Forum Home
Press F1

Thread ID: 97136	2009-02-05 05:57:00	CPU usage is 100%	gigster (14591)	Press F1

Post ID	Timestamp	Content	User
745365	2009-02-05 05:57:00	My cpu usage is @ 100% here's my Hijackthis log. Could u please help me? Logfile of HijackThis v1.99.1 Scan saved at 4:19:15 PM, on 5/02/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe C:\Program Files\Logitech\iTouch\kbdtray.exe C:\Program Files\Common Files\System\update.exe C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = au.rd.yahoo.com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt.dll R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe" O4 - HKLM\..\Run: [Windows Update] C:\Program Files\Common Files\System\update.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O8 - Extra context menu item: &Search - edits.mywebsearch.com O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - favorites.live.com O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\ Yahoo! \Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - www.update.microsoft.com O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DL L O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing) O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe Thanx gigster	gigster (14591)
745366	2009-02-05 06:12:00	Tick these entries then tick fix checked Close browsers Disable system restore O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" This looks suss / nasty You may have delf troj, which is a trojan. O4 - HKLM\..\Run: [Windows Update] C:\Program Files\Common Files\System\update.exe Uninstall mywebsearch / myway in add/remove programs O8 - Extra context menu item: &Search - edits.mywebsearch.com Then get trojan remover (www.simplysup3.com) update it then scan Then select all options under the utilities menu Then reboot then get malwarebytes below update it then scan	Speedy Gonzales (78)
745367	2009-02-05 11:06:00	OK done, i think, wasn't too sure about the "Uninstall mywebsearch / myway in add/remove programs" as it wasn't in add/remove programs in control panel. so here is the log from malwarebytes, both before and after i removed the suss entries. before. Malwarebytes' Anti-Malware 1.33 Database version: 1654 Windows 5.1.2600 Service Pack 3 5/02/2009 9:28:25 PM mbam-log-2009-02-05 (21-28-20).txt Scan type: Full Scan (C:\\|) Objects scanned: 103907 Time elapsed: 33 minute(s), 24 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 10 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 20 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Typelib\{621feacd-8857-43a6-ae26-451d670d5370} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-f3embed (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\W MPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> No action taken. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll (Adware.MyWebSearch) -> No action taken. C:\QooBox\Quarantine\C\Program Files\Internet Explorer\msimg32.dll.vir (Adware.MyWebSearch) -> No action taken. C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3BROVLY.DLL.vir (Adware.MyWebSearch) -> No action taken. C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL.vir (Adware.MyWebSearch) -> No action taken. C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL.vir (Adware.MyWebSearch) -> No action taken. C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL.vir (Adware.MyWebSearch) -> No action taken. C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL.vir (Adware.MyWebSearch) -> No action taken. C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL.vir (Adware.MyWebSearch) -> No action taken. C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL.vir (Adware.MyWebSearch) -> No action taken. C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL.vir (Adware.MyWebSearch) -> No action taken. C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE.vir (Adware.MyWebSearch) -> No action taken. C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL.vir (Adware.MyWebSearch) -> No action taken. C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL.vir (Adware.MyWebSearch) -> No action taken. C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL.vir (Adware.MyWebSearch) -> No action taken. C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE.vir (Adware.MyWebSearch) -> No action taken. C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE.vir (Adware.MyWebSearch) -> No action taken. C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE.vir (Adware.MyWebSearch) -> No action taken. C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL.vir (Adware.MyWebSearch) -> No action taken. C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL.vir (Adware.MyWebSearch) -> No action taken. C:\Program Files\Common Files\System\update.exe (Backdoor.Bot) -> No action taken. and after Malwarebytes' Anti-Malware 1.33 Database version: 1654 Windows 5.1.2600 Service Pack 3 5/02/2009 9:28:32 PM mbam-log-2009-02-05 (21-28-32).txt Scan type: Full Scan (C:\\|) Objects scanned: 103907 Time elapsed: 33 minute(s), 24 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 10 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 20 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{621feacd-8857-43a6-ae26-451d670d5370} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-f3embed (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\W MPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\Program Files\Internet Explorer\msimg32.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3BROVLY.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\Common Files\System\update.exe (Backdoor.Bot) -> Quarantined and deleted successfully. and here's a Hijachthis log, Logfile of HijackThis v1.99.1 Scan saved at 9:42:09 PM, on 5/02/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe C:\Program Files\Logitech\iTouch\kbdtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = au.rd.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt.dll R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe" O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - favorites.live.com O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\ Yahoo! \Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - www.update.microsoft.com O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DL L O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing) O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe Regards and Hanx Phil	gigster (14591)
745368	2009-02-05 11:14:00	You can tick these entries then tick fix checked Close browsers Did you click on remove selected after you did a scan? O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present Then select all options under utilities in trojan remover (if you didnt before) Is it better than before now?	Speedy Gonzales (78)
745369	2009-02-05 13:00:00	It BETTER here's the Trojan Log and the Hijackthis Log First the Trojan log, *** NORMAL SCAN FOR ACTIVE MALWARE * Trojan Remover Ver 6.7.5.2562. For information, email support@simplysup1.com [Unregistered version] Scan started at: 11:28:01 PM 05 Feb 2009 Using Database v7279 Operating System: Windows XP Professional (SP3) [Build: 5.1.2600] File System: NTFS UserData directory: C:\Documents and Settings\Gigster\Application Data\Simply Super Software\Trojan Remover\ Database directory: C:\Program Files\Trojan Remover\ Logfile directory: C:\Documents and Settings\Gigster\My Documents\Simply Super Software\Trojan Remover Logfiles\ Program directory: C:\Program Files\Trojan Remover\ Running with Administrator privileges ********************************************** ****** The following Anti-Malware program(s) are loaded: AVG Anti-Virus ********************************************** ****** ********************************************** ****** 11:28:01 PM: Scanning ----------WIN.INI----------- WIN.INI found in C:\WINDOWS ********************************************** ****** 11:28:01 PM: Scanning --------SYSTEM.INI--------- SYSTEM.INI found in C:\WINDOWS ********************************************** ****** 11:28:01 PM: ----- SCANNING FOR ROOTKIT SERVICES ----- No hidden Services were detected. ********************************************** ****** 11:28:01 PM: Scanning -----WINDOWS REGISTRY----- -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon This key's "Shell" value calls the following program(s): Key value: [Explorer.exe] File: Explorer.exe C:\WINDOWS\Explorer.exe 1033728 bytes Created: 31/03/2003 10:30 PM Modified: 14/04/2008 10:42 AM Company: Microsoft Corporation ---------- This key's "Userinit" value calls the following program(s): Key value: [C:\WINDOWS\system32\userinit.exe,] File: C:\WINDOWS\system32\userinit.exe C:\WINDOWS\system32\userinit.exe 26112 bytes Created: 31/03/2003 10:30 PM Modified: 14/04/2008 10:42 AM Company: Microsoft Corporation ---------- This key's "System" value appears to be blank ---------- This key's "UIHost" value calls the following program: Key value: [logonui.exe] File: logonui.exe C:\WINDOWS\system32\logonui.exe 514560 bytes Created: 31/03/2003 10:30 PM Modified: 14/04/2008 10:42 AM Company: Microsoft Corporation ---------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Value Name: AVG7_CC Value Data: C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP C:\PROGRA~1\Grisoft\AVG7\avgcc.exe 590848 bytes Created: 18/01/2008 3:38 PM Modified: 17/10/2008 10:41 AM Company: GRISOFT, s.r.o. -------------------- Value Name: NvCplDaemon Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup C:\WINDOWS\system32\NvCpl.dll 7700480 bytes Created: 22/10/2006 12:22 PM Modified: 22/10/2006 12:22 PM Company: NVIDIA Corporation -------------------- Value Name: nwiz Value Data: nwiz.exe /install C:\WINDOWS\system32\nwiz.exe 1622016 bytes Created: 22/10/2006 12:22 PM Modified: 22/10/2006 12:22 PM Company: NVIDIA Corporation -------------------- Value Name: NvMediaCenter Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit C:\WINDOWS\system32\NvMcTray.dll 86016 bytes Created: 22/10/2006 12:22 PM Modified: 22/10/2006 12:22 PM Company: NVIDIA Corporation -------------------- Value Name: zBrowser Launcher Value Data: C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\Logitech\iTouch\iTouch.exe 204800 bytes Created: 21/01/2008 10:57 AM Modified: 20/12/2001 1:59 AM Company: Logitech Inc. -------------------- Value Name: EM_EXEC Value Data: C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE 35328 bytes Created: 21/01/2008 10:57 AM Modified: 20/12/2001 9:42 AM Company: Logitech Inc. -------------------- Value Name: Value Data: Blank entry: [] -------------------- Value Name: Sony Ericsson PC Suite Value Data: "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe -R- 159744 bytes Created: 26/10/2005 4:17 PM Modified: 26/10/2005 4:17 PM Company: Sony Ericsson Mobile Communications AB -------------------- Value Name: Lexmark X6100 Series Value Data: "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe" C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe 57344 bytes Created: 12/01/2009 1:58 PM Modified: 23/09/2003 2:01 AM Company: Lexmark International, Inc. -------------------- Value Name: TrojanScanner Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot C:\Program Files\Trojan Remover\Trjscan.exe 1231752 bytes Created: 5/02/2009 8:18 PM Modified: 1/01/2009 8:43 PM Company: Simply Super Software -------------------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Once Value Name: Malwarebytes' Anti-Malware Value Data: C:\Program Files\ Malwarebytes' Anti-Malware\mbamgui.exe /install /silent C:\Program Files\ Malwarebytes' Anti-Malware\mbamgui.exe 399504 bytes Created: 5/02/2009 8:37 PM Modified: 14/01/2009 4:11 PM Company: Malwarebytes Corporation -------------------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Services This Registry Key appears to be empty -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ServicesOnce This Registry Key appears to be empty -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\Run This Registry Key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Value Name: CTFMON.EXE Value Data: C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\ctfmon.exe 15360 bytes Created: 31/03/2003 10:30 PM Modified: 14/04/2008 10:42 AM Company: Microsoft Corporation -------------------- Value Name: MsnMsgr Value Data: "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe 5724184 bytes Created: 18/10/2007 11:34 AM Modified: 18/10/2007 11:34 AM Company: Microsoft Corporation -------------------- Value Name: SUPERAntiSpyware Value Data: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe 1830128 bytes Created: 1/05/2007 10:29 AM Modified: 3/02/2009 7:46 PM Company: SUPERAntiSpyware.com -------------------- Value Name: AlcoholAutomount Value Data: "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe 217544 bytes Created: 22/02/2008 10:00 PM Modified: 22/02/2008 10:00 PM Company: Alcohol Soft Development Team -------------------- -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Once This Registry Key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Services This Registry Key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run ServicesOnce This Registry