-BC86-EABFE594F69C}
BHO: C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
73728 bytes
Created: 30/11/2008 2:31 PM
Modified: 10/11/2008 5:43 AM
Company: Sun Microsystems, Inc.
----------
Key: {ecdee021-0d17-467f-a1ff-c7a115230949}
BHO: C:\Program Files\free-downloads.net\tbfree.dll
C:\Program Files\free-downloads.net\tbfree.dll
1555480 bytes
Created: 1/09/2007 2:54 PM
Modified: 14/02/2008 3:54 PM
Company: Conduit Ltd.
----------
Key: {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}
BHO: C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
262144 bytes
Created: 21/04/2008 7:26 PM
Modified: 21/04/2008 7:26 PM
Company: ZoneAlarm
----------

************************************************** **********
11:28:10 PM: Scanning ----- SHELLSERVICEOBJECTS -----
Key: WebCheck
CLSID: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Path: %SystemRoot%\System32\webcheck.dll
C:\WINDOWS\System32\webcheck.dll
276480 bytes
Created: 31/03/2003 10:30 PM
Modified: 14/04/2008 10:42 AM
Company: Microsoft Corporation
----------
Key: SysTray
CLSID: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Path: %systemroot%\system32\stobject.dll
C:\WINDOWS\system32\stobject.dll
121856 bytes
Created: 31/03/2003 10:30 PM
Modified: 14/04/2008 10:42 AM
Company: Microsoft Corporation
----------

************************************************** **********
11:28:10 PM: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

************************************************** **********
11:28:10 PM: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************** **********
11:28:10 PM: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank or does not exist

************************************************** **********
11:28:10 PM: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************** **********
11:28:10 PM: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
-HS- 84 bytes
Created: 18/01/2008 8:21 PM
Modified: 18/01/2008 10:26 AM
Company: [no info]
--------------------

************************************************** **********
11:28:10 PM: Scanning ------ USER STARTUP GROUPS ------
--------------------
Checking Startup Group for: Administrator
[C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP]
The Startup Group for Administrator attempts to load the following file(s):
C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 20/04/2008 10:49 AM
Modified: 18/01/2008 10:26 AM
Company: [no info]
----------
--------------------
Checking Startup Group for: Bella
[C:\Documents and Settings\Bella\START MENU\PROGRAMS\STARTUP]
The Startup Group for Bella attempts to load the following file(s):
C:\Documents and Settings\Bella\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 18/01/2008 5:15 PM
Modified: 18/01/2008 10:26 AM
Company: [no info]
----------
--------------------
Checking Startup Group for: Gigster
[C:\Documents and Settings\Gigster\START MENU\PROGRAMS\STARTUP]
The Startup Group for Gigster attempts to load the following file(s):
C:\Documents and Settings\Gigster\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 18/01/2008 10:32 AM
Modified: 18/01/2008 10:26 AM
Company: [no info]
----------

************************************************** **********
11:28:11 PM: Scanning ----- SCHEDULED TASKS -----
Taskname: Check Updates for Windows Live Toolbar.job
File: C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
99856 bytes
Created: 19/10/2007 11:20 AM
Modified: 19/10/2007 11:20 AM
Company: Microsoft Corporation
Parameters: [blank]
Next Run Time: 6/02/2009 12:12:00 AM
Status: The task is ready to run at its next scheduled time
Creator: Gigster
Comments: [blank]
----------
Taskname: SS4200 Utility Updates.job
File: C:\WINDOWS\Installer\SS4200 Utility Updates for All Users.lnk
C:\WINDOWS\Installer\SS4200 Utility Updates for All Users.lnk
977 bytes
Created: 23/11/2008 3:12 PM
Modified: 23/11/2008 3:12 PM
Company: [no info]
Parameters: [blank]
Next Run Time: 6/02/2009 10:00:00 AM
Status: The task has not yet run
Creator: Gigster
Comments: [blank]
----------

************************************************** **********
11:28:11 PM: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----

************************************************** **********
11:28:11 PM: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Documents and Settings\Gigster\Application Data\Mozilla\Firefox\Desktop Background.bmp
C:\Documents and Settings\Gigster\Application Data\Mozilla\Firefox\Desktop Background.bmp
1358010 bytes
Created: 28/04/2008 2:27 PM
Modified: 28/04/2008 2:27 PM
Company: [no info]
----------
Web Desktop Wallpaper: %APPDATA%\Mozilla\Firefox\Desktop Background.bmp
C:\Documents and Settings\Gigster\Application Data\Mozilla\Firefox\Desktop Background.bmp
1358010 bytes
Created: 28/04/2008 2:27 PM
Modified: 28/04/2008 2:27 PM
Company: [no info]
----------
Checks for rogue DNS NameServers completed
----------
----------
Additional checks completed

************************************************** **********
11:28:12 PM: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
--------------------
C:\WINDOWS\system32\csrss.exe
--------------------
C:\WINDOWS\system32\winlogon.exe
--------------------
C:\WINDOWS\system32\services.exe
--------------------
C:\WINDOWS\system32\lsass.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\LEXBCES.EXE - file already scanned
--------------------
C:\WINDOWS\system32\spoolsv.exe
--------------------
C:\WINDOWS\system32\LEXPPS.EXE
--------------------
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe - file already scanned
--------------------
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe - file already scanned
--------------------
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe - file already scanned
--------------------
C:\Program Files\Java\jre6\bin\jqs.exe - file already scanned
--------------------
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
--------------------
C:\WINDOWS\system32\nvsvc32.exe
--------------------
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\alg.exe
--------------------
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe - file already scanned
--------------------
C:\WINDOWS\system32\RUNDLL32.EXE
--------------------
C:\Program Files\Logitech\iTouch\iTouch.exe - file already scanned
--------------------
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe - file already scanned
--------------------
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
--------------------
C:\Program Files\Logitech\iTouch\kbdtray.exe
--------------------
C:\WINDOWS\system32\ctfmon.exe - file already scanned
--------------------
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe - file already scanned
--------------------
C:\Program Files\Common Files\Teleca Shared\Generic.exe
--------------------
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
--------------------
C:\WINDOWS\system32\taskmgr.exe
--------------------
C:\WINDOWS\explorer.exe - file already scanned
--------------------
C:\Documents and Settings\Gigster\Application Data\Simply Super Software\Trojan Remover\fcy30.exe
FileSize: 2933624
[This is a Trojan Remover component]
--------------------

************************************************** **********
11:28:14 PM: Checking AUTOEXEC.BAT file
AUTOEXEC.BAT found in C:\
No malicious entries were found in the AUTOEXEC.BAT file

************************************************** **********
11:28:14 PM: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file

************************************************** **********
11:28:14 PM: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************** **********
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
about:blank
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

************************************************** **********
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 11:28:14 PM 05 Feb 2009
Total Scan time: 00:00:12
************************************************** **********


***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.5.2562. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 11:23:58 PM 05 Feb 2009
Using Database v7279
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Gigster\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Gigster\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************** **********
The following Anti-Malware program(s) are loaded:
AVG Anti-Virus

************************************************** **********


************************************************** **********
11:23:58 PM: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS

************************************************** **********
11:23:58 PM: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS

************************************************** **********
11:23:58 PM: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************** **********
11:23:58 PM: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [Explorer.exe]
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1033728 bytes
Created: 31/03/2003 10:30 PM
Modified: 14/04/2008 10:42 AM
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\WINDOWS\system32\userinit.exe,]
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26112 bytes
Created: 31/03/2003 10:30 PM
Modified: 14/04/2008 10:42 AM
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
Key value: [logonui.exe]
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
514560 bytes
Created: 31/03/2003 10:30 PM
Modified: 14/04/2008 10:42 AM
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: AVG7_CC
Value Data: C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
590848 bytes
Created: 18/01/2008 3:38 PM
Modified: 17/10/2008 10:41 AM
Company: GRISOFT, s.r.o.
--------------------
Value Name: NvCplDaemon
Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
C:\WINDOWS\system32\NvCpl.dll
7700480 bytes
Created: 22/10/2006 12:22 PM
Modified: 22/10/2006 12:22 PM
Company: NVIDIA Corporation
--------------------
Value Name: nwiz
Value Data: nwiz.exe /install
C:\WINDOWS\system32\nwiz.exe
1622016 bytes
Created: 22/10/2006 12:22 PM
Modified: 22/10/2006 12:22 PM
Company: NVIDIA Corporation
--------------------
Value Name: NvMediaCenter
Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
C:\WINDOWS\system32\NvMcTray.dll
86016 bytes
Created: 22/10/2006 12:22 PM
Modified: 22/10/2006 12:22 PM
Company: NVIDIA Corporation
--------------------
Value Name: zBrowser Launcher
Value Data: C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
204800 bytes
Created: 21/01/2008 10:57 AM
Modified: 20/12/2001 1:59 AM
Company: Logitech Inc.
--------------------
Value Name: EM_EXEC
Value Data: C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
35328 bytes
Created: 21/01/2008 10:57 AM
Modified: 20/12/2001 9:42 AM
Company: Logitech Inc.
--------------------
Value Name:
Value Data:
Blank entry: []
--------------------
Value Name: Sony Ericsson PC Suite
Value Data: "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
-R- 159744 bytes
Created: 26/10/2005 4:17 PM
Modified: 26/10/2005 4:17 PM
Company: Sony Ericsson Mobile Communications AB
--------------------
Value Name: Lexmark X6100 Series
Value Data: "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
57344 bytes
Created: 12/01/2009 1:58 PM
Modified: 23/09/2003 2:01 AM
Company: Lexmark International, Inc.
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
1231752 bytes
Created: 5/02/2009 8:18 PM
Modified: 1/01/2009 8:43 PM
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Once
Value Name: Malwarebytes' Anti-Malware
Value Data: C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
399504 bytes
Created: 5/02/2009 8:37 PM
Modified: 14/01/2009 4:11 PM
Company: Malwarebytes Corporation
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Services
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\Run
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: CTFMON.EXE
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 31/03/2003 10:30 PM
Modified: 14/04/2008 10:42 AM
Company: Microsoft Corporation
--------------------
Value Name: MsnMsgr
Value Data: "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
5724184 bytes
Created: 18/10/2007 11:34 AM
Modified: 18/10/2007 11:34 AM
Company: Microsoft Corporation
--------------------
Value Name: SUPERAntiSpyware
Value Data: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
1830128 bytes
Created: 1/05/2007 10:29 AM
Modified: 3/02/2009 7:46 PM
Company: SUPERAntiSpyware.com
--------------------
Value Name: AlcoholAutomount
Value Data: "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe
217544 bytes
Created: 22/02/2008 10:00 PM
Modified: 22/02/2008 10:00 PM
Company: Alcohol Soft Development Team
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Once
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Services
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run ServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\Run
This Registry Key appears to be empty

************************************************** **********
11:24:01 PM: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------
ValueName: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}
File: C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
77824 bytes
Created: 20/12/2006 2:55 PM
Modified: 22/05/2008 9:49 AM
Company: SuperAdBlocker.com
----------

************************************************** **********
11:24:01 PM: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************** **********
11:24:01 PM: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.
--------------------

************************************************** **********
11:24:01 PM: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: {6BF52A52-394A-11d3-B153-00C04F79FAA6}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
C:\WINDOWS\INF\wmp11.inf
2428 bytes
Created: 25/08/2006 5:09 PM
Modified: 25/08/2006 5:09 PM
Company: [no info]
----------

************************************************** **********
11:24:02 PM: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------

************************************************** **********
11:24:04 PM: Scanning ----- SERVICES REGISTRY KEYS -----
Key: ALCXWDM
ImagePath: system32\drivers\ALCXWDM.SYS
C:\WINDOWS\system32\drivers\ALCXWDM.SYS
303948 bytes
Created: 18/01/2008 1:00 PM
Modified: 25/03/2002 10:43 PM
Company: Avance Logic, Inc.
----------
Key: Aspi32
ImagePath: System32\drivers\aspi32.sys
C:\WINDOWS\System32\drivers\aspi32.sys
16512 bytes
Created: 30/11/2008 11:01 PM
Modified: 21/11/2005 4:18 PM
Company: Adaptec
----------
Key: Avg7Alrt
ImagePath: C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
418816 bytes
Created: 18/01/2008 3:38 PM
Modified: 18/01/2008 3:38 PM
Company: GRISOFT, s.r.o.
----------
Key: Avg7Core
ImagePath: \SystemRoot\System32\Drivers\avg7core.sys
C:\WINDOWS\System32\Drivers\avg7core.sys
821856 bytes
Created: 18/01/2008 3:38 PM
Modified: 18/01/2008 3:38 PM
Company: GRISOFT, s.r.o.
----------
Key: Avg7RsW
ImagePath: \SystemRoot\System32\Drivers\avg7rsw.sys
C:\WINDOWS\System32\Drivers\avg7rsw.sys
4224 bytes
Created: 18/01/2008 3:38 PM
Modified: 18/01/2008 3:38 PM
Company: GRISOFT, s.r.o.
----------
Key: Avg7RsXP
ImagePath: \SystemRoot\System32\Drivers\avg7rsxp.sys
C:\WINDOWS\System32\Drivers\avg7rsxp.sys
27776 bytes
Created: 18/01/2008 3:38 PM
Modified: 18/01/2008 3:38 PM
Company: GRISOFT, s.r.o.
----------
Key: Avg7UpdSvc
ImagePath: C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
49664 bytes
Created: 18/01/2008 3:38 PM
Modified: 18/01/2008 3:38 PM
Company: GRISOFT, s.r.o.
----------
Key: AvgClean
ImagePath: \SystemRoot\System32\Drivers\avgclean.sys
C:\WINDOWS\System32\Drivers\avgclean.sys
10760 bytes
Created: 18/01/2008 3:38 PM
Modified: 18/01/2008 3:42 PM
Company: GRISOFT, s.r.o.
----------
Key: AVGEMS
ImagePath: C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
406528 bytes
Created: 18/01/2008 3:38 PM
Modified: 18/01/2008 3:42 PM
Company: GRISOFT, s.r.o.
----------
Key: AvgTdi
ImagePath: \SystemRoot\System32\Drivers\avgtdi.sys
C:\WINDOWS\System32\Drivers\avgtdi.sys
4960 bytes
Created: 18/01/2008 3:38 PM
Modified: 18/01/2008 3:38 PM
Company: GRISOFT, s.r.o.
----------
Key: BANTExt
ImagePath: \SystemRoot\System32\Drivers\BANTExt.sys
C:\WINDOWS\System32\Drivers\BANTExt.sys
3840 bytes
Created: 24/01/2008 7:37 PM
Modified: 7/04/2005 5:18 PM
Company: [no info]
----------
Key: catchme
ImagePath: \??\C:\Combo-Fix\catchme.sys - this file is globally excluded
----------
Key: ImapiService
ImagePath: %systemroot%\system32\imapi.exe
C:\WINDOWS\system32\imapi.exe
150528 bytes
Created: 31/03/2003 10:30 PM
Modified: 14/04/2008 10:42 AM
Company: Microsoft Corporation
----------
Key: itchfltr
ImagePath: system32\DRIVERS\itchfltr.sys
C:\WINDOWS\system32\DRIVERS\itchfltr.sys
10496 bytes
Created: 21/01/2008 10:57 AM
Modified: 17/12/2001 8:12 PM
Company: Logitech Inc.
----------
Key: JavaQuickStarterService
ImagePath: "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
C:\Program Files\Java\jre6\bin\jqs.exe
152984 bytes
Created: 30/11/2008 2:31 PM
Modified: 10/11/2008 5:43 AM
Company: Sun Microsystems, Inc.
----------
Key: LexBceS
ImagePath: C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXBCES.EXE
303104 bytes
Created: 12/01/2009 1:59 PM
Modified: 23/09/2003 1:42 AM
Company: Lexmark International, Inc.
----------
Key: pfsvgae
ImagePath: \??\C:\DOCUME~1\Gigster\LOCALS~1\Temp\pfsvgae.sys
C:\DOCUME~1\Gigster\LOCALS~1\Temp\pfsvgae.sys [file not found to scan]
----------
Key: prodrv06
ImagePath: \SystemRoot\System32\drivers\prodrv06.sys
C:\WINDOWS\System32\drivers\prodrv06.sys
53920 bytes
Created: 9/08/2004 9:59 PM
Modified: 9/08/2004 9:59 PM
Company: Protection Technology
----------
Key: prohlp02
ImagePath: System32\drivers\prohlp02.sys
C:\WINDOWS\System32\drivers\prohlp02.sys
114016 bytes
Created: 9/08/2004 10:03 PM
Modified: 9/08/2004 10:03 PM
Company: Protection Technology
----------
Key: prosync1
ImagePath: System32\drivers\prosync1.sys
C:\WINDOWS\System32\drivers\prosync1.sys
7040 bytes
Created: 20/07/2004 1:19 AM
Modified: 20/07/2004 1:19 AM
Company: Protection Technology
----------
Key: RTL8023xp
ImagePath: system32\DRIVERS\Rtnicxp.sys
C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
104320 bytes
Created: 20/11/2007 11:09 AM
Modified: 20/11/2007 11:09 AM
Company: Realtek Semiconductor Corporation
----------
Key: SASDIFSV
ImagePath: \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
8944 bytes
Created: 10/10/2006 2:53 PM
Modified: 22/05/2008 9:49 AM
Company: SUPERAdBlocker.com and SUPERAntiSpyware.com
----------
Key: SASENUM
ImagePath: \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
-R- 4096 bytes
Created: 16/02/2006 6:51 PM
Modified: 16/02/2006 6:51 PM
Company: SuperAdBlocker, Inc.
----------
Key: SASKUTIL
ImagePath: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
55024 bytes
Created: 27/02/2007 1:39 PM
Modified: 22/05/2008 9:49 AM
Company: SUPERAdBlocker.com and SUPERAntiSpyware.com
----------
Key: SE2Cbus
ImagePath: system32\DRIVERS\SE2Cbus.sys
C:\WINDOWS\system32\DRIVERS\SE2Cbus.sys
-R- 61600 bytes
Created: 24/04/2008 6:08 PM
Modified: 10/11/2006 10:54 AM
Company: MCCI
----------
Key: SE2Cmdfl
ImagePath: system32\DRIVERS\SE2Cmdfl.sys
C:\WINDOWS\system32\DRIVERS\SE2Cmdfl.sys
-R- 9360 bytes
Created: 4/12/2008 10:33 AM
Modified: 10/11/2006 9:54 AM
Company: MCCI
----------
Key: SE2Cmdm
ImagePath: system32\DRIVERS\SE2Cmdm.sys
C:\WINDOWS\system32\DRIVERS\SE2Cmdm.sys
-R- 97184 bytes
Created: 4/12/2008 10:33 AM
Modified: 10/11/2006 9:54 AM
Company: MCCI
----------
Key: SE2Cmgmt
ImagePath: system32\DRIVERS\SE2Cmgmt.sys
C:\WINDOWS\system32\DRIVERS\SE2Cmgmt.sys
-R- 88688 bytes
Created: 4/12/2008 10:33 AM
Modified: 10/11/2006 9:54 AM
Company: MCCI
----------
Key: se2Cnd5
ImagePath: system32\DRIVERS\se2Cnd5.sys
C:\WINDOWS\system32\DRIVERS\se2Cnd5.sys
-R- 18704 bytes
Created: 4/12/2008 10:34 AM
Modified: 10/11/2006 9:54 AM
Company: MCCI
----------
Key: SE2Cobex
ImagePath: system32\DRIVERS\SE2Cobex.sys
C:\WINDOWS\system32\DRIVERS\SE2Cobex.sys
-R- 86560 bytes
Created: 4/12/2008 10:33 AM
Modified: 10/11/2006 9:54 AM
Company: MCCI
----------
Key: se2Cunic
ImagePath: system32\DRIVERS\se2Cunic.sys
C:\WINDOWS\system32\DRIVERS\se2Cunic.sys
-R- 90800 bytes
Created: 4/12/2008 10:34 AM
Modified: 10/11/2006 9:54 AM
Company: MCCI
----------
Key: sfhlp01
ImagePath: System32\drivers\sfhlp01.sys
C:\WINDOWS\System32\drivers\sfhlp01.sys
4832 bytes
Created: 2/12/2003 1:50 AM
Modified: 2/12/2003 1:50 AM
Company: Protection Technology
----------
Key: sptd
ImagePath: System32\Drivers\sptd.sys - this file is globally excluded
----------
Key: StarWindServiceAE
ImagePath: C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
275968 bytes
Created: 29/05/2007 3:27 AM
Modified: 29/05/2007 3:27 AM
Company: Rocket Division Software
----------
Key: SwPrv
ImagePath: C:\WINDOWS\System32\dllhost.exe /Processid:{AD623655-EF04-4C37-9BEB-30243CD66548}
C:\WINDOWS\System32\dllhost.exe
5120 bytes
Created: 31/03/2003 10:30 PM
Modified: 14/04/2008 10:42 AM
Company: Microsoft Corporation
----------
Key: usbbus
ImagePath: system32\DRIVERS\lgusbbus.sys
C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [file not found to scan]
----------
Key: USBModem
ImagePath: system32\DRIVERS\lgusbmodem.sys
C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [file not found to scan]
----------
Key: usnjsvc
ImagePath: "C:\Program Files\Windows Live\Messenger\usnsvc.exe"
C:\Program Files\Windows Live\Messenger\usnsvc.exe
98328 bytes
Created: 18/10/2007 11:31 AM
Modified: 18/10/2007 11:31 AM
Company: Microsoft Corporation
----------
Key: WLSetupSvc
ImagePath: "C:\Program Files\Windows Live\installer\WLSetupSvc.exe"
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
266240 bytes
Created: 25/10/2007 3:27 PM
Modified: 25/10/2007 3:27 PM
Company: Microsoft Corporation
----------

************************************************** **********
11:24:10 PM: Scanning -----VXD ENTRIES-----
Checking the following VxD entries:

************************************************** **********
11:24:10 PM: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key : !SASWinLogon
DLLName: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
356352 bytes
Created: 19/04/2007 2:41 PM
Modified: 6/01/2009 5:26 PM
Company: SUPERAntiSpyware.com
----------

************************************************** **********
11:24:10 PM: Scanning ----- CONTEXTMENUHANDLERS -----
Key: AVG7 Shell Extension
CLSID: {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
Path: C:\Program Files\Grisoft\AVG7\avgse.dll
C:\Program Files\Grisoft\AVG7\avgse.dll
50688 bytes
Created: 18/01/2008 3:38 PM
Modified: 18/01/2008 3:38 PM
Company: GRISOFT, s.r.o.
----------
Key: ShellExtension
CLSID: [empty]
----------
Key: {CA8ACAFA-5FBB-467B-B348-90DD488DE003}
Path: C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL
C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL
61440 bytes
Created: 27/02/2007 1:39 PM
Modified: 27/02/2007 1:39 PM
Company: SUPERAntiSpyware.com
----------

************************************************** **********
11:24:10 PM: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {7D4D6379-F301-4311-BEBA-E26EB0561882}
File: [CLSID does not appear to reference a file]

************************************************** **********
11:24:10 PM: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {02478D38-C3F9-4EFB-9B51-7695ECA05670}
BHO: C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
440384 bytes
Created: 10/12/2008 11:13 AM
Modified: 26/10/2006 10:28 AM
Company: Yahoo! Inc.
----------
Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
BHO: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
62080 bytes
Created: 22/10/2006 11:08 PM
Modified: 22/10/2006 11:08 PM
Company: Adobe Systems Incorporated
----------
Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
BHO: C:\Program Files\Java\jre6\bin\ssv.dll
C:\Program Files\Java\jre6\bin\ssv.dll
320920 bytes
Created: 30/11/2008 2:31 PM
Modified: 10/11/2008 5:43 AM
Company: Sun Microsystems, Inc.
----------
Key: {9030D464-4C02-4ABF-8ECC-5164760863C6}
BHO: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
392240 bytes
Created: 14/12/2007 12:54 PM
Modified: 14/12/2007 12:54 PM
Company: Microsoft Corporation
----------
Key: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
BHO: C:\Program Files\Windows Live Toolbar\msntb.dll
C:\Program Files\Windows Live Toolbar\msntb.dll
546320 bytes
Created: 19/10/2007 11:20 AM
Modified: 19/10/2007 11:20 AM
Company: Microsoft Corporation
----------
Key: {DBC80044-A445-435b-BC74-9C25C1C588A9}
BHO: C:\Program Files\Java\jre6\bin\jp2ssv.dll
C:\Program Files\Java\jre6\bin\jp2ssv.dll
34816 bytes
Created: 30/11/2008 2:31 PM
Modified: 10/11/2008 5:43 AM
Company: Sun Microsystems, Inc.
----------
Key: {E7E6F031-17CE-4C07-BC86-EABFE594F69C}
BHO: C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
73728 bytes
Created: 30/11/2008 2:31 PM
Modified: 10/11/2008 5:43 AM
Company: Sun Microsystems, Inc.
----------
Key: {ecdee021-0d17-467f-a1ff-c7a115230949}
BHO: C:\Program Files\free-downloads.net\tbfree.dll
C:\Program Files\free-downloads.net\tbfree.dll
1555480 bytes
Created: 1/09/2007 2:54 PM
Modified: 14/02/2008 3:54 PM
Company: Conduit Ltd.
----------
Key: {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}
BHO: C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
262144 bytes
Created: 21/04/2008 7:26 PM
Modified: 21/04/2008 7:26 PM
Company: ZoneAlarm
----------

