Forum Home
Press F1
Thread ID: 90507	2008-06-05 10:02:00	Hijack this log- can someone have a look please?	Sick Puppy (6959)	Press F1

Post ID	Timestamp	Content	User
675870	2008-06-05 10:02:00	Hi guys, one of my flatmates has been hit with the antivirus-scanonline browser hijacker. I downloaded the latest version of Hijack this from Filehippo and ran it on her PC. This is the log- can someone have a look at this and let me know the relevant bits to tick please? :D Thanks! (And as an aside, I copied the log onto a USB key and then foolishly opened it on my PC to load up the log- have I opened myself up to this hijacker) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:01:52 PM, on 6/5/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\UStorSrv.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Antivirus2008\Antvrs.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nzx.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = ie.redirect.hp.com O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\s wg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Antivirus] C:\Program Files\Antivirus2008\Antvrs.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user') O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=Q306&bd=presario&pf=laptop O17 - HKLM\System\CCS\Services\Tcpip\..\{E5B51EC8-3CA0-4DBF-8303-84E1AD152BAA}: NameServer = 203.96.152.4,203.96.152.12 O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/*****/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg -- End of file - 7719 bytes	Sick Puppy (6959)
675871	2008-06-05 10:07:00	Hmmm, already found one! Assuming this is a likely suspect? :rolleyes: O4 - HKCU\..\Run: [Antivirus] C:\Program Files\Antivirus2008\Antvrs.exe	Sick Puppy (6959)
675872	2008-06-05 10:10:00	O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" Thats junk, wait for speedy to come and post more suggestions though.	SPARTAN 860 (2618)
675873	2008-06-06 08:49:00	Bump- Speedy, Pancake, anyone?! lol :) Cheers Spartan BTW!	Sick Puppy (6959)
675874	2008-06-06 08:55:00	Tick these entries then tick fix checked Close browsers O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" Youre right I think this is rogue software See if there's an entry for it in add/remove programs O4 - HKCU\..\Run: [Antivirus] C:\Program Files\Antivirus2008\Antvrs.exe 024 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/*****/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg Get rogueremover in my sig, update it then click on scan	Speedy Gonzales (78)
675875	2008-06-06 11:38:00	Cheers Speedy, running them now! :D Edit: Checked Add/ remove programs, it's not there, guess it wasn't going to be that easy! lol	Sick Puppy (6959)
675876	2008-06-06 12:09:00	Hey ya, Ticked 'em, clicked on Fix checked, loaded Rogueremover on to my USB key, then uploaded it to flatmates laptop. Ran it, it detected nothing untoward. And the new HJT scan doesn't have those registries anymore. As an aside, she doesn't appear to have much in the way of protection on the PC- AVG only I think? Aside from a firewall like Zonealarm, anything else as a bareminimum she should have (e.g. Adaware, Spybot, Winpatrol etc?) Here is the new HJT scan- you reckon it's safe to go on the net again Speedy? :) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:12:07 PM, on 6/6/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\UStorSrv.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nzx.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = ie.redirect.hp.com O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\s wg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user') O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=Q306&bd=presario&pf=laptop O17 - HKLM\System\CCS\Services\Tcpip\..\{E5B51EC8-3CA0-4DBF-8303-84E1AD152BAA}: NameServer = 203.96.152.4,203.96.152.12 O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe -- End of file - 6893 bytes	Sick Puppy (6959)