Key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\Run This Registry Key appears to be empty ********************************************** ****** 11:28:03 PM: Scanning -----SHELLEXECUTEHOOKS----- ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972} File: shell32.dll - this file is expected and has been left in place ---------- ValueName: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} File: C:\Program Files\SUPERAntiSpyware\SASSEH.DLL C:\Program Files\SUPERAntiSpyware\SASSEH.DLL 77824 bytes Created: 20/12/2006 2:55 PM Modified: 22/05/2008 9:49 AM Company: SuperAdBlocker.com ---------- ********************************************** ****** 11:28:03 PM: Scanning -----HIDDEN REGISTRY ENTRIES----- Taskdir check completed ---------- No Hidden File-loading Registry Entries found ---------- ********************************************** ****** 11:28:03 PM: Scanning -----ACTIVE SCREENSAVER----- No active ScreenSaver found to scan. -------------------- ********************************************** ****** 11:28:03 PM: Scanning ----- REGISTRY ACTIVE SETUP KEYS ----- Key: {6BF52A52-394A-11d3-B153-00C04F79FAA6} Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub C:\WINDOWS\INF\wmp11.inf 2428 bytes Created: 25/08/2006 5:09 PM Modified: 25/08/2006 5:09 PM Company: [no info] ---------- ********************************************** ****** 11:28:03 PM: Scanning ----- SERVICEDLL REGISTRY KEYS ----- Key: HidServ %SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found) -------------------- ********************************************** ****** 11:28:04 PM: Scanning ----- SERVICES REGISTRY KEYS ----- Key: ALCXWDM ImagePath: system32\drivers\ALCXWDM.SYS C:\WINDOWS\system32\drivers\ALCXWDM.SYS 303948 bytes Created: 18/01/2008 1:00 PM Modified: 25/03/2002 10:43 PM Company: Avance Logic, Inc. ---------- Key: Aspi32 ImagePath: System32\drivers\aspi32.sys C:\WINDOWS\System32\drivers\aspi32.sys 16512 bytes Created: 30/11/2008 11:01 PM Modified: 21/11/2005 4:18 PM Company: Adaptec ---------- Key: Avg7Alrt ImagePath: C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe 418816 bytes Created: 18/01/2008 3:38 PM Modified: 18/01/2008 3:38 PM Company: GRISOFT, s.r.o. ---------- Key: Avg7Core ImagePath: \SystemRoot\System32\Drivers\avg7core.sys C:\WINDOWS\System32\Drivers\avg7core.sys 821856 bytes Created: 18/01/2008 3:38 PM Modified: 18/01/2008 3:38 PM Company: GRISOFT, s.r.o. ---------- Key: Avg7RsW ImagePath: \SystemRoot\System32\Drivers\avg7rsw.sys C:\WINDOWS\System32\Drivers\avg7rsw.sys 4224 bytes Created: 18/01/2008 3:38 PM Modified: 18/01/2008 3:38 PM Company: GRISOFT, s.r.o. ---------- Key: Avg7RsXP ImagePath: \SystemRoot\System32\Drivers\avg7rsxp.sys C:\WINDOWS\System32\Drivers\avg7rsxp.sys 27776 bytes Created: 18/01/2008 3:38 PM Modified: 18/01/2008 3:38 PM Company: GRISOFT, s.r.o. ---------- Key: Avg7UpdSvc ImagePath: C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe 49664 bytes Created: 18/01/2008 3:38 PM Modified: 18/01/2008 3:38 PM Company: GRISOFT, s.r.o. ---------- Key: AvgClean ImagePath: \SystemRoot\System32\Drivers\avgclean.sys C:\WINDOWS\System32\Drivers\avgclean.sys 10760 bytes Created: 18/01/2008 3:38 PM Modified: 18/01/2008 3:42 PM Company: GRISOFT, s.r.o. ---------- Key: AVGEMS ImagePath: C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe 406528 bytes Created: 18/01/2008 3:38 PM Modified: 18/01/2008 3:42 PM Company: GRISOFT, s.r.o. ---------- Key: AvgTdi ImagePath: \SystemRoot\System32\Drivers\avgtdi.sys C:\WINDOWS\System32\Drivers\avgtdi.sys 4960 bytes Created: 18/01/2008 3:38 PM Modified: 18/01/2008 3:38 PM Company: GRISOFT, s.r.o. ---------- Key: BANTExt ImagePath: \SystemRoot\System32\Drivers\BANTExt.sys C:\WINDOWS\System32\Drivers\BANTExt.sys 3840 bytes Created: 24/01/2008 7:37 PM Modified: 7/04/2005 5:18 PM Company: [no info] ---------- Key: catchme ImagePath: \??\C:\Combo-Fix\catchme.sys - this file is globally excluded ---------- Key: ImapiService ImagePath: %systemroot%\system32\imapi.exe C:\WINDOWS\system32\imapi.exe 150528 bytes Created: 31/03/2003 10:30 PM Modified: 14/04/2008 10:42 AM Company: Microsoft Corporation ---------- Key: itchfltr ImagePath: system32\DRIVERS\itchfltr.sys C:\WINDOWS\system32\DRIVERS\itchfltr.sys 10496 bytes Created: 21/01/2008 10:57 AM Modified: 17/12/2001 8:12 PM Company: Logitech Inc. ---------- Key: JavaQuickStarterService ImagePath: "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" C:\Program Files\Java\jre6\bin\jqs.exe 152984 bytes Created: 30/11/2008 2:31 PM Modified: 10/11/2008 5:43 AM Company: Sun Microsystems, Inc. ---------- Key: LexBceS ImagePath: C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXBCES.EXE 303104 bytes Created: 12/01/2009 1:59 PM Modified: 23/09/2003 1:42 AM Company: Lexmark International, Inc. ---------- Key: pfsvgae ImagePath: \??\C:\DOCUME~1\Gigster\LOCALS~1\Temp\pfsvgae.sys C:\DOCUME~1\Gigster\LOCALS~1\Temp\pfsvgae.sys [file not found to scan] ---------- Key: prodrv06 ImagePath: \SystemRoot\System32\drivers\prodrv06.sys C:\WINDOWS\System32\drivers\prodrv06.sys 53920 bytes Created: 9/08/2004 9:59 PM Modified: 9/08/2004 9:59 PM Company: Protection Technology ---------- Key: prohlp02 ImagePath: System32\drivers\prohlp02.sys C:\WINDOWS\System32\drivers\prohlp02.sys 114016 bytes Created: 9/08/2004 10:03 PM Modified: 9/08/2004 10:03 PM Company: Protection Technology ---------- Key: prosync1 ImagePath: System32\drivers\prosync1.sys C:\WINDOWS\System32\drivers\prosync1.sys 7040 bytes Created: 20/07/2004 1:19 AM Modified: 20/07/2004 1:19 AM Company: Protection Technology ---------- Key: RTL8023xp ImagePath: system32\DRIVERS\Rtnicxp.sys C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys 104320 bytes Created: 20/11/2007 11:09 AM Modified: 20/11/2007 11:09 AM Company: Realtek Semiconductor Corporation ---------- Key: SASDIFSV ImagePath: \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 8944 bytes Created: 10/10/2006 2:53 PM Modified: 22/05/2008 9:49 AM Company: SUPERAdBlocker.com and SUPERAntiSpyware.com ---------- Key: SASENUM ImagePath: \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -R- 4096 bytes Created: 16/02/2006 6:51 PM Modified: 16/02/2006 6:51 PM Company: SuperAdBlocker, Inc. ---------- Key: SASKUTIL ImagePath: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys 55024 bytes Created: 27/02/2007 1:39 PM Modified: 22/05/2008 9:49 AM Company: SUPERAdBlocker.com and SUPERAntiSpyware.com ---------- Key: SE2Cbus ImagePath: system32\DRIVERS\SE2Cbus.sys C:\WINDOWS\system32\DRIVERS\SE2Cbus.sys -R- 61600 bytes Created: 24/04/2008 6:08 PM Modified: 10/11/2006 10:54 AM Company: MCCI ---------- Key: SE2Cmdfl ImagePath: system32\DRIVERS\SE2Cmdfl.sys C:\WINDOWS\system32\DRIVERS\SE2Cmdfl.sys -R- 9360 bytes Created: 4/12/2008 10:33 AM Modified: 10/11/2006 9:54 AM Company: MCCI ---------- Key: SE2Cmdm ImagePath: system32\DRIVERS\SE2Cmdm.sys C:\WINDOWS\system32\DRIVERS\SE2Cmdm.sys -R- 97184 bytes Created: 4/12/2008 10:33 AM Modified: 10/11/2006 9:54 AM Company: MCCI ---------- Key: SE2Cmgmt ImagePath: system32\DRIVERS\SE2Cmgmt.sys C:\WINDOWS\system32\DRIVERS\SE2Cmgmt.sys -R- 88688 bytes Created: 4/12/2008 10:33 AM Modified: 10/11/2006 9:54 AM Company: MCCI ---------- Key: se2Cnd5 ImagePath: system32\DRIVERS\se2Cnd5.sys C:\WINDOWS\system32\DRIVERS\se2Cnd5.sys -R- 18704 bytes Created: 4/12/2008 10:34 AM Modified: 10/11/2006 9:54 AM Company: MCCI ---------- Key: SE2Cobex ImagePath: system32\DRIVERS\SE2Cobex.sys C:\WINDOWS\system32\DRIVERS\SE2Cobex.sys -R- 86560 bytes Created: 4/12/2008 10:33 AM Modified: 10/11/2006 9:54 AM Company: MCCI ---------- Key: se2Cunic ImagePath: system32\DRIVERS\se2Cunic.sys C:\WINDOWS\system32\DRIVERS\se2Cunic.sys -R- 90800 bytes Created: 4/12/2008 10:34 AM Modified: 10/11/2006 9:54 AM Company: MCCI ---------- Key: sfhlp01 ImagePath: System32\drivers\sfhlp01.sys C:\WINDOWS\System32\drivers\sfhlp01.sys 4832 bytes Created: 2/12/2003 1:50 AM Modified: 2/12/2003 1:50 AM Company: Protection Technology ---------- Key: sptd ImagePath: System32\Drivers\sptd.sys - this file is globally excluded ---------- Key: StarWindServiceAE ImagePath: C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe 275968 bytes Created: 29/05/2007 3:27 AM Modified: 29/05/2007 3:27 AM Company: Rocket Division Software ---------- Key: SwPrv ImagePath: C:\WINDOWS\System32\dllhost.exe /Processid:{AD623655-EF04-4C37-9BEB-30243CD66548} C:\WINDOWS\System32\dllhost.exe 5120 bytes Created: 31/03/2003 10:30 PM Modified: 14/04/2008 10:42 AM Company: Microsoft Corporation ---------- Key: usbbus ImagePath: system32\DRIVERS\lgusbbus.sys C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [file not found to scan] ---------- Key: USBModem ImagePath: system32\DRIVERS\lgusbmodem.sys C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [file not found to scan] ---------- Key: usnjsvc ImagePath: "C:\Program Files\Windows Live\Messenger\usnsvc.exe" C:\Program Files\Windows Live\Messenger\usnsvc.exe 98328 bytes Created: 18/10/2007 11:31 AM Modified: 18/10/2007 11:31 AM Company: Microsoft Corporation ---------- Key: WLSetupSvc ImagePath: "C:\Program Files\Windows Live\installer\WLSetupSvc.exe" C:\Program Files\Windows Live\installer\WLSetupSvc.exe 266240 bytes Created: 25/10/2007 3:27 PM Modified: 25/10/2007 3:27 PM Company: Microsoft Corporation ---------- ********************************************** ****** 11:28:09 PM: Scanning -----VXD ENTRIES----- Checking the following VxD entries: ********************************************** ****** 11:28:09 PM: Scanning ----- WINLOGON\NOTIFY DLLS ----- Key : !SASWinLogon DLLName: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 356352 bytes Created: 19/04/2007 2:41 PM Modified: 6/01/2009 5:26 PM Company: SUPERAntiSpyware.com ---------- ********************************************** ****** 11:28:09 PM: Scanning ----- CONTEXTMENUHANDLERS ----- Key: AVG7 Shell Extension CLSID: {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} Path: C:\Program Files\Grisoft\AVG7\avgse.dll C:\Program Files\Grisoft\AVG7\avgse.dll 50688 bytes Created: 18/01/2008 3:38 PM Modified: 18/01/2008 3:38 PM Company: GRISOFT, s.r.o. ---------- Key: ShellExtension CLSID: [empty] ---------- Key: {CA8ACAFA-5FBB-467B-B348-90DD488DE003} Path: C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL 61440 bytes Created: 27/02/2007 1:39 PM Modified: 27/02/2007 1:39 PM Company: SUPERAntiSpyware.com ---------- ********************************************** ****** 11:28:09 PM: Scanning ----- FOLDER\COLUMNHANDLERS ----- Key: {7D4D6379-F301-4311-BEBA-E26EB0561882} File: [CLSID does not appear to reference a file] ********************************************** ****** 11:28:09 PM: Scanning ----- BROWSER HELPER OBJECTS ----- Key: {02478D38-C3F9-4EFB-9B51-7695ECA05670} BHO: C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt.dll C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt.dll 440384 bytes Created: 10/12/2008 11:13 AM Modified: 26/10/2006 10:28 AM Company: Yahoo! Inc. ---------- Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} BHO: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll 62080 bytes Created: 22/10/2006 11:08 PM Modified: 22/10/2006 11:08 PM Company: Adobe Systems Incorporated ---------- Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} BHO: C:\Program Files\Java\jre6\bin\ssv.dll C:\Program Files\Java\jre6\bin\ssv.dll 320920 bytes Created: 30/11/2008 2:31 PM Modified: 10/11/2008 5:43 AM Company: Sun Microsystems, Inc. ---------- Key: {9030D464-4C02-4ABF-8ECC-5164760863C6} BHO: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll 392240 bytes Created: 14/12/2007 12:54 PM Modified: 14/12/2007 12:54 PM Company: Microsoft Corporation ---------- Key: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} BHO: C:\Program Files\Windows Live Toolbar\msntb.dll C:\Program Files\Windows Live Toolbar\msntb.dll 546320 bytes Created: 19/10/2007 11:20 AM Modified: 19/10/2007 11:20 AM Company: Microsoft Corporation ---------- Key: {DBC80044-A445-435b-BC74-9C25C1C588A9} BHO: C:\Program Files\Java\jre6\bin\jp2ssv.dll C:\Program Files\Java\jre6\bin\jp2ssv.dll 34816 bytes Created: 30/11/2008 2:31 PM Modified: 10/11/2008 5:43 AM Company: Sun Microsystems, Inc. ---------- Key: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} BHO: C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll 73728 bytes Created: 30/11/2008 2:31 PM Modified: 10/11/2008 5:43 AM Company: Sun Microsystems, Inc. ---------- Key: {ecdee021-0d17-467f-a1ff-c7a115230949} BHO: C:\Program Files\free-downloads.net\tbfree.dll C:\Program Files\free-downloads.net\tbfree.dll 1555480 bytes Created: 1/09/2007 2:54 PM Modified: 14/02/2008 3:54 PM Company: Conduit Ltd. ---------- Key: {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} BHO: C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL 262144 bytes Created: 21/04/2008 7:26 PM Modified: 21/04/2008 7:26 PM Company: ZoneAlarm ---------- ********************************************** ****** 11:28:10 PM: Scanning ----- SHELLSERVICEOBJECTS ----- Key: WebCheck CLSID: {E6FB5E20-DE35-11CF-9C87-00AA005127ED} Path: %SystemRoot%\System32\webcheck.dll C:\WINDOWS\System32\webcheck.dll 276480 bytes