************************************************** **********
11:24:11 PM: Scanning ----- SHELLSERVICEOBJECTS -----
Key: WebCheck
CLSID: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Path: %SystemRoot%\System32\webcheck.dll
C:\WINDOWS\System32\webcheck.dll
276480 bytes
Created: 31/03/2003 10:30 PM
Modified: 14/04/2008 10:42 AM
Company: Microsoft Corporation
----------
Key: SysTray
CLSID: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Path: %systemroot%\system32\stobject.dll
C:\WINDOWS\system32\stobject.dll
121856 bytes
Created: 31/03/2003 10:30 PM
Modified: 14/04/2008 10:42 AM
Company: Microsoft Corporation
----------

************************************************** **********
11:24:11 PM: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

************************************************** **********
11:24:11 PM: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************** **********
11:24:11 PM: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank or does not exist

************************************************** **********
11:24:12 PM: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************** **********
11:24:12 PM: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
-HS- 84 bytes
Created: 18/01/2008 8:21 PM
Modified: 18/01/2008 10:26 AM
Company: [no info]
--------------------

************************************************** **********
11:24:12 PM: Scanning ------ USER STARTUP GROUPS ------
--------------------
Checking Startup Group for: Administrator
[C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP]
The Startup Group for Administrator attempts to load the following file(s):
C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 20/04/2008 10:49 AM
Modified: 18/01/2008 10:26 AM
Company: [no info]
----------
--------------------
Checking Startup Group for: Bella
[C:\Documents and Settings\Bella\START MENU\PROGRAMS\STARTUP]
The Startup Group for Bella attempts to load the following file(s):
C:\Documents and Settings\Bella\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 18/01/2008 5:15 PM
Modified: 18/01/2008 10:26 AM
Company: [no info]
----------
--------------------
Checking Startup Group for: Gigster
[C:\Documents and Settings\Gigster\START MENU\PROGRAMS\STARTUP]
The Startup Group for Gigster attempts to load the following file(s):
C:\Documents and Settings\Gigster\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 18/01/2008 10:32 AM
Modified: 18/01/2008 10:26 AM
Company: [no info]
----------

************************************************** **********
11:24:12 PM: Scanning ----- SCHEDULED TASKS -----
Taskname: Check Updates for Windows Live Toolbar.job
File: C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
99856 bytes
Created: 19/10/2007 11:20 AM
Modified: 19/10/2007 11:20 AM
Company: Microsoft Corporation
Parameters: [blank]
Next Run Time: 6/02/2009 12:12:00 AM
Status: The task is ready to run at its next scheduled time
Creator: Gigster
Comments: [blank]
----------
Taskname: SS4200 Utility Updates.job
File: C:\WINDOWS\Installer\SS4200 Utility Updates for All Users.lnk
C:\WINDOWS\Installer\SS4200 Utility Updates for All Users.lnk
977 bytes
Created: 23/11/2008 3:12 PM
Modified: 23/11/2008 3:12 PM
Company: [no info]
Parameters: [blank]
Next Run Time: 6/02/2009 10:00:00 AM
Status: The task has not yet run
Creator: Gigster
Comments: [blank]
----------

************************************************** **********
11:24:13 PM: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----

************************************************** **********
11:24:13 PM: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Documents and Settings\Gigster\Application Data\Mozilla\Firefox\Desktop Background.bmp
C:\Documents and Settings\Gigster\Application Data\Mozilla\Firefox\Desktop Background.bmp
1358010 bytes
Created: 28/04/2008 2:27 PM
Modified: 28/04/2008 2:27 PM
Company: [no info]
----------
Web Desktop Wallpaper: %APPDATA%\Mozilla\Firefox\Desktop Background.bmp
C:\Documents and Settings\Gigster\Application Data\Mozilla\Firefox\Desktop Background.bmp
1358010 bytes
Created: 28/04/2008 2:27 PM
Modified: 28/04/2008 2:27 PM
Company: [no info]
----------
Checks for rogue DNS NameServers completed
----------
----------
Additional checks completed

************************************************** **********
11:24:13 PM: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
--------------------
C:\WINDOWS\system32\csrss.exe
--------------------
C:\WINDOWS\system32\winlogon.exe
--------------------
C:\WINDOWS\system32\services.exe
--------------------
C:\WINDOWS\system32\lsass.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\LEXBCES.EXE - file already scanned
--------------------
C:\WINDOWS\system32\spoolsv.exe
--------------------
C:\WINDOWS\system32\LEXPPS.EXE
--------------------
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe - file already scanned
--------------------
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe - file already scanned
--------------------
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe - file already scanned
--------------------
C:\Program Files\Java\jre6\bin\jqs.exe - file already scanned
--------------------
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
--------------------
C:\WINDOWS\system32\nvsvc32.exe
--------------------
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\alg.exe
--------------------
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe - file already scanned
--------------------
C:\WINDOWS\system32\RUNDLL32.EXE
--------------------
C:\Program Files\Logitech\iTouch\iTouch.exe - file already scanned
--------------------
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe - file already scanned
--------------------
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
--------------------
C:\Program Files\Logitech\iTouch\kbdtray.exe
--------------------
C:\WINDOWS\system32\ctfmon.exe - file already scanned
--------------------
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe - file already scanned
--------------------
C:\Program Files\Common Files\Teleca Shared\Generic.exe
--------------------
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
--------------------
C:\WINDOWS\system32\taskmgr.exe
--------------------
C:\WINDOWS\explorer.exe - file already scanned
--------------------
C:\Documents and Settings\Gigster\Application Data\Simply Super Software\Trojan Remover\pjy2E.exe
FileSize: 2933624
[This is a Trojan Remover component]
--------------------

************************************************** **********
11:24:16 PM: Checking AUTOEXEC.BAT file
AUTOEXEC.BAT found in C:\
No malicious entries were found in the AUTOEXEC.BAT file

************************************************** **********
11:24:16 PM: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file

************************************************** **********
11:24:16 PM: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************** **********
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
about:blank
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

************************************************** **********
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 11:24:16 PM 05 Feb 2009
Total Scan time: 00:00:18
************************************************** **********


***** WINDOWS EXPLORER POLICIES RESET *****
Trojan Remover Ver 6.7.5.2562. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 11:23:35 PM 05 Feb 2009
Using Database v7279
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Gigster\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Gigster\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************** **********
The following Anti-Malware program(s) are loaded:
AVG Anti-Virus

************************************************** **********

Checking for HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System
- no action required on this key as it does not exist
----------
Checking for HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\NonEnum
- no action required on this key as it does not exist
Checking for HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\NonEnum\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
- no action required: value either does not exist or is set to False
Checking for HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\NonEnum\{450D8FBA-AD25-11D0-98A8-0800361B1103}
- no action required: value either does not exist or is set to False
----------
Checking for HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\DisallowRun
- no action required on this key as it does not exist
----------
Checking Values in:
HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer
Value: DisallowRun - value does not exist, no action required
Value: NoActiveDesktopChanges - value does not exist, no action required
Value: NoActiveDesktop - not set, no action required
Value: NoFileMenu - value does not exist, no action required
Value: NoClose - value does not exist, no action required
Value: NoDesktop - value does not exist, no action required
Value: NoDrives - value does not exist, no action required
Value: NoFind - value does not exist, no action required
Value: NoFolderOptions - value does not exist, no action required
Value: NoRun - value does not exist, no action required
Value: NoFavoritesMenu - value does not exist, no action required
Value: NoSetFolders - value does not exist, no action required
Value: NoControlPanel - value does not exist, no action required
----------
Checking Values in:
HKCU\Control Panel\Desktop
----------
Checking HKCU ActiveDesktop Policies:
----------
Checking HKCU Add/Remove Programs Policies:
----------
Checking for HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\DisallowRun
- no action required on this key as it does not exist
----------
Checking Values in:
HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer
Value: DisallowRun - value does not exist, no action required
Value: NoActiveDesktopChanges - value does not exist, no action required
Value: NoActiveDesktop - not set, no action required
Value: NoFileMenu - value does not exist, no action required
Value: NoClose - value does not exist, no action required
Value: NoDesktop - value does not exist, no action required
Value: NoDrives - value does not exist, no action required
Value: NoFind - value does not exist, no action required
Value: NoFolderOptions - value does not exist, no action required
Value: NoRun - value does not exist, no action required
Value: NoFavoritesMenu - value does not exist, no action required
Value: NoSetFolders - value does not exist, no action required
Value: NoControlPanel - value does not exist, no action required
----------
Checking HKLM ActiveDesktop Policies:
----------
Checking HKLM Add/Remove Programs Policies:
----------
************************************************** **********


***** LAYERED SERVICE PROVIDER CHECKS *****
Trojan Remover Ver 6.7.5.2562. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 11:23:31 PM 05 Feb 2009
Using Database v7279
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Gigster\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Gigster\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************** **********
The following Anti-Malware program(s) are loaded:
AVG Anti-Virus

************************************************** **********

No errors were located in the Layered Service Provider Registry entries.
No action was taken.
************************************************** **********


***** WINDOWS UPDATE POLICIES RESET *****
Trojan Remover Ver 6.7.5.2562. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 11:23:28 PM 05 Feb 2009
Using Database v7279
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Gigster\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Gigster\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************** **********
The following Anti-Malware program(s) are loaded:
AVG Anti-Virus

************************************************** **********

No invalid Windows Update Policies found to reset.
************************************************** **********


***** WINDOWS HOSTS FILE RESET *****
Trojan Remover Ver 6.7.5.2562. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 11:23:23 PM 05 Feb 2009
Using Database v7279
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Gigster\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Gigster\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************** **********
The following Anti-Malware program(s) are loaded:
AVG Anti-Virus

************************************************** **********

C:\WINDOWS\system32\DRIVERS\ETC\HOSTS has been copied to C:\WINDOWS\system32\DRIVERS\ETC\HOSTS.TRB
The default HOSTS file was successfully reset.
************************************************** **********


***** INTERNET EXPLORER HOME/START/SEARCH PAGE AND POLICY RESTRICTIONS RESET ****
Trojan Remover Ver 6.7.5.2562. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 11:23:19 PM 05 Feb 2009
Using Database v7279
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Gigster\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Gigster\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************** **********
The following Anti-Malware program(s) are loaded:
AVG Anti-Virus

************************************************** **********

Existing Home/Start/Search Page settings are as follows:
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
about:blank
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
These settings will now be reset to their defaults:
HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\"NoToolbarCustomize" policy reset to default
HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\"NoBandCustomize" policy reset to default
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL" has been reset
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page" has been reset
HKLM\Software\Microsoft\Windows\CurrentVersion\URL \Prefixes\"www" has been reset
HKLM\Software\Microsoft\Windows\CurrentVersion\URL \Prefixes\"ftp" has been reset
HKLM\Software\Microsoft\Windows\CurrentVersion\URL \Prefixes\"gopher" has been reset
HKLM\Software\Microsoft\Windows\CurrentVersion\URL \Prefixes\"home" has been reset
HKLM\Software\Microsoft\Windows\CurrentVersion\URL \Prefixes\"mosaic" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer\"NoToolbarCustomize" policy reset to default
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer\"NoBandCustomize" policy reset to default
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Search Page" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Show_FullURL" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Show_ToolBar" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Show_URLToolBar" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Start Page" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Show_StatusBar" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Show_URLinStatusBar" has been reset
--------------------
************************************************** **********


***** THE SYSTEM HAS BEEN RESTARTED *****
5/02/2009 8:28:55 PM: Trojan Remover has been restarted
================================================== =====
Removing the following registry keys:
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\dtscsi.sys - already removed (or did not exist)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\dtscsi.sys - already removed (or did not exist)
================================================== =====
================================================== =====
Deleting the following registry value(s):
HKLM\SYSTEM\CurrentControlSet\Services\dtscsi\[ImagePath] - already deleted
================================================== =====
5/02/2009 8:28:55 PM: Trojan Remover closed
************************************************** **********


***** WINDOWS EXPLORER POLICIES RESET *****
Trojan Remover Ver 6.7.5.2562. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 8:26:22 PM 05 Feb 2009
Using Database v7272
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Gigster\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Gigster\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************** **********
The following Anti-Malware program(s) are loaded:
AVG Anti-Virus
AVG Anti-Virus

************************************************** **********

Checking for HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System
- no action required on this key as it does not exist
----------
Checking for HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\NonEnum
- no action required on this key as it does not exist
Checking for HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\NonEnum\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
- no action required: value either does not exist or is set to False
Checking for HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\NonEnum\{450D8FBA-AD25-11D0-98A8-0800361B1103}
- no action required: value either does not exist or is set to False
----------
Checking for HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\DisallowRun
- no action required on this key as it does not exist
----------
Checking Values in:
HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer
Value: DisallowRun - value does not exist, no action required
Value: NoActiveDesktopChanges - value does not exist, no action required
Value: NoActiveDesktop - not set, no action required
Value: NoFileMenu - value does not exist, no action required
Value: NoClose - value does not exist, no action required
Value: NoDesktop - value does not exist, no action required
Value: NoDrives - value does not exist, no action required
Value: NoFind - value does not exist, no action required
Value: NoFolderOptions - value does not exist, no action required
Value: NoRun - value does not exist, no action required
Value: NoFavoritesMenu - value does not exist, no action required
Value: NoSetFolders - value does not exist, no action required
Value: NoControlPanel - value does not exist, no action required
----------
Checking Values in:
HKCU\Control Panel\Desktop
----------
Checking HKCU ActiveDesktop Policies:
----------
Checking HKCU Add/Remove Programs Policies:
----------
Checking for HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\DisallowRun
- no action required on this key as it does not exist
----------
Checking Values in:
HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer
Value: DisallowRun - value does not exist, no action required
Value: NoActiveDesktopChanges - value does not exist, no action required
Value: NoActiveDesktop - not set, no action required
Value: NoFileMenu - value does not exist, no action required
Value: NoClose - value does not exist, no action required
Value: NoDesktop - value does not exist, no action required
Value: NoDrives - value does not exist, no action required
Value: NoFind - value does not exist, no action required
Value: NoFolderOptions - value does not exist, no action required
Value: NoRun - value does not exist, no action required
Value: NoFavoritesMenu - value does not exist, no action required
Value: NoSetFolders - value does not exist, no action required
Value: NoControlPanel - value does not exist, no action required
----------
Checking HKLM ActiveDesktop Policies:
----------
Checking HKLM Add/Remove Programs Policies:
----------
************************************************** **********


***** LAYERED SERVICE PROVIDER CHECKS *****
Trojan Remover Ver 6.7.5.2562. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 8:26:15 PM 05 Feb 2009
Using Database v7272
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Gigster\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Gigster\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************** **********
The following Anti-Malware program(s) are loaded:
AVG Anti-Virus
AVG Anti-Virus

************************************************** **********

No errors were located in the Layered Service Provider Registry entries.
No action was taken.
************************************************** **********


***** LAYERED SERVICE PROVIDER CHECKS *****
Trojan Remover Ver 6.7.5.2562. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 8:25:32 PM 05 Feb 2009
Using Database v7272
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Gigster\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Gigster\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************** **********
The following Anti-Malware program(s) are loaded:
AVG Anti-Virus
AVG Anti-Virus

************************************************** **********

No errors were located in the Layered Service Provider Registry entries.
No action was taken.
************************************************** **********


***** WINDOWS UPDATE POLICIES RESET *****
Trojan Remover Ver 6.7.5.2562. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 8:25:27 PM 05 Feb 2009
Using Database v7272
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Gigster\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Gigster\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************** **********
The following Anti-Malware program(s) are loaded:
AVG Anti-Virus
AVG Anti-Virus

************************************************** **********

No invalid Windows Update Policies found to reset.
************************************************** **********


***** WINDOWS HOSTS FILE RESET *****
Trojan Remover Ver 6.7.5.2562. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 8:25:24 PM 05 Feb 2009
Using Database v7272
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Gigster\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Gigster\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************** **********
The following Anti-Malware program(s) are loaded:
AVG Anti-Virus
AVG Anti-Virus

************************************************** **********

C:\WINDOWS\system32\DRIVERS\ETC\HOSTS has been copied to C:\WINDOWS\system32\DRIVERS\ETC\HOSTS.TRB
The default HOSTS file was successfully reset.
************************************************** **********


***** INTERNET EXPLORER HOME/START/SEARCH PAGE AND POLICY RESTRICTIONS RESET ****
Trojan Remover Ver 6.7.5.2562. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 8:25:19 PM 05 Feb 2009
Using Database v7272
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Gigster\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Gigster\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************** **********
The following Anti-Malware program(s) are loaded:
AVG Anti-Virus
AVG Anti-Virus

************************************************** **********

Existing Home/Start/Search Page settings are as follows:
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
about:blank
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
These settings will now be reset to their defaults:
HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\"NoToolbarCustomize" policy reset to default
HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\"NoBandCustomize" policy reset to default
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL" has been reset
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page" has been reset
HKLM\Software\Microsoft\Windows\CurrentVersion\URL \Prefixes\"www" has been reset
HKLM\Software\Microsoft\Windows\CurrentVersion\URL \Prefixes\"ftp" has been reset
HKLM\Software\Microsoft\Windows\CurrentVersion\URL \Prefixes\"gopher" has been reset
HKLM\Software\Microsoft\Windows\CurrentVersion\URL \Prefixes\"home" has been reset
HKLM\Software\Microsoft\Windows\CurrentVersion\URL \Prefixes\"mosaic" has been reset
HKEY_CURRENT_USER\Software\Policies\Microsoft\Inte rnet Explorer\Control Panel has been reset
HKEY_CURRENT_USER\Software\Policies\Microsoft\Inte rnet Explorer\Control Panel\"HomePage" value has been reset
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer\"NoToolbarCustomize" policy reset to default
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer\"NoBandCustomize" policy reset to default
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Search Page" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Show_FullURL" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Show_ToolBar" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Show_URLToolBar" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Start Page" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Show_StatusBar" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Show_URLinStatusBar" has been reset
--------------------
************************************************** **********


***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.5.2562. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 8:22:31 PM 05 Feb 2009
Using Database v7272
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Gigster\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Gigster\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************** **********
The following Anti-Malware program(s) are loaded:
AVG Anti-Virus
AVG Anti-Virus

************************************************** **********


************************************************** **********
8:22:31 PM: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS

************************************************** **********
8:22:31 PM: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS

************************************************** **********
8:22:31 PM: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************** **********
8:22:31 PM: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [Explorer.exe]
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1033728 bytes
Created: 31/03/2003 10:30 PM
Modified: 14/04/2008 10:42 AM
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\WINDOWS\system32\userinit.exe,]
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26112 bytes
Created: 31/03/2003 10:30 PM
Modified: 14/04/2008 10:42 AM
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
Key value: [logonui.exe]
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
514560 bytes
Created: 31/03/2003 10:30 PM
Modified: 14/04/2008 10:42 AM
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: SoundMan
Value Data: SOUNDMAN.EXE
C:\WINDOWS\SOUNDMAN.EXE
46592 bytes
Created: 18/01/2008 1:00 PM
Modified: 21/03/2002 12:53 PM
Company: Avance Logic, Inc.
--------------------
Value Name: AVG7_CC
Value Data: C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
590848 bytes
Created: 18/01/2008 3:38 PM
Modified: 17/10/2008 10:41 AM
Company: GRISOFT, s.r.o.
--------------------
Value Name: NvCplDaemon
Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
C:\WINDOWS\system32\NvCpl.dll
7700480 bytes
Created: 22/10/2006 12:22 PM
Modified: 22/10/2006 12:22 PM
Company: NVIDIA Corporation
--------------------
Value Name: nwiz
Value Data: nwiz.exe /install
C:\WINDOWS\system32\nwiz.exe
1622016 bytes
Created: 22/10/2006 12:22 PM
Modified: 22/10/2006 12:22 PM
Company: NVIDIA Corporation
--------------------
Value Name: NvMediaCenter
Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
C:\WINDOWS\system32\NvMcTray.dll
86016 bytes
Created: 22/10/2006 12:22 PM
Modified: 22/10/2006 12:22 PM
Company: NVIDIA Corporation
--------------------
Value Name: zBrowser Launcher
Value Data: C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
204800 bytes
Created: 21/01/2008 10:57 AM
Modified: 20/12/2001 1:59 AM
Company: Logitech Inc.
--------------------
Value Name: EM_EXEC
Value Data: C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
35328 bytes
Created: 21/01/2008 10:57 AM
Modified: 20/12/2001 9:42 AM
Company: Logitech Inc.
--------------------
Value Name:
Value Data:
Blank entry: []
--------------------
Value Name: Sony Ericsson PC Suite
Value Data: "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
-R- 159744 bytes
Created: 26/10/2005 4:17 PM
Modified: 26/10/2005 4:17 PM
Company: Sony Ericsson Mobile Communications AB
--------------------
Value Name: Lexmark X6100 Series
Value Data: "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
57344 bytes
Created: 12/01/2009 1:58 PM
Modified: 23/09/2003 2:01 AM
Company: Lexmark International, Inc.
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
1231752 bytes
Created: 5/02/2009 8:18 PM
Modified: 1/01/2009 8:43 PM
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Once
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Services
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\Run
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: CTFMON.EXE
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 31/03/2003 10:30 PM
Modified: 14/04/2008 10:42 AM
Company: Microsoft Corporation
--------------------
Value Name: MsnMsgr
Value Data: "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
5724184 bytes
Created: 18/10/2007 11:34 AM
Modified: 18/10/2007 11:34 AM
Company: Microsoft Corporation
--------------------
Value Name: SUPERAntiSpyware
Value Data: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
1830128 bytes
Created: 1/05/2007 10:29 AM
Modified: 3/02/2009 7:46 PM
Company: SUPERAntiSpyware.com
--------------------
Value Name: AlcoholAutomount
Value Data: "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe
217544 bytes
Created: 22/02/2008 10:00 PM
Modified: 22/02/2008 10:00 PM
Company: Alcohol Soft Development Team
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Once
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Services
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run ServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\Run
This Registry Key appears to be empty

************************************************** **********
8:22:34 PM: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------
ValueName: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}
File: C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
77824 bytes
Created: 20/12/2006 2:55 PM
Modified: 22/05/2008 9:49 AM
Company: SuperAdBlocker.com
----------

************************************************** **********
8:22:34 PM: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************** **********
8:22:34 PM: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.
--------------------

************************************************** **********
8:22:34 PM: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: {6BF52A52-394A-11d3-B153-00C04F79FAA6}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
C:\WINDOWS\INF\wmp11.inf
2428 bytes
Created: 25/08/2006 5:09 PM
Modified: 25/08/2006 5:09 PM
Company: [no info]
----------

************************************************** **********
8:22:35 PM: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------