675877	2008-06-07 04:00:00	Get trojan remover in my sig, update it then click on scan. Then select all options under utilities Then open my computer / highlight C / right mouse / scan with trojan remover	Speedy Gonzales (78)
675878	2008-06-10 10:47:00	Sorry about the delay Speedy, I've had my nose in books for the last few days studying for an exam! Installed, updated and ran Trojan remover, here is the log below . One thing that came up during the scan was that D:Autorun . exe came us as sounding sus? ***** NORMAL SCAN FOR ACTIVE MALWARE ***** Trojan Remover Ver 6 . 7 . 0 . 2534 . For information, email support@simplysup1 . com [Unregistered version] Scan started at: 9:54:46 PM 10 Jun 2008 Using Database v7025 Operating System: Windows XP SP2 [Windows XP Home Edition Service Pack 2 (Build 2600)] File System: NTFS Data directory: C:\Documents and Settings\Tanya\Application Data\Simply Super Software\Trojan Remover\ Database directory: C:\Program Files\Trojan Remover\ Logfile directory: C:\Documents and Settings\Tanya\My Documents\Simply Super Software\Trojan Remover Logfiles\ Program directory: C:\Program Files\Trojan Remover\ Running with Administrator privileges ************************************************** The following Anti-Malware program(s) are loaded: AVG Anti-Virus AVG Anti-Virus ************************************************** ************************************************** 9:54:46 PM: Scanning ----------WIN . INI----------- WIN . INI found in C:\WINDOWS ************************************************** 9:54:46 PM: Scanning --------SYSTEM . INI--------- SYSTEM . INI found in C:\WINDOWS ************************************************** 9:54:46 PM: ----- SCANNING FOR ROOTKIT SERVICES ----- No hidden Services were detected . ************************************************** 9:54:46 PM: Scanning -----WINDOWS REGISTRY----- -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon This key's "Shell" value calls the following program(s): File: Explorer . exe C:\WINDOWS\Explorer . exe 1033216 bytes Created: 8/5/2004 Modified: 6/13/2007 Company: Microsoft Corporation ---------- This key's "Userinit" value calls the following program(s): File: C:\WINDOWS\system32\userinit . exe C:\WINDOWS\system32\userinit . exe 24576 bytes Created: 8/5/2004 Modified: 8/5/2004 Company: Microsoft Corporation ---------- This key's "System" value appears to be blank ---------- This key's "UIHost" value calls the following program: File: logonui . exe C:\WINDOWS\system32\logonui . exe 514560 bytes Created: 8/5/2004 Modified: 8/5/2004 Company: Microsoft Corporation ---------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Value Name: load -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Value Name: hpWirelessAssistant Value Data: C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant . exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant . exe 454656 bytes Created: 2/15/2006 Modified: 2/15/2006 Company: Hewlett-Packard Development Company, L . P . -------------------- Value Name: NvCplDaemon Value Data: RUNDLL32 . EXE C:\WINDOWS\system32\NvCpl . dll,NvStartup C:\WINDOWS\system32\NvCpl . dll 7561216 bytes Created: 8/4/2006 Modified: 4/22/2006 Company: NVIDIA Corporation -------------------- Value Name: High Definition Audio Property Page Shortcut Value Data: CHDAudPropShortcut . exe C:\WINDOWS\system32\CHDAudPropShortcut . exe 61952 bytes Created: 8/4/2006 Modified: 4/18/2006 Company: Windows (R) Server 2003 DDK provider -------------------- Value Name: SynTPEnh Value Data: C:\Program Files\Synaptics\SynTP\SynTPEnh . exe C:\Program Files\Synaptics\SynTP\SynTPEnh . exe 761948 bytes Created: 8/3/2006 Modified: 3/4/2006 Company: Synaptics, Inc . -------------------- Value Name: QPService Value Data: "C:\Program Files\HP\QuickPlay\QPService . exe" C:\Program Files\HP\QuickPlay\QPService . exe 102400 bytes Created: 8/3/2006 Modified: 4/12/2006 Company: CyberLink Corp . -------------------- Value Name: QlbCtrl Value Data: %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl . exe /Start C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl . exe 131072 bytes Created: 8/3/2006 Modified: 3/23/2006 Company: Hewlett-Packard Development Company, L . P . -------------------- Value Name: Cpqset Value Data: C:\Program Files\HPQ\Default Settings\cpqset . exe C:\Program Files\HPQ\Default Settings\cpqset . exe 40960 bytes Created: 8/3/2006 Modified: 1/26/2006 Company: -------------------- Value Name: RecGuard Value Data: C:\Windows\SMINST\RecGuard . exe C:\Windows\SMINST\RecGuard . exe 1187840 bytes Created: 8/4/2006 Modified: 10/11/2005 Company: -------------------- Value Name: IMJPMIG8 . 1 Value Data: "C:\WINDOWS\IME\imjp8_1\IMJPMIG . EXE" /Spoil /RemAdvDef /Migration32 C:\WINDOWS\IME\imjp8_1\IMJPMIG . EXE 208952 bytes Created: 5/9/2007 Modified: 8/5/2004 Company: Microsoft Corporation -------------------- Value Name: IMEKRMIG6 . 1 Value Data: C:\WINDOWS\ime\imkr6_1\IMEKRMIG . EXE C:\WINDOWS\ime\imkr6_1\IMEKRMIG . EXE 44032 bytes Created: 5/9/2007 Modified: 8/5/2004 Company: Microsoft Corporation -------------------- Value Name: MSPY2002 Value Data: C:\WINDOWS\system32\IME\PINTLGNT\ImScInst . exe /SYNC C:\WINDOWS\system32\IME\PINTLGNT\ImScInst . exe 59392 bytes Created: 5/9/2007 Modified: 8/5/2004 Company: -------------------- Value Name: PHIME2002ASync Value Data: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP . EXE /SYNC C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP . EXE 455168 bytes Created: 5/9/2007 Modified: 8/5/2004 Company: Microsoft Corporation -------------------- Value Name: PHIME2002A Value Data: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP . EXE /IMEName C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP . EXE 455168 bytes Created: 5/9/2007 Modified: 8/5/2004 Company: Microsoft Corporation -------------------- Value Name: AVG7_CC Value Data: C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc . exe /STARTUP C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc . exe 579584 bytes Created: 5/26/2007 Modified: 4/16/2008 Company: GRISOFT, s . r . o . -------------------- Value Name: TrojanScanner Value Data: C:\Program Files\Trojan Remover\Trjscan . exe C:\Program Files\Trojan Remover\Trjscan . exe 878672 bytes Created: 6/10/2008 Modified: 6/3/2008 Company: Simply Super Software -------------------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Once This Registry Key appears to be empty -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run OnceEx This Registry Key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Value Name: swg Value Data: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier . exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier . exe 68856 bytes Created: 7/27/2007 Modified: 7/27/2007 Company: Google Inc . -------------------- Value Name: ctfmon . exe Value Data: C:\WINDOWS\system32\ctfmon . exe C:\WINDOWS\system32\ctfmon . exe 15360 bytes Created: 8/5/2004 Modified: 8/5/2004 Company: Microsoft Corporation -------------------- -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Once This Registry Key appears to be empty ************************************************** 9:54:48 PM: Scanning -----SHELLEXECUTEHOOKS----- ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972} File: shell32 . dll - this file is expected and has been left in place ---------- ************************************************** 9:54:48 PM: Scanning -----HIDDEN REGISTRY ENTRIES----- Taskdir check completed ---------- No Hidden File-loading Registry Entries found ---------- ************************************************** 9:54:48 PM: Scanning -----ACTIVE SCREENSAVER----- ScreenSaver: C:\WINDOWS\system32\logon . scr C:\WINDOWS\system32\logon . scr 220672 bytes Created: 8/5/2004 Modified: 8/5/2004 Company: Microsoft Corporation -------------------- ************************************************** 9:54:48 PM: Scanning ----- REGISTRY ACTIVE SETUP KEYS ----- ************************************************** 9:54:49 PM: Scanning ----- SERVICEDLL REGISTRY KEYS ----- Key: AppMgmt %SystemRoot%\System32\appmgmts . dll - file is globally excluded (file cannot be found) -------------------- Key: HidServ %SystemRoot%\System32\hidserv . dll - file is globally excluded (file cannot be found) -------------------- ************************************************** 9:54:49 PM: Scanning ----- SERVICES REGISTRY KEYS ----- Key: Avg7Alrt ImagePath: C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr . exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr . exe 418816 bytes Created: 5/26/2007 Modified: 10/23/2007 Company: GRISOFT, s . r . o . ---------- Key: Avg7Core ImagePath: \SystemRoot\System32\Drivers\avg7core . sys C:\WINDOWS\System32\Drivers\avg7core . sys 821856 bytes Created: 5/26/2007 Modified: 10/23/2007 Company: GRISOFT, s . r . o . ---------- Key: Avg7RsW ImagePath: \SystemRoot\System32\Drivers\avg7rsw . sys C:\WINDOWS\System32\Drivers\avg7rsw . sys 4224 bytes Created: 5/26/2007 Modified: 5/26/2007 Company: GRISOFT, s . r . o . ---------- Key: Avg7RsXP ImagePath: \SystemRoot\System32\Drivers\avg7rsxp . sys C:\WINDOWS\System32\Drivers\avg7rsxp . sys 27776 bytes Created: 5/26/2007 Modified: 5/26/2007 Company: GRISOFT, s . r . o . ---------- Key: Avg7UpdSvc ImagePath: C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc . exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc . exe 49664 bytes Created: 5/26/2007 Modified: 5/26/2007 Company: GRISOFT, s . r . o . ---------- Key: AvgClean ImagePath: \SystemRoot\System32\Drivers\avgclean . sys C:\WINDOWS\System32\Drivers\avgclean . sys 10760 bytes Created: 5/26/2007 Modified: 12/21/2007 Company: GRISOFT, s . r . o . ---------- Key: AVGEMS ImagePath: C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc . exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc . exe 406528 bytes Created: 5/26/2007 Modified: 12/21/2007 Company: GRISOFT, s . r . o . ---------- Key: AvgTdi ImagePath: \SystemRoot\System32\Drivers\avgtdi . sys C:\WINDOWS\System32\Drivers\avgtdi . sys 4960 bytes Created: 5/26/2007 Modified: 5/26/2007 Company: GRISOFT, s . r . o . ---------- Key: eabfiltr ImagePath: system32\DRIVERS\eabfiltr . sys C:\WINDOWS\system32\DRIVERS\eabfiltr . sys 7808 bytes Created: 8/3/2006 Modified: 9/19/2005 Company: Hewlett-Packard Development Company, L . P . ---------- Key: eabusb ImagePath: system32\DRIVERS\eabusb . sys C:\WINDOWS\system32\DRIVERS\eabusb . sys 5760 bytes Created: 8/3/2006 Modified: 9/19/2005 Company: Hewlett-Packard Development Company, L . P . ---------- Key: gusvc ImagePath: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService . exe" C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService . exe 138168 bytes Created: 5/30/2007 Modified: 5/30/2007 Company: Google ---------- Key: HBtnKey ImagePath: system32\DRIVERS\cpqbttn . sys C:\WINDOWS\system32\DRIVERS\cpqbttn . sys 9344 bytes Created: 8/3/2006 Modified: 9/19/2005 Company: Hewlett-Packard Development Company, L . P . ---------- Key: HdAudAddService ImagePath: system32\drivers\CHDAud . sys C:\WINDOWS\system32\drivers\CHDAud . sys 569856 bytes Created: 8/4/2006 Modified: 4/18/2006 Company: Conexant Systems Inc . ---------- Key: HDAudBus ImagePath: system32\DRIVERS\HDAudBus . sys C:\WINDOWS\system32\DRIVERS\HDAudBus . sys 138752 bytes Created: 1/7/2005 Modified: 1/7/2005 Company: Windows (R) Server 2003 DDK provider ---------- Key: HSFHWAZL ImagePath: system32\DRIVERS\HSFHWAZL . sys C:\WINDOWS\system32\DRIVERS\HSFHWAZL . sys 206976 bytes Created: 8/4/2006 Modified: 3/10/2006 Company: Conexant Systems, Inc . ---------- Key: iaStor ImagePath: \SystemRoot\system32\DRIVERS\iaStor . sys C:\WINDOWS\system32\DRIVERS\iaStor . sys 874240 bytes Created: 10/13/2005 Modified: 10/13/2005 Company: Intel Corporation ---------- Key: IDriverT ImagePath: "c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT . exe" c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT . exe 73728 bytes Created: 10/22/2004 Modified: 10/22/2004 