Created: 31/03/2003 10:30 PM Modified: 14/04/2008 10:42 AM Company: Microsoft Corporation ---------- Key: SysTray CLSID: {35CEC8A3-2BE6-11D2-8773-92E220524153} Path: %systemroot%\system32\stobject.dll C:\WINDOWS\system32\stobject.dll 121856 bytes Created: 31/03/2003 10:30 PM Modified: 14/04/2008 10:42 AM Company: Microsoft Corporation ---------- ********************************************** ****** 11:28:10 PM: Scanning ----- SHAREDTASKSCHEDULER ENTRIES ----- ********************************************** ****** 11:28:10 PM: Scanning ----- IMAGEFILE DEBUGGERS ----- No "Debugger" entries found. ********************************************** ****** 11:28:10 PM: Scanning ----- APPINIT_DLLS ----- The AppInit_DLLs value is blank or does not exist ********************************************** ****** 11:28:10 PM: Scanning ----- SECURITY PROVIDER DLLS ----- ********************************************** ****** 11:28:10 PM: Scanning ------ COMMON STARTUP GROUP ------ [C:\Documents and Settings\All Users\Start Menu\Programs\Startup] The Common Startup Group attempts to load the following file(s) at boot time: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini -HS- 84 bytes Created: 18/01/2008 8:21 PM Modified: 18/01/2008 10:26 AM Company: [no info] -------------------- ********************************************** ****** 11:28:10 PM: Scanning ------ USER STARTUP GROUPS ------ -------------------- Checking Startup Group for: Administrator [C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP] The Startup Group for Administrator attempts to load the following file(s): C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP\desktop.ini -HS- 84 bytes Created: 20/04/2008 10:49 AM Modified: 18/01/2008 10:26 AM Company: [no info] ---------- -------------------- Checking Startup Group for: Bella [C:\Documents and Settings\Bella\START MENU\PROGRAMS\STARTUP] The Startup Group for Bella attempts to load the following file(s): C:\Documents and Settings\Bella\START MENU\PROGRAMS\STARTUP\desktop.ini -HS- 84 bytes Created: 18/01/2008 5:15 PM Modified: 18/01/2008 10:26 AM Company: [no info] ---------- -------------------- Checking Startup Group for: Gigster [C:\Documents and Settings\Gigster\START MENU\PROGRAMS\STARTUP] The Startup Group for Gigster attempts to load the following file(s): C:\Documents and Settings\Gigster\START MENU\PROGRAMS\STARTUP\desktop.ini -HS- 84 bytes Created: 18/01/2008 10:32 AM Modified: 18/01/2008 10:26 AM Company: [no info] ---------- ********************************************** ****** 11:28:11 PM: Scanning ----- SCHEDULED TASKS ----- Taskname: Check Updates for Windows Live Toolbar.job File: C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE 99856 bytes Created: 19/10/2007 11:20 AM Modified: 19/10/2007 11:20 AM Company: Microsoft Corporation Parameters: [blank] Next Run Time: 6/02/2009 12:12:00 AM Status: The task is ready to run at its next scheduled time Creator: Gigster Comments: [blank] ---------- Taskname: SS4200 Utility Updates.job File: C:\WINDOWS\Installer\SS4200 Utility Updates for All Users.lnk C:\WINDOWS\Installer\SS4200 Utility Updates for All Users.lnk 977 bytes Created: 23/11/2008 3:12 PM Modified: 23/11/2008 3:12 PM Company: [no info] Parameters: [blank] Next Run Time: 6/02/2009 10:00:00 AM Status: The task has not yet run Creator: Gigster Comments: [blank] ---------- ********************************************** ****** 11:28:11 PM: Scanning ----- SHELLICONOVERLAYIDENTIFIERS ----- ********************************************** ****** 11:28:11 PM: ----- ADDITIONAL CHECKS ----- PE386 rootkit checks completed ---------- Winlogon registry rootkit checks completed ---------- Heuristic checks for hidden files/drivers completed ---------- Layered Service Provider entries checks completed ---------- Windows Explorer Policies checks completed ---------- Desktop Wallpaper: C:\Documents and Settings\Gigster\Application Data\Mozilla\Firefox\Desktop Background.bmp C:\Documents and Settings\Gigster\Application Data\Mozilla\Firefox\Desktop Background.bmp 1358010 bytes Created: 28/04/2008 2:27 PM Modified: 28/04/2008 2:27 PM Company: [no info] ---------- Web Desktop Wallpaper: %APPDATA%\Mozilla\Firefox\Desktop Background.bmp C:\Documents and Settings\Gigster\Application Data\Mozilla\Firefox\Desktop Background.bmp 1358010 bytes Created: 28/04/2008 2:27 PM Modified: 28/04/2008 2:27 PM Company: [no info] ---------- Checks for rogue DNS NameServers completed ---------- ---------- Additional checks completed ********************************************** ****** 11:28:12 PM: Scanning ----- RUNNING PROCESSES ----- C:\WINDOWS\System32\smss.exe -------------------- C:\WINDOWS\system32\csrss.exe -------------------- C:\WINDOWS\system32\winlogon.exe -------------------- C:\WINDOWS\system32\services.exe -------------------- C:\WINDOWS\system32\lsass.exe -------------------- C:\WINDOWS\system32\svchost.exe -------------------- C:\WINDOWS\system32\svchost.exe - file already scanned -------------------- C:\WINDOWS\System32\svchost.exe - file already scanned -------------------- C:\WINDOWS\System32\svchost.exe - file already scanned -------------------- C:\WINDOWS\system32\svchost.exe - file already scanned -------------------- C:\WINDOWS\system32\LEXBCES.EXE - file already scanned -------------------- C:\WINDOWS\system32\spoolsv.exe -------------------- C:\WINDOWS\system32\LEXPPS.EXE -------------------- C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe - file already scanned -------------------- C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe - file already scanned -------------------- C:\PROGRA~1\Grisoft\AVG7\avgemc.exe - file already scanned -------------------- C:\Program Files\Java\jre6\bin\jqs.exe - file already scanned -------------------- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe -------------------- C:\WINDOWS\system32\nvsvc32.exe -------------------- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe - file already scanned -------------------- C:\WINDOWS\System32\svchost.exe - file already scanned -------------------- C:\WINDOWS\System32\alg.exe -------------------- C:\PROGRA~1\Grisoft\AVG7\avgcc.exe - file already scanned -------------------- C:\WINDOWS\system32\RUNDLL32.EXE -------------------- C:\Program Files\Logitech\iTouch\iTouch.exe - file already scanned -------------------- C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe - file already scanned -------------------- C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe -------------------- C:\Program Files\Logitech\iTouch\kbdtray.exe -------------------- C:\WINDOWS\system32\ctfmon.exe - file already scanned -------------------- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe - file already scanned -------------------- C:\Program Files\Common Files\Teleca Shared\Generic.exe -------------------- C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe -------------------- C:\WINDOWS\system32\taskmgr.exe -------------------- C:\WINDOWS\explorer.exe - file already scanned -------------------- C:\Documents and Settings\Gigster\Application Data\Simply Super Software\Trojan Remover\fcy30.exe FileSize: 2933624 [This is a Trojan Remover component] -------------------- ********************************************** ****** 11:28:14 PM: Checking AUTOEXEC.BAT file AUTOEXEC.BAT found in C:\ No malicious entries were found in the AUTOEXEC.BAT file ********************************************** ****** 11:28:14 PM: Checking AUTOEXEC.NT file AUTOEXEC.NT found in C:\WINDOWS\system32 No malicious entries were found in the AUTOEXEC.NT file ********************************************** ****** 11:28:14 PM: Checking HOSTS file No malicious entries were found in the HOSTS file ********************************************** ****** ------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------ HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page": www.microsoft.com HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page": www.microsoft.com HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL": www.microsoft.com HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page": about:blank HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page": www.microsoft.com HKCU\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL": www.microsoft.com ********************************************** ****** === NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES === Scan completed at: 11:28:14 PM 05 Feb 2009 Total Scan time: 00:00:12 ********************************************** ****** * NORMAL SCAN FOR ACTIVE MALWARE * Trojan Remover Ver 6.7.5.2562. For information, email support@simplysup1.com [Unregistered version] Scan started at: 11:23:58 PM 05 Feb 2009 Using Database v7279 Operating System: Windows XP Professional (SP3) [Build: 5.1.2600] File System: NTFS UserData directory: C:\Documents and Settings\Gigster\Application Data\Simply Super Software\Trojan Remover\ Database directory: C:\Program Files\Trojan Remover\ Logfile directory: C:\Documents and Settings\Gigster\My Documents\Simply Super Software\Trojan Remover Logfiles\ Program directory: C:\Program Files\Trojan Remover\ Running with Administrator privileges ********************************************** ****** The following Anti-Malware program(s) are loaded: AVG Anti-Virus ********************************************** ****** ********************************************** ****** 11:23:58 PM: Scanning ----------WIN.INI----------- WIN.INI found in C:\WINDOWS ********************************************** ****** 11:23:58 PM: Scanning --------SYSTEM.INI--------- SYSTEM.INI found in C:\WINDOWS ********************************************** ****** 11:23:58 PM: ----- SCANNING FOR ROOTKIT SERVICES ----- No hidden Services were detected. ********************************************** ****** 11:23:58 PM: Scanning -----WINDOWS REGISTRY----- -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon This key's "Shell" value calls the following program(s): Key value: [Explorer.exe] File: Explorer.exe C:\WINDOWS\Explorer.exe 1033728 bytes Created: 31/03/2003 10:30 PM Modified: 14/04/2008 10:42 AM Company: Microsoft Corporation ---------- This key's "Userinit" value calls the following program(s): Key value: [C:\WINDOWS\system32\userinit.exe,] File: C:\WINDOWS\system32\userinit.exe C:\WINDOWS\system32\userinit.exe 26112 bytes Created: 31/03/2003 10:30 PM Modified: 14/04/2008 10:42 AM Company: Microsoft Corporation ---------- This key's "System" value appears to be blank ---------- This key's "UIHost" value calls the following program: Key value: [logonui.exe] File: logonui.exe C:\WINDOWS\system32\logonui.exe 514560 bytes Created: 31/03/2003 10:30 PM Modified: 14/04/2008 10:42 AM Company: Microsoft Corporation ---------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Value Name: AVG7_CC Value Data: C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP C:\PROGRA~1\Grisoft\AVG7\avgcc.exe 590848 bytes Created: 18/01/2008 3:38 PM Modified: 17/10/2008 10:41 AM Company: GRISOFT, s.r.o. -------------------- Value Name: NvCplDaemon Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup C:\WINDOWS\system32\NvCpl.dll 7700480 bytes Created: 22/10/2006 12:22 PM Modified: 22/10/2006 12:22 PM Company: NVIDIA Corporation -------------------- Value Name: nwiz Value Data: nwiz.exe /install C:\WINDOWS\system32\nwiz.exe 1622016 bytes Created: 22/10/2006 12:22 PM Modified: 22/10/2006 12:22 PM Company: NVIDIA Corporation -------------------- Value Name: NvMediaCenter Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit C:\WINDOWS\system32\NvMcTray.dll 86016 bytes Created: 22/10/2006 12:22 PM Modified: 22/10/2006 12:22 PM Company: NVIDIA Corporation -------------------- Value Name: zBrowser Launcher Value Data: C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\Logitech\iTouch\iTouch.exe 204800 bytes Created: 21/01/2008 10:57 AM Modified: 20/12/2001 1:59 AM Company: Logitech Inc. -------------------- Value Name: EM_EXEC Value Data: C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE 35328 bytes Created: 21/01/2008 10:57 AM Modified: 20/12/2001 9:42 AM Company: Logitech Inc. -------------------- Value Name: Value Data: Blank entry: [] -------------------- Value Name: Sony Ericsson PC Suite Value Data: "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe -R- 159744 bytes Created: 26/10/2005 4:17 PM Modified: 26/10/2005 4:17 PM Company: Sony Ericsson Mobile Communications AB -------------------- Value Name: Lexmark X6100 Series Value Data: "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe" C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe 57344 bytes Created: 12/01/2009 1:58 PM Modified: 23/09/2003 2:01 AM Company: Lexmark International, Inc. -------------------- Value Name: TrojanScanner Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot C:\Program Files\Trojan Remover\Trjscan.exe 1231752 bytes Created: 5/02/2009 8:18 PM Modified: 1/01/2009 8:43 PM Company: Simply Super Software -------------------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Once Value Name: Malwarebytes' Anti-Malware Value Data: C:\Program Files\ Malwarebytes' Anti-Malware\mbamgui.exe /install /silent C:\Program Files\ Malwarebytes' Anti-Malware\mbamgui.exe 399504 bytes Created: 5/02/2009 8:37 PM Modified: 14/01/2009 4:11 PM Company: Malwarebytes Corporation -------------------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Services This Registry Key appears to be empty -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ServicesOnce This Registry Key appears to be empty -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\Run This Registry Key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Value Name: CTFMON.EXE Value Data: C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\ctfmon.exe 15360 bytes Created: 31/03/2003 10:30 PM Modified: 14/04/2008 10:42 AM Company: Microsoft Corporation -------------------- Value Name: MsnMsgr Value Data: "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe 5724184 bytes Created: 18/10/2007 11:34 AM Modified: 18/10/2007 11:34 AM Company: Microsoft Corporation -------------------- Value Name: SUPERAntiSpyware Value Data: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe 1830128 bytes Created: 1/05/2007 10:29 AM Modified: 3/02/2009 7:46 PM Company: SUPERAntiSpyware.com -------------------- Value Name: AlcoholAutomount Value Data: "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe 217544 bytes Created: 22/02/2008 10:00 PM Modified: 22/02/2008 10:00 PM Company: Alcohol Soft Development Team -------------------- -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Once This Registry Key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Services This Registry Key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run ServicesOnce This Registry Key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\Run This Registry Key appears to be empty ********************************************** ****** 11:24:01 PM: Scanning -----SHELLEXECUTEHOOKS----- ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972} File: shell32.dll - this file is expected and has been left in place ---------- ValueName: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} File: C:\Program Files\SUPERAntiSpyware\SASSEH.DLL C:\Program Files\SUPERAntiSpyware\SASSEH.DLL 77824 bytes Created: 20/12/2006 2:55 PM Modified: 22/05/2008 9:49 AM Company: SuperAdBlocker.com ---------- ********************************************** ****** 11:24:01 PM: Scanning -----HIDDEN REGISTRY ENTRIES----- Taskdir check completed ---------- No Hidden File-loading Registry Entries found ---------- ********************************************** ****** 11:24:01 PM: Scanning -----ACTIVE SCREENSAVER----- No active ScreenSaver found to scan. -------------------- ********************************************** ****** 11:24:01 PM: Scanning ----- REGISTRY ACTIVE SETUP KEYS ----- Key: {6BF52A52-394A-11d3-B153-00C04F79FAA6} Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub C:\WINDOWS\INF\wmp11.inf 2428 bytes Created: 25/08/2006 5:09 PM Modified: 25/08/2006 5:09 PM Company: [no info] ---------- ********************************************** ****** 11:24:02 PM: Scanning ----- SERVICEDLL REGISTRY KEYS ----- Key: HidServ %SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found) -------------------- ********************************************** ****** 11:24:04 PM: Scanning ----- SERVICES REGISTRY KEYS ----- Key: ALCXWDM ImagePath: system32\drivers\ALCXWDM.SYS C:\WINDOWS\system32\drivers\ALCXWDM.SYS 303948 bytes Created: 18/01/2008 1:00 PM Modified: 25/03/2002 10:43 PM Company: Avance Logic, Inc. ---------- Key: Aspi32 ImagePath: System32\drivers\aspi32.sys C:\WINDOWS\System32\drivers\aspi32.sys 16512 bytes Created: 30/11/2008 11:01 PM Modified: 21/11/2005 4:18 PM Company: Adaptec ---------- Key: Avg7Alrt ImagePath: C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe 418816 bytes Created: 18/01/2008 3:38 PM Modified: 18/01/2008 3:38 PM Company: GRISOFT, s.r.o. ---------- Key: Avg7Core ImagePath: \SystemRoot\System32\Drivers\avg7core.sys C:\WINDOWS\System32\Drivers\avg7core.sys 821856 bytes Created: 18/01/2008 3:38 PM Modified: 18/01/2008 3:38 PM Company: GRISOFT, s.r.o. ---------- Key: Avg7RsW ImagePath: \SystemRoot\System32\Drivers\avg7rsw.sys C:\WINDOWS\System32\Drivers\avg7rsw.sys 4224 bytes Created: 18/01/2008 3:38 PM Modified: 18/01/2008 3:38 PM Company: GRISOFT, s.r.o. ---------- Key: Avg7RsXP ImagePath: \SystemRoot\System32\Drivers\avg7rsxp.sys C:\WINDOWS\System32\Drivers\avg7rsxp.sys 27776 bytes Created: 18/01/2008 3:38 PM Modified: 18/01/2008 3:38 PM Company: GRISOFT, s.r.o. ---------- Key: Avg7UpdSvc ImagePath: C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe 49664 bytes Created: 18/01/2008 3:38 PM Modified: 18/01/2008 3:38 PM Company: GRISOFT, s.r.o. ---------- Key: AvgClean ImagePath: \SystemRoot\System32\Drivers\avgclean.sys C:\WINDOWS\System32\Drivers\avgclean.sys 10760 bytes Created: 18/01/2008 3:38 PM Modified: 18/01/2008 3:42 PM Company: GRISOFT, s.r.o. ---------- Key: AVGEMS ImagePath: C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe 406528 bytes Created: 18/01/2008 3:38 PM Modified: 18/01/2008 3:42 PM Company: GRISOFT, s.r.o. ---------- Key: AvgTdi ImagePath: \SystemRoot\System32\Drivers\avgtdi.sys C:\WINDOWS\System32\Drivers\avgtdi.sys 4960 bytes Created: 18/01/2008 3:38 PM Modified: 18/01/2008 3:38 PM Company: GRISOFT, s.r.o. ---------- Key: BANTExt ImagePath: \SystemRoot\System32\Drivers\BANTExt.sys C:\WINDOWS\System32\Drivers\BANTExt.sys 3840 bytes Created: 24/01/2008 7:37 PM Modified: 7/04/2005 5:18 PM Company: [no info] ---------- Key: catchme ImagePath: \??\C:\Combo-Fix\catchme.sys - this file is globally excluded ---------- Key: ImapiService ImagePath: %systemroot%\system32\imapi.exe C:\WINDOWS\system32\imapi.exe 150528 bytes Created: 31/03/2003 10:30 PM Modified: 14/04/2008 10:42 AM Company: Microsoft Corporation ---------- Key: itchfltr ImagePath: system32\DRIVERS\itchfltr.sys C:\WINDOWS\system32\DRIVERS\itchfltr.sys 10496 bytes Created: 21/01/2008 10:57 AM Modified: 17/12/2001 8:12 PM Company: Logitech Inc. ---------- Key: JavaQuickStarterService ImagePath: "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" C:\Program Files\Java\jre6\bin\jqs.exe 152984 bytes Created: 30/11/2008 2:31 PM Modified: 10/11/2008 5:43 AM Company: Sun Microsystems, Inc. ---------- Key: LexBceS ImagePath: C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXBCES.EXE 303104 bytes Created: 12/01/2009 1:59 PM Modified: 23/09/2003 1:42 AM Company: Lexmark International, Inc. ---------- Key: pfsvgae ImagePath: \??\C:\DOCUME~1\Gigster\LOCALS~1\Temp\pfsvgae.sys C:\DOCUME~1\Gigster\LOCALS~1\Temp\pfsvgae.sys [file not found to scan] ---------- Key: prodrv06 ImagePath: \SystemRoot\System32\drivers\prodrv06.sys C:\WINDOWS\System32\drivers\prodrv06.sys 53920 bytes Created: 9/08/2004 9:59 PM Modified: 9/08/2004 9:59 PM Company: Protection Technology ---------- Key: prohlp02 ImagePath: System32\drivers\prohlp02.sys C:\WINDOWS\System32\drivers\prohlp02.sys 114016 bytes Created: 9/08/2004 10:03 PM Modified: 9/08/2004 10:03 PM Company: Protection Technology ---------- Key: prosync1 ImagePath: System32\drivers\prosync1.sys C:\WINDOWS\System32\drivers\prosync1.sys 7040 bytes Created: 20/07/2004 1:19 AM Modified: 20/07/2004 1:19 AM Company: Protection Technology ---------- Key: RTL8023xp ImagePath: system32\DRIVERS\Rtnicxp.sys C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys 104320 bytes Created: 20/11/2007 11:09 AM Modified: 20/11/2007 11:09 AM Company: Realtek Semiconductor Corporation ---------- Key: SASDIFSV ImagePath: \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 8944 bytes Created: 10/10/2006 2:53 PM Modified: 22/05/2008 9:49 AM Company: SUPERAdBlocker.com and SUPERAntiSpyware.com ---------- Key: SASENUM ImagePath: \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -R- 4096 bytes Created: 16/02/2006 6:51 PM Modified: 16/02/2006 6:51 PM Company: SuperAdBlocker, Inc. ---------- Key: SASKUTIL ImagePath: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys 55024 bytes Created: 27/02/2007 1:39 PM Modified: 22/05/2008 9:49 AM Company: SUPERAdBlocker.com and SUPERAntiSpyware.com ---------- Key: SE2Cbus ImagePath: system32\DRIVERS\SE2Cbus.sys C:\WINDOWS\system32\DRIVERS\SE2Cbus.sys -R- 61600 bytes Created: 24/04/2008 6:08 PM Modified: 10/11/2006 10:54 AM Company: MCCI ---------- Key: SE2Cmdfl ImagePath: system32\DRIVERS\SE2Cmdfl.sys C:\WINDOWS\system32\DRIVERS\SE2Cmdfl.sys -R- 9360 bytes Created: 4/12/2008 10:33 AM Modified: 10/11/2006 9:54 AM Company: MCCI ---------- Key: SE2Cmdm ImagePath: system32\DRIVERS\SE2Cmdm.sys C:\WINDOWS\system32\DRIVERS\SE2Cmdm.sys -R- 97184 bytes Created: 4/12/2008 10:33 AM Modified: 10/11/2006 9:54 AM Company: MCCI ---------- Key: SE2Cmgmt ImagePath: system32\DRIVERS\SE2Cmgmt.sys C:\WINDOWS\system32\DRIVERS\SE2Cmgmt.sys -R- 88688 bytes Created: 4/12/2008 10:33 AM Modified: 10/11/2006 9:54 AM Company: MCCI ---------- Key: se2Cnd5 ImagePath: system32\DRIVERS\se2Cnd5.sys C:\WINDOWS\system32\DRIVERS\se2Cnd5.sys -R- 18704 bytes Created: 4/12/2008 10:34 AM Modified: 10/11/2006 9:54 AM Company: MCCI ---------- Key: SE2Cobex ImagePath: system32\DRIVERS\SE2Cobex.sys C:\WINDOWS\system32\DRIVERS\SE2Cobex.sys -R- 86560 bytes Created: 4/12/2008 10:33 AM Modified: 10/11/2006 9:54 AM Company: MCCI ---------- Key: se2Cunic ImagePath: system32\DRIVERS\se2Cunic.sys C:\WINDOWS\system32\DRIVERS\se2Cunic.sys -R- 90800 bytes Created: 4/12/2008 10:34 AM Modified: 10/11/2006 9:54 AM Company: MCCI ---------- Key: sfhlp01 ImagePath: System32\drivers\sfhlp01.sys C:\WINDOWS\System32\drivers\sfhlp01.sys 4832 bytes Created: 2/12/2003 1:50 AM Modified: 2/12/2003 1:50 AM Company: Protection Technology ---------- Key: sptd ImagePath: System32\Drivers\sptd.sys - this file is globally excluded ---------- Key: StarWindServiceAE ImagePath: C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe 275968 bytes Created: 29/05/2007 3:27 AM Modified: 29/05/2007 3:27 AM Company: Rocket Division Software ---------- Key: SwPrv ImagePath: C:\WINDOWS\System32\dllhost.exe /Processid:{AD623655-EF04-4C37-9BEB-30243CD66548} C:\WINDOWS\System32\dllhost.exe 5120 bytes Created: 31/03/2003 10:30 PM Modified: 14/04/2008 10:42 AM Company: Microsoft Corporation ---------- Key: usbbus ImagePath: system32\DRIVERS\lgusbbus.sys C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [file not found to scan] ---------- Key: USBModem ImagePath: system32\DRIVERS\lgusbmodem.sys C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [file not found to scan] ---------- Key: usnjsvc ImagePath: "C:\Program Files\Windows Live\Messenger\usnsvc.exe" C:\Program Files\Windows Live\Messenger\usnsvc.exe 98328 bytes Created: 18/10/2007 11:31 AM Modified: 18/10/2007 11:31 AM Company: Microsoft Corporation ---------- Key: WLSetupSvc ImagePath: "C:\Program Files\Windows Live\installer\WLSetupSvc.exe" C:\Program Files\Windows Live\installer\WLSetupSvc.exe 266240 bytes Created: 25/10/2007 3:27 PM Modified: 25/10/2007 3:27 PM Company: Microsoft Corporation ---------- ********************************************** ****** 11:24:10 PM: Scanning -----VXD ENTRIES----- Checking the following VxD entries: ********************************************** ****** 11:24:10 PM: Scanning ----- WINLOGON\NOTIFY DLLS ----- Key : !SASWinLogon DLLName: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 356352 bytes Created: 19/04/2007 2:41 PM Modified: 6/01/2009 5:26 PM Company: SUPERAntiSpyware.com ---------- ********************************************** ****** 11:24:10 PM: Scanning ----- CONTEXTMENUHANDLERS ----- Key: AVG7 Shell Extension CLSID: {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} Path: C:\Program Files\Grisoft\AVG7\avgse.dll C:\Program Files\Grisoft\AVG7\avgse.dll 50688 bytes Created: 18/01/2008 3:38 PM Modified: 18/01/2008 3:38 PM Company: GRISOFT, s.r.o. ---------- Key: ShellExtension CLSID: [empty] ---------- Key: {CA8ACAFA-5FBB-467B-B348-90DD488DE003} Path: C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL 61440 bytes Created: 27/02/2007 1:39 PM Modified: 27/02/2007 1:39 PM Company: SUPERAntiSpyware.com ---------- ********************************************** ****** 11:24:10 PM: Scanning ----- FOLDER\COLUMNHANDLERS ----- Key: {7D4D6379-F301-4311-BEBA-E26EB0561882} File: [CLSID does not appear to reference a file] ********************************************** ****** 11:24:10 PM: Scanning ----- BROWSER HELPER OBJECTS ----- Key: {02478D38-C3F9-4EFB-9B51-7695ECA05670} BHO: C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt.dll C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt.dll 440384 bytes Created: 10/12/2008 11:13 AM Modified: 26/10/2006 10:28 AM Company: Yahoo! Inc. ---------- Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} BHO: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll 62080 bytes Created: 22/10/2006 11:08 PM Modified: 22/10/2006 11:08 PM Company: Adobe Systems Incorporated ---------- Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} BHO: C:\Program Files\Java\jre6\bin\ssv.dll C:\Program Files\Java\jre6\bin\ssv.dll 320920 bytes Created: 30/11/2008 2:31 PM Modified: 10/11/2008 5:43 AM Company: Sun Microsystems, Inc. ---------- Key: {9030D464-4C02-4ABF-8ECC-5164760863C6} BHO: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll 392240 bytes Created: 14/12/2007 12:54 PM Modified: 14/12/2007 12:54 PM Company: Microsoft Corporation ---------- Key: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} BHO: C:\Program Files\Windows Live Toolbar\msntb.dll C:\Program Files\Windows Live Toolbar\msntb.dll 546320 bytes Created: 19/10/2007 11:20 AM Modified: 19/10/2007 11:20 AM Company: Microsoft Corporation ---------- Key: {DBC80044-A445-435b-BC74-9C25C1C588A9} BHO: C:\Program Files\Java\jre6\bin\jp2ssv.dll C:\Program Files\Java\jre6\bin\jp2ssv.dll 34816 bytes Created: 30/11/2008 2:31 PM Modified: 10/11/2008 5:43 AM Company: Sun Microsystems, Inc. ---------- Key: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} BHO: C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll 73728 bytes Created: 30/11/2008 2:31 PM Modified: 10/11/2008 5:43 AM Company: Sun Microsystems, Inc. ---------- Key: {ecdee021-0d17-467f-a1ff-c7a115230949} BHO: C:\Program Files\free-downloads.net\tbfree.dll C:\Program Files\free-downloads.net\tbfree.dll 1555480 bytes Created: 1/09/2007 2:54 PM Modified: 14/02/2008 3:54 PM Company: Conduit Ltd. ---------- Key: {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} BHO: C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL 262144 bytes Created: 21/04/2008 7:26 PM Modified: 21/04/2008 7:26 PM Company: ZoneAlarm ---------- ********************************************** ****** 11:24:11 PM: Scanning ----- SHELLSERVICEOBJECTS ----- Key: WebCheck CLSID: {E6FB5E20-DE35-11CF-9C87-00AA005127ED} Path: %SystemRoot%\System32\webcheck.dll C:\WINDOWS\System32\webcheck.dll 276480 bytes Created: 31/03/2003 10:30 PM Modified: 14/04/2008 10:42 AM Company: Microsoft Corporation ---------- Key: SysTray CLSID: {35CEC8A3-2BE6-11D2-8773-92E220524153} Path: %systemroot%\system32\stobject.dll C:\WINDOWS\system32\stobject.dll 121856 bytes Created: 31/03/2003 10:30 PM Modified: 14/04/2008 10:42 AM Company: Microsoft Corporation ---------- ********************************************** ****** 11:24:11 PM: Scanning ----- SHAREDTASKSCHEDULER ENTRIES ----- ********************************************** ****** 11:24:11 PM: Scanning ----- IMAGEFILE DEBUGGERS ----- No "Debugger" entries found. ********************************************** ****** 11:24:11 PM: Scanning ----- APPINIT_DLLS ----- The AppInit_DLLs value is blank or does not exist ********************************************** ****** 11:24:12 PM: Scanning ----- SECURITY PROVIDER DLLS ----- ********************************************** ****** 11:24:12 PM: Scanning ------ COMMON STARTUP GROUP ------ [C:\Documents and Settings\All Users\Start Menu\Programs\Startup] The Common Startup Group attempts to load the following file(s) at boot time: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini -HS- 84 bytes Created: 18/01/2008 8:21 PM Modified: 18/01/2008 10:26 AM Company: [no info] -------------------- ********************************************** ****** 11:24:12 PM: Scanning ------ USER STARTUP GROUPS ------ -------------------- Checking Startup Group for: Administrator [C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP] The Startup Group for Administrator attempts to load the following file(s): C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP\desktop.ini -HS- 84 bytes Created: 20/04/2008 10:49 AM Modified: 18/01/2008 10:26 AM Company: [no info] ---------- -------------------- Checking Startup Group for: Bella [C:\Documents and Settings\Bella\START MENU\PROGRAMS\STARTUP] The Startup Group for Bella attempts to load the following file(s): C:\Documents and Settings\Bella\START MENU\PROGRAMS\STARTUP\desktop.ini -HS- 84 bytes Created: 18/01/2008 5:15 PM Modified: 18/01/2008 10:26 AM Company: [no info] ---------- -------------------- Checking Startup Group for: Gigster [C:\Documents and Settings\Gigster\START MENU\PROGRAMS\STARTUP] The Startup Group for Gigster attempts to load the following file(s): C:\Documents and Settings\Gigster\START MENU\PROGRAMS\STARTUP\desktop.ini -HS- 84 bytes Created: 18/01/2008 10:32 AM Modified: 18/01/2008 10:26 AM Company: [no info] ---------- ********************************************** ****** 11:24:12 PM: Scanning ----- SCHEDULED TASKS ----- Taskname: Check Updates for Windows Live Toolbar.job File: C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE 99856 bytes Created: 19/10/2007 11:20 AM Modified: 19/10/2007 11:20 AM Company: Microsoft Corporation Parameters: [blank] Next Run Time: 6/02/2009 12:12:00 AM Status: The task is ready to run at its next scheduled time Creator: Gigster Comments: [blank] ---------- Taskname: SS4200 Utility Updates.job File: C:\WINDOWS\Installer\SS4200 Utility Updates for All Users.lnk C:\WINDOWS\Installer\SS4200 Utility Updates for All Users.lnk 977 bytes Created: 23/11/2008 3:12 PM Modified: 23/11/2008 3:12 PM Company: [no info] Parameters: [blank] Next Run Time: 6/02/2009 10:00:00 AM Status: The task has not yet run Creator: Gigster Comments: [blank] ---------- ********************************************** ****** 11:24:13 PM: Scanning ----- SHELLICONOVERLAYIDENTIFIERS ----- ********************************************** ******** 11:24:13 PM: ----- ADDITIONAL CHECKS ----- PE386 rootkit checks completed	gigster (14591)
745370	2009-02-05 20:10:00	That should be it then You can tick these entries then tick fix checked Close browsers O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O8 - Extra context menu item: &Search - edits.mywebsearch.com Did you uninstall mywebsearch?	Speedy Gonzales (78)
745371	2009-02-05 20:46:00	Also delete these folders in program files when you've uninstalled them: FunWebProducts MyWebSearch	Blam (54)
745372	2009-02-05 22:58:00	I looked for MyWebSearch and FunWebProducts but could not find them here's a copy of HijackThis log Cheers Phil Logfile of HijackThis v1.99.1 Scan saved at 8:00:08 AM, on 6/02/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\iTouch\kbdtray.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = au.rd.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt.dll R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe" O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - favorites.live.com O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\ Yahoo! \Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - www.update.microsoft.com O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DL L O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing) O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe	gigster (14591)
745373	2009-02-05 23:58:00	Sorry i posted the wrong Hijackthis log. Here is the up to date one and one from Trojan remover. I looked for MyWebSearch and FunWebProducts but could n't find them so i guess they have been dealt with. Hanx once again and Cheers...Phil Logfile of HijackThis v1.99.1 Scan saved at 10:17:08 AM, on 6/02/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\iTouch\kbdtray.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Grisoft\AVG7\avgcc.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = au.rd.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt.dll R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - favorites.live.com O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\ Yahoo! \Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - www.update.microsoft.com O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DL L O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing) O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe *** NORMAL SCAN FOR ACTIVE MALWARE * Trojan Remover Ver 6.7.5.2562. For information, email support@simplysup1.com [Unregistered version] Scan started at: 10:11:32 AM 06 Feb 2009 Using Database v7279 Operating System: Windows XP Professional (SP3) [Build: 5.1.2600] File System: NTFS UserData directory: C:\Documents and Settings\Gigster\Application Data\Simply Super Software\Trojan Remover\ Database directory: C:\Program Files\Trojan Remover\ Logfile directory: C:\Documents and Settings\Gigster\My Documents\Simply Super Software\Trojan Remover Logfiles\ Program directory: C:\Program Files\Trojan Remover\ Running with Administrator privileges ********************************************** ****** The following Anti-Malware program(s) are loaded: AVG Anti-Virus AVG Anti-Virus ********************************************** ****** ********************************************** ****** 10:11:32 AM: Scanning ----------WIN.INI----------- WIN.INI found in C:\WINDOWS ********************************************** ****** 10:11:32 AM: Scanning --------SYSTEM.INI--------- SYSTEM.INI found in C:\WINDOWS ********************************************** ****** 10:11:32 AM: ----- SCANNING FOR ROOTKIT SERVICES ----- No hidden Services were detected. ********************************************** ****** 10:11:33 AM: Scanning -----WINDOWS REGISTRY----- -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon This key's "Shell" value calls the following program(s): Key value: [Explorer.exe] File: Explorer.exe C:\WINDOWS\Explorer.exe 1033728 bytes Created: 31/03/2003 10:30 PM Modified: 14/04/2008 10:42 AM Company: Microsoft Corporation ---------- This key's "Userinit" value calls the following program(s): Key value: [C:\WINDOWS\system32\userinit.exe,] File: C:\WINDOWS\system32\userinit.exe C:\WINDOWS\system32\userinit.exe 26112 bytes Created: 31/03/2003 10:30 PM Modified: 14/04/2008 10:42 AM Company: Microsoft Corporation ---------- This key's "System" value appears to be blank ---------- This key's "UIHost" value calls the following program: Key value: [logonui.exe] File: logonui.exe C:\WINDOWS\system32\logonui.exe 514560 bytes Created: 31/03/2003 10:30 PM Modified: 14/04/2008 10:42 AM Company: Microsoft Corporation ---------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Value Name: AVG7_CC Value Data: C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP C:\PROGRA~1\Grisoft\AVG7\avgcc.exe 590848 bytes Created: 18/01/2008 3:38 PM Modified: 17/10/2008 10:41 AM Company: GRISOFT, s.r.o. -------------------- Value Name: NvCplDaemon Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup C:\WINDOWS\system32\NvCpl.dll 7700480 bytes Created: 22/10/2006 12:22 PM Modified: 22/10/2006 12:22 PM Company: NVIDIA Corporation -------------------- Value Name: nwiz Value Data: nwiz.exe /install C:\WINDOWS\system32\nwiz.exe 1622016 bytes Created: 22/10/2006 12:22 PM Modified: 22/10/2006 12:22 PM Company: NVIDIA Corporation -------------------- Value Name: NvMediaCenter Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit C:\WINDOWS\system32\NvMcTray.dll 86016 bytes Created: 22/10/2006 12:22 PM Modified: 22/10/2006 12:22 PM Company: NVIDIA Corporation -------------------- Value Name: zBrowser Launcher Value Data: C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\Logitech\iTouch\iTouch.exe 204800 bytes Created: 21/01/2008 10:57 AM Modified: 20/12/2001 1:59 AM Company: Logitech Inc. -------------------- Value Name: EM_EXEC Value Data: C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE 35328 bytes Created: 21/01/2008 10:57 AM Modified: 20/12/2001 9:42 AM Company: Logitech Inc. -------------------- Value Name: Value Data: Blank entry: [] -------------------- Value Name: Sony Ericsson PC Suite Value Data: "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe -R- 159744 bytes Created: 26/10/2005 4:17 PM Modified: 26/10/2005 4:17 PM Company: Sony Ericsson Mobile Communications AB -------------------- Value Name: Lexmark X6100 Series Value Data: "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe" C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe 57344 bytes Created: 12/01/2009 1:58 PM Modified: 23/09/2003 2:01 AM Company: Lexmark International, Inc. -------------------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Once This Registry Key appears to be empty -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Services This Registry Key appears to be empty -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ServicesOnce This Registry Key appears to be empty -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\Run This Registry Key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Value Name: CTFMON.EXE Value Data: C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\ctfmon.exe 15360 bytes Created: 31/03/2003 10:30 PM Modified: 14/04/2008 10:42 AM Company: Microsoft Corporation -------------------- Value Name: AlcoholAutomount Value Data: "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe 217544 bytes Created: 22/02/2008 10:00 PM Modified: 22/02/2008 10:00 PM Company: Alcohol Soft Development Team -------------------- -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Once This Registry Key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Services This Registry Key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run ServicesOnce This Registry Key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\Run This Registry Key appears to be empty ********************************************** ****** 10:11:35 AM: Scanning -----SHELLEXECUTEHOOKS----- ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972} File: shell32.dll - this file