************************************************** **********
8:22:37 PM: Scanning ----- SERVICES REGISTRY KEYS -----
Key: ALCXWDM
ImagePath: system32\drivers\ALCXWDM.SYS
C:\WINDOWS\system32\drivers\ALCXWDM.SYS
303948 bytes
Created: 18/01/2008 1:00 PM
Modified: 25/03/2002 10:43 PM
Company: Avance Logic, Inc.
----------
Key: Aspi32
ImagePath: System32\drivers\aspi32.sys
C:\WINDOWS\System32\drivers\aspi32.sys
16512 bytes
Created: 30/11/2008 11:01 PM
Modified: 21/11/2005 4:18 PM
Company: Adaptec
----------
Key: Avg7Alrt
ImagePath: C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
418816 bytes
Created: 18/01/2008 3:38 PM
Modified: 18/01/2008 3:38 PM
Company: GRISOFT, s.r.o.
----------
Key: Avg7Core
ImagePath: \SystemRoot\System32\Drivers\avg7core.sys
C:\WINDOWS\System32\Drivers\avg7core.sys
821856 bytes
Created: 18/01/2008 3:38 PM
Modified: 18/01/2008 3:38 PM
Company: GRISOFT, s.r.o.
----------
Key: Avg7RsW
ImagePath: \SystemRoot\System32\Drivers\avg7rsw.sys
C:\WINDOWS\System32\Drivers\avg7rsw.sys
4224 bytes
Created: 18/01/2008 3:38 PM
Modified: 18/01/2008 3:38 PM
Company: GRISOFT, s.r.o.
----------
Key: Avg7RsXP
ImagePath: \SystemRoot\System32\Drivers\avg7rsxp.sys
C:\WINDOWS\System32\Drivers\avg7rsxp.sys
27776 bytes
Created: 18/01/2008 3:38 PM
Modified: 18/01/2008 3:38 PM
Company: GRISOFT, s.r.o.
----------
Key: Avg7UpdSvc
ImagePath: C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
49664 bytes
Created: 18/01/2008 3:38 PM
Modified: 18/01/2008 3:38 PM
Company: GRISOFT, s.r.o.
----------
Key: AvgClean
ImagePath: \SystemRoot\System32\Drivers\avgclean.sys
C:\WINDOWS\System32\Drivers\avgclean.sys
10760 bytes
Created: 18/01/2008 3:38 PM
Modified: 18/01/2008 3:42 PM
Company: GRISOFT, s.r.o.
----------
Key: AVGEMS
ImagePath: C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
406528 bytes
Created: 18/01/2008 3:38 PM
Modified: 18/01/2008 3:42 PM
Company: GRISOFT, s.r.o.
----------
Key: AvgTdi
ImagePath: \SystemRoot\System32\Drivers\avgtdi.sys
C:\WINDOWS\System32\Drivers\avgtdi.sys
4960 bytes
Created: 18/01/2008 3:38 PM
Modified: 18/01/2008 3:38 PM
Company: GRISOFT, s.r.o.
----------
Key: BANTExt
ImagePath: \SystemRoot\System32\Drivers\BANTExt.sys
C:\WINDOWS\System32\Drivers\BANTExt.sys
3840 bytes
Created: 24/01/2008 7:37 PM
Modified: 7/04/2005 5:18 PM
Company: [no info]
----------
Key: catchme
ImagePath: \??\C:\Combo-Fix\catchme.sys - this file is globally excluded
----------
Key: dtscsi
ImagePath: \SystemRoot\System32\Drivers\dtscsi.sys
C:\WINDOWS\System32\Drivers\dtscsi.sys
223128 bytes
Created: 10/08/2008 3:37 PM
Modified: 10/08/2008 3:37 PM
Company: [no info]
C:\WINDOWS\System32\Drivers\dtscsi.sys appears to be in-use/locked
C:\WINDOWS\System32\Drivers\dtscsi.sys - this registry value has been removed
C:\WINDOWS\System32\Drivers\dtscsi.sys - file renamed to: C:\WINDOWS\System32\Drivers\dtscsi.sys.vir
----------
Key: ImapiService
ImagePath: %systemroot%\system32\imapi.exe
C:\WINDOWS\system32\imapi.exe
150528 bytes
Created: 31/03/2003 10:30 PM
Modified: 14/04/2008 10:42 AM
Company: Microsoft Corporation
----------
Key: itchfltr
ImagePath: system32\DRIVERS\itchfltr.sys
C:\WINDOWS\system32\DRIVERS\itchfltr.sys
10496 bytes
Created: 21/01/2008 10:57 AM
Modified: 17/12/2001 8:12 PM
Company: Logitech Inc.
----------
Key: JavaQuickStarterService
ImagePath: "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
C:\Program Files\Java\jre6\bin\jqs.exe
152984 bytes
Created: 30/11/2008 2:31 PM
Modified: 10/11/2008 5:43 AM
Company: Sun Microsystems, Inc.
----------
Key: LexBceS
ImagePath: C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXBCES.EXE
303104 bytes
Created: 12/01/2009 1:59 PM
Modified: 23/09/2003 1:42 AM
Company: Lexmark International, Inc.
----------
Key: pfsvgae
ImagePath: \??\C:\DOCUME~1\Gigster\LOCALS~1\Temp\pfsvgae.sys
C:\DOCUME~1\Gigster\LOCALS~1\Temp\pfsvgae.sys [file not found to scan]
----------
Key: prodrv06
ImagePath: \SystemRoot\System32\drivers\prodrv06.sys
C:\WINDOWS\System32\drivers\prodrv06.sys
53920 bytes
Created: 9/08/2004 9:59 PM
Modified: 9/08/2004 9:59 PM
Company: Protection Technology
----------
Key: prohlp02
ImagePath: System32\drivers\prohlp02.sys
C:\WINDOWS\System32\drivers\prohlp02.sys
114016 bytes
Created: 9/08/2004 10:03 PM
Modified: 9/08/2004 10:03 PM
Company: Protection Technology
----------
Key: prosync1
ImagePath: System32\drivers\prosync1.sys
C:\WINDOWS\System32\drivers\prosync1.sys
7040 bytes
Created: 20/07/2004 1:19 AM
Modified: 20/07/2004 1:19 AM
Company: Protection Technology
----------
Key: RTL8023xp
ImagePath: system32\DRIVERS\Rtnicxp.sys
C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
104320 bytes
Created: 20/11/2007 11:09 AM
Modified: 20/11/2007 11:09 AM
Company: Realtek Semiconductor Corporation
----------
Key: SASDIFSV
ImagePath: \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
8944 bytes
Created: 10/10/2006 2:53 PM
Modified: 22/05/2008 9:49 AM
Company: SUPERAdBlocker.com and SUPERAntiSpyware.com
----------
Key: SASENUM
ImagePath: \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
-R- 4096 bytes
Created: 16/02/2006 6:51 PM
Modified: 16/02/2006 6:51 PM
Company: SuperAdBlocker, Inc.
----------
Key: SASKUTIL
ImagePath: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
55024 bytes
Created: 27/02/2007 1:39 PM
Modified: 22/05/2008 9:49 AM
Company: SUPERAdBlocker.com and SUPERAntiSpyware.com
----------
Key: SE2Cbus
ImagePath: system32\DRIVERS\SE2Cbus.sys
C:\WINDOWS\system32\DRIVERS\SE2Cbus.sys
-R- 61600 bytes
Created: 24/04/2008 6:08 PM
Modified: 10/11/2006 10:54 AM
Company: MCCI
----------
Key: SE2Cmdfl
ImagePath: system32\DRIVERS\SE2Cmdfl.sys
C:\WINDOWS\system32\DRIVERS\SE2Cmdfl.sys
-R- 9360 bytes
Created: 4/12/2008 10:33 AM
Modified: 10/11/2006 9:54 AM
Company: MCCI
----------
Key: SE2Cmdm
ImagePath: system32\DRIVERS\SE2Cmdm.sys
C:\WINDOWS\system32\DRIVERS\SE2Cmdm.sys
-R- 97184 bytes
Created: 4/12/2008 10:33 AM
Modified: 10/11/2006 9:54 AM
Company: MCCI
----------
Key: SE2Cmgmt
ImagePath: system32\DRIVERS\SE2Cmgmt.sys
C:\WINDOWS\system32\DRIVERS\SE2Cmgmt.sys
-R- 88688 bytes
Created: 4/12/2008 10:33 AM
Modified: 10/11/2006 9:54 AM
Company: MCCI
----------
Key: se2Cnd5
ImagePath: system32\DRIVERS\se2Cnd5.sys
C:\WINDOWS\system32\DRIVERS\se2Cnd5.sys
-R- 18704 bytes
Created: 4/12/2008 10:34 AM
Modified: 10/11/2006 9:54 AM
Company: MCCI
----------
Key: SE2Cobex
ImagePath: system32\DRIVERS\SE2Cobex.sys
C:\WINDOWS\system32\DRIVERS\SE2Cobex.sys
-R- 86560 bytes
Created: 4/12/2008 10:33 AM
Modified: 10/11/2006 9:54 AM
Company: MCCI
----------
Key: se2Cunic
ImagePath: system32\DRIVERS\se2Cunic.sys
C:\WINDOWS\system32\DRIVERS\se2Cunic.sys
-R- 90800 bytes
Created: 4/12/2008 10:34 AM
Modified: 10/11/2006 9:54 AM
Company: MCCI
----------
Key: sfhlp01
ImagePath: System32\drivers\sfhlp01.sys
C:\WINDOWS\System32\drivers\sfhlp01.sys
4832 bytes
Created: 2/12/2003 1:50 AM
Modified: 2/12/2003 1:50 AM
Company: Protection Technology
----------
Key: sptd
ImagePath: System32\Drivers\sptd.sys - this file is globally excluded
----------
Key: sr
ImagePath: \SystemRoot\System32\DRIVERS\sr.sys
C:\WINDOWS\System32\DRIVERS\sr.sys
73472 bytes
Created: 18/01/2008 10:23 AM
Modified: 14/04/2008 5:06 AM
Company: Microsoft Corporation
----------
Key: StarWindServiceAE
ImagePath: C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
275968 bytes
Created: 29/05/2007 3:27 AM
Modified: 29/05/2007 3:27 AM
Company: Rocket Division Software
----------
Key: SwPrv
ImagePath: C:\WINDOWS\System32\dllhost.exe /Processid:{AD623655-EF04-4C37-9BEB-30243CD66548}
C:\WINDOWS\System32\dllhost.exe
5120 bytes
Created: 31/03/2003 10:30 PM
Modified: 14/04/2008 10:42 AM
Company: Microsoft Corporation
----------
Key: usbbus
ImagePath: system32\DRIVERS\lgusbbus.sys
C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [file not found to scan]
----------
Key: USBModem
ImagePath: system32\DRIVERS\lgusbmodem.sys
C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [file not found to scan]
----------
Key: usnjsvc
ImagePath: "C:\Program Files\Windows Live\Messenger\usnsvc.exe"
C:\Program Files\Windows Live\Messenger\usnsvc.exe
98328 bytes
Created: 18/10/2007 11:31 AM
Modified: 18/10/2007 11:31 AM
Company: Microsoft Corporation
----------
Key: WLSetupSvc
ImagePath: "C:\Program Files\Windows Live\installer\WLSetupSvc.exe"
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
266240 bytes
Created: 25/10/2007 3:27 PM
Modified: 25/10/2007 3:27 PM
Company: Microsoft Corporation
----------

************************************************** **********
8:24:00 PM: Scanning -----VXD ENTRIES-----
Checking the following VxD entries:

************************************************** **********
8:24:00 PM: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key : !SASWinLogon
DLLName: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
356352 bytes
Created: 19/04/2007 2:41 PM
Modified: 6/01/2009 5:26 PM
Company: SUPERAntiSpyware.com
----------

************************************************** **********
8:24:00 PM: Scanning ----- CONTEXTMENUHANDLERS -----
Key: AVG7 Shell Extension
CLSID: {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
Path: C:\Program Files\Grisoft\AVG7\avgse.dll
C:\Program Files\Grisoft\AVG7\avgse.dll
50688 bytes
Created: 18/01/2008 3:38 PM
Modified: 18/01/2008 3:38 PM
Company: GRISOFT, s.r.o.
----------
Key: ShellExtension
CLSID: [empty]
----------
Key: {CA8ACAFA-5FBB-467B-B348-90DD488DE003}
Path: C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL
C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL
61440 bytes
Created: 27/02/2007 1:39 PM
Modified: 27/02/2007 1:39 PM
Company: SUPERAntiSpyware.com
----------

************************************************** **********
8:24:00 PM: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {7D4D6379-F301-4311-BEBA-E26EB0561882}
File: [CLSID does not appear to reference a file]

************************************************** **********
8:24:00 PM: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {02478D38-C3F9-4EFB-9B51-7695ECA05670}
BHO: C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
440384 bytes
Created: 10/12/2008 11:13 AM
Modified: 26/10/2006 10:28 AM
Company: Yahoo! Inc.
----------
Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
BHO: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
62080 bytes
Created: 22/10/2006 11:08 PM
Modified: 22/10/2006 11:08 PM
Company: Adobe Systems Incorporated
----------
Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
BHO: C:\Program Files\Java\jre6\bin\ssv.dll
C:\Program Files\Java\jre6\bin\ssv.dll
320920 bytes
Created: 30/11/2008 2:31 PM
Modified: 10/11/2008 5:43 AM
Company: Sun Microsystems, Inc.
----------
Key: {9030D464-4C02-4ABF-8ECC-5164760863C6}
BHO: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
392240 bytes
Created: 14/12/2007 12:54 PM
Modified: 14/12/2007 12:54 PM
Company: Microsoft Corporation
----------
Key: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
BHO: C:\Program Files\Windows Live Toolbar\msntb.dll
C:\Program Files\Windows Live Toolbar\msntb.dll
546320 bytes
Created: 19/10/2007 11:20 AM
Modified: 19/10/2007 11:20 AM
Company: Microsoft Corporation
----------
Key: {DBC80044-A445-435b-BC74-9C25C1C588A9}
BHO: C:\Program Files\Java\jre6\bin\jp2ssv.dll
C:\Program Files\Java\jre6\bin\jp2ssv.dll
34816 bytes
Created: 30/11/2008 2:31 PM
Modified: 10/11/2008 5:43 AM
Company: Sun Microsystems, Inc.
----------
Key: {E7E6F031-17CE-4C07-BC86-EABFE594F69C}
BHO: C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
73728 bytes
Created: 30/11/2008 2:31 PM
Modified: 10/11/2008 5:43 AM
Company: Sun Microsystems, Inc.
----------
Key: {ecdee021-0d17-467f-a1ff-c7a115230949}
BHO: C:\Program Files\free-downloads.net\tbfree.dll
C:\Program Files\free-downloads.net\tbfree.dll
1555480 bytes
Created: 1/09/2007 2:54 PM
Modified: 14/02/2008 3:54 PM
Company: Conduit Ltd.
----------
Key: {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}
BHO: C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
262144 bytes
Created: 21/04/2008 7:26 PM
Modified: 21/04/2008 7:26 PM
Company: ZoneAlarm
----------

************************************************** **********
8:24:01 PM: Scanning ----- SHELLSERVICEOBJECTS -----
Key: WebCheck
CLSID: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Path: %SystemRoot%\System32\webcheck.dll
C:\WINDOWS\System32\webcheck.dll
276480 bytes
Created: 31/03/2003 10:30 PM
Modified: 14/04/2008 10:42 AM
Company: Microsoft Corporation
----------
Key: SysTray
CLSID: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Path: %systemroot%\system32\stobject.dll
C:\WINDOWS\system32\stobject.dll
121856 bytes
Created: 31/03/2003 10:30 PM
Modified: 14/04/2008 10:42 AM
Company: Microsoft Corporation
----------

************************************************** **********
8:24:01 PM: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

************************************************** **********
8:24:01 PM: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************** **********
8:24:01 PM: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank or does not exist

************************************************** **********
8:24:02 PM: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************** **********
8:24:02 PM: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
-HS- 84 bytes
Created: 18/01/2008 8:21 PM
Modified: 18/01/2008 10:26 AM
Company: [no info]
--------------------

************************************************** **********
8:24:02 PM: Scanning ------ USER STARTUP GROUPS ------
--------------------
Checking Startup Group for: Administrator
[C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP]
The Startup Group for Administrator attempts to load the following file(s):
C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 20/04/2008 10:49 AM
Modified: 18/01/2008 10:26 AM
Company: [no info]
----------
--------------------
Checking Startup Group for: Bella
[C:\Documents and Settings\Bella\START MENU\PROGRAMS\STARTUP]
The Startup Group for Bella attempts to load the following file(s):
C:\Documents and Settings\Bella\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 18/01/2008 5:15 PM
Modified: 18/01/2008 10:26 AM
Company: [no info]
----------
--------------------
Checking Startup Group for: Gigster
[C:\Documents and Settings\Gigster\START MENU\PROGRAMS\STARTUP]
The Startup Group for Gigster attempts to load the following file(s):
C:\Documents and Settings\Gigster\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 18/01/2008 10:32 AM
Modified: 18/01/2008 10:26 AM
Company: [no info]
----------

************************************************** **********
8:24:03 PM: Scanning ----- SCHEDULED TASKS -----
Taskname: Check Updates for Windows Live Toolbar.job
File: C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
99856 bytes
Created: 19/10/2007 11:20 AM
Modified: 19/10/2007 11:20 AM
Company: Microsoft Corporation
Parameters: [blank]
Next Run Time: 5/02/2009 9:12:00 PM
Status: The task is ready to run at its next scheduled time
Creator: Gigster
Comments: [blank]
----------
Taskname: SS4200 Utility Updates.job
File: C:\WINDOWS\Installer\SS4200 Utility Updates for All Users.lnk
C:\WINDOWS\Installer\SS4200 Utility Updates for All Users.lnk
977 bytes
Created: 23/11/2008 3:12 PM
Modified: 23/11/2008 3:12 PM
Company: [no info]
Parameters: [blank]
Next Run Time: 6/02/2009 10:00:00 AM
Status: The task has not yet run
Creator: Gigster
Comments: [blank]
----------

************************************************** **********
8:24:03 PM: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----

************************************************** **********
8:24:03 PM: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Documents and Settings\Gigster\Application Data\Mozilla\Firefox\Desktop Background.bmp
C:\Documents and Settings\Gigster\Application Data\Mozilla\Firefox\Desktop Background.bmp
1358010 bytes
Created: 28/04/2008 2:27 PM
Modified: 28/04/2008 2:27 PM
Company: [no info]
----------
Web Desktop Wallpaper: %APPDATA%\Mozilla\Firefox\Desktop Background.bmp
C:\Documents and Settings\Gigster\Application Data\Mozilla\Firefox\Desktop Background.bmp
1358010 bytes
Created: 28/04/2008 2:27 PM
Modified: 28/04/2008 2:27 PM
Company: [no info]
----------
Checks for rogue DNS NameServers completed
----------
----------
Additional checks completed

************************************************** **********
8:24:04 PM: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
--------------------
C:\WINDOWS\system32\csrss.exe
--------------------
C:\WINDOWS\system32\winlogon.exe
--------------------
C:\WINDOWS\system32\services.exe
--------------------
C:\WINDOWS\system32\lsass.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\LEXBCES.EXE - file already scanned
--------------------
C:\WINDOWS\system32\spoolsv.exe
--------------------
C:\WINDOWS\system32\LEXPPS.EXE
--------------------
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe - file already scanned
--------------------
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe - file already scanned
--------------------
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe - file already scanned
--------------------
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
--------------------
C:\WINDOWS\system32\nvsvc32.exe
--------------------
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\alg.exe
--------------------
C:\WINDOWS\Explorer.EXE - file already scanned
--------------------
C:\WINDOWS\SOUNDMAN.EXE - file already scanned
--------------------
C:\WINDOWS\system32\RUNDLL32.EXE
--------------------
C:\Program Files\Logitech\iTouch\iTouch.exe - file already scanned
--------------------
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe - file already scanned
--------------------
C:\Program Files\Logitech\iTouch\kbdtray.exe
--------------------
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
--------------------
C:\WINDOWS\system32\ctfmon.exe - file already scanned
--------------------
C:\Program Files\Common Files\Teleca Shared\Generic.exe
--------------------
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
--------------------
C:\Documents and Settings\Gigster\Application Data\Simply Super Software\Trojan Remover\pixC.exe
FileSize: 2933624
[This is a Trojan Remover component]
--------------------

************************************************** **********
8:24:06 PM: Checking AUTOEXEC.BAT file
AUTOEXEC.BAT found in C:\
No malicious entries were found in the AUTOEXEC.BAT file

************************************************** **********
8:24:06 PM: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file

************************************************** **********
8:24:06 PM: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************** **********
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
about:blank
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

************************************************** **********
=== CHANGES WERE MADE TO THE WINDOWS REGISTRY ===
=== ONE OR MORE FILES WERE RENAMED OR REMOVED ===
Scan completed at: 8:24:06 PM 05 Feb 2009
Total Scan time: 00:01:35
-------------------------------------------------------------------------
One or more files could not be moved or renamed as requested.
They may be in use by Windows, so Trojan Remover needs
to restart the system in order to deal with these files.
The restart has been cancelled, but Trojan Remover has been set to deal with the
file(s) the next time the system is restarted.
************************************************** **********


***** WINDOWS EXPLORER POLICIES RESET *****
Trojan Remover Ver 6.7.5.2562. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 8:21:56 PM 05 Feb 2009
Using Database v7272
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Gigster\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Gigster\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************** **********
The following Anti-Malware program(s) are loaded:
AVG Anti-Virus

************************************************** **********

Checking for HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System
- no action required on this key as it does not exist
----------
Checking for HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\NonEnum
- no action required on this key as it does not exist
Checking for HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\NonEnum\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
- no action required: value either does not exist or is set to False
Checking for HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\NonEnum\{450D8FBA-AD25-11D0-98A8-0800361B1103}
- no action required: value either does not exist or is set to False
----------
Checking for HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\DisallowRun
- no action required on this key as it does not exist
----------
Checking Values in:
HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer
Value: DisallowRun - value does not exist, no action required
Value: NoActiveDesktopChanges - value does not exist, no action required
Value: NoActiveDesktop - not set, no action required
Value: NoFileMenu - value does not exist, no action required
Value: NoClose - value does not exist, no action required
Value: NoDesktop - value does not exist, no action required
Value: NoDrives - value does not exist, no action required
Value: NoFind - value does not exist, no action required
Value: NoFolderOptions - value does not exist, no action required
Value: NoRun - value does not exist, no action required
Value: NoFavoritesMenu - value does not exist, no action required
Value: NoSetFolders - value does not exist, no action required
Value: NoControlPanel - value does not exist, no action required
----------
Checking Values in:
HKCU\Control Panel\Desktop
----------
Checking HKCU ActiveDesktop Policies:
----------
Checking HKCU Add/Remove Programs Policies:
----------
Checking for HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\DisallowRun
- no action required on this key as it does not exist
----------
Checking Values in:
HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer
Value: DisallowRun - value does not exist, no action required
Value: NoActiveDesktopChanges - value does not exist, no action required
Value: NoActiveDesktop - not set, no action required
Value: NoFileMenu - value does not exist, no action required
Value: NoClose - value does not exist, no action required
Value: NoDesktop - value does not exist, no action required
Value: NoDrives - value does not exist, no action required
Value: NoFind - value does not exist, no action required
Value: NoFolderOptions - value does not exist, no action required
Value: NoRun - value does not exist, no action required
Value: NoFavoritesMenu - value does not exist, no action required
Value: NoSetFolders - value does not exist, no action required
Value: NoControlPanel - value does not exist, no action required
----------
Checking HKLM ActiveDesktop Policies:
----------
Checking HKLM Add/Remove Programs Policies:
----------
************************************************** **********


***** LAYERED SERVICE PROVIDER CHECKS *****
Trojan Remover Ver 6.7.5.2562. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 8:21:51 PM 05 Feb 2009
Using Database v7272
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Gigster\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Gigster\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************** **********
The following Anti-Malware program(s) are loaded:
AVG Anti-Virus

************************************************** **********

No errors were located in the Layered Service Provider Registry entries.
No action was taken.
************************************************** **********


***** WINDOWS UPDATE POLICIES RESET *****
Trojan Remover Ver 6.7.5.2562. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 8:21:46 PM 05 Feb 2009
Using Database v7272
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Gigster\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Gigster\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************** **********
The following Anti-Malware program(s) are loaded:
AVG Anti-Virus

************************************************** **********

No invalid Windows Update Policies found to reset.
************************************************** **********


***** WINDOWS HOSTS FILE RESET *****
Trojan Remover Ver 6.7.5.2562. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 8:21:42 PM 05 Feb 2009
Using Database v7272
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Gigster\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Gigster\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************** **********
The following Anti-Malware program(s) are loaded:
AVG Anti-Virus

************************************************** **********

C:\WINDOWS\system32\DRIVERS\ETC\HOSTS has been copied to C:\WINDOWS\system32\DRIVERS\ETC\HOSTS.TRB
The default HOSTS file was successfully reset.
************************************************** **********


***** WINDOWS UPDATE POLICIES RESET *****
Trojan Remover Ver 6.7.5.2562. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 8:21:15 PM 05 Feb 2009
Using Database v7272
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Gigster\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Gigster\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************** **********
The following Anti-Malware program(s) are loaded:
AVG Anti-Virus

************************************************** **********

No invalid Windows Update Policies found to reset.
************************************************** **********


***** INTERNET EXPLORER HOME/START/SEARCH PAGE AND POLICY RESTRICTIONS RESET ****
Trojan Remover Ver 6.7.5.2562. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 8:21:06 PM 05 Feb 2009
Using Database v7272
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Gigster\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Gigster\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************** **********
The following Anti-Malware program(s) are loaded:
AVG Anti-Virus

************************************************** **********

Existing Home/Start/Search Page settings are as follows:
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
about:blank
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
These settings will now be reset to their defaults:
HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\"NoToolbarCustomize" policy reset to default
HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\"NoBandCustomize" policy reset to default
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL" has been reset
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page" has been reset
HKLM\Software\Microsoft\Windows\CurrentVersion\URL \Prefixes\"www" has been reset
HKLM\Software\Microsoft\Windows\CurrentVersion\URL \Prefixes\"ftp" has been reset
HKLM\Software\Microsoft\Windows\CurrentVersion\URL \Prefixes\"gopher" has been reset
HKLM\Software\Microsoft\Windows\CurrentVersion\URL \Prefixes\"home" has been reset
HKLM\Software\Microsoft\Windows\CurrentVersion\URL \Prefixes\"mosaic" has been reset
HKEY_CURRENT_USER\Software\Policies\Microsoft\Inte rnet Explorer\Control Panel has been reset
HKEY_CURRENT_USER\Software\Policies\Microsoft\Inte rnet Explorer\Control Panel\"HomePage" value has been reset
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer\"NoToolbarCustomize" policy reset to default
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer\"NoBandCustomize" policy reset to default
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Search Page" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Show_FullURL" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Show_ToolBar" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Show_URLToolBar" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Start Page" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Show_StatusBar" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Show_URLinStatusBar" has been reset
--------------------
************************************************** **********


***** WINDOWS EXPLORER POLICIES RESET *****
Trojan Remover Ver 6.7.5.2562. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 8:20:15 PM 05 Feb 2009
Using Database v7272
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Gigster\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Gigster\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************** **********
The following Anti-Malware program(s) are loaded:
AVG Anti-Virus

************************************************** **********

Checking for HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System
- this key has been removed
----------
Checking for HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\NonEnum
- no action required on this key as it does not exist
Checking for HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\NonEnum\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
- no action required: value either does not exist or is set to False
Checking for HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\NonEnum\{450D8FBA-AD25-11D0-98A8-0800361B1103}
- no action required: value either does not exist or is set to False
----------
Checking for HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\DisallowRun
- no action required on this key as it does not exist
----------
Checking Values in:
HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer
Value: DisallowRun - value does not exist, no action required
Value: NoActiveDesktopChanges - value does not exist, no action required
Value: NoActiveDesktop - not set, no action required
Value: NoFileMenu - value does not exist, no action required
Value: NoClose - value does not exist, no action required
Value: NoDesktop - value does not exist, no action required
Value: NoDrives - value does not exist, no action required
Value: NoFind - value does not exist, no action required
Value: NoFolderOptions - value does not exist, no action required
Value: NoRun - value does not exist, no action required
Value: NoFavoritesMenu - value does not exist, no action required
Value: NoSetFolders - value does not exist, no action required
Value: NoControlPanel - value does not exist, no action required
----------
Checking Values in:
HKCU\Control Panel\Desktop
----------
Checking HKCU ActiveDesktop Policies:
----------
Checking HKCU Add/Remove Programs Policies:
----------
Checking for HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\DisallowRun
- no action required on this key as it does not exist
----------
Checking Values in:
HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer
Value: DisallowRun - value does not exist, no action required
Value: NoActiveDesktopChanges - value does not exist, no action required
Value: NoActiveDesktop - not set, no action required
Value: NoFileMenu - value does not exist, no action required
Value: NoClose - value does not exist, no action required
Value: NoDesktop - value does not exist, no action required
Value: NoDrives - value does not exist, no action required
Value: NoFind - value does not exist, no action required
Value: NoFolderOptions - value does not exist, no action required
Value: NoRun - value does not exist, no action required
Value: NoFavoritesMenu - value does not exist, no action required
Value: NoSetFolders - value does not exist, no action required
Value: NoControlPanel - value does not exist, no action required
----------
Checking HKLM ActiveDesktop Policies:
----------
Checking HKLM Add/Remove Programs Policies:
----------
************************************************** **********