Company: Macrovision Corporation ---------- Key: nvata ImagePath: system32\DRIVERS\nvata . sys C:\WINDOWS\system32\DRIVERS\nvata . sys 99584 bytes Created: 8/4/2006 Modified: 1/28/2006 Company: NVIDIA Corporation ---------- Key: NVENETFD ImagePath: system32\DRIVERS\NVENETFD . sys C:\WINDOWS\system32\DRIVERS\NVENETFD . sys 34176 bytes Created: 8/4/2006 Modified: 3/4/2006 Company: NVIDIA Corporation ---------- Key: nvnetbus ImagePath: system32\DRIVERS\nvnetbus . sys C:\WINDOWS\system32\DRIVERS\nvnetbus . sys 13056 bytes Created: 8/4/2006 Modified: 3/4/2006 Company: NVIDIA Corporation ---------- Key: nvsmu ImagePath: system32\DRIVERS\nvsmu . sys C:\WINDOWS\system32\DRIVERS\nvsmu . sys 11136 bytes Created: 8/4/2006 Modified: 3/7/2006 Company: NVIDIA Corporation ---------- Key: rimmptsk ImagePath: system32\DRIVERS\rimmptsk . sys C:\WINDOWS\system32\DRIVERS\rimmptsk . sys 28928 bytes Created: 8/4/2006 Modified: 11/17/2005 Company: REDC ---------- Key: rimsptsk ImagePath: system32\DRIVERS\rimsptsk . sys C:\WINDOWS\system32\DRIVERS\rimsptsk . sys 51840 bytes Created: 8/4/2006 Modified: 12/22/2005 Company: REDC ---------- Key: rismxdp ImagePath: system32\DRIVERS\rixdptsk . sys C:\WINDOWS\system32\DRIVERS\rixdptsk . sys 308992 bytes Created: 8/4/2006 Modified: 11/1/2005 Company: REDC ---------- Key: SONYPVU1 ImagePath: system32\DRIVERS\SONYPVU1 . SYS C:\WINDOWS\system32\DRIVERS\SONYPVU1 . SYS 7552 bytes Created: 1/4/2008 Modified: 8/17/2001 Company: Sony Corporation ---------- Key: SwPrv ImagePath: C:\WINDOWS\system32\dllhost . exe /Processid:{772CA9E5-5C35-411C-9382-F4795BC3F71D} C:\WINDOWS\system32\dllhost . exe 5120 bytes Created: 8/5/2004 Modified: 8/5/2004 Company: Microsoft Corporation ---------- Key: SynTP ImagePath: system32\DRIVERS\SynTP . sys C:\WINDOWS\system32\DRIVERS\SynTP . sys 192736 bytes Created: 8/3/2006 Modified: 3/4/2006 Company: Synaptics, Inc . ---------- Key: UStorage Server Service ImagePath: C:\WINDOWS\system32\UStorSrv . exe /Service C:\WINDOWS\system32\UStorSrv . exe 143360 bytes Created: 3/4/2008 Modified: 7/12/2005 Company: OTi ---------- ************************************************** 9:54:58 PM: Scanning -----VXD ENTRIES----- ************************************************** 9:54:58 PM: Scanning ----- WINLOGON\NOTIFY DLLS ----- ************************************************** 9:54:58 PM: Scanning ----- CONTEXTMENUHANDLERS ----- Key: AVG7 Shell Extension CLSID: {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} Path: C:\Program Files\Grisoft\AVG Free\avgse . dll C:\Program Files\Grisoft\AVG Free\avgse . dll 50688 bytes Created: 5/26/2007 Modified: 5/26/2007 Company: GRISOFT, s . r . o . ---------- ************************************************** 9:54:58 PM: Scanning ----- FOLDER\COLUMNHANDLERS ----- ************************************************** 9:54:58 PM: Scanning ----- BROWSER HELPER OBJECTS ----- Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} BHO: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper . dll C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper . dll 62080 bytes Created: 10/22/2006 Modified: 10/22/2006 Company: Adobe Systems Incorporated ---------- Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} BHO: C:\Program Files\Java\jre1 . 6 . 0_05\bin\ssv . dll C:\Program Files\Java\jre1 . 6 . 0_05\bin\ssv . dll 509328 bytes Created: 5/11/2008 Modified: 2/22/2008 Company: Sun Microsystems, Inc . ---------- Key: {AA58ED58-01DD-4d91-8333-CF10577473F7} BHO: c:\program files\google\googletoolbar2 . dll c:\program files\google\googletoolbar2 . dll -R- 2403392 bytes Created: 5/30/2007 Modified: 1/19/2007 Company: Google Inc . ---------- Key: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} BHO: C:\Program Files\Google\GoogleToolbarNotifier\3 . 0 . 1225 . 9868\s wg . dll C:\Program Files\Google\GoogleToolbarNotifier\3 . 0 . 1225 . 