is expected and has been left in place ---------- ValueName: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} File: C:\Program Files\SUPERAntiSpyware\SASSEH.DLL C:\Program Files\SUPERAntiSpyware\SASSEH.DLL 77824 bytes Created: 20/12/2006 2:55 PM Modified: 22/05/2008 9:49 AM Company: SuperAdBlocker.com ---------- ********************************************** ****** 10:11:35 AM: Scanning -----HIDDEN REGISTRY ENTRIES----- Taskdir check completed ---------- No Hidden File-loading Registry Entries found ---------- ********************************************** ****** 10:11:35 AM: Scanning -----ACTIVE SCREENSAVER----- No active ScreenSaver found to scan. -------------------- ********************************************** ****** 10:11:35 AM: Scanning ----- REGISTRY ACTIVE SETUP KEYS ----- Key: {6BF52A52-394A-11d3-B153-00C04F79FAA6} Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub C:\WINDOWS\INF\wmp11.inf 2428 bytes Created: 25/08/2006 5:09 PM Modified: 25/08/2006 5:09 PM Company: [no info] ---------- ********************************************** ****** 10:11:36 AM: Scanning ----- SERVICEDLL REGISTRY KEYS ----- Key: HidServ %SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found) -------------------- ********************************************** ****** 10:11:38 AM: Scanning ----- SERVICES REGISTRY KEYS ----- Key: ALCXWDM ImagePath: system32\drivers\ALCXWDM.SYS C:\WINDOWS\system32\drivers\ALCXWDM.SYS 303948 bytes Created: 18/01/2008 1:00 PM Modified: 25/03/2002 10:43 PM Company: Avance Logic, Inc. ---------- Key: Aspi32 ImagePath: System32\drivers\aspi32.sys C:\WINDOWS\System32\drivers\aspi32.sys 16512 bytes Created: 30/11/2008 11:01 PM Modified: 21/11/2005 4:18 PM Company: Adaptec ---------- Key: Avg7Alrt ImagePath: C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe 418816 bytes Created: 18/01/2008 3:38 PM Modified: 18/01/2008 3:38 PM Company: GRISOFT, s.r.o. ---------- Key: Avg7Core ImagePath: \SystemRoot\System32\Drivers\avg7core.sys C:\WINDOWS\System32\Drivers\avg7core.sys 821856 bytes Created: 18/01/2008 3:38 PM Modified: 18/01/2008 3:38 PM Company: GRISOFT, s.r.o. ---------- Key: Avg7RsW ImagePath: \SystemRoot\System32\Drivers\avg7rsw.sys C:\WINDOWS\System32\Drivers\avg7rsw.sys 4224 bytes Created: 18/01/2008 3:38 PM Modified: 18/01/2008 3:38 PM Company: GRISOFT, s.r.o. ---------- Key: Avg7RsXP ImagePath: \SystemRoot\System32\Drivers\avg7rsxp.sys C:\WINDOWS\System32\Drivers\avg7rsxp.sys 27776 bytes Created: 18/01/2008 3:38 PM Modified: 18/01/2008 3:38 PM Company: GRISOFT, s.r.o. ---------- Key: Avg7UpdSvc ImagePath: C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe 49664 bytes Created: 18/01/2008 3:38 PM Modified: 18/01/2008 3:38 PM Company: GRISOFT, s.r.o. ---------- Key: AvgClean ImagePath: \SystemRoot\System32\Drivers\avgclean.sys C:\WINDOWS\System32\Drivers\avgclean.sys 10760 bytes Created: 18/01/2008 3:38 PM Modified: 18/01/2008 3:42 PM Company: GRISOFT, s.r.o. ---------- Key: AVGEMS ImagePath: C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe 406528 bytes Created: 18/01/2008 3:38 PM Modified: 18/01/2008 3:42 PM Company: GRISOFT, s.r.o. ---------- Key: AvgTdi ImagePath: \SystemRoot\System32\Drivers\avgtdi.sys C:\WINDOWS\System32\Drivers\avgtdi.sys 4960 bytes Created: 18/01/2008 3:38 PM Modified: 18/01/2008 3:38 PM Company: GRISOFT, s.r.o. ---------- Key: BANTExt ImagePath: \SystemRoot\System32\Drivers\BANTExt.sys C:\WINDOWS\System32\Drivers\BANTExt.sys 3840 bytes Created: 24/01/2008 7:37 PM Modified: 7/04/2005 5:18 PM Company: [no info] ---------- Key: catchme ImagePath: \??\C:\Combo-Fix\catchme.sys - this file is globally excluded ---------- Key: ImapiService ImagePath: %systemroot%\system32\imapi.exe C:\WINDOWS\system32\imapi.exe 150528 bytes Created: 31/03/2003 10:30 PM Modified: 14/04/2008 10:42 AM Company: Microsoft Corporation ---------- Key: itchfltr ImagePath: system32\DRIVERS\itchfltr.sys C:\WINDOWS\system32\DRIVERS\itchfltr.sys 10496 bytes Created: 21/01/2008 10:57 AM Modified: 17/12/2001 8:12 PM Company: Logitech Inc. ---------- Key: JavaQuickStarterService ImagePath: "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" C:\Program Files\Java\jre6\bin\jqs.exe 152984 bytes Created: 30/11/2008 2:31 PM Modified: 10/11/2008 5:43 AM Company: Sun Microsystems, Inc. ---------- Key: LexBceS ImagePath: C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXBCES.EXE 303104 bytes Created: 12/01/2009 1:59 PM Modified: 23/09/2003 1:42 AM Company: Lexmark International, Inc. ---------- Key: pfsvgae ImagePath: \??\C:\DOCUME~1\Gigster\LOCALS~1\Temp\pfsvgae.sys C:\DOCUME~1\Gigster\LOCALS~1\Temp\pfsvgae.sys [file not found to scan] ---------- Key: prodrv06 ImagePath: \SystemRoot\System32\drivers\prodrv06.sys C:\WINDOWS\System32\drivers\prodrv06.sys 53920 bytes Created: 9/08/2004 9:59 PM Modified: 9/08/2004 9:59 PM Company: Protection Technology ---------- Key: prohlp02 ImagePath: System32\drivers\prohlp02.sys C:\WINDOWS\System32\drivers\prohlp02.sys 114016 bytes Created: 9/08/2004 10:03 PM Modified: 9/08/2004 10:03 PM Company: Protection Technology ---------- Key: prosync1 ImagePath: System32\drivers\prosync1.sys C:\WINDOWS\System32\drivers\prosync1.sys 7040 bytes Created: 20/07/2004 1:19 AM Modified: 20/07/2004 1:19 AM Company: Protection Technology ---------- Key: RTL8023xp ImagePath: system32\DRIVERS\Rtnicxp.sys C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys 104320 bytes Created: 20/11/2007 11:09 AM Modified: 20/11/2007 11:09 AM Company: Realtek Semiconductor Corporation ---------- Key: SASDIFSV ImagePath: \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 8944 bytes Created: 10/10/2006 2:53 PM Modified: 22/05/2008 9:49 AM Company: SUPERAdBlocker.com and SUPERAntiSpyware.com ---------- Key: SASENUM ImagePath: \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -R- 4096 bytes Created: 16/02/2006 6:51 PM Modified: 16/02/2006 6:51 PM Company: SuperAdBlocker, Inc. ---------- Key: SASKUTIL ImagePath: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys 55024 bytes Created: 27/02/2007 1:39 PM Modified: 22/05/2008 9:49 AM Company: SUPERAdBlocker.com and SUPERAntiSpyware.com ---------- Key: SE2Cbus ImagePath: system32\DRIVERS\SE2Cbus.sys C:\WINDOWS\system32\DRIVERS\SE2Cbus.sys -R- 61600 bytes Created: 24/04/2008 6:08 PM Modified: 10/11/2006 10:54 AM Company: MCCI ---------- Key: SE2Cmdfl ImagePath: system32\DRIVERS\SE2Cmdfl.sys C:\WINDOWS\system32\DRIVERS\SE2Cmdfl.sys -R- 9360 bytes Created: 4/12/2008 10:33 AM Modified: 10/11/2006 9:54 AM Company: MCCI ---------- Key: SE2Cmdm ImagePath: system32\DRIVERS\SE2Cmdm.sys C:\WINDOWS\system32\DRIVERS\SE2Cmdm.sys -R- 97184 bytes Created: 4/12/2008 10:33 AM Modified: 10/11/2006 9:54 AM Company: MCCI ---------- Key: SE2Cmgmt ImagePath: system32\DRIVERS\SE2Cmgmt.sys C:\WINDOWS\system32\DRIVERS\SE2Cmgmt.sys -R- 88688 bytes Created: 4/12/2008 10:33 AM Modified: 10/11/2006 9:54 AM Company: MCCI ---------- Key: se2Cnd5 ImagePath: system32\DRIVERS\se2Cnd5.sys C:\WINDOWS\system32\DRIVERS\se2Cnd5.sys -R- 18704 bytes Created: 4/12/2008 10:34 AM Modified: 10/11/2006 9:54 AM Company: MCCI ---------- Key: SE2Cobex ImagePath: system32\DRIVERS\SE2Cobex.sys C:\WINDOWS\system32\DRIVERS\SE2Cobex.sys -R- 86560 bytes Created: 4/12/2008 10:33 AM Modified: 10/11/2006 9:54 AM Company: MCCI ---------- Key: se2Cunic ImagePath: system32\DRIVERS\se2Cunic.sys C:\WINDOWS\system32\DRIVERS\se2Cunic.sys -R- 90800 bytes Created: 4/12/2008 10:34 AM Modified: 10/11/2006 9:54 AM Company: MCCI ---------- Key: sfhlp01 ImagePath: System32\drivers\sfhlp01.sys C:\WINDOWS\System32\drivers\sfhlp01.sys 4832 bytes Created: 2/12/2003 1:50 AM Modified: 2/12/2003 1:50 AM Company: Protection Technology ---------- Key: sptd ImagePath: System32\Drivers\sptd.sys - this file is globally excluded ---------- Key: StarWindServiceAE ImagePath: C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe 275968 bytes Created: 29/05/2007 3:27 AM Modified: 29/05/2007 3:27 AM Company: Rocket Division Software ---------- Key: SwPrv ImagePath: C:\WINDOWS\System32\dllhost.exe /Processid:{AD623655-EF04-4C37-9BEB-30243CD66548} C:\WINDOWS\System32\dllhost.exe 5120 bytes Created: 31/03/2003 10:30 PM Modified: 14/04/2008 10:42 AM Company: Microsoft Corporation ---------- Key: usbbus ImagePath: system32\DRIVERS\lgusbbus.sys C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [file not found to scan] ---------- Key: USBModem ImagePath: system32\DRIVERS\lgusbmodem.sys C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [file not found to scan] ---------- Key: usnjsvc ImagePath: "C:\Program Files\Windows Live\Messenger\usnsvc.exe" C:\Program Files\Windows Live\Messenger\usnsvc.exe 98328 bytes Created: 18/10/2007 11:31 AM Modified: 18/10/2007 11:31 AM Company: Microsoft Corporation ---------- Key: WLSetupSvc ImagePath: "C:\Program Files\Windows Live\installer\WLSetupSvc.exe" C:\Program Files\Windows Live\installer\WLSetupSvc.exe 266240 bytes Created: 25/10/2007 3:27 PM Modified: 25/10/2007 3:27 PM Company: Microsoft Corporation ---------- ********************************************** ****** 10:11:48 AM: Scanning -----VXD ENTRIES----- Checking the following VxD entries: ********************************************** ****** 10:11:48 AM: Scanning ----- WINLOGON\NOTIFY DLLS ----- Key : !SASWinLogon DLLName: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 356352 bytes Created: 19/04/2007 2:41 PM Modified: 6/01/2009 5:26 PM Company: SUPERAntiSpyware.com ---------- ********************************************** ****** 10:11:49 AM: Scanning ----- CONTEXTMENUHANDLERS ----- Key: AVG7 Shell Extension CLSID: {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} Path: C:\Program Files\Grisoft\AVG7\avgse.dll C:\Program Files\Grisoft\AVG7\avgse.dll 50688 bytes Created: 18/01/2008 3:38 PM Modified: 18/01/2008 3:38 PM Company: GRISOFT, s.r.o. ---------- Key: ShellExtension CLSID: [empty] ---------- Key: {CA8ACAFA-5FBB-467B-B348-90DD488DE003} Path: C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL 61440 bytes Created: 27/02/2007 1:39 PM Modified: 27/02/2007 1:39 PM Company: SUPERAntiSpyware.com ---------- ********************************************** ****** 10:11:49 AM: Scanning ----- FOLDER\COLUMNHANDLERS ----- Key: {7D4D6379-F301-4311-BEBA-E26EB0561882} File: [CLSID does not appear to reference a file] ********************************************** ****** 10:11:49 AM: Scanning ----- BROWSER HELPER OBJECTS ----- Key: {02478D38-C3F9-4EFB-9B51-7695ECA05670} BHO: C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt.dll C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt.dll 440384 bytes Created: 10/12/2008 11:13 AM Modified: 26/10/2006 10:28 AM Company: Yahoo! Inc. ---------- Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} BHO: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll 62080 bytes Created: 22/10/2006 11:08 PM Modified: 22/10/2006 11:08 PM Company: Adobe Systems Incorporated ---------- Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} BHO: C:\Program Files\Java\jre6\bin\ssv.dll C:\Program Files\Java\jre6\bin\ssv.dll 320920 bytes Created: 30/11/2008 2:31 PM Modified: 10/11/2008 5:43 AM Company: Sun Microsystems, Inc. ---------- Key: {9030D464-4C02-4ABF-8ECC-5164760863C6} BHO: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll 392240 bytes Created: 14/12/2007 12:54 PM Modified: 14/12/2007 12:54 PM Company: Microsoft Corporation ---------- Key: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} BHO: C:\Program Files\Windows Live Toolbar\msntb.dll C:\Program Files\Windows Live Toolbar\msntb.dll 546320 bytes Created: 19/10/2007 11:20 AM Modified: 19/10/2007 11:20 AM Company: Microsoft Corporation ---------- Key: {DBC80044-A445-435b-BC74-9C25C1C588A9} BHO: C:\Program Files\Java\jre6\bin\jp2ssv.dll C:\Program Files\Java\jre6\bin\jp2ssv.dll 34816 bytes Created: 30/11/2008 2:31 PM Modified: 10/11/2008 5:43 AM Company: Sun Microsystems, Inc. ---------- Key: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} BHO: C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll 73728 bytes Created: 30/11/2008 2:31 PM Modified: 10/11/2008 5:43 AM Company: Sun Microsystems, Inc. ---------- Key: {ecdee021-0d17-467f-a1ff-c7a115230949} BHO: C:\Program Files\free-downloads.net\tbfree.dll C:\Program Files\free-downloads.net\tbfree.dll 1555480 bytes Created: 1/09/2007 2:54 PM Modified: 14/02/2008 3:54 PM Company: Conduit Ltd. ---------- Key: {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} BHO: C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL 262144 bytes Created: 21/04/2008 7:26 PM Modified: 21/04/2008 7:26 PM Company: ZoneAlarm ---------- ********************************************** ****** 10:11:50 AM: Scanning ----- SHELLSERVICEOBJECTS ----- Key: WebCheck CLSID: {E6FB5E20-DE35-11CF-9C87-00AA005127ED} Path: %SystemRoot%\System32\webcheck.dll C:\WINDOWS\System32\webcheck.dll 276480 bytes Created: 31/03/2003 10:30 PM Modified: 14/04/2008 10:42 AM Company: Microsoft Corporation ---------- Key: SysTray CLSID: {35CEC8A3-2BE6-11D2-8773-92E220524153} Path: %systemroot%\system32\stobject.dll C:\WINDOWS\system32\stobject.dll 121856 bytes Created: 31/03/2003 10:30 PM Modified: 14/04/2008 