***** LAYERED SERVICE PROVIDER CHECKS *****
Trojan Remover Ver 6.7.5.2562. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 8:20:06 PM 05 Feb 2009
Using Database v7272
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Gigster\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Gigster\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************** **********
The following Anti-Malware program(s) are loaded:
AVG Anti-Virus

************************************************** **********

No errors were located in the Layered Service Provider Registry entries.
No action was taken.
************************************************** **********


***** WINDOWS UPDATE POLICIES RESET *****
Trojan Remover Ver 6.7.5.2562. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 8:20:00 PM 05 Feb 2009
Using Database v7272
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Gigster\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Gigster\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************** **********
The following Anti-Malware program(s) are loaded:
AVG Anti-Virus

************************************************** **********

The following Windows Update Policies have been reset:
HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\WindowsUpdate - key removed
************************************************** **********


***** WINDOWS HOSTS FILE RESET *****
Trojan Remover Ver 6.7.5.2562. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 8:19:54 PM 05 Feb 2009
Using Database v7272
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Gigster\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Gigster\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************** **********
The following Anti-Malware program(s) are loaded:
AVG Anti-Virus

************************************************** **********

C:\WINDOWS\system32\DRIVERS\ETC\HOSTS has been copied to C:\WINDOWS\system32\DRIVERS\ETC\HOSTS.TRB
The default HOSTS file was successfully reset.
************************************************** **********


***** INTERNET EXPLORER HOME/START/SEARCH PAGE AND POLICY RESTRICTIONS RESET ****
Trojan Remover Ver 6.7.5.2562. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 8:19:40 PM 05 Feb 2009
Using Database v7272
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Gigster\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Gigster\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************** **********
The following Anti-Malware program(s) are loaded:
AVG Anti-Virus

************************************************** **********

Existing Home/Start/Search Page settings are as follows:
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.google.com.au/
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
These settings will now be reset to their defaults:
HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\"NoDrives" policy found and removed
HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\"NoToolbarCustomize" policy reset to default
HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\"NoBandCustomize" policy reset to default
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL" has been reset
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL" has been reset
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page" has been reset
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page" has been reset
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch" has been reset
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant" has been reset
HKLM\Software\Microsoft\Windows\CurrentVersion\URL \Prefixes\"www" has been reset
HKLM\Software\Microsoft\Windows\CurrentVersion\URL \Prefixes\"ftp" has been reset
HKLM\Software\Microsoft\Windows\CurrentVersion\URL \Prefixes\"gopher" has been reset
HKLM\Software\Microsoft\Windows\CurrentVersion\URL \Prefixes\"home" has been reset
HKLM\Software\Microsoft\Windows\CurrentVersion\URL \Prefixes\"mosaic" has been reset
HKEY_CURRENT_USER\Software\Policies\Microsoft\Inte rnet Explorer\Control Panel has been reset
HKEY_CURRENT_USER\Software\Policies\Microsoft\Inte rnet Explorer\Control Panel\"HomePage" value has been reset
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer\"NoDrives" policy found and removed
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer\"NoToolbarCustomize" policy reset to default
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer\"NoBandCustomize" policy reset to default
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Local Page" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Search Page" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Show_FullURL" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Show_ToolBar" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Show_URLToolBar" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Start Page" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Show_StatusBar" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Show_URLinStatusBar" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Window_Placement" has been reset
--------------------
************************************************** **********
and the Hijackthis Log

Logfile of HijackThis v1.99.1
Scan saved at 11:25:20 PM, on 5/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
C:\Program Files\Logitech\iTouch\kbdtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://au.rd.yahoo.com/customize/ycomp/defaults/su/*http://au.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1200623839238
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DL L
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

Cheers and Regards

Phil

Speedy Gonzales
06-02-2009, 09:10 AM
That should be it then

You can tick these entries then tick fix checked

Close browsers

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...tml?p=ZKfox000

Did you uninstall mywebsearch?

Blam
06-02-2009, 09:46 AM
Also delete these folders in program files when you've uninstalled them:

FunWebProducts

MyWebSearch

gigster
06-02-2009, 11:58 AM
I looked for MyWebSearch and FunWebProducts but could not find them here's a copy of HijackThis log

Cheers

Phil

Logfile of HijackThis v1.99.1
Scan saved at 8:00:08 AM, on 6/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\iTouch\kbdtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://au.rd.yahoo.com/customize/ycomp/defaults/su/*http://au.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1200623839238
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DL L
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

gigster
06-02-2009, 12:58 PM
Sorry i posted the wrong Hijackthis log. Here is the up to date one and one from Trojan remover. I looked for MyWebSearch and FunWebProducts but could n't find them so i guess they have been dealt with.
Hanx once again and Cheers...Phil

Logfile of HijackThis v1.99.1
Scan saved at 10:17:08 AM, on 6/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\iTouch\kbdtray.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://au.rd.yahoo.com/customize/ycomp/defaults/su/*http://au.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1200623839238
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DL L
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.5.2562. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 10:11:32 AM 06 Feb 2009
Using Database v7279
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Gigster\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Gigster\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************** **********
The following Anti-Malware program(s) are loaded:
AVG Anti-Virus
AVG Anti-Virus

************************************************** **********


************************************************** **********
10:11:32 AM: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS

************************************************** **********
10:11:32 AM: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS

************************************************** **********
10:11:32 AM: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************** **********
10:11:33 AM: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [Explorer.exe]
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1033728 bytes
Created: 31/03/2003 10:30 PM
Modified: 14/04/2008 10:42 AM
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\WINDOWS\system32\userinit.exe,]
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26112 bytes
Created: 31/03/2003 10:30 PM
Modified: 14/04/2008 10:42 AM
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
Key value: [logonui.exe]
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
514560 bytes
Created: 31/03/2003 10:30 PM
Modified: 14/04/2008 10:42 AM
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: AVG7_CC
Value Data: C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
590848 bytes
Created: 18/01/2008 3:38 PM
Modified: 17/10/2008 10:41 AM
Company: GRISOFT, s.r.o.
--------------------
Value Name: NvCplDaemon
Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
C:\WINDOWS\system32\NvCpl.dll
7700480 bytes
Created: 22/10/2006 12:22 PM
Modified: 22/10/2006 12:22 PM
Company: NVIDIA Corporation
--------------------
Value Name: nwiz
Value Data: nwiz.exe /install
C:\WINDOWS\system32\nwiz.exe
1622016 bytes
Created: 22/10/2006 12:22 PM
Modified: 22/10/2006 12:22 PM
Company: NVIDIA Corporation
--------------------
Value Name: NvMediaCenter
Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
C:\WINDOWS\system32\NvMcTray.dll
86016 bytes
Created: 22/10/2006 12:22 PM
Modified: 22/10/2006 12:22 PM
Company: NVIDIA Corporation
--------------------
Value Name: zBrowser Launcher
Value Data: C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
204800 bytes
Created: 21/01/2008 10:57 AM
Modified: 20/12/2001 1:59 AM
Company: Logitech Inc.
--------------------
Value Name: EM_EXEC
Value Data: C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
35328 bytes
Created: 21/01/2008 10:57 AM
Modified: 20/12/2001 9:42 AM
Company: Logitech Inc.
--------------------
Value Name:
Value Data:
Blank entry: []
--------------------
Value Name: Sony Ericsson PC Suite
Value Data: "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
-R- 159744 bytes
Created: 26/10/2005 4:17 PM
Modified: 26/10/2005 4:17 PM
Company: Sony Ericsson Mobile Communications AB
--------------------
Value Name: Lexmark X6100 Series
Value Data: "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
57344 bytes
Created: 12/01/2009 1:58 PM
Modified: 23/09/2003 2:01 AM
Company: Lexmark International, Inc.
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Once
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Services
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\Run
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: CTFMON.EXE
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 31/03/2003 10:30 PM
Modified: 14/04/2008 10:42 AM
Company: Microsoft Corporation
--------------------
Value Name: AlcoholAutomount
Value Data: "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe
217544 bytes
Created: 22/02/2008 10:00 PM
Modified: 22/02/2008 10:00 PM
Company: Alcohol Soft Development Team
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Once
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Services
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run ServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\Run
This Registry Key appears to be empty

************************************************** **********
10:11:35 AM: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------
ValueName: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}
File: C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
77824 bytes
Created: 20/12/2006 2:55 PM
Modified: 22/05/2008 9:49 AM
Company: SuperAdBlocker.com
----------

************************************************** **********
10:11:35 AM: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************** **********
10:11:35 AM: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.
--------------------

************************************************** **********
10:11:35 AM: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: {6BF52A52-394A-11d3-B153-00C04F79FAA6}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
C:\WINDOWS\INF\wmp11.inf
2428 bytes
Created: 25/08/2006 5:09 PM
Modified: 25/08/2006 5:09 PM
Company: [no info]
----------

************************************************** **********
10:11:36 AM: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------

************************************************** **********
10:11:38 AM: Scanning ----- SERVICES REGISTRY KEYS -----
Key: ALCXWDM
ImagePath: system32\drivers\ALCXWDM.SYS
C:\WINDOWS\system32\drivers\ALCXWDM.SYS
303948 bytes
Created: 18/01/2008 1:00 PM
Modified: 25/03/2002 10:43 PM
Company: Avance Logic, Inc.
----------
Key: Aspi32
ImagePath: System32\drivers\aspi32.sys
C:\WINDOWS\System32\drivers\aspi32.sys
16512 bytes
Created: 30/11/2008 11:01 PM
Modified: 21/11/2005 4:18 PM
Company: Adaptec
----------
Key: Avg7Alrt
ImagePath: C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
418816 bytes
Created: 18/01/2008 3:38 PM
Modified: 18/01/2008 3:38 PM
Company: GRISOFT, s.r.o.
----------
Key: Avg7Core
ImagePath: \SystemRoot\System32\Drivers\avg7core.sys
C:\WINDOWS\System32\Drivers\avg7core.sys
821856 bytes
Created: 18/01/2008 3:38 PM
Modified: 18/01/2008 3:38 PM
Company: GRISOFT, s.r.o.
----------
Key: Avg7RsW
ImagePath: \SystemRoot\System32\Drivers\avg7rsw.sys
C:\WINDOWS\System32\Drivers\avg7rsw.sys
4224 bytes
Created: 18/01/2008 3:38 PM
Modified: 18/01/2008 3:38 PM
Company: GRISOFT, s.r.o.
----------
Key: Avg7RsXP
ImagePath: \SystemRoot\System32\Drivers\avg7rsxp.sys
C:\WINDOWS\System32\Drivers\avg7rsxp.sys
27776 bytes
Created: 18/01/2008 3:38 PM
Modified: 18/01/2008 3:38 PM
Company: GRISOFT, s.r.o.
----------
Key: Avg7UpdSvc
ImagePath: C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
49664 bytes
Created: 18/01/2008 3:38 PM
Modified: 18/01/2008 3:38 PM
Company: GRISOFT, s.r.o.
----------
Key: AvgClean
ImagePath: \SystemRoot\System32\Drivers\avgclean.sys
C:\WINDOWS\System32\Drivers\avgclean.sys
10760 bytes
Created: 18/01/2008 3:38 PM
Modified: 18/01/2008 3:42 PM
Company: GRISOFT, s.r.o.
----------
Key: AVGEMS
ImagePath: C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
406528 bytes
Created: 18/01/2008 3:38 PM
Modified: 18/01/2008 3:42 PM
Company: GRISOFT, s.r.o.
----------
Key: AvgTdi
ImagePath: \SystemRoot\System32\Drivers\avgtdi.sys
C:\WINDOWS\System32\Drivers\avgtdi.sys
4960 bytes
Created: 18/01/2008 3:38 PM
Modified: 18/01/2008 3:38 PM
Company: GRISOFT, s.r.o.
----------
Key: BANTExt
ImagePath: \SystemRoot\System32\Drivers\BANTExt.sys
C:\WINDOWS\System32\Drivers\BANTExt.sys
3840 bytes
Created: 24/01/2008 7:37 PM
Modified: 7/04/2005 5:18 PM
Company: [no info]
----------
Key: catchme
ImagePath: \??\C:\Combo-Fix\catchme.sys - this file is globally excluded
----------
Key: ImapiService
ImagePath: %systemroot%\system32\imapi.exe
C:\WINDOWS\system32\imapi.exe
150528 bytes
Created: 31/03/2003 10:30 PM
Modified: 14/04/2008 10:42 AM
Company: Microsoft Corporation
----------
Key: itchfltr
ImagePath: system32\DRIVERS\itchfltr.sys
C:\WINDOWS\system32\DRIVERS\itchfltr.sys
10496 bytes
Created: 21/01/2008 10:57 AM
Modified: 17/12/2001 8:12 PM
Company: Logitech Inc.
----------
Key: JavaQuickStarterService
ImagePath: "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
C:\Program Files\Java\jre6\bin\jqs.exe
152984 bytes
Created: 30/11/2008 2:31 PM
Modified: 10/11/2008 5:43 AM
Company: Sun Microsystems, Inc.
----------
Key: LexBceS
ImagePath: C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXBCES.EXE
303104 bytes
Created: 12/01/2009 1:59 PM
Modified: 23/09/2003 1:42 AM
Company: Lexmark International, Inc.
----------
Key: pfsvgae
ImagePath: \??\C:\DOCUME~1\Gigster\LOCALS~1\Temp\pfsvgae.sys
C:\DOCUME~1\Gigster\LOCALS~1\Temp\pfsvgae.sys [file not found to scan]
----------
Key: prodrv06
ImagePath: \SystemRoot\System32\drivers\prodrv06.sys
C:\WINDOWS\System32\drivers\prodrv06.sys
53920 bytes
Created: 9/08/2004 9:59 PM
Modified: 9/08/2004 9:59 PM
Company: Protection Technology
----------
Key: prohlp02
ImagePath: System32\drivers\prohlp02.sys
C:\WINDOWS\System32\drivers\prohlp02.sys
114016 bytes
Created: 9/08/2004 10:03 PM
Modified: 9/08/2004 10:03 PM
Company: Protection Technology
----------
Key: prosync1
ImagePath: System32\drivers\prosync1.sys
C:\WINDOWS\System32\drivers\prosync1.sys
7040 bytes
Created: 20/07/2004 1:19 AM
Modified: 20/07/2004 1:19 AM
Company: Protection Technology
----------
Key: RTL8023xp
ImagePath: system32\DRIVERS\Rtnicxp.sys
C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
104320 bytes
Created: 20/11/2007 11:09 AM
Modified: 20/11/2007 11:09 AM
Company: Realtek Semiconductor Corporation
----------
Key: SASDIFSV
ImagePath: \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
8944 bytes
Created: 10/10/2006 2:53 PM
Modified: 22/05/2008 9:49 AM
Company: SUPERAdBlocker.com and SUPERAntiSpyware.com
----------
Key: SASENUM
ImagePath: \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
-R- 4096 bytes
Created: 16/02/2006 6:51 PM
Modified: 16/02/2006 6:51 PM
Company: SuperAdBlocker, Inc.
----------
Key: SASKUTIL
ImagePath: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
55024 bytes
Created: 27/02/2007 1:39 PM
Modified: 22/05/2008 9:49 AM
Company: SUPERAdBlocker.com and SUPERAntiSpyware.com
----------
Key: SE2Cbus
ImagePath: system32\DRIVERS\SE2Cbus.sys
C:\WINDOWS\system32\DRIVERS\SE2Cbus.sys
-R- 61600 bytes
Created: 24/04/2008 6:08 PM
Modified: 10/11/2006 10:54 AM
Company: MCCI
----------
Key: SE2Cmdfl
ImagePath: system32\DRIVERS\SE2Cmdfl.sys
C:\WINDOWS\system32\DRIVERS\SE2Cmdfl.sys
-R- 9360 bytes
Created: 4/12/2008 10:33 AM
Modified: 10/11/2006 9:54 AM
Company: MCCI
----------
Key: SE2Cmdm
ImagePath: system32\DRIVERS\SE2Cmdm.sys
C:\WINDOWS\system32\DRIVERS\SE2Cmdm.sys
-R- 97184 bytes
Created: 4/12/2008 10:33 AM
Modified: 10/11/2006 9:54 AM
Company: MCCI
----------
Key: SE2Cmgmt
ImagePath: system32\DRIVERS\SE2Cmgmt.sys
C:\WINDOWS\system32\DRIVERS\SE2Cmgmt.sys
-R- 88688 bytes
Created: 4/12/2008 10:33 AM
Modified: 10/11/2006 9:54 AM
Company: MCCI
----------
Key: se2Cnd5
ImagePath: system32\DRIVERS\se2Cnd5.sys
C:\WINDOWS\system32\DRIVERS\se2Cnd5.sys
-R- 18704 bytes
Created: 4/12/2008 10:34 AM
Modified: 10/11/2006 9:54 AM
Company: MCCI
----------
Key: SE2Cobex
ImagePath: system32\DRIVERS\SE2Cobex.sys
C:\WINDOWS\system32\DRIVERS\SE2Cobex.sys
-R- 86560 bytes
Created: 4/12/2008 10:33 AM
Modified: 10/11/2006 9:54 AM
Company: MCCI
----------
Key: se2Cunic
ImagePath: system32\DRIVERS\se2Cunic.sys
C:\WINDOWS\system32\DRIVERS\se2Cunic.sys
-R- 90800 bytes
Created: 4/12/2008 10:34 AM
Modified: 10/11/2006 9:54 AM
Company: MCCI
----------
Key: sfhlp01
ImagePath: System32\drivers\sfhlp01.sys
C:\WINDOWS\System32\drivers\sfhlp01.sys
4832 bytes
Created: 2/12/2003 1:50 AM
Modified: 2/12/2003 1:50 AM
Company: Protection Technology
----------
Key: sptd
ImagePath: System32\Drivers\sptd.sys - this file is globally excluded
----------
Key: StarWindServiceAE
ImagePath: C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
275968 bytes
Created: 29/05/2007 3:27 AM
Modified: 29/05/2007 3:27 AM
Company: Rocket Division Software
----------
Key: SwPrv
ImagePath: C:\WINDOWS\System32\dllhost.exe /Processid:{AD623655-EF04-4C37-9BEB-30243CD66548}
C:\WINDOWS\System32\dllhost.exe
5120 bytes
Created: 31/03/2003 10:30 PM
Modified: 14/04/2008 10:42 AM
Company: Microsoft Corporation
----------
Key: usbbus
ImagePath: system32\DRIVERS\lgusbbus.sys
C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [file not found to scan]
----------
Key: USBModem
ImagePath: system32\DRIVERS\lgusbmodem.sys
C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [file not found to scan]
----------
Key: usnjsvc
ImagePath: "C:\Program Files\Windows Live\Messenger\usnsvc.exe"
C:\Program Files\Windows Live\Messenger\usnsvc.exe
98328 bytes
Created: 18/10/2007 11:31 AM
Modified: 18/10/2007 11:31 AM
Company: Microsoft Corporation
----------
Key: WLSetupSvc
ImagePath: "C:\Program Files\Windows Live\installer\WLSetupSvc.exe"
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
266240 bytes
Created: 25/10/2007 3:27 PM
Modified: 25/10/2007 3:27 PM
Company: Microsoft Corporation
----------

************************************************** **********
10:11:48 AM: Scanning -----VXD ENTRIES-----
Checking the following VxD entries:

************************************************** **********
10:11:48 AM: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key : !SASWinLogon
DLLName: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
356352 bytes
Created: 19/04/2007 2:41 PM
Modified: 6/01/2009 5:26 PM
Company: SUPERAntiSpyware.com
----------

************************************************** **********
10:11:49 AM: Scanning ----- CONTEXTMENUHANDLERS -----
Key: AVG7 Shell Extension
CLSID: {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
Path: C:\Program Files\Grisoft\AVG7\avgse.dll
C:\Program Files\Grisoft\AVG7\avgse.dll
50688 bytes
Created: 18/01/2008 3:38 PM
Modified: 18/01/2008 3:38 PM
Company: GRISOFT, s.r.o.
----------
Key: ShellExtension
CLSID: [empty]
----------
Key: {CA8ACAFA-5FBB-467B-B348-90DD488DE003}
Path: C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL
C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL
61440 bytes
Created: 27/02/2007 1:39 PM
Modified: 27/02/2007 1:39 PM
Company: SUPERAntiSpyware.com
----------

************************************************** **********
10:11:49 AM: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {7D4D6379-F301-4311-BEBA-E26EB0561882}
File: [CLSID does not appear to reference a file]

************************************************** **********
10:11:49 AM: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {02478D38-C3F9-4EFB-9B51-7695ECA05670}
BHO: C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
440384 bytes
Created: 10/12/2008 11:13 AM
Modified: 26/10/2006 10:28 AM
Company: Yahoo! Inc.
----------
Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
BHO: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
62080 bytes
Created: 22/10/2006 11:08 PM
Modified: 22/10/2006 11:08 PM
Company: Adobe Systems Incorporated
----------
Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
BHO: C:\Program Files\Java\jre6\bin\ssv.dll
C:\Program Files\Java\jre6\bin\ssv.dll
320920 bytes
Created: 30/11/2008 2:31 PM
Modified: 10/11/2008 5:43 AM
Company: Sun Microsystems, Inc.
----------
Key: {9030D464-4C02-4ABF-8ECC-5164760863C6}
BHO: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
392240 bytes
Created: 14/12/2007 12:54 PM
Modified: 14/12/2007 12:54 PM
Company: Microsoft Corporation
----------
Key: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
BHO: C:\Program Files\Windows Live Toolbar\msntb.dll
C:\Program Files\Windows Live Toolbar\msntb.dll
546320 bytes
Created: 19/10/2007 11:20 AM
Modified: 19/10/2007 11:20 AM
Company: Microsoft Corporation
----------
Key: {DBC80044-A445-435b-BC74-9C25C1C588A9}
BHO: C:\Program Files\Java\jre6\bin\jp2ssv.dll
C:\Program Files\Java\jre6\bin\jp2ssv.dll
34816 bytes
Created: 30/11/2008 2:31 PM
Modified: 10/11/2008 5:43 AM
Company: Sun Microsystems, Inc.
----------
Key: {E7E6F031-17CE-4C07-BC86-EABFE594F69C}
BHO: C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
73728 bytes
Created: 30/11/2008 2:31 PM
Modified: 10/11/2008 5:43 AM
Company: Sun Microsystems, Inc.
----------
Key: {ecdee021-0d17-467f-a1ff-c7a115230949}
BHO: C:\Program Files\free-downloads.net\tbfree.dll
C:\Program Files\free-downloads.net\tbfree.dll
1555480 bytes
Created: 1/09/2007 2:54 PM
Modified: 14/02/2008 3:54 PM
Company: Conduit Ltd.
----------
Key: {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}
BHO: C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
262144 bytes
Created: 21/04/2008 7:26 PM
Modified: 21/04/2008 7:26 PM
Company: ZoneAlarm
----------

************************************************** **********
10:11:50 AM: Scanning ----- SHELLSERVICEOBJECTS -----
Key: WebCheck
CLSID: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Path: %SystemRoot%\System32\webcheck.dll
C:\WINDOWS\System32\webcheck.dll
276480 bytes
Created: 31/03/2003 10:30 PM
Modified: 14/04/2008 10:42 AM
Company: Microsoft Corporation
----------
Key: SysTray
CLSID: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Path: %systemroot%\system32\stobject.dll
C:\WINDOWS\system32\stobject.dll
121856 bytes
Created: 31/03/2003 10:30 PM
Modified: 14/04/2008 10:42 AM
Company: Microsoft Corporation
----------

************************************************** **********
10:11:51 AM: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

************************************************** **********
10:11:51 AM: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************** **********
10:11:51 AM: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank or does not exist

************************************************** **********
10:11:51 AM: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************** **********
10:11:51 AM: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
-HS- 84 bytes
Created: 18/01/2008 8:21 PM
Modified: 18/01/2008 10:26 AM
Company: [no info]
--------------------

************************************************** **********
10:11:51 AM: Scanning ------ USER STARTUP GROUPS ------
--------------------
Checking Startup Group for: Administrator
[C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP]
The Startup Group for Administrator attempts to load the following file(s):
C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 20/04/2008 10:49 AM
Modified: 18/01/2008 10:26 AM
Company: [no info]
----------
--------------------
Checking Startup Group for: Bella
[C:\Documents and Settings\Bella\START MENU\PROGRAMS\STARTUP]
The Startup Group for Bella attempts to load the following file(s):
C:\Documents and Settings\Bella\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 18/01/2008 5:15 PM
Modified: 18/01/2008 10:26 AM
Company: [no info]
----------
--------------------
Checking Startup Group for: Gigster
[C:\Documents and Settings\Gigster\START MENU\PROGRAMS\STARTUP]
The Startup Group for Gigster attempts to load the following file(s):
C:\Documents and Settings\Gigster\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 18/01/2008 10:32 AM
Modified: 18/01/2008 10:26 AM
Company: [no info]
----------