9868\s wg . dll 734704 bytes Created: 5/12/2008 Modified: 5/12/2008 Company: Google Inc . ---------- ************************************************** 9:54:58 PM: Scanning ----- SHELLSERVICEOBJECTS ----- ************************************************** 9:54:58 PM: Scanning ----- SHAREDTASKSCHEDULER ENTRIES ----- ************************************************** 9:54:58 PM: Scanning ----- IMAGEFILE DEBUGGERS ----- No "Debugger" entries found . ************************************************** 9:54:58 PM: Scanning ----- APPINIT_DLLS ----- The AppInit_DLLs value is blank ************************************************** 9:54:58 PM: Scanning ----- SECURITY PROVIDER DLLS ----- ************************************************** 9:54:58 PM: Scanning ------ COMMON STARTUP GROUP ------ [C:\Documents and Settings\All Users\Start Menu\Programs\Startup] The Common Startup Group attempts to load the following file(s) at boot time: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop . ini -HS- 84 bytes Created: 3/28/2006 Modified: 3/28/2006 Company: -------------------- C:\Program Files\Hp\Digital Imaging\bin\hpqthb08 . exe 73728 bytes Created: 9/25/2005 Modified: 9/25/2005 Company: Hewlett-Packard Development Company, L . P . HP Photosmart Premier Fast Start . lnk - links to C:\Program Files\Hp\Digital Imaging\bin\hpqthb08 . exe -------------------- ************************************************** 9:54:58 PM: Scanning ------ USER STARTUP GROUPS ------ -------------------- Checking Startup Group for: Tanya [C:\Documents and Settings\Tanya\START MENU\PROGRAMS\STARTUP] The Startup Group for Tanya attempts to load the following file(s): C:\Documents and Settings\Tanya\START MENU\PROGRAMS\STARTUP\desktop . ini -HS- 84 bytes Created: 5/9/2007 Modified: 3/28/2006 Company: ---------- ************************************************** 9:54:59 PM: Scanning ----- SCHEDULED TASKS ----- Taskname: avgwb . job File: C:\Program Files\Grisoft\AVG Free\avgw . exe C:\Program Files\Grisoft\AVG Free\avgw . exe 219136 bytes Created: 5/26/2007 Modified: 10/23/2007 Company: GRISOFT, s . r . o . Parameters: [blank] Next Run Time: 6/11/2008 7:00:00 PM Status: The task is ready to run at its next scheduled time Creator: Tanya Comments: [blank] ---------- Taskname: HPCeeSchedule . job File: C:\Program Files\Hewlett-Packard\SDP\Ceement\HPCEE . exe C:\Program Files\Hewlett-Packard\SDP\Ceement\HPCEE . exe 81920 bytes Created: 9/8/2005 Modified: 9/8/2005 Company: Hewlett Packard Parameters: HPCeeSchedule (null) Next Run Time: 7/3/2008 5:04:00 PM Status: The task is ready to run at its next scheduled time Creator: Tanya Comments: [blank] ---------- ************************************************** 9:54:59 PM: ----- ADDITIONAL CHECKS ----- PE386 rootkit checks completed ---------- Winlogon registry rootkit checks completed ---------- Heuristic checks for hidden files/drivers completed ---------- Layered Service Provider entries checks completed ---------- Windows Explorer Policies checks completed ---------- Desktop Wallpaper: C:\Documents and Settings\Tanya\Local Settings\Application Data\Microsoft\Wallpaper1 . bmp C:\Documents and Settings\Tanya\Local Settings\Application Data\Microsoft\Wallpaper1 . bmp 1440054 bytes Created: 5/12/2007 Modified: 4/19/2008 Company: ---------- Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1 . bmp C:\Documents and Settings\Tanya\Local Settings\Application Data\Microsoft\Wallpaper1 . bmp 1440054 bytes Created: 5/12/2007 Modified: 4/19/2008 Company: ---------- Checking autorun . inf in D:\ D:\autorun . inf ShellExecute entry: [Info . exe protect . ed 480 480] D:\Info . exe -HS- 73728 bytes Created: 11/30/2004 Modified: 11/29/2004 Company: XSS ---------- -------------------- Additional file checks completed ************************************************** 9:55:12 PM: Scanning ----- RUNNING PROCESSES ----- C:\WINDOWS\System32\smss . exe -------------------- C:\WINDOWS\system32\csrss . exe -------------------- C:\WINDOWS\system32\winlogon . exe -------------------- C:\WINDOWS\system32\services . exe -------------------- C:\WINDOWS\system32\lsass . exe -------------------- C:\WINDOWS\system32\svchost . exe -------------------- C:\WINDOWS\system32\svchost . exe -------------------- C:\WINDOWS\System32\svchost . exe -------------------- C:\WINDOWS\system32\svchost . exe -------------------- C:\WINDOWS\system32\svchost . exe -------------------- C:\WINDOWS\system32\spoolsv . exe -------------------- C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr . exe -------------------- C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc . exe -------------------- C:\WINDOWS\Explorer . EXE -------------------- C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc . exe -------------------- C:\Program Files\Common Files\LightScribe\LSSrvc . exe -------------------- C:\WINDOWS\system32\nvsvc32 . exe -------------------- C:\WINDOWS\system32\wdfmgr . exe -------------------- C:\WINDOWS\system32\UStorSrv . exe -------------------- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex . exe -------------------- C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant . exe -------------------- C:\Program Files\Synaptics\SynTP\SynTPEnh . exe -------------------- C:\Program Files\HP\QuickPlay\QPService . exe -------------------- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl . exe -------------------- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier . exe -------------------- C:\WINDOWS\system32\ctfmon . exe -------------------- C:\WINDOWS\system32\wbem\wmiprvse . exe -------------------- C:\WINDOWS\System32\alg . exe -------------------- C:\Program Files\HP\Digital Imaging\bin\hpqimzone . exe -------------------- C:\PROGRA~1\HPQ\Shared\HPQTOA~1 . EXE -------------------- C:\Documents and Settings\Tanya\Application Data\Simply Super Software\Trojan Remover\rmq2 . exe FileSize: 2486848 [This is a Trojan Remover component] -------------------- -------------------- ************************************************** 9:55:14 PM: Checking AUTOEXEC . NT file AUTOEXEC . NT found in C:\WINDOWS\system32 No malicious entries were found in the AUTOEXEC . NT file ************************************************** 9:55:14 PM: Checking HOSTS file No malicious entries were found in the HOSTS file ************************************************** ------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------ HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Start Page": . microsoft . com/fwlink/?LinkId=69157" target="_blank">go . microsoft . com HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Local Page": %SystemRoot%\system32\blank . htm HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Search Page": . microsoft . com/fwlink/?LinkId=54896" target="_blank">go . microsoft . com HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL": . microsoft . com/fwlink/?LinkId=69157" target="_blank">go . microsoft . com HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL": . microsoft . com/fwlink/?LinkId=54896" target="_blank">go . microsoft . com HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch": . search . msn . com/{SUB_RFC1766}/srchasst/srchcust . htm" target="_blank">ie . search . msn . com HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"SearchAssistant": . google . com/ie" target="_blank">www . google . com HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Start Page": http://www . nzx . com/ HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Local Page": C:\WINDOWS\system32\blank . htm HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Search Page": http://www . google . com ************************************************** === NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES === Scan completed at: 9:55:14 PM 10 Jun 2008 ************************************************** **********	Sick Puppy (6959)
675879	2008-06-10 10:59:00	Looks like that autorun.exe belongs to Winantivirus, the program in your log. WHAT did you tell trojan remover to do with it? Whats D?? Thats not the main hdd is it?	Speedy Gonzales (78)
1 2