10:42 AM Company: Microsoft Corporation ---------- ********************************************** ****** 10:11:51 AM: Scanning ----- SHAREDTASKSCHEDULER ENTRIES ----- ********************************************** ****** 10:11:51 AM: Scanning ----- IMAGEFILE DEBUGGERS ----- No "Debugger" entries found. ********************************************** ****** 10:11:51 AM: Scanning ----- APPINIT_DLLS ----- The AppInit_DLLs value is blank or does not exist ********************************************** ****** 10:11:51 AM: Scanning ----- SECURITY PROVIDER DLLS ----- ********************************************** ****** 10:11:51 AM: Scanning ------ COMMON STARTUP GROUP ------ [C:\Documents and Settings\All Users\Start Menu\Programs\Startup] The Common Startup Group attempts to load the following file(s) at boot time: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini -HS- 84 bytes Created: 18/01/2008 8:21 PM Modified: 18/01/2008 10:26 AM Company: [no info] -------------------- ********************************************** ****** 10:11:51 AM: Scanning ------ USER STARTUP GROUPS ------ -------------------- Checking Startup Group for: Administrator [C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP] The Startup Group for Administrator attempts to load the following file(s): C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP\desktop.ini -HS- 84 bytes Created: 20/04/2008 10:49 AM Modified: 18/01/2008 10:26 AM Company: [no info] ---------- -------------------- Checking Startup Group for: Bella [C:\Documents and Settings\Bella\START MENU\PROGRAMS\STARTUP] The Startup Group for Bella attempts to load the following file(s): C:\Documents and Settings\Bella\START MENU\PROGRAMS\STARTUP\desktop.ini -HS- 84 bytes Created: 18/01/2008 5:15 PM Modified: 18/01/2008 10:26 AM Company: [no info] ---------- -------------------- Checking Startup Group for: Gigster [C:\Documents and Settings\Gigster\START MENU\PROGRAMS\STARTUP] The Startup Group for Gigster attempts to load the following file(s): C:\Documents and Settings\Gigster\START MENU\PROGRAMS\STARTUP\desktop.ini -HS- 84 bytes Created: 18/01/2008 10:32 AM Modified: 18/01/2008 10:26 AM Company: [no info] ---------- ********************************************** ****** 10:11:52 AM: Scanning ----- SCHEDULED TASKS ----- Taskname: Check Updates for Windows Live Toolbar.job File: C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE 99856 bytes Created: 19/10/2007 11:20 AM Modified: 19/10/2007 11:20 AM Company: Microsoft Corporation Parameters: [blank] Next Run Time: 6/02/2009 10:12:00 AM Status: The task is ready to run at its next scheduled time Creator: Gigster Comments: [blank] ---------- Taskname: SS4200 Utility Updates.job File: C:\WINDOWS\Installer\SS4200 Utility Updates for All Users.lnk C:\WINDOWS\Installer\SS4200 Utility Updates for All Users.lnk 977 bytes Created: 23/11/2008 3:12 PM Modified: 23/11/2008 3:12 PM Company: [no info] Parameters: [blank] Next Run Time: 7/02/2009 10:00:00 AM Status: The task has not yet run Creator: Gigster Comments: [blank] ---------- ********************************************** ****** 10:11:52 AM: Scanning ----- SHELLICONOVERLAYIDENTIFIERS ----- ********************************************** ****** 10:11:52 AM: ----- ADDITIONAL CHECKS ----- PE386 rootkit checks completed ---------- Winlogon registry rootkit checks completed ---------- Heuristic checks for hidden files/drivers completed ---------- Layered Service Provider entries checks completed ---------- Windows Explorer Policies checks completed ---------- Desktop Wallpaper: C:\Documents and Settings\Gigster\Application Data\Mozilla\Firefox\Desktop Background.bmp C:\Documents and Settings\Gigster\Application Data\Mozilla\Firefox\Desktop Background.bmp 1358010 bytes Created: 28/04/2008 2:27 PM Modified: 28/04/2008 2:27 PM Company: [no info] ---------- Web Desktop Wallpaper: %APPDATA%\Mozilla\Firefox\Desktop Background.bmp C:\Documents and Settings\Gigster\Application Data\Mozilla\Firefox\Desktop Background.bmp 1358010 bytes Created: 28/04/2008 2:27 PM Modified: 28/04/2008 2:27 PM Company: [no info] ---------- Checks for rogue DNS NameServers completed ---------- ---------- Additional checks completed ********************************************** ****** 10:11:53 AM: Scanning ----- RUNNING PROCESSES ----- C:\WINDOWS\System32\smss.exe -------------------- C:\WINDOWS\system32\csrss.exe -------------------- C:\WINDOWS\system32\winlogon.exe -------------------- C:\WINDOWS\system32\services.exe -------------------- C:\WINDOWS\system32\lsass.exe -------------------- C:\WINDOWS\system32\svchost.exe -------------------- C:\WINDOWS\system32\svchost.exe - file already scanned -------------------- C:\WINDOWS\System32\svchost.exe - file already scanned -------------------- C:\WINDOWS\System32\svchost.exe - file already scanned -------------------- C:\WINDOWS\system32\svchost.exe - file already scanned -------------------- C:\WINDOWS\system32\LEXBCES.EXE - file already scanned -------------------- C:\WINDOWS\system32\LEXPPS.EXE -------------------- C:\WINDOWS\system32\spoolsv.exe -------------------- C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe - file already scanned -------------------- C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe - file already scanned -------------------- C:\PROGRA~1\Grisoft\AVG7\avgemc.exe - file already scanned -------------------- C:\Program Files\Java\jre6\bin\jqs.exe - file already scanned -------------------- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe -------------------- C:\WINDOWS\system32\nvsvc32.exe -------------------- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe - file already scanned -------------------- C:\WINDOWS\System32\svchost.exe - file already scanned -------------------- C:\WINDOWS\System32\alg.exe -------------------- C:\WINDOWS\Explorer.EXE - file already scanned -------------------- C:\WINDOWS\system32\RUNDLL32.EXE -------------------- C:\Program Files\Logitech\iTouch\iTouch.exe - file already scanned -------------------- C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe - file already scanned -------------------- C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe -------------------- C:\WINDOWS\system32\ctfmon.exe - file already scanned -------------------- C:\Program Files\Logitech\iTouch\kbdtray.exe -------------------- C:\Program Files\Common Files\Teleca Shared\Generic.exe -------------------- C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe -------------------- C:\WINDOWS\system32\taskmgr.exe -------------------- C:\Documents and Settings\Gigster\Application Data\Simply Super Software\Trojan Remover\mlx60.exe FileSize: 2933624 [This is a Trojan Remover component] -------------------- ********************************************** ****** 10:11:55 AM: Checking AUTOEXEC.BAT file AUTOEXEC.BAT found in C:\ No malicious entries were found in the AUTOEXEC.BAT file ********************************************** ****** 10:11:55 AM: Checking AUTOEXEC.NT file AUTOEXEC.NT found in C:\WINDOWS\system32 No malicious entries were found in the AUTOEXEC.NT file ********************************************** ****** 10:11:55 AM: Checking HOSTS file No malicious entries were found in the HOSTS file ********************************************** ****** ------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------ HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page": www.microsoft.com HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page": www.microsoft.com HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL": www.microsoft.com HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page": about:blank HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page": www.microsoft.com HKCU\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL": www.microsoft.com ********************************************** ****** === NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES === Scan completed at: 10:11:55 AM 06 Feb 2009 Total Scan time: 00:00:22 ********************************************** ****** * NORMAL SCAN FOR ACTIVE MALWARE * Trojan Remover Ver 6.7.5.2562. For information, email support@simplysup1.com [Unregistered version] Scan started at: 11:28:01 PM 05 Feb 2009 Using Database v7279 Operating System: Windows XP Professional (SP3) [Build: 5.1.2600] File System: NTFS UserData directory: C:\Documents and Settings\Gigster\Application Data\Simply Super Software\Trojan Remover\ Database directory: C:\Program Files\Trojan Remover\ Logfile directory: C:\Documents and Settings\Gigster\My Documents\Simply Super Software\Trojan Remover Logfiles\ Program directory: C:\Program Files\Trojan Remover\ Running with Administrator privileges ********************************************** ****** The following Anti-Malware program(s) are loaded: AVG Anti-Virus ********************************************** ****** ********************************************** ****** 11:28:01 PM: Scanning ----------WIN.INI----------- WIN.INI found in C:\WINDOWS ********************************************** ****** 11:28:01 PM: Scanning --------SYSTEM.INI--------- SYSTEM.INI found in C:\WINDOWS ********************************************** ****** 11:28:01 PM: ----- SCANNING FOR ROOTKIT SERVICES ----- No hidden Services were detected. ********************************************** ****** 11:28:01 PM: Scanning -----WINDOWS REGISTRY----- -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon This key's "Shell" value calls the following program(s): Key value: [Explorer.exe] File: Explorer.exe C:\WINDOWS\Explorer.exe 1033728 bytes Created: 31/03/2003 10:30 PM Modified: 14/04/2008 10:42 AM Company: Microsoft Corporation ---------- This key's "Userinit" value calls the following program(s): Key value: [C:\WINDOWS\system32\userinit.exe,] File: C:\WINDOWS\system32\userinit.exe C:\WINDOWS\system32\userinit.exe 26112 bytes Created: 31/03/2003 10:30 PM Modified: 14/04/2008 10:42 AM Company: Microsoft Corporation ---------- This key's "System" value appears to be blank ---------- This key's "UIHost" value calls the following program: Key value: [logonui.exe] File: logonui.exe C:\WINDOWS\system32\logonui.exe 514560 bytes Created: 31/03/2003 10:30 PM Modified: 14/04/2008 10:42 AM Company: Microsoft Corporation ---------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Value Name: AVG7_CC Value Data: C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP C:\PROGRA~1\Grisoft\AVG7\avgcc.exe 590848 bytes Created: 18/01/2008 3:38 PM Modified: 17/10/2008 10:41 AM Company: GRISOFT, s.r.o. -------------------- Value Name: NvCplDaemon Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup C:\WINDOWS\system32\NvCpl.dll 7700480 bytes Created: 22/10/2006 12:22 PM Modified: 22/10/2006 12:22 PM Company: NVIDIA Corporation -------------------- Value Name: nwiz Value Data: nwiz.exe /install C:\WINDOWS\system32\nwiz.exe 1622016 bytes Created: 22/10/2006 12:22 PM Modified: 22/10/2006 12:22 PM Company: NVIDIA Corporation -------------------- Value Name: NvMediaCenter Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit C:\WINDOWS\system32\NvMcTray.dll 86016 bytes Created: 22/10/2006 12:22 PM Modified: 22/10/2006 12:22 PM Company: NVIDIA Corporation -------------------- Value Name: zBrowser Launcher Value Data: C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\Logitech\iTouch\iTouch.exe 204800 bytes Created: 21/01/2008 10:57 AM Modified: 20/12/2001 1:59 AM Company: Logitech Inc. -------------------- Value Name: EM_EXEC Value Data: C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE 35328 bytes Created: 21/01/2008 10:57 AM Modified: 20/12/2001 9:42 AM Company: Logitech Inc. -------------------- Value Name: Value Data: Blank entry: [] -------------------- Value Name: Sony Ericsson PC Suite Value Data: "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe -R- 159744 bytes Created: 26/10/2005 4:17 PM Modified: 26/10/2005 4:17 PM Company: Sony Ericsson Mobile Communications AB -------------------- Value Name: Lexmark X6100 Series Value Data: "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe" C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe 57344 bytes Created: 12/01/2009 1:58 PM Modified: 23/09/2003 2:01 AM Company: Lexmark International, Inc. -------------------- Value Name: TrojanScanner Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot C:\Program Files\Trojan Remover\Trjscan.exe 1231752 bytes Created: 5/02/2009 8:18 PM Modified: 1/01/2009 8:43 PM Company: Simply Super Software -------------------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Once Value Name: Malwarebytes' Anti-Malware Value Data: C:\Program Files\ Malwarebytes' Anti-Malware\mbamgui.exe /install /silent C:\Program Files\ Malwarebytes' Anti-Malware\mbamgui.exe 399504 bytes Created: 5/02/2009 8:37 PM Modified: 14/01/2009 4:11 PM Company: Malwarebytes Corporation -------------------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Services This Registry Key appears to be empty -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ServicesOnce This Registry Key appears to be empty -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\Run This Registry