************************************************** **********
10:11:52 AM: Scanning ----- SCHEDULED TASKS -----
Taskname: Check Updates for Windows Live Toolbar.job
File: C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
99856 bytes
Created: 19/10/2007 11:20 AM
Modified: 19/10/2007 11:20 AM
Company: Microsoft Corporation
Parameters: [blank]
Next Run Time: 6/02/2009 10:12:00 AM
Status: The task is ready to run at its next scheduled time
Creator: Gigster
Comments: [blank]
----------
Taskname: SS4200 Utility Updates.job
File: C:\WINDOWS\Installer\SS4200 Utility Updates for All Users.lnk
C:\WINDOWS\Installer\SS4200 Utility Updates for All Users.lnk
977 bytes
Created: 23/11/2008 3:12 PM
Modified: 23/11/2008 3:12 PM
Company: [no info]
Parameters: [blank]
Next Run Time: 7/02/2009 10:00:00 AM
Status: The task has not yet run
Creator: Gigster
Comments: [blank]
----------

************************************************** **********
10:11:52 AM: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----

************************************************** **********
10:11:52 AM: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Documents and Settings\Gigster\Application Data\Mozilla\Firefox\Desktop Background.bmp
C:\Documents and Settings\Gigster\Application Data\Mozilla\Firefox\Desktop Background.bmp
1358010 bytes
Created: 28/04/2008 2:27 PM
Modified: 28/04/2008 2:27 PM
Company: [no info]
----------
Web Desktop Wallpaper: %APPDATA%\Mozilla\Firefox\Desktop Background.bmp
C:\Documents and Settings\Gigster\Application Data\Mozilla\Firefox\Desktop Background.bmp
1358010 bytes
Created: 28/04/2008 2:27 PM
Modified: 28/04/2008 2:27 PM
Company: [no info]
----------
Checks for rogue DNS NameServers completed
----------
----------
Additional checks completed

************************************************** **********
10:11:53 AM: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
--------------------
C:\WINDOWS\system32\csrss.exe
--------------------
C:\WINDOWS\system32\winlogon.exe
--------------------
C:\WINDOWS\system32\services.exe
--------------------
C:\WINDOWS\system32\lsass.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\LEXBCES.EXE - file already scanned
--------------------
C:\WINDOWS\system32\LEXPPS.EXE
--------------------
C:\WINDOWS\system32\spoolsv.exe
--------------------
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe - file already scanned
--------------------
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe - file already scanned
--------------------
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe - file already scanned
--------------------
C:\Program Files\Java\jre6\bin\jqs.exe - file already scanned
--------------------
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
--------------------
C:\WINDOWS\system32\nvsvc32.exe
--------------------
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\alg.exe
--------------------
C:\WINDOWS\Explorer.EXE - file already scanned
--------------------
C:\WINDOWS\system32\RUNDLL32.EXE
--------------------
C:\Program Files\Logitech\iTouch\iTouch.exe - file already scanned
--------------------
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe - file already scanned
--------------------
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
--------------------
C:\WINDOWS\system32\ctfmon.exe - file already scanned
--------------------
C:\Program Files\Logitech\iTouch\kbdtray.exe
--------------------
C:\Program Files\Common Files\Teleca Shared\Generic.exe
--------------------
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
--------------------
C:\WINDOWS\system32\taskmgr.exe
--------------------
C:\Documents and Settings\Gigster\Application Data\Simply Super Software\Trojan Remover\mlx60.exe
FileSize: 2933624
[This is a Trojan Remover component]
--------------------

************************************************** **********
10:11:55 AM: Checking AUTOEXEC.BAT file
AUTOEXEC.BAT found in C:\
No malicious entries were found in the AUTOEXEC.BAT file

************************************************** **********
10:11:55 AM: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file

************************************************** **********
10:11:55 AM: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************** **********
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
about:blank
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

************************************************** **********
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 10:11:55 AM 06 Feb 2009
Total Scan time: 00:00:22
************************************************** **********


***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.5.2562. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 11:28:01 PM 05 Feb 2009
Using Database v7279
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Gigster\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Gigster\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************** **********
The following Anti-Malware program(s) are loaded:
AVG Anti-Virus

************************************************** **********


************************************************** **********
11:28:01 PM: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS

************************************************** **********
11:28:01 PM: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS

************************************************** **********
11:28:01 PM: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************** **********
11:28:01 PM: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [Explorer.exe]
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1033728 bytes
Created: 31/03/2003 10:30 PM
Modified: 14/04/2008 10:42 AM
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\WINDOWS\system32\userinit.exe,]
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26112 bytes
Created: 31/03/2003 10:30 PM
Modified: 14/04/2008 10:42 AM
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
Key value: [logonui.exe]
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
514560 bytes
Created: 31/03/2003 10:30 PM
Modified: 14/04/2008 10:42 AM
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: AVG7_CC
Value Data: C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
590848 bytes
Created: 18/01/2008 3:38 PM
Modified: 17/10/2008 10:41 AM
Company: GRISOFT, s.r.o.
--------------------
Value Name: NvCplDaemon
Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
C:\WINDOWS\system32\NvCpl.dll
7700480 bytes
Created: 22/10/2006 12:22 PM
Modified: 22/10/2006 12:22 PM
Company: NVIDIA Corporation
--------------------
Value Name: nwiz
Value Data: nwiz.exe /install
C:\WINDOWS\system32\nwiz.exe
1622016 bytes
Created: 22/10/2006 12:22 PM
Modified: 22/10/2006 12:22 PM
Company: NVIDIA Corporation
--------------------
Value Name: NvMediaCenter
Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
C:\WINDOWS\system32\NvMcTray.dll
86016 bytes
Created: 22/10/2006 12:22 PM
Modified: 22/10/2006 12:22 PM
Company: NVIDIA Corporation
--------------------
Value Name: zBrowser Launcher
Value Data: C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
204800 bytes
Created: 21/01/2008 10:57 AM
Modified: 20/12/2001 1:59 AM
Company: Logitech Inc.
--------------------
Value Name: EM_EXEC
Value Data: C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
35328 bytes
Created: 21/01/2008 10:57 AM
Modified: 20/12/2001 9:42 AM
Company: Logitech Inc.
--------------------
Value Name:
Value Data:
Blank entry: []
--------------------
Value Name: Sony Ericsson PC Suite
Value Data: "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
-R- 159744 bytes
Created: 26/10/2005 4:17 PM
Modified: 26/10/2005 4:17 PM
Company: Sony Ericsson Mobile Communications AB
--------------------
Value Name: Lexmark X6100 Series
Value Data: "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
57344 bytes
Created: 12/01/2009 1:58 PM
Modified: 23/09/2003 2:01 AM
Company: Lexmark International, Inc.
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
1231752 bytes
Created: 5/02/2009 8:18 PM
Modified: 1/01/2009 8:43 PM
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Once
Value Name: Malwarebytes' Anti-Malware
Value Data: C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
399504 bytes
Created: 5/02/2009 8:37 PM
Modified: 14/01/2009 4:11 PM
Company: Malwarebytes Corporation
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Services
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\Run
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: CTFMON.EXE
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 31/03/2003 10:30 PM
Modified: 14/04/2008 10:42 AM
Company: Microsoft Corporation
--------------------
Value Name: MsnMsgr
Value Data: "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
5724184 bytes
Created: 18/10/2007 11:34 AM
Modified: 18/10/2007 11:34 AM
Company: Microsoft Corporation
--------------------
Value Name: SUPERAntiSpyware
Value Data: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
1830128 bytes
Created: 1/05/2007 10:29 AM
Modified: 3/02/2009 7:46 PM
Company: SUPERAntiSpyware.com
--------------------
Value Name: AlcoholAutomount
Value Data: "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe
217544 bytes
Created: 22/02/2008 10:00 PM
Modified: 22/02/2008 10:00 PM
Company: Alcohol Soft Development Team
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Once
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Services
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run ServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\Run
This Registry Key appears to be empty

************************************************** **********
11:28:03 PM: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------
ValueName: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}
File: C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
77824 bytes
Created: 20/12/2006 2:55 PM
Modified: 22/05/2008 9:49 AM
Company: SuperAdBlocker.com
----------

************************************************** **********
11:28:03 PM: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************** **********
11:28:03 PM: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.
--------------------

************************************************** **********
11:28:03 PM: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: {6BF52A52-394A-11d3-B153-00C04F79FAA6}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
C:\WINDOWS\INF\wmp11.inf
2428 bytes
Created: 25/08/2006 5:09 PM
Modified: 25/08/2006 5:09 PM
Company: [no info]
----------

************************************************** **********
11:28:03 PM: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------

************************************************** **********
11:28:04 PM: Scanning ----- SERVICES REGISTRY KEYS -----
Key: ALCXWDM
ImagePath: system32\drivers\ALCXWDM.SYS
C:\WINDOWS\system32\drivers\ALCXWDM.SYS
303948 bytes
Created: 18/01/2008 1:00 PM
Modified: 25/03/2002 10:43 PM
Company: Avance Logic, Inc.
----------
Key: Aspi32
ImagePath: System32\drivers\aspi32.sys
C:\WINDOWS\System32\drivers\aspi32.sys
16512 bytes
Created: 30/11/2008 11:01 PM
Modified: 21/11/2005 4:18 PM
Company: Adaptec
----------
Key: Avg7Alrt
ImagePath: C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
418816 bytes
Created: 18/01/2008 3:38 PM
Modified: 18/01/2008 3:38 PM
Company: GRISOFT, s.r.o.
----------
Key: Avg7Core
ImagePath: \SystemRoot\System32\Drivers\avg7core.sys
C:\WINDOWS\System32\Drivers\avg7core.sys
821856 bytes
Created: 18/01/2008 3:38 PM
Modified: 18/01/2008 3:38 PM
Company: GRISOFT, s.r.o.
----------
Key: Avg7RsW
ImagePath: \SystemRoot\System32\Drivers\avg7rsw.sys
C:\WINDOWS\System32\Drivers\avg7rsw.sys
4224 bytes
Created: 18/01/2008 3:38 PM
Modified: 18/01/2008 3:38 PM
Company: GRISOFT, s.r.o.
----------
Key: Avg7RsXP
ImagePath: \SystemRoot\System32\Drivers\avg7rsxp.sys
C:\WINDOWS\System32\Drivers\avg7rsxp.sys
27776 bytes
Created: 18/01/2008 3:38 PM
Modified: 18/01/2008 3:38 PM
Company: GRISOFT, s.r.o.
----------
Key: Avg7UpdSvc
ImagePath: C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
49664 bytes
Created: 18/01/2008 3:38 PM
Modified: 18/01/2008 3:38 PM
Company: GRISOFT, s.r.o.
----------
Key: AvgClean
ImagePath: \SystemRoot\System32\Drivers\avgclean.sys
C:\WINDOWS\System32\Drivers\avgclean.sys
10760 bytes
Created: 18/01/2008 3:38 PM
Modified: 18/01/2008 3:42 PM
Company: GRISOFT, s.r.o.
----------
Key: AVGEMS
ImagePath: C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
406528 bytes
Created: 18/01/2008 3:38 PM
Modified: 18/01/2008 3:42 PM
Company: GRISOFT, s.r.o.
----------
Key: AvgTdi
ImagePath: \SystemRoot\System32\Drivers\avgtdi.sys
C:\WINDOWS\System32\Drivers\avgtdi.sys
4960 bytes
Created: 18/01/2008 3:38 PM
Modified: 18/01/2008 3:38 PM
Company: GRISOFT, s.r.o.
----------
Key: BANTExt
ImagePath: \SystemRoot\System32\Drivers\BANTExt.sys
C:\WINDOWS\System32\Drivers\BANTExt.sys
3840 bytes
Created: 24/01/2008 7:37 PM
Modified: 7/04/2005 5:18 PM
Company: [no info]
----------
Key: catchme
ImagePath: \??\C:\Combo-Fix\catchme.sys - this file is globally excluded
----------
Key: ImapiService
ImagePath: %systemroot%\system32\imapi.exe
C:\WINDOWS\system32\imapi.exe
150528 bytes
Created: 31/03/2003 10:30 PM
Modified: 14/04/2008 10:42 AM
Company: Microsoft Corporation
----------
Key: itchfltr
ImagePath: system32\DRIVERS\itchfltr.sys
C:\WINDOWS\system32\DRIVERS\itchfltr.sys
10496 bytes
Created: 21/01/2008 10:57 AM
Modified: 17/12/2001 8:12 PM
Company: Logitech Inc.
----------
Key: JavaQuickStarterService
ImagePath: "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
C:\Program Files\Java\jre6\bin\jqs.exe
152984 bytes
Created: 30/11/2008 2:31 PM
Modified: 10/11/2008 5:43 AM
Company: Sun Microsystems, Inc.
----------
Key: LexBceS
ImagePath: C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXBCES.EXE
303104 bytes
Created: 12/01/2009 1:59 PM
Modified: 23/09/2003 1:42 AM
Company: Lexmark International, Inc.
----------
Key: pfsvgae
ImagePath: \??\C:\DOCUME~1\Gigster\LOCALS~1\Temp\pfsvgae.sys
C:\DOCUME~1\Gigster\LOCALS~1\Temp\pfsvgae.sys [file not found to scan]
----------
Key: prodrv06
ImagePath: \SystemRoot\System32\drivers\prodrv06.sys
C:\WINDOWS\System32\drivers\prodrv06.sys
53920 bytes
Created: 9/08/2004 9:59 PM
Modified: 9/08/2004 9:59 PM
Company: Protection Technology
----------
Key: prohlp02
ImagePath: System32\drivers\prohlp02.sys
C:\WINDOWS\System32\drivers\prohlp02.sys
114016 bytes
Created: 9/08/2004 10:03 PM
Modified: 9/08/2004 10:03 PM
Company: Protection Technology
----------
Key: prosync1
ImagePath: System32\drivers\prosync1.sys
C:\WINDOWS\System32\drivers\prosync1.sys
7040 bytes
Created: 20/07/2004 1:19 AM
Modified: 20/07/2004 1:19 AM
Company: Protection Technology
----------
Key: RTL8023xp
ImagePath: system32\DRIVERS\Rtnicxp.sys
C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
104320 bytes
Created: 20/11/2007 11:09 AM
Modified: 20/11/2007 11:09 AM
Company: Realtek Semiconductor Corporation
----------
Key: SASDIFSV
ImagePath: \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
8944 bytes
Created: 10/10/2006 2:53 PM
Modified: 22/05/2008 9:49 AM
Company: SUPERAdBlocker.com and SUPERAntiSpyware.com
----------
Key: SASENUM
ImagePath: \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
-R- 4096 bytes
Created: 16/02/2006 6:51 PM
Modified: 16/02/2006 6:51 PM
Company: SuperAdBlocker, Inc.
----------
Key: SASKUTIL
ImagePath: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
55024 bytes
Created: 27/02/2007 1:39 PM
Modified: 22/05/2008 9:49 AM
Company: SUPERAdBlocker.com and SUPERAntiSpyware.com
----------
Key: SE2Cbus
ImagePath: system32\DRIVERS\SE2Cbus.sys
C:\WINDOWS\system32\DRIVERS\SE2Cbus.sys
-R- 61600 bytes
Created: 24/04/2008 6:08 PM
Modified: 10/11/2006 10:54 AM
Company: MCCI
----------
Key: SE2Cmdfl
ImagePath: system32\DRIVERS\SE2Cmdfl.sys
C:\WINDOWS\system32\DRIVERS\SE2Cmdfl.sys
-R- 9360 bytes
Created: 4/12/2008 10:33 AM
Modified: 10/11/2006 9:54 AM
Company: MCCI
----------
Key: SE2Cmdm
ImagePath: system32\DRIVERS\SE2Cmdm.sys
C:\WINDOWS\system32\DRIVERS\SE2Cmdm.sys
-R- 97184 bytes
Created: 4/12/2008 10:33 AM
Modified: 10/11/2006 9:54 AM
Company: MCCI
----------
Key: SE2Cmgmt
ImagePath: system32\DRIVERS\SE2Cmgmt.sys
C:\WINDOWS\system32\DRIVERS\SE2Cmgmt.sys
-R- 88688 bytes
Created: 4/12/2008 10:33 AM
Modified: 10/11/2006 9:54 AM
Company: MCCI
----------
Key: se2Cnd5
ImagePath: system32\DRIVERS\se2Cnd5.sys
C:\WINDOWS\system32\DRIVERS\se2Cnd5.sys
-R- 18704 bytes
Created: 4/12/2008 10:34 AM
Modified: 10/11/2006 9:54 AM
Company: MCCI
----------
Key: SE2Cobex
ImagePath: system32\DRIVERS\SE2Cobex.sys
C:\WINDOWS\system32\DRIVERS\SE2Cobex.sys
-R- 86560 bytes
Created: 4/12/2008 10:33 AM
Modified: 10/11/2006 9:54 AM
Company: MCCI
----------
Key: se2Cunic
ImagePath: system32\DRIVERS\se2Cunic.sys
C:\WINDOWS\system32\DRIVERS\se2Cunic.sys
-R- 90800 bytes
Created: 4/12/2008 10:34 AM
Modified: 10/11/2006 9:54 AM
Company: MCCI
----------
Key: sfhlp01
ImagePath: System32\drivers\sfhlp01.sys
C:\WINDOWS\System32\drivers\sfhlp01.sys
4832 bytes
Created: 2/12/2003 1:50 AM
Modified: 2/12/2003 1:50 AM
Company: Protection Technology
----------
Key: sptd
ImagePath: System32\Drivers\sptd.sys - this file is globally excluded
----------
Key: StarWindServiceAE
ImagePath: C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
275968 bytes
Created: 29/05/2007 3:27 AM
Modified: 29/05/2007 3:27 AM
Company: Rocket Division Software
----------
Key: SwPrv
ImagePath: C:\WINDOWS\System32\dllhost.exe /Processid:{AD623655-EF04-4C37-9BEB-30243CD66548}
C:\WINDOWS\System32\dllhost.exe
5120 bytes
Created: 31/03/2003 10:30 PM
Modified: 14/04/2008 10:42 AM
Company: Microsoft Corporation
----------
Key: usbbus
ImagePath: system32\DRIVERS\lgusbbus.sys
C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [file not found to scan]
----------
Key: USBModem
ImagePath: system32\DRIVERS\lgusbmodem.sys
C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [file not found to scan]
----------
Key: usnjsvc
ImagePath: "C:\Program Files\Windows Live\Messenger\usnsvc.exe"
C:\Program Files\Windows Live\Messenger\usnsvc.exe
98328 bytes
Created: 18/10/2007 11:31 AM
Modified: 18/10/2007 11:31 AM
Company: Microsoft Corporation
----------
Key: WLSetupSvc
ImagePath: "C:\Program Files\Windows Live\installer\WLSetupSvc.exe"
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
266240 bytes
Created: 25/10/2007 3:27 PM
Modified: 25/10/2007 3:27 PM
Company: Microsoft Corporation
----------

************************************************** **********
11:28:09 PM: Scanning -----VXD ENTRIES-----
Checking the following VxD entries:

************************************************** **********
11:28:09 PM: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key : !SASWinLogon
DLLName: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
356352 bytes
Created: 19/04/2007 2:41 PM
Modified: 6/01/2009 5:26 PM
Company: SUPERAntiSpyware.com
----------

************************************************** **********
11:28:09 PM: Scanning ----- CONTEXTMENUHANDLERS -----
Key: AVG7 Shell Extension
CLSID: {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
Path: C:\Program Files\Grisoft\AVG7\avgse.dll
C:\Program Files\Grisoft\AVG7\avgse.dll
50688 bytes
Created: 18/01/2008 3:38 PM
Modified: 18/01/2008 3:38 PM
Company: GRISOFT, s.r.o.
----------
Key: ShellExtension
CLSID: [empty]
----------
Key: {CA8ACAFA-5FBB-467B-B348-90DD488DE003}
Path: C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL
C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL
61440 bytes
Created: 27/02/2007 1:39 PM
Modified: 27/02/2007 1:39 PM
Company: SUPERAntiSpyware.com
----------

************************************************** **********
11:28:09 PM: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {7D4D6379-F301-4311-BEBA-E26EB0561882}
File: [CLSID does not appear to reference a file]

************************************************** **********
11:28:09 PM: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {02478D38-C3F9-4EFB-9B51-7695ECA05670}
BHO: C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
440384 bytes
Created: 10/12/2008 11:13 AM
Modified: 26/10/2006 10:28 AM
Company: Yahoo! Inc.
----------
Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
BHO: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
62080 bytes
Created: 22/10/2006 11:08 PM
Modified: 22/10/2006 11:08 PM
Company: Adobe Systems Incorporated
----------
Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
BHO: C:\Program Files\Java\jre6\bin\ssv.dll
C:\Program Files\Java\jre6\bin\ssv.dll
320920 bytes
Created: 30/11/2008 2:31 PM
Modified: 10/11/2008 5:43 AM
Company: Sun Microsystems, Inc.
----------
Key: {9030D464-4C02-4ABF-8ECC-5164760863C6}
BHO: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
392240 bytes
Created: 14/12/2007 12:54 PM
Modified: 14/12/2007 12:54 PM
Company: Microsoft Corporation
----------
Key: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
BHO: C:\Program Files\Windows Live Toolbar\msntb.dll
C:\Program Files\Windows Live Toolbar\msntb.dll
546320 bytes
Created: 19/10/2007 11:20 AM
Modified: 19/10/2007 11:20 AM
Company: Microsoft Corporation
----------
Key: {DBC80044-A445-435b-BC74-9C25C1C588A9}
BHO: C:\Program Files\Java\jre6\bin\jp2ssv.dll
C:\Program Files\Java\jre6\bin\jp2ssv.dll
34816 bytes
Created: 30/11/2008 2:31 PM
Modified: 10/11/2008 5:43 AM
Company: Sun Microsystems, Inc.
----------
Key: {E7E6F031-17CE-4C07-BC86-EABFE594F69C}
BHO: C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
73728 bytes
Created: 30/11/2008 2:31 PM
Modified: 10/11/2008 5:43 AM
Company: Sun Microsystems, Inc.
----------
Key: {ecdee021-0d17-467f-a1ff-c7a115230949}
BHO: C:\Program Files\free-downloads.net\tbfree.dll
C:\Program Files\free-downloads.net\tbfree.dll
1555480 bytes
Created: 1/09/2007 2:54 PM
Modified: 14/02/2008 3:54 PM
Company: Conduit Ltd.
----------
Key: {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}
BHO: C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
262144 bytes
Created: 21/04/2008 7:26 PM
Modified: 21/04/2008 7:26 PM
Company: ZoneAlarm
----------

************************************************** **********
11:28:10 PM: Scanning ----- SHELLSERVICEOBJECTS -----
Key: WebCheck
CLSID: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Path: %SystemRoot%\System32\webcheck.dll
C:\WINDOWS\System32\webcheck.dll
276480 bytes
Created: 31/03/2003 10:30 PM
Modified: 14/04/2008 10:42 AM
Company: Microsoft Corporation
----------
Key: SysTray
CLSID: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Path: %systemroot%\system32\stobject.dll
C:\WINDOWS\system32\stobject.dll
121856 bytes
Created: 31/03/2003 10:30 PM
Modified: 14/04/2008 10:42 AM
Company: Microsoft Corporation
----------

************************************************** **********
11:28:10 PM: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

************************************************** **********
11:28:10 PM: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************** **********
11:28:10 PM: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank or does not exist

************************************************** **********
11:28:10 PM: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************** **********
11:28:10 PM: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
-HS- 84 bytes
Created: 18/01/2008 8:21 PM
Modified: 18/01/2008 10:26 AM
Company: [no info]
--------------------

************************************************** **********
11:28:10 PM: Scanning ------ USER STARTUP GROUPS ------
--------------------
Checking Startup Group for: Administrator
[C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP]
The Startup Group for Administrator attempts to load the following file(s):
C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 20/04/2008 10:49 AM
Modified: 18/01/2008 10:26 AM
Company: [no info]
----------
--------------------
Checking Startup Group for: Bella
[C:\Documents and Settings\Bella\START MENU\PROGRAMS\STARTUP]
The Startup Group for Bella attempts to load the following file(s):
C:\Documents and Settings\Bella\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 18/01/2008 5:15 PM
Modified: 18/01/2008 10:26 AM
Company: [no info]
----------
--------------------
Checking Startup Group for: Gigster
[C:\Documents and Settings\Gigster\START MENU\PROGRAMS\STARTUP]
The Startup Group for Gigster attempts to load the following file(s):
C:\Documents and Settings\Gigster\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 18/01/2008 10:32 AM
Modified: 18/01/2008 10:26 AM
Company: [no info]
----------

************************************************** **********
11:28:11 PM: Scanning ----- SCHEDULED TASKS -----
Taskname: Check Updates for Windows Live Toolbar.job
File: C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
99856 bytes
Created: 19/10/2007 11:20 AM
Modified: 19/10/2007 11:20 AM
Company: Microsoft Corporation
Parameters: [blank]
Next Run Time: 6/02/2009 12:12:00 AM
Status: The task is ready to run at its next scheduled time
Creator: Gigster
Comments: [blank]
----------
Taskname: SS4200 Utility Updates.job
File: C:\WINDOWS\Installer\SS4200 Utility Updates for All Users.lnk
C:\WINDOWS\Installer\SS4200 Utility Updates for All Users.lnk
977 bytes
Created: 23/11/2008 3:12 PM
Modified: 23/11/2008 3:12 PM
Company: [no info]
Parameters: [blank]
Next Run Time: 6/02/2009 10:00:00 AM
Status: The task has not yet run
Creator: Gigster
Comments: [blank]
----------

************************************************** **********
11:28:11 PM: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----

************************************************** **********
11:28:11 PM: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Documents and Settings\Gigster\Application Data\Mozilla\Firefox\Desktop Background.bmp
C:\Documents and Settings\Gigster\Application Data\Mozilla\Firefox\Desktop Background.bmp
1358010 bytes
Created: 28/04/2008 2:27 PM
Modified: 28/04/2008 2:27 PM
Company: [no info]
----------
Web Desktop Wallpaper: %APPDATA%\Mozilla\Firefox\Desktop Background.bmp
C:\Documents and Settings\Gigster\Application Data\Mozilla\Firefox\Desktop Background.bmp
1358010 bytes
Created: 28/04/2008 2:27 PM
Modified: 28/04/2008 2:27 PM
Company: [no info]
----------
Checks for rogue DNS NameServers completed
----------
----------
Additional checks completed

************************************************** **********
11:28:12 PM: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
--------------------
C:\WINDOWS\system32\csrss.exe
--------------------
C:\WINDOWS\system32\winlogon.exe
--------------------
C:\WINDOWS\system32\services.exe
--------------------
C:\WINDOWS\system32\lsass.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\LEXBCES.EXE - file already scanned
--------------------
C:\WINDOWS\system32\spoolsv.exe
--------------------
C:\WINDOWS\system32\LEXPPS.EXE
--------------------
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe - file already scanned
--------------------
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe - file already scanned
--------------------
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe - file already scanned
--------------------
C:\Program Files\Java\jre6\bin\jqs.exe - file already scanned
--------------------
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
--------------------
C:\WINDOWS\system32\nvsvc32.exe
--------------------
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\alg.exe
--------------------
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe - file already scanned
--------------------
C:\WINDOWS\system32\RUNDLL32.EXE
--------------------
C:\Program Files\Logitech\iTouch\iTouch.exe - file already scanned
--------------------
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe - file already scanned
--------------------
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
--------------------
C:\Program Files\Logitech\iTouch\kbdtray.exe
--------------------
C:\WINDOWS\system32\ctfmon.exe - file already scanned
--------------------
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe - file already scanned
--------------------
C:\Program Files\Common Files\Teleca Shared\Generic.exe
--------------------
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
--------------------
C:\WINDOWS\system32\taskmgr.exe
--------------------
C:\WINDOWS\explorer.exe - file already scanned
--------------------
C:\Documents and Settings\Gigster\Application Data\Simply Super Software\Trojan Remover\fcy30.exe
FileSize: 2933624
[This is a Trojan Remover component]
--------------------

************************************************** **********
11:28:14 PM: Checking AUTOEXEC.BAT file
AUTOEXEC.BAT found in C:\
No malicious entries were found in the AUTOEXEC.BAT file

************************************************** **********
11:28:14 PM: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file

************************************************** **********
11:28:14 PM: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************** **********
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
about:blank
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

************************************************** **********
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 11:28:14 PM 05 Feb 2009
Total Scan time: 00:00:12
************************************************** **********


***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.5.2562. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 11:23:58 PM 05 Feb 2009
Using Database v7279
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Gigster\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Gigster\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************** **********
The following Anti-Malware program(s) are loaded:
AVG Anti-Virus

************************************************** **********


************************************************** **********
11:23:58 PM: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS

************************************************** **********
11:23:58 PM: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS

************************************************** **********
11:23:58 PM: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************** **********
11:23:58 PM: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [Explorer.exe]
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1033728 bytes
Created: 31/03/2003 10:30 PM
Modified: 14/04/2008 10:42 AM
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\WINDOWS\system32\userinit.exe,]
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26112 bytes
Created: 31/03/2003 10:30 PM
Modified: 14/04/2008 10:42 AM
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
Key value: [logonui.exe]
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
514560 bytes
Created: 31/03/2003 10:30 PM
Modified: 14/04/2008 10:42 AM
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: AVG7_CC
Value Data: C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
590848 bytes
Created: 18/01/2008 3:38 PM
Modified: 17/10/2008 10:41 AM
Company: GRISOFT, s.r.o.
--------------------
Value Name: NvCplDaemon
Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
C:\WINDOWS\system32\NvCpl.dll
7700480 bytes
Created: 22/10/2006 12:22 PM
Modified: 22/10/2006 12:22 PM
Company: NVIDIA Corporation
--------------------
Value Name: nwiz
Value Data: nwiz.exe /install
C:\WINDOWS\system32\nwiz.exe
1622016 bytes
Created: 22/10/2006 12:22 PM
Modified: 22/10/2006 12:22 PM
Company: NVIDIA Corporation
--------------------
Value Name: NvMediaCenter
Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
C:\WINDOWS\system32\NvMcTray.dll
86016 bytes
Created: 22/10/2006 12:22 PM
Modified: 22/10/2006 12:22 PM
Company: NVIDIA Corporation
--------------------
Value Name: zBrowser Launcher
Value Data: C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
204800 bytes
Created: 21/01/2008 10:57 AM
Modified: 20/12/2001 1:59 AM
Company: Logitech Inc.
--------------------
Value Name: EM_EXEC
Value Data: C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
35328 bytes
Created: 21/01/2008 10:57 AM
Modified: 20/12/2001 9:42 AM
Company: Logitech Inc.
--------------------
Value Name:
Value Data:
Blank entry: []
--------------------
Value Name: Sony Ericsson PC Suite
Value Data: "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
-R- 159744 bytes
Created: 26/10/2005 4:17 PM
Modified: 26/10/2005 4:17 PM
Company: Sony Ericsson Mobile Communications AB
--------------------
Value Name: Lexmark X6100 Series
Value Data: "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
57344 bytes
Created: 12/01/2009 1:58 PM
Modified: 23/09/2003 2:01 AM
Company: Lexmark International, Inc.
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
1231752 bytes
Created: 5/02/2009 8:18 PM
Modified: 1/01/2009 8:43 PM
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Once
Value Name: Malwarebytes' Anti-Malware
Value Data: C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
399504 bytes
Created: 5/02/2009 8:37 PM
Modified: 14/01/2009 4:11 PM
Company: Malwarebytes Corporation
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Services
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\Run
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: CTFMON.EXE
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 31/03/2003 10:30 PM
Modified: 14/04/2008 10:42 AM
Company: Microsoft Corporation
--------------------
Value Name: MsnMsgr
Value Data: "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
5724184 bytes
Created: 18/10/2007 11:34 AM
Modified: 18/10/2007 11:34 AM
Company: Microsoft Corporation
--------------------
Value Name: SUPERAntiSpyware
Value Data: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
1830128 bytes
Created: 1/05/2007 10:29 AM
Modified: 3/02/2009 7:46 PM
Company: SUPERAntiSpyware.com
--------------------
Value Name: AlcoholAutomount
Value Data: "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe
217544 bytes
Created: 22/02/2008 10:00 PM
Modified: 22/02/2008 10:00 PM
Company: Alcohol Soft Development Team
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Once
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Services
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run ServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\Run
This Registry Key appears to be empty

************************************************** **********
11:24:01 PM: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------
ValueName: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}
File: C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
77824 bytes
Created: 20/12/2006 2:55 PM
Modified: 22/05/2008 9:49 AM
Company: SuperAdBlocker.com
----------

************************************************** **********
11:24:01 PM: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************** **********
11:24:01 PM: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.
--------------------

************************************************** **********
11:24:01 PM: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: {6BF52A52-394A-11d3-B153-00C04F79FAA6}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
C:\WINDOWS\INF\wmp11.inf
2428 bytes
Created: 25/08/2006 5:09 PM
Modified: 25/08/2006 5:09 PM
Company: [no info]
----------

************************************************** **********
11:24:02 PM: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------

************************************************** **********
11:24:04 PM: Scanning ----- SERVICES REGISTRY KEYS -----
Key: ALCXWDM
ImagePath: system32\drivers\ALCXWDM.SYS
C:\WINDOWS\system32\drivers\ALCXWDM.SYS
303948 bytes
Created: 18/01/2008 1:00 PM
Modified: 25/03/2002 10:43 PM
Company: Avance Logic, Inc.
----------
Key: Aspi32
ImagePath: System32\drivers\aspi32.sys
C:\WINDOWS\System32\drivers\aspi32.sys
16512 bytes
Created: 30/11/2008 11:01 PM
Modified: 21/11/2005 4:18 PM
Company: Adaptec
----------
Key: Avg7Alrt
ImagePath: C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
418816 bytes
Created: 18/01/2008 3:38 PM
Modified: 18/01/2008 3:38 PM
Company: GRISOFT, s.r.o.
----------
Key: Avg7Core
ImagePath: \SystemRoot\System32\Drivers\avg7core.sys
C:\WINDOWS\System32\Drivers\avg7core.sys
821856 bytes
Created: 18/01/2008 3:38 PM
Modified: 18/01/2008 3:38 PM
Company: GRISOFT, s.r.o.
----------
Key: Avg7RsW
ImagePath: \SystemRoot\System32\Drivers\avg7rsw.sys
C:\WINDOWS\System32\Drivers\avg7rsw.sys
4224 bytes
Created: 18/01/2008 3:38 PM
Modified: 18/01/2008 3:38 PM
Company: GRISOFT, s.r.o.
----------
Key: Avg7RsXP
ImagePath: \SystemRoot\System32\Drivers\avg7rsxp.sys
C:\WINDOWS\System32\Drivers\avg7rsxp.sys
27776 bytes
Created: 18/01/2008 3:38 PM
Modified: 18/01/2008 3:38 PM
Company: GRISOFT, s.r.o.
----------
Key: Avg7UpdSvc
ImagePath: C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
49664 bytes
Created: 18/01/2008 3:38 PM
Modified: 18/01/2008 3:38 PM
Company: GRISOFT, s.r.o.
----------
Key: AvgClean
ImagePath: \SystemRoot\System32\Drivers\avgclean.sys
C:\WINDOWS\System32\Drivers\avgclean.sys
10760 bytes
Created: 18/01/2008 3:38 PM
Modified: 18/01/2008 3:42 PM
Company: GRISOFT, s.r.o.
----------
Key: AVGEMS
ImagePath: C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
406528 bytes
Created: 18/01/2008 3:38 PM
Modified: 18/01/2008 3:42 PM
Company: GRISOFT, s.r.o.
----------
Key: AvgTdi
ImagePath: \SystemRoot\System32\Drivers\avgtdi.sys
C:\WINDOWS\System32\Drivers\avgtdi.sys
4960 bytes
Created: 18/01/2008 3:38 PM
Modified: 18/01/2008 3:38 PM
Company: GRISOFT, s.r.o.
----------
Key: BANTExt
ImagePath: \SystemRoot\System32\Drivers\BANTExt.sys
C:\WINDOWS\System32\Drivers\BANTExt.sys
3840 bytes
Created: 24/01/2008 7:37 PM
Modified: 7/04/2005 5:18 PM
Company: [no info]
----------
Key: catchme
ImagePath: \??\C:\Combo-Fix\catchme.sys - this file is globally excluded
----------
Key: ImapiService
ImagePath: %systemroot%\system32\imapi.exe
C:\WINDOWS\system32\imapi.exe
150528 bytes
Created: 31/03/2003 10:30 PM
Modified: 14/04/2008 10:42 AM
Company: Microsoft Corporation
----------
Key: itchfltr
ImagePath: system32\DRIVERS\itchfltr.sys
C:\WINDOWS\system32\DRIVERS\itchfltr.sys
10496 bytes
Created: 21/01/2008 10:57 AM
Modified: 17/12/2001 8:12 PM
Company: Logitech Inc.
----------
Key: JavaQuickStarterService
ImagePath: "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
C:\Program Files\Java\jre6\bin\jqs.exe
152984 bytes
Created: 30/11/2008 2:31 PM
Modified: 10/11/2008 5:43 AM
Company: Sun Microsystems, Inc.
----------
Key: LexBceS
ImagePath: C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXBCES.EXE
303104 bytes
Created: 12/01/2009 1:59 PM
Modified: 23/09/2003 1:42 AM
Company: Lexmark International, Inc.
----------
Key: pfsvgae
ImagePath: \??\C:\DOCUME~1\Gigster\LOCALS~1\Temp\pfsvgae.sys
C:\DOCUME~1\Gigster\LOCALS~1\Temp\pfsvgae.sys [file not found to scan]
----------
Key: prodrv06
ImagePath: \SystemRoot\System32\drivers\prodrv06.sys
C:\WINDOWS\System32\drivers\prodrv06.sys
53920 bytes
Created: 9/08/2004 9:59 PM
Modified: 9/08/2004 9:59 PM
Company: Protection Technology
----------
Key: prohlp02
ImagePath: System32\drivers\prohlp02.sys
C:\WINDOWS\System32\drivers\prohlp02.sys
114016 bytes
Created: 9/08/2004 10:03 PM
Modified: 9/08/2004 10:03 PM
Company: Protection Technology
----------
Key: prosync1
ImagePath: System32\drivers\prosync1.sys
C:\WINDOWS\System32\drivers\prosync1.sys
7040 bytes
Created: 20/07/2004 1:19 AM
Modified: 20/07/2004 1:19 AM
Company: Protection Technology
----------
Key: RTL8023xp
ImagePath: system32\DRIVERS\Rtnicxp.sys
C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
104320 bytes
Created: 20/11/2007 11:09 AM
Modified: 20/11/2007 11:09 AM
Company: Realtek Semiconductor Corporation
----------
Key: SASDIFSV
ImagePath: \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
8944 bytes
Created: 10/10/2006 2:53 PM
Modified: 22/05/2008 9:49 AM
Company: SUPERAdBlocker.com and SUPERAntiSpyware.com
----------
Key: SASENUM
ImagePath: \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
-R- 4096 bytes
Created: 16/02/2006 6:51 PM
Modified: 16/02/2006 6:51 PM
Company: SuperAdBlocker, Inc.
----------
Key: SASKUTIL
ImagePath: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
55024 bytes
Created: 27/02/2007 1:39 PM
Modified: 22/05/2008 9:49 AM
Company: SUPERAdBlocker.com and SUPERAntiSpyware.com
----------
Key: SE2Cbus
ImagePath: system32\DRIVERS\SE2Cbus.sys
C:\WINDOWS\system32\DRIVERS\SE2Cbus.sys
-R- 61600 bytes
Created: 24/04/2008 6:08 PM
Modified: 10/11/2006 10:54 AM
Company: MCCI
----------
Key: SE2Cmdfl
ImagePath: system32\DRIVERS\SE2Cmdfl.sys
C:\WINDOWS\system32\DRIVERS\SE2Cmdfl.sys
-R- 9360 bytes
Created: 4/12/2008 10:33 AM
Modified: 10/11/2006 9:54 AM
Company: MCCI
----------
Key: SE2Cmdm
ImagePath: system32\DRIVERS\SE2Cmdm.sys
C:\WINDOWS\system32\DRIVERS\SE2Cmdm.sys
-R- 97184 bytes
Created: 4/12/2008 10:33 AM
Modified: 10/11/2006 9:54 AM
Company: MCCI
----------
Key: SE2Cmgmt
ImagePath: system32\DRIVERS\SE2Cmgmt.sys
C:\WINDOWS\system32\DRIVERS\SE2Cmgmt.sys
-R- 88688 bytes
Created: 4/12/2008 10:33 AM
Modified: 10/11/2006 9:54 AM
Company: MCCI
----------
Key: se2Cnd5
ImagePath: system32\DRIVERS\se2Cnd5.sys
C:\WINDOWS\system32\DRIVERS\se2Cnd5.sys
-R- 18704 bytes
Created: 4/12/2008 10:34 AM
Modified: 10/11/2006 9:54 AM
Company: MCCI
----------
Key: SE2Cobex
ImagePath: system32\DRIVERS\SE2Cobex.sys
C:\WINDOWS\system32\DRIVERS\SE2Cobex.sys
-R- 86560 bytes
Created: 4/12/2008 10:33 AM
Modified: 10/11/2006 9:54 AM
Company: MCCI
----------
Key: se2Cunic
ImagePath: system32\DRIVERS\se2Cunic.sys
C:\WINDOWS\system32\DRIVERS\se2Cunic.sys
-R- 90800 bytes
Created: 4/12/2008 10:34 AM
Modified: 10/11/2006 9:54 AM
Company: MCCI
----------
Key: sfhlp01
ImagePath: System32\drivers\sfhlp01.sys
C:\WINDOWS\System32\drivers\sfhlp01.sys
4832 bytes
Created: 2/12/2003 1:50 AM
Modified: 2/12/2003 1:50 AM
Company: Protection Technology
----------
Key: sptd
ImagePath: System32\Drivers\sptd.sys - this file is globally excluded
----------
Key: StarWindServiceAE
ImagePath: C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
275968 bytes
Created: 29/05/2007 3:27 AM
Modified: 29/05/2007 3:27 AM
Company: Rocket Division Software
----------
Key: SwPrv
ImagePath: C:\WINDOWS\System32\dllhost.exe /Processid:{AD623655-EF04-4C37-9BEB-30243CD66548}
C:\WINDOWS\System32\dllhost.exe
5120 bytes
Created: 31/03/2003 10:30 PM
Modified: 14/04/2008 10:42 AM
Company: Microsoft Corporation
----------
Key: usbbus
ImagePath: system32\DRIVERS\lgusbbus.sys
C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [file not found to scan]
----------
Key: USBModem
ImagePath: system32\DRIVERS\lgusbmodem.sys
C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [file not found to scan]
----------
Key: usnjsvc
ImagePath: "C:\Program Files\Windows Live\Messenger\usnsvc.exe"
C:\Program Files\Windows Live\Messenger\usnsvc.exe
98328 bytes
Created: 18/10/2007 11:31 AM
Modified: 18/10/2007 11:31 AM
Company: Microsoft Corporation
----------
Key: WLSetupSvc
ImagePath: "C:\Program Files\Windows Live\installer\WLSetupSvc.exe"
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
266240 bytes
Created: 25/10/2007 3:27 PM
Modified: 25/10/2007 3:27 PM
Company: Microsoft Corporation
----------

************************************************** **********
11:24:10 PM: Scanning -----VXD ENTRIES-----
Checking the following VxD entries:

************************************************** **********
11:24:10 PM: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key : !SASWinLogon
DLLName: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
356352 bytes
Created: 19/04/2007 2:41 PM
Modified: 6/01/2009 5:26 PM
Company: SUPERAntiSpyware.com
----------

************************************************** **********
11:24:10 PM: Scanning ----- CONTEXTMENUHANDLERS -----
Key: AVG7 Shell Extension
CLSID: {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
Path: C:\Program Files\Grisoft\AVG7\avgse.dll
C:\Program Files\Grisoft\AVG7\avgse.dll
50688 bytes
Created: 18/01/2008 3:38 PM
Modified: 18/01/2008 3:38 PM
Company: GRISOFT, s.r.o.
----------
Key: ShellExtension
CLSID: [empty]
----------
Key: {CA8ACAFA-5FBB-467B-B348-90DD488DE003}
Path: C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL
C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL
61440 bytes
Created: 27/02/2007 1:39 PM
Modified: 27/02/2007 1:39 PM
Company: SUPERAntiSpyware.com
----------

************************************************** **********
11:24:10 PM: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {7D4D6379-F301-4311-BEBA-E26EB0561882}
File: [CLSID does not appear to reference a file]

************************************************** **********
11:24:10 PM: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {02478D38-C3F9-4EFB-9B51-7695ECA05670}
BHO: C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
440384 bytes
Created: 10/12/2008 11:13 AM
Modified: 26/10/2006 10:28 AM
Company: Yahoo! Inc.
----------
Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
BHO: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
62080 bytes
Created: 22/10/2006 11:08 PM
Modified: 22/10/2006 11:08 PM
Company: Adobe Systems Incorporated
----------
Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
BHO: C:\Program Files\Java\jre6\bin\ssv.dll
C:\Program Files\Java\jre6\bin\ssv.dll
320920 bytes
Created: 30/11/2008 2:31 PM
Modified: 10/11/2008 5:43 AM
Company: Sun Microsystems, Inc.
----------
Key: {9030D464-4C02-4ABF-8ECC-5164760863C6}
BHO: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
392240 bytes
Created: 14/12/2007 12:54 PM
Modified: 14/12/2007 12:54 PM
Company: Microsoft Corporation
----------
Key: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
BHO: C:\Program Files\Windows Live Toolbar\msntb.dll
C:\Program Files\Windows Live Toolbar\msntb.dll
546320 bytes
Created: 19/10/2007 11:20 AM
Modified: 19/10/2007 11:20 AM
Company: Microsoft Corporation
----------
Key: {DBC80044-A445-435b-BC74-9C25C1C588A9}
BHO: C:\Program Files\Java\jre6\bin\jp2ssv.dll
C:\Program Files\Java\jre6\bin\jp2ssv.dll
34816 bytes
Created: 30/11/2008 2:31 PM
Modified: 10/11/2008 5:43 AM
Company: Sun Microsystems, Inc.
----------
Key: {E7E6F031-17CE-4C07-BC86-EABFE594F69C}
BHO: C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
73728 bytes
Created: 30/11/2008 2:31 PM
Modified: 10/11/2008 5:43 AM
Company: Sun Microsystems, Inc.
----------
Key: {ecdee021-0d17-467f-a1ff-c7a115230949}
BHO: C:\Program Files\free-downloads.net\tbfree.dll
C:\Program Files\free-downloads.net\tbfree.dll
1555480 bytes
Created: 1/09/2007 2:54 PM
Modified: 14/02/2008 3:54 PM
Company: Conduit Ltd.
----------
Key: {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}
BHO: C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
262144 bytes
Created: 21/04/2008 7:26 PM
Modified: 21/04/2008 7:26 PM
Company: ZoneAlarm
----------

************************************************** **********
11:24:11 PM: Scanning ----- SHELLSERVICEOBJECTS -----
Key: WebCheck
CLSID: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Path: %SystemRoot%\System32\webcheck.dll
C:\WINDOWS\System32\webcheck.dll
276480 bytes
Created: 31/03/2003 10:30 PM
Modified: 14/04/2008 10:42 AM
Company: Microsoft Corporation
----------
Key: SysTray
CLSID: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Path: %systemroot%\system32\stobject.dll
C:\WINDOWS\system32\stobject.dll
121856 bytes
Created: 31/03/2003 10:30 PM
Modified: 14/04/2008 10:42 AM
Company: Microsoft Corporation
----------

************************************************** **********
11:24:11 PM: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

************************************************** **********
11:24:11 PM: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************** **********
11:24:11 PM: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank or does not exist

************************************************** **********
11:24:12 PM: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************** **********
11:24:12 PM: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
-HS- 84 bytes
Created: 18/01/2008 8:21 PM
Modified: 18/01/2008 10:26 AM
Company: [no info]
--------------------

************************************************** **********
11:24:12 PM: Scanning ------ USER STARTUP GROUPS ------
--------------------
Checking Startup Group for: Administrator
[C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP]
The Startup Group for Administrator attempts to load the following file(s):
C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 20/04/2008 10:49 AM
Modified: 18/01/2008 10:26 AM
Company: [no info]
----------
--------------------
Checking Startup Group for: Bella
[C:\Documents and Settings\Bella\START MENU\PROGRAMS\STARTUP]
The Startup Group for Bella attempts to load the following file(s):
C:\Documents and Settings\Bella\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 18/01/2008 5:15 PM
Modified: 18/01/2008 10:26 AM
Company: [no info]
----------
--------------------
Checking Startup Group for: Gigster
[C:\Documents and Settings\Gigster\START MENU\PROGRAMS\STARTUP]
The Startup Group for Gigster attempts to load the following file(s):
C:\Documents and Settings\Gigster\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 18/01/2008 10:32 AM
Modified: 18/01/2008 10:26 AM
Company: [no info]
----------

************************************************** **********
11:24:12 PM: Scanning ----- SCHEDULED TASKS -----
Taskname: Check Updates for Windows Live Toolbar.job
File: C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
99856 bytes
Created: 19/10/2007 11:20 AM
Modified: 19/10/2007 11:20 AM
Company: Microsoft Corporation
Parameters: [blank]
Next Run Time: 6/02/2009 12:12:00 AM
Status: The task is ready to run at its next scheduled time
Creator: Gigster
Comments: [blank]
----------
Taskname: SS4200 Utility Updates.job
File: C:\WINDOWS\Installer\SS4200 Utility Updates for All Users.lnk
C:\WINDOWS\Installer\SS4200 Utility Updates for All Users.lnk
977 bytes
Created: 23/11/2008 3:12 PM
Modified: 23/11/2008 3:12 PM
Company: [no info]
Parameters: [blank]
Next Run Time: 6/02/2009 10:00:00 AM
Status: The task has not yet run
Creator: Gigster
Comments: [blank]
----------

************************************************** **********
11:24:13 PM: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----

************************************************** **********
11:24:13 PM: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Documents and Settings\Gigster\Application Data\Mozilla\Firefox\Desktop Background.bmp
C:\Documents and Settings\Gigster\Application Data\Mozilla\Firefox\Desktop Background.bmp
1358010 bytes
Created: 28/04/2008 2:27 PM
Modified: 28/04/2008 2:27 PM
Company: [no info]
----------
Web Desktop Wallpaper: %APPDATA%\Mozilla\Firefox\Desktop Background.bmp
C:\Documents and Settings\Gigster\Application Data\Mozilla\Firefox\Desktop Background.bmp
1358010 bytes
Created: 28/04/2008 2:27 PM
Modified: 28/04/2008 2:27 PM
Company: [no info]
----------
Checks for rogue DNS NameServers completed
----------
----------
Additional checks completed