Key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Value Name: CTFMON.EXE Value Data: C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\ctfmon.exe 15360 bytes Created: 31/03/2003 10:30 PM Modified: 14/04/2008 10:42 AM Company: Microsoft Corporation -------------------- Value Name: MsnMsgr Value Data: "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe 5724184 bytes Created: 18/10/2007 11:34 AM Modified: 18/10/2007 11:34 AM Company: Microsoft Corporation -------------------- Value Name: SUPERAntiSpyware Value Data: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe 1830128 bytes Created: 1/05/2007 10:29 AM Modified: 3/02/2009 7:46 PM Company: SUPERAntiSpyware.com -------------------- Value Name: AlcoholAutomount Value Data: "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe 217544 bytes Created: 22/02/2008 10:00 PM Modified: 22/02/2008 10:00 PM Company: Alcohol Soft Development Team -------------------- -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Once This Registry Key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Services This Registry Key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run ServicesOnce This Registry Key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\Run This Registry Key appears to be empty ********************************************** ****** 11:28:03 PM: Scanning -----SHELLEXECUTEHOOKS----- ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972} File: shell32.dll - this file is expected and has been left in place ---------- ValueName: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} File: C:\Program Files\SUPERAntiSpyware\SASSEH.DLL C:\Program Files\SUPERAntiSpyware\SASSEH.DLL 77824 bytes Created: 20/12/2006 2:55 PM Modified: 22/05/2008 9:49 AM Company: SuperAdBlocker.com ---------- ********************************************** ****** 11:28:03 PM: Scanning -----HIDDEN REGISTRY ENTRIES----- Taskdir check completed ---------- No Hidden File-loading Registry Entries found ---------- ********************************************** ****** 11:28:03 PM: Scanning -----ACTIVE SCREENSAVER----- No active ScreenSaver found to scan. -------------------- ********************************************** ****** 11:28:03 PM: Scanning ----- REGISTRY ACTIVE SETUP KEYS ----- Key: {6BF52A52-394A-11d3-B153-00C04F79FAA6} Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub C:\WINDOWS\INF\wmp11.inf 2428 bytes Created: 25/08/2006 5:09 PM Modified: 25/08/2006 5:09 PM Company: [no info] ---------- ********************************************** ****** 11:28:03 PM: Scanning ----- SERVICEDLL REGISTRY KEYS ----- Key: HidServ %SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found) -------------------- ********************************************** ****** 11:28:04 PM: Scanning ----- SERVICES REGISTRY KEYS ----- Key: ALCXWDM ImagePath: system32\drivers\ALCXWDM.SYS C:\WINDOWS\system32\drivers\ALCXWDM.SYS 303948 bytes Created: 18/01/2008 1:00 PM Modified: 25/03/2002 10:43 PM Company: Avance Logic, Inc. ---------- Key: Aspi32 ImagePath: System32\drivers\aspi32.sys C:\WINDOWS\System32\drivers\aspi32.sys 16512 bytes Created: 30/11/2008 11:01 PM Modified: 21/11/2005 4:18 PM Company: Adaptec ---------- Key: Avg7Alrt ImagePath: C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe 418816 bytes Created: 18/01/2008 3:38 PM Modified: 18/01/2008 3:38 PM Company: GRISOFT, s.r.o. ---------- Key: Avg7Core ImagePath: \SystemRoot\System32\Drivers\avg7core.sys C:\WINDOWS\System32\Drivers\avg7core.sys 821856 bytes Created: 18/01/2008 3:38 PM Modified: 18/01/2008 3:38 PM Company: GRISOFT, s.r.o. ---------- Key: Avg7RsW ImagePath: \SystemRoot\System32\Drivers\avg7rsw.sys C:\WINDOWS\System32\Drivers\avg7rsw.sys 4224 bytes Created: 18/01/2008 3:38 PM Modified: 18/01/2008 3:38 PM Company: GRISOFT, s.r.o. ---------- Key: Avg7RsXP ImagePath: \SystemRoot\System32\Drivers\avg7rsxp.sys C:\WINDOWS\System32\Drivers\avg7rsxp.sys 27776 bytes Created: 18/01/2008 3:38 PM Modified: 18/01/2008 3:38 PM Company: GRISOFT, s.r.o. ---------- Key: Avg7UpdSvc ImagePath: C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe 49664 bytes Created: 18/01/2008 3:38 PM Modified: 18/01/2008 3:38 PM Company: GRISOFT, s.r.o. ---------- Key: AvgClean ImagePath: \SystemRoot\System32\Drivers\avgclean.sys C:\WINDOWS\System32\Drivers\avgclean.sys 10760 bytes Created: 18/01/2008 3:38 PM Modified: 18/01/2008 3:42 PM Company: GRISOFT, s.r.o. ---------- Key: AVGEMS ImagePath: C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe 406528 bytes Created: 18/01/2008 3:38 PM Modified: 18/01/2008 3:42 PM Company: GRISOFT, s.r.o. ---------- Key: AvgTdi ImagePath: \SystemRoot\System32\Drivers\avgtdi.sys C:\WINDOWS\System32\Drivers\avgtdi.sys 4960 bytes Created: 18/01/2008 3:38 PM Modified: 18/01/2008 3:38 PM Company: GRISOFT, s.r.o. ---------- Key: BANTExt ImagePath: \SystemRoot\System32\Drivers\BANTExt.sys C:\WINDOWS\System32\Drivers\BANTExt.sys 3840 bytes Created: 24/01/2008 7:37 PM Modified: 7/04/2005 5:18 PM Company: [no info] ---------- Key: catchme ImagePath: \??\C:\Combo-Fix\catchme.sys - this file is globally excluded ---------- Key: ImapiService ImagePath: %systemroot%\system32\imapi.exe C:\WINDOWS\system32\imapi.exe 150528 bytes Created: 31/03/2003 10:30 PM Modified: 14/04/2008 10:42 AM Company: Microsoft Corporation ---------- Key: itchfltr ImagePath: system32\DRIVERS\itchfltr.sys C:\WINDOWS\system32\DRIVERS\itchfltr.sys 10496 bytes Created: 21/01/2008 10:57 AM Modified: 17/12/2001 8:12 PM Company: Logitech Inc. ---------- Key: JavaQuickStarterService ImagePath: "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" C:\Program Files\Java\jre6\bin\jqs.exe 152984 bytes Created: 30/11/2008 2:31 PM Modified: 10/11/2008 5:43 AM Company: Sun Microsystems, Inc. ---------- Key: LexBceS ImagePath: C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXBCES.EXE 303104 bytes Created: 12/01/2009 1:59 PM Modified: 23/09/2003 1:42 AM Company: Lexmark International, Inc. ---------- Key: pfsvgae ImagePath: \??\C:\DOCUME~1\Gigster\LOCALS~1\Temp\pfsvgae.sys C:\DOCUME~1\Gigster\LOCALS~1\Temp\pfsvgae.sys [file not found to scan] ---------- Key: prodrv06 ImagePath: \SystemRoot\System32\drivers\prodrv06.sys C:\WINDOWS\System32\drivers\prodrv06.sys 53920 bytes Created: 9/08/2004 9:59 PM Modified: 9/08/2004 9:59 PM Company: Protection Technology ---------- Key: prohlp02 ImagePath: System32\drivers\prohlp02.sys C:\WINDOWS\System32\drivers\prohlp02.sys 114016 bytes Created: 9/08/2004 10:03 PM Modified: 9/08/2004 10:03 PM Company: Protection Technology ---------- Key: prosync1 ImagePath: System32\drivers\prosync1.sys C:\WINDOWS\System32\drivers\prosync1.sys 7040 bytes Created: 20/07/2004 1:19 AM Modified: 20/07/2004 1:19 AM Company: Protection Technology ---------- Key: RTL8023xp ImagePath: system32\DRIVERS\Rtnicxp.sys C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys 104320 bytes Created: 20/11/2007 11:09 AM Modified: 20/11/2007 11:09 AM Company: Realtek Semiconductor Corporation ---------- Key: SASDIFSV ImagePath: \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 8944 bytes Created: 10/10/2006 2:53 PM Modified: 22/05/2008 9:49 AM Company: SUPERAdBlocker.com and SUPERAntiSpyware.com ---------- Key: SASENUM ImagePath: \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -R- 4096 bytes Created: 16/02/2006 6:51 PM Modified: 16/02/2006 6:51 PM Company: SuperAdBlocker, Inc. ---------- Key: SASKUTIL ImagePath: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys 55024 bytes Created: 27/02/2007 1:39 PM Modified: 22/05/2008 9:49 AM Company: SUPERAdBlocker.com and SUPERAntiSpyware.com ---------- Key: SE2Cbus ImagePath: system32\DRIVERS\SE2Cbus.sys C:\WINDOWS\system32\DRIVERS\SE2Cbus.sys -R- 61600 bytes Created: 24/04/2008 6:08 PM Modified: 10/11/2006 10:54 AM Company: MCCI ---------- Key: SE2Cmdfl ImagePath: system32\DRIVERS\SE2Cmdfl.sys C:\WINDOWS\system32\DRIVERS\SE2Cmdfl.sys -R- 9360 bytes Created: 4/12/2008 10:33 AM Modified: 10/11/2006 9:54 AM Company: MCCI ---------- Key: SE2Cmdm ImagePath: system32\DRIVERS\SE2Cmdm.sys C:\WINDOWS\system32\DRIVERS\SE2Cmdm.sys -R- 97184 bytes Created: 4/12/2008 10:33 AM Modified: 10/11/2006 9:54 AM Company: MCCI ---------- Key: SE2Cmgmt ImagePath: system32\DRIVERS\SE2Cmgmt.sys C:\WINDOWS\system32\DRIVERS\SE2Cmgmt.sys -R- 88688 bytes Created: 4/12/2008 10:33 AM Modified: 10/11/2006 9:54 AM Company: MCCI ---------- Key: se2Cnd5 ImagePath: system32\DRIVERS\se2Cnd5.sys C:\WINDOWS\system32\DRIVERS\se2Cnd5.sys -R- 18704 bytes Created: 4/12/2008 10:34 AM Modified: 10/11/2006 9:54 AM Company: MCCI ---------- Key: SE2Cobex ImagePath: system32\DRIVERS\SE2Cobex.sys C:\WINDOWS\system32\DRIVERS\SE2Cobex.sys -R- 86560 bytes Created: 4/12/2008 10:33 AM Modified: 10/11/2006 9:54 AM Company: MCCI ---------- Key: se2Cunic ImagePath: system32\DRIVERS\se2Cunic.sys C:\WINDOWS\system32\DRIVERS\se2Cunic.sys -R- 90800 bytes Created: 4/12/2008 10:34 AM Modified: 10/11/2006 9:54 AM Company: MCCI ---------- Key: sfhlp01 ImagePath: System32\drivers\sfhlp01.sys C:\WINDOWS\System32\drivers\sfhlp01.sys 4832 bytes Created: 2/12/2003 1:50 AM Modified: 2/12/2003 1:50 AM Company: Protection Technology ---------- Key: sptd ImagePath: System32\Drivers\sptd.sys - this file is globally excluded ---------- Key: StarWindServiceAE ImagePath: C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe 275968 bytes Created: 29/05/2007 3:27 AM Modified: 29/05/2007 3:27 AM Company: Rocket Division Software ---------- Key: SwPrv ImagePath: C:\WINDOWS\System32\dllhost.exe /Processid:{AD623655-EF04-4C37-9BEB-30243CD66548} C:\WINDOWS\System32\dllhost.exe 5120 bytes Created: 31/03/2003 10:30 PM Modified: 14/04/2008 10:42 AM Company: Microsoft Corporation ---------- Key: usbbus ImagePath: system32\DRIVERS\lgusbbus.sys C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [file not found to scan] ---------- Key: USBModem ImagePath: system32\DRIVERS\lgusbmodem.sys C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [file not found to scan] ---------- Key: usnjsvc ImagePath: "C:\Program Files\Windows Live\Messenger\usnsvc.exe" C:\Program Files\Windows Live\Messenger\usnsvc.exe 98328 bytes Created: 18/10/2007 11:31 AM Modified: 18/10/2007 11:31 AM Company: Microsoft Corporation ---------- Key: WLSetupSvc ImagePath: "C:\Program Files\Windows Live\installer\WLSetupSvc.exe" C:\Program Files\Windows Live\installer\WLSetupSvc.exe 266240 bytes Created: 25/10/2007 3:27 PM Modified: 25/10/2007 3:27 PM Company: Microsoft Corporation ---------- ********************************************** ****** 11:28:09 PM: Scanning -----VXD ENTRIES----- Checking the following VxD entries: ********************************************** ****** 11:28:09 PM: Scanning ----- WINLOGON\NOTIFY DLLS ----- Key : !SASWinLogon DLLName: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 356352 bytes Created: 19/04/2007 2:41 PM Modified: 6/01/2009 5:26 PM Company: SUPERAntiSpyware.com ---------- ********************************************** ****** 11:28:09 PM: Scanning ----- CONTEXTMENUHANDLERS ----- Key: AVG7 Shell Extension CLSID: {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} Path: C:\Program Files\Grisoft\AVG7\avgse.dll C:\Program Files\Grisoft\AVG7\avgse.dll 50688 bytes Created: 18/01/2008 3:38 PM Modified: 18/01/2008 3:38 PM Company: GRISOFT, s.r.o. ---------- Key: ShellExtension CLSID: [empty] ---------- Key: {CA8ACAFA-5FBB-467B-B348-90DD488DE003} Path: C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL 61440 bytes Created: 27/02/2007 1:39 PM Modified: 27/02/2007 1:39 PM Company: SUPERAntiSpyware.com ---------- ********************************************** ****** 11:28:09 PM: Scanning ----- FOLDER\COLUMNHANDLERS ----- Key: {7D4D6379-F301-4311-BEBA-E26EB0561882} File: [CLSID does not appear to reference a file] ********************************************** ******** 11:28:09 PM: Scanning ----- BROWSER HELPER OBJECTS ----- Key: {02478D38-C3F9-4EFB-9B51-7695ECA05670} BHO: C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt.dll C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt.dll 440384 bytes Created: 10/12/2008 11:13 AM Modified: 26/10/2006 10:28 AM Company: Yahoo! Inc. ---------- Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} BHO: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll 62080 bytes Created: 22/10/2006 11:08 PM Modified: 22/10/2006 11:08 PM Company: Adobe Systems Incorporated ---------- Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} BHO: C:\Program Files\Java\jre6\bin\ssv.dll C:\Program Files\Java\jre6\bin\ssv.dll 320920 bytes Created: 30/11/2008 2:31 PM Modified: 10/11/2008 5:43 AM Company: Sun Microsystems, Inc. ---------- Key: {9030D464-4C02-4ABF-8ECC-5164760863C6} BHO: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll 392240 bytes Created: 14/12/2007 12:54 PM Modified: 14/12/2007 12:54 PM Company: Microsoft Corporation ---------- Key: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} BHO: C:\Program Files\Windows Live Toolbar\msntb.dll C:\Program Files\Windows Live Toolbar\msntb.dll 546320 bytes Created: 19/10/2007 11:20 AM Modified: 19/10/2007 11:20 AM Company: Microsoft Corporation ---------- Key: {D	gigster (14591)
1