************************************************** **********
11:24:13 PM: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
--------------------
C:\WINDOWS\system32\csrss.exe
--------------------
C:\WINDOWS\system32\winlogon.exe
--------------------
C:\WINDOWS\system32\services.exe
--------------------
C:\WINDOWS\system32\lsass.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\LEXBCES.EXE - file already scanned
--------------------
C:\WINDOWS\system32\spoolsv.exe
--------------------
C:\WINDOWS\system32\LEXPPS.EXE
--------------------
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe - file already scanned
--------------------
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe - file already scanned
--------------------
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe - file already scanned
--------------------
C:\Program Files\Java\jre6\bin\jqs.exe - file already scanned
--------------------
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
--------------------
C:\WINDOWS\system32\nvsvc32.exe
--------------------
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\alg.exe
--------------------
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe - file already scanned
--------------------
C:\WINDOWS\system32\RUNDLL32.EXE
--------------------
C:\Program Files\Logitech\iTouch\iTouch.exe - file already scanned
--------------------
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe - file already scanned
--------------------
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
--------------------
C:\Program Files\Logitech\iTouch\kbdtray.exe
--------------------
C:\WINDOWS\system32\ctfmon.exe - file already scanned
--------------------
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe - file already scanned
--------------------
C:\Program Files\Common Files\Teleca Shared\Generic.exe
--------------------
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
--------------------
C:\WINDOWS\system32\taskmgr.exe
--------------------
C:\WINDOWS\explorer.exe - file already scanned
--------------------
C:\Documents and Settings\Gigster\Application Data\Simply Super Software\Trojan Remover\pjy2E.exe
FileSize: 2933624
[This is a Trojan Remover component]
--------------------

************************************************** **********
11:24:16 PM: Checking AUTOEXEC.BAT file
AUTOEXEC.BAT found in C:\
No malicious entries were found in the AUTOEXEC.BAT file

************************************************** **********
11:24:16 PM: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file

************************************************** **********
11:24:16 PM: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************** **********
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
about:blank
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

************************************************** **********
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 11:24:16 PM 05 Feb 2009
Total Scan time: 00:00:18
************************************************** **********


***** WINDOWS EXPLORER POLICIES RESET *****
Trojan Remover Ver 6.7.5.2562. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 11:23:35 PM 05 Feb 2009
Using Database v7279
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Gigster\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Gigster\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************** **********
The following Anti-Malware program(s) are loaded:
AVG Anti-Virus

************************************************** **********

Checking for HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System
- no action required on this key as it does not exist
----------
Checking for HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\NonEnum
- no action required on this key as it does not exist
Checking for HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\NonEnum\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
- no action required: value either does not exist or is set to False
Checking for HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\NonEnum\{450D8FBA-AD25-11D0-98A8-0800361B1103}
- no action required: value either does not exist or is set to False
----------
Checking for HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\DisallowRun
- no action required on this key as it does not exist
----------
Checking Values in:
HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer
Value: DisallowRun - value does not exist, no action required
Value: NoActiveDesktopChanges - value does not exist, no action required
Value: NoActiveDesktop - not set, no action required
Value: NoFileMenu - value does not exist, no action required
Value: NoClose - value does not exist, no action required
Value: NoDesktop - value does not exist, no action required
Value: NoDrives - value does not exist, no action required
Value: NoFind - value does not exist, no action required
Value: NoFolderOptions - value does not exist, no action required
Value: NoRun - value does not exist, no action required
Value: NoFavoritesMenu - value does not exist, no action required
Value: NoSetFolders - value does not exist, no action required
Value: NoControlPanel - value does not exist, no action required
----------
Checking Values in:
HKCU\Control Panel\Desktop
----------
Checking HKCU ActiveDesktop Policies:
----------
Checking HKCU Add/Remove Programs Policies:
----------
Checking for HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\DisallowRun
- no action required on this key as it does not exist
----------
Checking Values in:
HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer
Value: DisallowRun - value does not exist, no action required
Value: NoActiveDesktopChanges - value does not exist, no action required
Value: NoActiveDesktop - not set, no action required
Value: NoFileMenu - value does not exist, no action required
Value: NoClose - value does not exist, no action required
Value: NoDesktop - value does not exist, no action required
Value: NoDrives - value does not exist, no action required
Value: NoFind - value does not exist, no action required
Value: NoFolderOptions - value does not exist, no action required
Value: NoRun - value does not exist, no action required
Value: NoFavoritesMenu - value does not exist, no action required
Value: NoSetFolders - value does not exist, no action required
Value: NoControlPanel - value does not exist, no action required
----------
Checking HKLM ActiveDesktop Policies:
----------
Checking HKLM Add/Remove Programs Policies:
----------
************************************************** **********


***** LAYERED SERVICE PROVIDER CHECKS *****
Trojan Remover Ver 6.7.5.2562. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 11:23:31 PM 05 Feb 2009
Using Database v7279
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Gigster\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Gigster\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************** **********
The following Anti-Malware program(s) are loaded:
AVG Anti-Virus

************************************************** **********

No errors were located in the Layered Service Provider Registry entries.
No action was taken.
************************************************** **********


***** WINDOWS UPDATE POLICIES RESET *****
Trojan Remover Ver 6.7.5.2562. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 11:23:28 PM 05 Feb 2009
Using Database v7279
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Gigster\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Gigster\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************** **********
The following Anti-Malware program(s) are loaded:
AVG Anti-Virus

************************************************** **********

No invalid Windows Update Policies found to reset.
************************************************** **********


***** WINDOWS HOSTS FILE RESET *****
Trojan Remover Ver 6.7.5.2562. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 11:23:23 PM 05 Feb 2009
Using Database v7279
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Gigster\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Gigster\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************** **********
The following Anti-Malware program(s) are loaded:
AVG Anti-Virus

************************************************** **********

C:\WINDOWS\system32\DRIVERS\ETC\HOSTS has been copied to C:\WINDOWS\system32\DRIVERS\ETC\HOSTS.TRB
The default HOSTS file was successfully reset.
************************************************** **********


***** INTERNET EXPLORER HOME/START/SEARCH PAGE AND POLICY RESTRICTIONS RESET ****
Trojan Remover Ver 6.7.5.2562. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 11:23:19 PM 05 Feb 2009
Using Database v7279
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Gigster\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Gigster\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************** **********
The following Anti-Malware program(s) are loaded:
AVG Anti-Virus

************************************************** **********

Existing Home/Start/Search Page settings are as follows:
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
about:blank
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
These settings will now be reset to their defaults:
HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\"NoToolbarCustomize" policy reset to default
HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\"NoBandCustomize" policy reset to default
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL" has been reset
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page" has been reset
HKLM\Software\Microsoft\Windows\CurrentVersion\URL \Prefixes\"www" has been reset
HKLM\Software\Microsoft\Windows\CurrentVersion\URL \Prefixes\"ftp" has been reset
HKLM\Software\Microsoft\Windows\CurrentVersion\URL \Prefixes\"gopher" has been reset
HKLM\Software\Microsoft\Windows\CurrentVersion\URL \Prefixes\"home" has been reset
HKLM\Software\Microsoft\Windows\CurrentVersion\URL \Prefixes\"mosaic" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer\"NoToolbarCustomize" policy reset to default
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer\"NoBandCustomize" policy reset to default
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Search Page" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Show_FullURL" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Show_ToolBar" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Show_URLToolBar" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Start Page" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Show_StatusBar" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Show_URLinStatusBar" has been reset
--------------------
************************************************** **********


***** THE SYSTEM HAS BEEN RESTARTED *****
5/02/2009 8:28:55 PM: Trojan Remover has been restarted
================================================== =====
Removing the following registry keys:
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\dtscsi.sys - already removed (or did not exist)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\dtscsi.sys - already removed (or did not exist)
================================================== =====
================================================== =====
Deleting the following registry value(s):
HKLM\SYSTEM\CurrentControlSet\Services\dtscsi\[ImagePath] - already deleted
================================================== =====
5/02/2009 8:28:55 PM: Trojan Remover closed
************************************************** **********


***** WINDOWS EXPLORER POLICIES RESET *****
Trojan Remover Ver 6.7.5.2562. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 8:26:22 PM 05 Feb 2009
Using Database v7272
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Gigster\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Gigster\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************** **********
The following Anti-Malware program(s) are loaded:
AVG Anti-Virus
AVG Anti-Virus

************************************************** **********

Checking for HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System
- no action required on this key as it does not exist
----------
Checking for HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\NonEnum
- no action required on this key as it does not exist
Checking for HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\NonEnum\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
- no action required: value either does not exist or is set to False
Checking for HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\NonEnum\{450D8FBA-AD25-11D0-98A8-0800361B1103}
- no action required: value either does not exist or is set to False
----------
Checking for HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\DisallowRun
- no action required on this key as it does not exist
----------
Checking Values in:
HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer
Value: DisallowRun - value does not exist, no action required
Value: NoActiveDesktopChanges - value does not exist, no action required
Value: NoActiveDesktop - not set, no action required
Value: NoFileMenu - value does not exist, no action required
Value: NoClose - value does not exist, no action required
Value: NoDesktop - value does not exist, no action required
Value: NoDrives - value does not exist, no action required
Value: NoFind - value does not exist, no action required
Value: NoFolderOptions - value does not exist, no action required
Value: NoRun - value does not exist, no action required
Value: NoFavoritesMenu - value does not exist, no action required
Value: NoSetFolders - value does not exist, no action required
Value: NoControlPanel - value does not exist, no action required
----------
Checking Values in:
HKCU\Control Panel\Desktop
----------
Checking HKCU ActiveDesktop Policies:
----------
Checking HKCU Add/Remove Programs Policies:
----------
Checking for HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\DisallowRun
- no action required on this key as it does not exist
----------
Checking Values in:
HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer
Value: DisallowRun - value does not exist, no action required
Value: NoActiveDesktopChanges - value does not exist, no action required
Value: NoActiveDesktop - not set, no action required
Value: NoFileMenu - value does not exist, no action required
Value: NoClose - value does not exist, no action required
Value: NoDesktop - value does not exist, no action required
Value: NoDrives - value does not exist, no action required
Value: NoFind - value does not exist, no action required
Value: NoFolderOptions - value does not exist, no action required
Value: NoRun - value does not exist, no action required
Value: NoFavoritesMenu - value does not exist, no action required
Value: NoSetFolders - value does not exist, no action required
Value: NoControlPanel - value does not exist, no action required
----------
Checking HKLM ActiveDesktop Policies:
----------
Checking HKLM Add/Remove Programs Policies:
----------
************************************************** **********


***** LAYERED SERVICE PROVIDER CHECKS *****
Trojan Remover Ver 6.7.5.2562. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 8:26:15 PM 05 Feb 2009
Using Database v7272
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Gigster\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Gigster\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************** **********
The following Anti-Malware program(s) are loaded:
AVG Anti-Virus
AVG Anti-Virus

************************************************** **********

No errors were located in the Layered Service Provider Registry entries.
No action was taken.
************************************************** **********


***** LAYERED SERVICE PROVIDER CHECKS *****
Trojan Remover Ver 6.7.5.2562. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 8:25:32 PM 05 Feb 2009
Using Database v7272
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Gigster\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Gigster\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************** **********
The following Anti-Malware program(s) are loaded:
AVG Anti-Virus
AVG Anti-Virus

************************************************** **********

No errors were located in the Layered Service Provider Registry entries.
No action was taken.
************************************************** **********


***** WINDOWS UPDATE POLICIES RESET *****
Trojan Remover Ver 6.7.5.2562. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 8:25:27 PM 05 Feb 2009
Using Database v7272
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Gigster\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Gigster\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************** **********
The following Anti-Malware program(s) are loaded:
AVG Anti-Virus
AVG Anti-Virus

************************************************** **********

No invalid Windows Update Policies found to reset.
************************************************** **********


***** WINDOWS HOSTS FILE RESET *****
Trojan Remover Ver 6.7.5.2562. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 8:25:24 PM 05 Feb 2009
Using Database v7272
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Gigster\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Gigster\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************** **********
The following Anti-Malware program(s) are loaded:
AVG Anti-Virus
AVG Anti-Virus

************************************************** **********

C:\WINDOWS\system32\DRIVERS\ETC\HOSTS has been copied to C:\WINDOWS\system32\DRIVERS\ETC\HOSTS.TRB
The default HOSTS file was successfully reset.
************************************************** **********


***** INTERNET EXPLORER HOME/START/SEARCH PAGE AND POLICY RESTRICTIONS RESET ****
Trojan Remover Ver 6.7.5.2562. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 8:25:19 PM 05 Feb 2009
Using Database v7272
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Gigster\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Gigster\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************** **********
The following Anti-Malware program(s) are loaded:
AVG Anti-Virus
AVG Anti-Virus

************************************************** **********

Existing Home/Start/Search Page settings are as follows:
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
about:blank
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
These settings will now be reset to their defaults:
HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\"NoToolbarCustomize" policy reset to default
HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\"NoBandCustomize" policy reset to default
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL" has been reset
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page" has been reset
HKLM\Software\Microsoft\Windows\CurrentVersion\URL \Prefixes\"www" has been reset
HKLM\Software\Microsoft\Windows\CurrentVersion\URL \Prefixes\"ftp" has been reset
HKLM\Software\Microsoft\Windows\CurrentVersion\URL \Prefixes\"gopher" has been reset
HKLM\Software\Microsoft\Windows\CurrentVersion\URL \Prefixes\"home" has been reset
HKLM\Software\Microsoft\Windows\CurrentVersion\URL \Prefixes\"mosaic" has been reset
HKEY_CURRENT_USER\Software\Policies\Microsoft\Inte rnet Explorer\Control Panel has been reset
HKEY_CURRENT_USER\Software\Policies\Microsoft\Inte rnet Explorer\Control Panel\"HomePage" value has been reset
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer\"NoToolbarCustomize" policy reset to default
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer\"NoBandCustomize" policy reset to default
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Search Page" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Show_FullURL" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Show_ToolBar" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Show_URLToolBar" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Start Page" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Show_StatusBar" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Show_URLinStatusBar" has been reset
--------------------
************************************************** **********


***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.5.2562. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 8:22:31 PM 05 Feb 2009
Using Database v7272
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Gigster\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Gigster\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************** **********
The following Anti-Malware program(s) are loaded:
AVG Anti-Virus
AVG Anti-Virus

************************************************** **********


************************************************** **********
8:22:31 PM: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS

************************************************** **********
8:22:31 PM: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS

************************************************** **********
8:22:31 PM: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************** **********
8:22:31 PM: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [Explorer.exe]
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1033728 bytes
Created: 31/03/2003 10:30 PM
Modified: 14/04/2008 10:42 AM
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\WINDOWS\system32\userinit.exe,]
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26112 bytes
Created: 31/03/2003 10:30 PM
Modified: 14/04/2008 10:42 AM
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
Key value: [logonui.exe]
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
514560 bytes
Created: 31/03/2003 10:30 PM
Modified: 14/04/2008 10:42 AM
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: SoundMan
Value Data: SOUNDMAN.EXE
C:\WINDOWS\SOUNDMAN.EXE
46592 bytes
Created: 18/01/2008 1:00 PM
Modified: 21/03/2002 12:53 PM
Company: Avance Logic, Inc.
--------------------
Value Name: AVG7_CC
Value Data: C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
590848 bytes
Created: 18/01/2008 3:38 PM
Modified: 17/10/2008 10:41 AM
Company: GRISOFT, s.r.o.
--------------------
Value Name: NvCplDaemon
Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
C:\WINDOWS\system32\NvCpl.dll
7700480 bytes
Created: 22/10/2006 12:22 PM
Modified: 22/10/2006 12:22 PM
Company: NVIDIA Corporation
--------------------
Value Name: nwiz
Value Data: nwiz.exe /install
C:\WINDOWS\system32\nwiz.exe
1622016 bytes
Created: 22/10/2006 12:22 PM
Modified: 22/10/2006 12:22 PM
Company: NVIDIA Corporation
--------------------
Value Name: NvMediaCenter
Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
C:\WINDOWS\system32\NvMcTray.dll
86016 bytes
Created: 22/10/2006 12:22 PM
Modified: 22/10/2006 12:22 PM
Company: NVIDIA Corporation
--------------------
Value Name: zBrowser Launcher
Value Data: C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
204800 bytes
Created: 21/01/2008 10:57 AM
Modified: 20/12/2001 1:59 AM
Company: Logitech Inc.
--------------------
Value Name: EM_EXEC
Value Data: C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
35328 bytes
Created: 21/01/2008 10:57 AM
Modified: 20/12/2001 9:42 AM
Company: Logitech Inc.
--------------------
Value Name:
Value Data:
Blank entry: []
--------------------
Value Name: Sony Ericsson PC Suite
Value Data: "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
-R- 159744 bytes
Created: 26/10/2005 4:17 PM
Modified: 26/10/2005 4:17 PM
Company: Sony Ericsson Mobile Communications AB
--------------------
Value Name: Lexmark X6100 Series
Value Data: "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
57344 bytes
Created: 12/01/2009 1:58 PM
Modified: 23/09/2003 2:01 AM
Company: Lexmark International, Inc.
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
1231752 bytes
Created: 5/02/2009 8:18 PM
Modified: 1/01/2009 8:43 PM
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Once
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Services
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\Run
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: CTFMON.EXE
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 31/03/2003 10:30 PM
Modified: 14/04/2008 10:42 AM
Company: Microsoft Corporation
--------------------
Value Name: MsnMsgr
Value Data: "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
5724184 bytes
Created: 18/10/2007 11:34 AM
Modified: 18/10/2007 11:34 AM
Company: Microsoft Corporation
--------------------
Value Name: SUPERAntiSpyware
Value Data: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
1830128 bytes
Created: 1/05/2007 10:29 AM
Modified: 3/02/2009 7:46 PM
Company: SUPERAntiSpyware.com
--------------------
Value Name: AlcoholAutomount
Value Data: "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe
217544 bytes
Created: 22/02/2008 10:00 PM
Modified: 22/02/2008 10:00 PM
Company: Alcohol Soft Development Team
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Once
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Services
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run ServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\Run
This Registry Key appears to be empty

************************************************** **********
8:22:34 PM: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------
ValueName: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}
File: C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
77824 bytes
Created: 20/12/2006 2:55 PM
Modified: 22/05/2008 9:49 AM
Company: SuperAdBlocker.com
----------

************************************************** **********
8:22:34 PM: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************** **********
8:22:34 PM: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.
--------------------

************************************************** **********
8:22:34 PM: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: {6BF52A52-394A-11d3-B153-00C04F79FAA6}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
C:\WINDOWS\INF\wmp11.inf
2428 bytes
Created: 25/08/2006 5:09 PM
Modified: 25/08/2006 5:09 PM
Company: [no info]
----------

************************************************** **********
8:22:35 PM: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------

************************************************** **********
8:22:37 PM: Scanning ----- SERVICES REGISTRY KEYS -----
Key: ALCXWDM
ImagePath: system32\drivers\ALCXWDM.SYS
C:\WINDOWS\system32\drivers\ALCXWDM.SYS
303948 bytes
Created: 18/01/2008 1:00 PM
Modified: 25/03/2002 10:43 PM
Company: Avance Logic, Inc.
----------
Key: Aspi32
ImagePath: System32\drivers\aspi32.sys
C:\WINDOWS\System32\drivers\aspi32.sys
16512 bytes
Created: 30/11/2008 11:01 PM
Modified: 21/11/2005 4:18 PM
Company: Adaptec
----------
Key: Avg7Alrt
ImagePath: C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
418816 bytes
Created: 18/01/2008 3:38 PM
Modified: 18/01/2008 3:38 PM
Company: GRISOFT, s.r.o.
----------
Key: Avg7Core
ImagePath: \SystemRoot\System32\Drivers\avg7core.sys
C:\WINDOWS\System32\Drivers\avg7core.sys
821856 bytes
Created: 18/01/2008 3:38 PM
Modified: 18/01/2008 3:38 PM
Company: GRISOFT, s.r.o.
----------
Key: Avg7RsW
ImagePath: \SystemRoot\System32\Drivers\avg7rsw.sys
C:\WINDOWS\System32\Drivers\avg7rsw.sys
4224 bytes
Created: 18/01/2008 3:38 PM
Modified: 18/01/2008 3:38 PM
Company: GRISOFT, s.r.o.
----------
Key: Avg7RsXP
ImagePath: \SystemRoot\System32\Drivers\avg7rsxp.sys
C:\WINDOWS\System32\Drivers\avg7rsxp.sys
27776 bytes
Created: 18/01/2008 3:38 PM
Modified: 18/01/2008 3:38 PM
Company: GRISOFT, s.r.o.
----------
Key: Avg7UpdSvc
ImagePath: C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
49664 bytes
Created: 18/01/2008 3:38 PM
Modified: 18/01/2008 3:38 PM
Company: GRISOFT, s.r.o.
----------
Key: AvgClean
ImagePath: \SystemRoot\System32\Drivers\avgclean.sys
C:\WINDOWS\System32\Drivers\avgclean.sys
10760 bytes
Created: 18/01/2008 3:38 PM
Modified: 18/01/2008 3:42 PM
Company: GRISOFT, s.r.o.
----------
Key: AVGEMS
ImagePath: C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
406528 bytes
Created: 18/01/2008 3:38 PM
Modified: 18/01/2008 3:42 PM
Company: GRISOFT, s.r.o.
----------
Key: AvgTdi
ImagePath: \SystemRoot\System32\Drivers\avgtdi.sys
C:\WINDOWS\System32\Drivers\avgtdi.sys
4960 bytes
Created: 18/01/2008 3:38 PM
Modified: 18/01/2008 3:38 PM
Company: GRISOFT, s.r.o.
----------
Key: BANTExt
ImagePath: \SystemRoot\System32\Drivers\BANTExt.sys
C:\WINDOWS\System32\Drivers\BANTExt.sys
3840 bytes
Created: 24/01/2008 7:37 PM
Modified: 7/04/2005 5:18 PM
Company: [no info]
----------
Key: catchme
ImagePath: \??\C:\Combo-Fix\catchme.sys - this file is globally excluded
----------
Key: dtscsi
ImagePath: \SystemRoot\System32\Drivers\dtscsi.sys
C:\WINDOWS\System32\Drivers\dtscsi.sys
223128 bytes
Created: 10/08/2008 3:37 PM
Modified: 10/08/2008 3:37 PM
Company: [no info]
C:\WINDOWS\System32\Drivers\dtscsi.sys appears to be in-use/locked
C:\WINDOWS\System32\Drivers\dtscsi.sys - this registry value has been removed
C:\WINDOWS\System32\Drivers\dtscsi.sys - file renamed to: C:\WINDOWS\System32\Drivers\dtscsi.sys.vir
----------
Key: ImapiService
ImagePath: %systemroot%\system32\imapi.exe
C:\WINDOWS\system32\imapi.exe
150528 bytes
Created: 31/03/2003 10:30 PM
Modified: 14/04/2008 10:42 AM
Company: Microsoft Corporation
----------
Key: itchfltr
ImagePath: system32\DRIVERS\itchfltr.sys
C:\WINDOWS\system32\DRIVERS\itchfltr.sys
10496 bytes
Created: 21/01/2008 10:57 AM
Modified: 17/12/2001 8:12 PM
Company: Logitech Inc.
----------
Key: JavaQuickStarterService
ImagePath: "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
C:\Program Files\Java\jre6\bin\jqs.exe
152984 bytes
Created: 30/11/2008 2:31 PM
Modified: 10/11/2008 5:43 AM
Company: Sun Microsystems, Inc.
----------
Key: LexBceS
ImagePath: C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXBCES.EXE
303104 bytes
Created: 12/01/2009 1:59 PM
Modified: 23/09/2003 1:42 AM
Company: Lexmark International, Inc.
----------
Key: pfsvgae
ImagePath: \??\C:\DOCUME~1\Gigster\LOCALS~1\Temp\pfsvgae.sys
C:\DOCUME~1\Gigster\LOCALS~1\Temp\pfsvgae.sys [file not found to scan]
----------
Key: prodrv06
ImagePath: \SystemRoot\System32\drivers\prodrv06.sys
C:\WINDOWS\System32\drivers\prodrv06.sys
53920 bytes
Created: 9/08/2004 9:59 PM
Modified: 9/08/2004 9:59 PM
Company: Protection Technology
----------
Key: prohlp02
ImagePath: System32\drivers\prohlp02.sys
C:\WINDOWS\System32\drivers\prohlp02.sys
114016 bytes
Created: 9/08/2004 10:03 PM
Modified: 9/08/2004 10:03 PM
Company: Protection Technology
----------
Key: prosync1
ImagePath: System32\drivers\prosync1.sys
C:\WINDOWS\System32\drivers\prosync1.sys
7040 bytes
Created: 20/07/2004 1:19 AM
Modified: 20/07/2004 1:19 AM
Company: Protection Technology
----------
Key: RTL8023xp
ImagePath: system32\DRIVERS\Rtnicxp.sys
C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
104320 bytes
Created: 20/11/2007 11:09 AM
Modified: 20/11/2007 11:09 AM
Company: Realtek Semiconductor Corporation
----------
Key: SASDIFSV
ImagePath: \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
8944 bytes
Created: 10/10/2006 2:53 PM
Modified: 22/05/2008 9:49 AM
Company: SUPERAdBlocker.com and SUPERAntiSpyware.com
----------
Key: SASENUM
ImagePath: \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
-R- 4096 bytes
Created: 16/02/2006 6:51 PM
Modified: 16/02/2006 6:51 PM
Company: SuperAdBlocker, Inc.
----------
Key: SASKUTIL
ImagePath: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
55024 bytes
Created: 27/02/2007 1:39 PM
Modified: 22/05/2008 9:49 AM
Company: SUPERAdBlocker.com and SUPERAntiSpyware.com
----------
Key: SE2Cbus
ImagePath: system32\DRIVERS\SE2Cbus.sys
C:\WINDOWS\system32\DRIVERS\SE2Cbus.sys
-R- 61600 bytes
Created: 24/04/2008 6:08 PM
Modified: 10/11/2006 10:54 AM
Company: MCCI
----------
Key: SE2Cmdfl
ImagePath: system32\DRIVERS\SE2Cmdfl.sys
C:\WINDOWS\system32\DRIVERS\SE2Cmdfl.sys
-R- 9360 bytes
Created: 4/12/2008 10:33 AM
Modified: 10/11/2006 9:54 AM
Company: MCCI
----------
Key: SE2Cmdm
ImagePath: system32\DRIVERS\SE2Cmdm.sys
C:\WINDOWS\system32\DRIVERS\SE2Cmdm.sys
-R- 97184 bytes
Created: 4/12/2008 10:33 AM
Modified: 10/11/2006 9:54 AM
Company: MCCI
----------
Key: SE2Cmgmt
ImagePath: system32\DRIVERS\SE2Cmgmt.sys
C:\WINDOWS\system32\DRIVERS\SE2Cmgmt.sys
-R- 88688 bytes
Created: 4/12/2008 10:33 AM
Modified: 10/11/2006 9:54 AM
Company: MCCI
----------
Key: se2Cnd5
ImagePath: system32\DRIVERS\se2Cnd5.sys
C:\WINDOWS\system32\DRIVERS\se2Cnd5.sys
-R- 18704 bytes
Created: 4/12/2008 10:34 AM
Modified: 10/11/2006 9:54 AM
Company: MCCI
----------
Key: SE2Cobex
ImagePath: system32\DRIVERS\SE2Cobex.sys
C:\WINDOWS\system32\DRIVERS\SE2Cobex.sys
-R- 86560 bytes
Created: 4/12/2008 10:33 AM
Modified: 10/11/2006 9:54 AM
Company: MCCI
----------
Key: se2Cunic
ImagePath: system32\DRIVERS\se2Cunic.sys
C:\WINDOWS\system32\DRIVERS\se2Cunic.sys
-R- 90800 bytes
Created: 4/12/2008 10:34 AM
Modified: 10/11/2006 9:54 AM
Company: MCCI
----------
Key: sfhlp01
ImagePath: System32\drivers\sfhlp01.sys
C:\WINDOWS\System32\drivers\sfhlp01.sys
4832 bytes
Created: 2/12/2003 1:50 AM
Modified: 2/12/2003 1:50 AM
Company: Protection Technology
----------
Key: sptd
ImagePath: System32\Drivers\sptd.sys - this file is globally excluded
----------
Key: sr
ImagePath: \SystemRoot\System32\DRIVERS\sr.sys
C:\WINDOWS\System32\DRIVERS\sr.sys
73472 bytes
Created: 18/01/2008 10:23 AM
Modified: 14/04/2008 5:06 AM
Company: Microsoft Corporation
----------
Key: StarWindServiceAE
ImagePath: C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
275968 bytes
Created: 29/05/2007 3:27 AM
Modified: 29/05/2007 3:27 AM
Company: Rocket Division Software
----------
Key: SwPrv
ImagePath: C:\WINDOWS\System32\dllhost.exe /Processid:{AD623655-EF04-4C37-9BEB-30243CD66548}
C:\WINDOWS\System32\dllhost.exe
5120 bytes
Created: 31/03/2003 10:30 PM
Modified: 14/04/2008 10:42 AM
Company: Microsoft Corporation
----------
Key: usbbus
ImagePath: system32\DRIVERS\lgusbbus.sys
C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [file not found to scan]
----------
Key: USBModem
ImagePath: system32\DRIVERS\lgusbmodem.sys
C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [file not found to scan]
----------
Key: usnjsvc
ImagePath: "C:\Program Files\Windows Live\Messenger\usnsvc.exe"
C:\Program Files\Windows Live\Messenger\usnsvc.exe
98328 bytes
Created: 18/10/2007 11:31 AM
Modified: 18/10/2007 11:31 AM
Company: Microsoft Corporation
----------
Key: WLSetupSvc
ImagePath: "C:\Program Files\Windows Live\installer\WLSetupSvc.exe"
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
266240 bytes
Created: 25/10/2007 3:27 PM
Modified: 25/10/2007 3:27 PM
Company: Microsoft Corporation
----------

************************************************** **********
8:24:00 PM: Scanning -----VXD ENTRIES-----
Checking the following VxD entries:

************************************************** **********
8:24:00 PM: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key : !SASWinLogon
DLLName: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
356352 bytes
Created: 19/04/2007 2:41 PM
Modified: 6/01/2009 5:26 PM
Company: SUPERAntiSpyware.com
----------

************************************************** **********
8:24:00 PM: Scanning ----- CONTEXTMENUHANDLERS -----
Key: AVG7 Shell Extension
CLSID: {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
Path: C:\Program Files\Grisoft\AVG7\avgse.dll
C:\Program Files\Grisoft\AVG7\avgse.dll
50688 bytes
Created: 18/01/2008 3:38 PM
Modified: 18/01/2008 3:38 PM
Company: GRISOFT, s.r.o.
----------
Key: ShellExtension
CLSID: [empty]
----------
Key: {CA8ACAFA-5FBB-467B-B348-90DD488DE003}
Path: C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL
C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL
61440 bytes
Created: 27/02/2007 1:39 PM
Modified: 27/02/2007 1:39 PM
Company: SUPERAntiSpyware.com
----------

************************************************** **********
8:24:00 PM: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {7D4D6379-F301-4311-BEBA-E26EB0561882}
File: [CLSID does not appear to reference a file]

************************************************** **********
8:24:00 PM: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {02478D38-C3F9-4EFB-9B51-7695ECA05670}
BHO: C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
440384 bytes
Created: 10/12/2008 11:13 AM
Modified: 26/10/2006 10:28 AM
Company: Yahoo! Inc.
----------
Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
BHO: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
62080 bytes
Created: 22/10/2006 11:08 PM
Modified: 22/10/2006 11:08 PM
Company: Adobe Systems Incorporated
----------
Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
BHO: C:\Program Files\Java\jre6\bin\ssv.dll
C:\Program Files\Java\jre6\bin\ssv.dll
320920 bytes
Created: 30/11/2008 2:31 PM
Modified: 10/11/2008 5:43 AM
Company: Sun Microsystems, Inc.
----------
Key: {9030D464-4C02-4ABF-8ECC-5164760863C6}
BHO: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
392240 bytes
Created: 14/12/2007 12:54 PM
Modified: 14/12/2007 12:54 PM
Company: Microsoft Corporation
----------
Key: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
BHO: C:\Program Files\Windows Live Toolbar\msntb.dll
C:\Program Files\Windows Live Toolbar\msntb.dll
546320 bytes
Created: 19/10/2007 11:20 AM
Modified: 19/10/2007 11:20 AM
Company: Microsoft Corporation
----------
Key: {DBC80044-A445-435b-BC74-9C25C1C588A9}
BHO: C:\Program Files\Java\jre6\bin\jp2ssv.dll
C:\Program Files\Java\jre6\bin\jp2ssv.dll
34816 bytes
Created: 30/11/2008 2:31 PM
Modified: 10/11/2008 5:43 AM
Company: Sun Microsystems, Inc.
----------
Key: {E7E6F031-17CE-4C07-BC86-EABFE594F69C}
BHO: C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
73728 bytes
Created: 30/11/2008 2:31 PM
Modified: 10/11/2008 5:43 AM
Company: Sun Microsystems, Inc.
----------
Key: {ecdee021-0d17-467f-a1ff-c7a115230949}
BHO: C:\Program Files\free-downloads.net\tbfree.dll
C:\Program Files\free-downloads.net\tbfree.dll
1555480 bytes
Created: 1/09/2007 2:54 PM
Modified: 14/02/2008 3:54 PM
Company: Conduit Ltd.
----------
Key: {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}
BHO: C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
262144 bytes
Created: 21/04/2008 7:26 PM
Modified: 21/04/2008 7:26 PM
Company: ZoneAlarm
----------

************************************************** **********
8:24:01 PM: Scanning ----- SHELLSERVICEOBJECTS -----
Key: WebCheck
CLSID: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Path: %SystemRoot%\System32\webcheck.dll
C:\WINDOWS\System32\webcheck.dll
276480 bytes
Created: 31/03/2003 10:30 PM
Modified: 14/04/2008 10:42 AM
Company: Microsoft Corporation
----------
Key: SysTray
CLSID: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Path: %systemroot%\system32\stobject.dll
C:\WINDOWS\system32\stobject.dll
121856 bytes
Created: 31/03/2003 10:30 PM
Modified: 14/04/2008 10:42 AM
Company: Microsoft Corporation
----------

************************************************** **********
8:24:01 PM: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

************************************************** **********
8:24:01 PM: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************** **********
8:24:01 PM: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank or does not exist

************************************************** **********
8:24:02 PM: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************** **********
8:24:02 PM: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
-HS- 84 bytes
Created: 18/01/2008 8:21 PM
Modified: 18/01/2008 10:26 AM
Company: [no info]
--------------------

************************************************** **********
8:24:02 PM: Scanning ------ USER STARTUP GROUPS ------
--------------------
Checking Startup Group for: Administrator
[C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP]
The Startup Group for Administrator attempts to load the following file(s):
C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 20/04/2008 10:49 AM
Modified: 18/01/2008 10:26 AM
Company: [no info]
----------
--------------------
Checking Startup Group for: Bella
[C:\Documents and Settings\Bella\START MENU\PROGRAMS\STARTUP]
The Startup Group for Bella attempts to load the following file(s):
C:\Documents and Settings\Bella\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 18/01/2008 5:15 PM
Modified: 18/01/2008 10:26 AM
Company: [no info]
----------
--------------------
Checking Startup Group for: Gigster
[C:\Documents and Settings\Gigster\START MENU\PROGRAMS\STARTUP]
The Startup Group for Gigster attempts to load the following file(s):
C:\Documents and Settings\Gigster\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 18/01/2008 10:32 AM
Modified: 18/01/2008 10:26 AM
Company: [no info]
----------

************************************************** **********
8:24:03 PM: Scanning ----- SCHEDULED TASKS -----
Taskname: Check Updates for Windows Live Toolbar.job
File: C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
99856 bytes
Created: 19/10/2007 11:20 AM
Modified: 19/10/2007 11:20 AM
Company: Microsoft Corporation
Parameters: [blank]
Next Run Time: 5/02/2009 9:12:00 PM
Status: The task is ready to run at its next scheduled time
Creator: Gigster
Comments: [blank]
----------
Taskname: SS4200 Utility Updates.job
File: C:\WINDOWS\Installer\SS4200 Utility Updates for All Users.lnk
C:\WINDOWS\Installer\SS4200 Utility Updates for All Users.lnk
977 bytes
Created: 23/11/2008 3:12 PM
Modified: 23/11/2008 3:12 PM
Company: [no info]
Parameters: [blank]
Next Run Time: 6/02/2009 10:00:00 AM
Status: The task has not yet run
Creator: Gigster
Comments: [blank]
----------

************************************************** **********
8:24:03 PM: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----

************************************************** **********
8:24:03 PM: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Documents and Settings\Gigster\Application Data\Mozilla\Firefox\Desktop Background.bmp
C:\Documents and Settings\Gigster\Application Data\Mozilla\Firefox\Desktop Background.bmp
1358010 bytes
Created: 28/04/2008 2:27 PM
Modified: 28/04/2008 2:27 PM
Company: [no info]
----------
Web Desktop Wallpaper: %APPDATA%\Mozilla\Firefox\Desktop Background.bmp
C:\Documents and Settings\Gigster\Application Data\Mozilla\Firefox\Desktop Background.bmp
1358010 bytes
Created: 28/04/2008 2:27 PM
Modified: 28/04/2008 2:27 PM
Company: [no info]
----------
Checks for rogue DNS NameServers completed
----------
----------
Additional checks completed

************************************************** **********
8:24:04 PM: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
--------------------
C:\WINDOWS\system32\csrss.exe
--------------------
C:\WINDOWS\system32\winlogon.exe
--------------------
C:\WINDOWS\system32\services.exe
--------------------
C:\WINDOWS\system32\lsass.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\LEXBCES.EXE - file already scanned
--------------------
C:\WINDOWS\system32\spoolsv.exe
--------------------
C:\WINDOWS\system32\LEXPPS.EXE
--------------------
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe - file already scanned
--------------------
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe - file already scanned
--------------------
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe - file already scanned
--------------------
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
--------------------
C:\WINDOWS\system32\nvsvc32.exe
--------------------
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\alg.exe
--------------------
C:\WINDOWS\Explorer.EXE - file already scanned
--------------------
C:\WINDOWS\SOUNDMAN.EXE - file already scanned
--------------------
C:\WINDOWS\system32\RUNDLL32.EXE
--------------------
C:\Program Files\Logitech\iTouch\iTouch.exe - file already scanned
--------------------
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe - file already scanned
--------------------
C:\Program Files\Logitech\iTouch\kbdtray.exe
--------------------
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
--------------------
C:\WINDOWS\system32\ctfmon.exe - file already scanned
--------------------
C:\Program Files\Common Files\Teleca Shared\Generic.exe
--------------------
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
--------------------
C:\Documents and Settings\Gigster\Application Data\Simply Super Software\Trojan Remover\pixC.exe
FileSize: 2933624
[This is a Trojan Remover component]
--------------------

************************************************** **********
8:24:06 PM: Checking AUTOEXEC.BAT file
AUTOEXEC.BAT found in C:\
No malicious entries were found in the AUTOEXEC.BAT file

************************************************** **********
8:24:06 PM: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file

************************************************** **********
8:24:06 PM: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************** **********
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
about:blank
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

************************************************** **********
=== CHANGES WERE MADE TO THE WINDOWS REGISTRY ===
=== ONE OR MORE FILES WERE RENAMED OR REMOVED ===
Scan completed at: 8:24:06 PM 05 Feb 2009
Total Scan time: 00:01:35
-------------------------------------------------------------------------
One or more files could not be moved or renamed as requested.
They may be in use by Windows, so Trojan Remover needs
to restart the system in order to deal with these files.
The restart has been cancelled, but Trojan Remover has been set to deal with the
file(s) the next time the system is restarted.
************************************************** **********


***** WINDOWS EXPLORER POLICIES RESET *****
Trojan Remover Ver 6.7.5.2562. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 8:21:56 PM 05 Feb 2009
Using Database v7272
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Gigster\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Gigster\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************** **********
The following Anti-Malware program(s) are loaded:
AVG Anti-Virus

************************************************** **********

Checking for HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System
- no action required on this key as it does not exist
----------
Checking for HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\NonEnum
- no action required on this key as it does not exist
Checking for HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\NonEnum\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
- no action required: value either does not exist or is set to False
Checking for HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\NonEnum\{450D8FBA-AD25-11D0-98A8-0800361B1103}
- no action required: value either does not exist or is set to False
----------
Checking for HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\DisallowRun
- no action required on this key as it does not exist
----------
Checking Values in:
HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer
Value: DisallowRun - value does not exist, no action required
Value: NoActiveDesktopChanges - value does not exist, no action required
Value: NoActiveDesktop - not set, no action required
Value: NoFileMenu - value does not exist, no action required
Value: NoClose - value does not exist, no action required
Value: NoDesktop - value does not exist, no action required
Value: NoDrives - value does not exist, no action required
Value: NoFind - value does not exist, no action required
Value: NoFolderOptions - value does not exist, no action required
Value: NoRun - value does not exist, no action required
Value: NoFavoritesMenu - value does not exist, no action required
Value: NoSetFolders - value does not exist, no action required
Value: NoControlPanel - value does not exist, no action required
----------
Checking Values in:
HKCU\Control Panel\Desktop
----------
Checking HKCU ActiveDesktop Policies:
----------
Checking HKCU Add/Remove Programs Policies:
----------
Checking for HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\DisallowRun
- no action required on this key as it does not exist
----------
Checking Values in:
HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer
Value: DisallowRun - value does not exist, no action required
Value: NoActiveDesktopChanges - value does not exist, no action required
Value: NoActiveDesktop - not set, no action required
Value: NoFileMenu - value does not exist, no action required
Value: NoClose - value does not exist, no action required
Value: NoDesktop - value does not exist, no action required
Value: NoDrives - value does not exist, no action required
Value: NoFind - value does not exist, no action required
Value: NoFolderOptions - value does not exist, no action required
Value: NoRun - value does not exist, no action required
Value: NoFavoritesMenu - value does not exist, no action required
Value: NoSetFolders - value does not exist, no action required
Value: NoControlPanel - value does not exist, no action required
----------
Checking HKLM ActiveDesktop Policies:
----------
Checking HKLM Add/Remove Programs Policies:
----------
************************************************** **********


***** LAYERED SERVICE PROVIDER CHECKS *****
Trojan Remover Ver 6.7.5.2562. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 8:21:51 PM 05 Feb 2009
Using Database v7272
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Gigster\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Gigster\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************** **********
The following Anti-Malware program(s) are loaded:
AVG Anti-Virus

************************************************** **********

No errors were located in the Layered Service Provider Registry entries.
No action was taken.
************************************************** **********


***** WINDOWS UPDATE POLICIES RESET *****
Trojan Remover Ver 6.7.5.2562. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 8:21:46 PM 05 Feb 2009
Using Database v7272
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Gigster\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Gigster\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************** **********
The following Anti-Malware program(s) are loaded:
AVG Anti-Virus

************************************************** **********

No invalid Windows Update Policies found to reset.
************************************************** **********


***** WINDOWS HOSTS FILE RESET *****
Trojan Remover Ver 6.7.5.2562. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 8:21:42 PM 05 Feb 2009
Using Database v7272
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Gigster\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Gigster\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************** **********
The following Anti-Malware program(s) are loaded:
AVG Anti-Virus

************************************************** **********

C:\WINDOWS\system32\DRIVERS\ETC\HOSTS has been copied to C:\WINDOWS\system32\DRIVERS\ETC\HOSTS.TRB
The default HOSTS file was successfully reset.
************************************************** **********


***** WINDOWS UPDATE POLICIES RESET *****
Trojan Remover Ver 6.7.5.2562. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 8:21:15 PM 05 Feb 2009
Using Database v7272
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Gigster\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Gigster\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************** **********
The following Anti-Malware program(s) are loaded:
AVG Anti-Virus

************************************************** **********

No invalid Windows Update Policies found to reset.
************************************************** **********


***** INTERNET EXPLORER HOME/START/SEARCH PAGE AND POLICY RESTRICTIONS RESET ****
Trojan Remover Ver 6.7.5.2562. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 8:21:06 PM 05 Feb 2009
Using Database v7272
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Gigster\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Gigster\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************** **********
The following Anti-Malware program(s) are loaded:
AVG Anti-Virus

************************************************** **********

Existing Home/Start/Search Page settings are as follows:
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
about:blank
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
These settings will now be reset to their defaults:
HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\"NoToolbarCustomize" policy reset to default
HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\"NoBandCustomize" policy reset to default
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL" has been reset
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page" has been reset
HKLM\Software\Microsoft\Windows\CurrentVersion\URL \Prefixes\"www" has been reset
HKLM\Software\Microsoft\Windows\CurrentVersion\URL \Prefixes\"ftp" has been reset
HKLM\Software\Microsoft\Windows\CurrentVersion\URL \Prefixes\"gopher" has been reset
HKLM\Software\Microsoft\Windows\CurrentVersion\URL \Prefixes\"home" has been reset
HKLM\Software\Microsoft\Windows\CurrentVersion\URL \Prefixes\"mosaic" has been reset
HKEY_CURRENT_USER\Software\Policies\Microsoft\Inte rnet Explorer\Control Panel has been reset
HKEY_CURRENT_USER\Software\Policies\Microsoft\Inte rnet Explorer\Control Panel\"HomePage" value has been reset
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer\"NoToolbarCustomize" policy reset to default
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer\"NoBandCustomize" policy reset to default
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Search Page" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Show_FullURL" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Show_ToolBar" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Show_URLToolBar" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Start Page" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Show_StatusBar" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Show_URLinStatusBar" has been reset
--------------------
************************************************** **********


***** WINDOWS EXPLORER POLICIES RESET *****
Trojan Remover Ver 6.7.5.2562. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 8:20:15 PM 05 Feb 2009
Using Database v7272
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Gigster\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Gigster\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************** **********
The following Anti-Malware program(s) are loaded:
AVG Anti-Virus

************************************************** **********

Checking for HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System
- this key has been removed
----------
Checking for HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\NonEnum
- no action required on this key as it does not exist
Checking for HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\NonEnum\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
- no action required: value either does not exist or is set to False
Checking for HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\NonEnum\{450D8FBA-AD25-11D0-98A8-0800361B1103}
- no action required: value either does not exist or is set to False
----------
Checking for HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\DisallowRun
- no action required on this key as it does not exist
----------
Checking Values in:
HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer
Value: DisallowRun - value does not exist, no action required
Value: NoActiveDesktopChanges - value does not exist, no action required
Value: NoActiveDesktop - not set, no action required
Value: NoFileMenu - value does not exist, no action required
Value: NoClose - value does not exist, no action required
Value: NoDesktop - value does not exist, no action required
Value: NoDrives - value does not exist, no action required
Value: NoFind - value does not exist, no action required
Value: NoFolderOptions - value does not exist, no action required
Value: NoRun - value does not exist, no action required
Value: NoFavoritesMenu - value does not exist, no action required
Value: NoSetFolders - value does not exist, no action required
Value: NoControlPanel - value does not exist, no action required
----------
Checking Values in:
HKCU\Control Panel\Desktop
----------
Checking HKCU ActiveDesktop Policies:
----------
Checking HKCU Add/Remove Programs Policies:
----------
Checking for HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\DisallowRun
- no action required on this key as it does not exist
----------
Checking Values in:
HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer
Value: DisallowRun - value does not exist, no action required
Value: NoActiveDesktopChanges - value does not exist, no action required
Value: NoActiveDesktop - not set, no action required
Value: NoFileMenu - value does not exist, no action required
Value: NoClose - value does not exist, no action required
Value: NoDesktop - value does not exist, no action required
Value: NoDrives - value does not exist, no action required
Value: NoFind - value does not exist, no action required
Value: NoFolderOptions - value does not exist, no action required
Value: NoRun - value does not exist, no action required
Value: NoFavoritesMenu - value does not exist, no action required
Value: NoSetFolders - value does not exist, no action required
Value: NoControlPanel - value does not exist, no action required
----------
Checking HKLM ActiveDesktop Policies:
----------
Checking HKLM Add/Remove Programs Policies:
----------
************************************************** **********


***** LAYERED SERVICE PROVIDER CHECKS *****
Trojan Remover Ver 6.7.5.2562. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 8:20:06 PM 05 Feb 2009
Using Database v7272
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Gigster\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Gigster\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************** **********
The following Anti-Malware program(s) are loaded:
AVG Anti-Virus

************************************************** **********

No errors were located in the Layered Service Provider Registry entries.
No action was taken.
************************************************** **********


***** WINDOWS UPDATE POLICIES RESET *****
Trojan Remover Ver 6.7.5.2562. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 8:20:00 PM 05 Feb 2009
Using Database v7272
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Gigster\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Gigster\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************** **********
The following Anti-Malware program(s) are loaded:
AVG Anti-Virus

************************************************** **********

The following Windows Update Policies have been reset:
HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\WindowsUpdate - key removed
************************************************** **********


***** WINDOWS HOSTS FILE RESET *****
Trojan Remover Ver 6.7.5.2562. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 8:19:54 PM 05 Feb 2009
Using Database v7272
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Gigster\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Gigster\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************** **********
The following Anti-Malware program(s) are loaded:
AVG Anti-Virus

************************************************** **********

C:\WINDOWS\system32\DRIVERS\ETC\HOSTS has been copied to C:\WINDOWS\system32\DRIVERS\ETC\HOSTS.TRB
The default HOSTS file was successfully reset.
************************************************** **********


***** INTERNET EXPLORER HOME/START/SEARCH PAGE AND POLICY RESTRICTIONS RESET ****
Trojan Remover Ver 6.7.5.2562. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 8:19:40 PM 05 Feb 2009
Using Database v7272
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Gigster\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Gigster\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************** **********
The following Anti-Malware program(s) are loaded:
AVG Anti-Virus

************************************************** **********

Existing Home/Start/Search Page settings are as follows:
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.google.com.au/
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
These settings will now be reset to their defaults:
HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\"NoDrives" policy found and removed
HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\"NoToolbarCustomize" policy reset to default
HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\"NoBandCustomize" policy reset to default
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL" has been reset
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL" has been reset
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page" has been reset
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page" has been reset
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch" has been reset
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant" has been reset
HKLM\Software\Microsoft\Windows\CurrentVersion\URL \Prefixes\"www" has been reset
HKLM\Software\Microsoft\Windows\CurrentVersion\URL \Prefixes\"ftp" has been reset
HKLM\Software\Microsoft\Windows\CurrentVersion\URL \Prefixes\"gopher" has been reset
HKLM\Software\Microsoft\Windows\CurrentVersion\URL \Prefixes\"home" has been reset
HKLM\Software\Microsoft\Windows\CurrentVersion\URL \Prefixes\"mosaic" has been reset
HKEY_CURRENT_USER\Software\Policies\Microsoft\Inte rnet Explorer\Control Panel has been reset
HKEY_CURRENT_USER\Software\Policies\Microsoft\Inte rnet Explorer\Control Panel\"HomePage" value has been reset
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer\"NoDrives" policy found and removed
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer\"NoToolbarCustomize" policy reset to default
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer\"NoBandCustomize" policy reset to default
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Local Page" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Search Page" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Show_FullURL" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Show_ToolBar" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Show_URLToolBar" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Start Page" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Show_StatusBar" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Show_URLinStatusBar" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Window_Placement" has been reset
--------------------
************************************************** **********