***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.6.9.2533. For information, email [email]support@simplysup1.com[/email]
[Unregistered version]
Scan started at: 6:03:24 PM 20 May 2008
Using Database v6998
Operating System: Windows Vista [Windows Vista (Build 6000)]
Edition: Windows Vista (TM) Home Premium
File System: NTFS
User Account Control is Enabled.
Data directory: C:\Users\Arty Tovar\AppData\Roaming\Simply Super Software\Trojan Remover\
Logfile directory: C:\Users\Arty Tovar\Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges
**************************************************
The following Anti-Malware program(s) are loaded:
Microsoft Windows Defender
**************************************************
**************************************************
6:03:24 PM: Scanning ----------WIN.INI-----------
WIN.INI found in C:\Windows
**************************************************
6:03:24 PM: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\Windows
**************************************************
6:03:24 PM: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.
**************************************************
6:03:25 PM: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: explorer.exe
C:\Windows\explorer.exe
2923520 bytes
Created: 1/21/2008
Modified: 1/21/2008
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\Windows\system32\userinit.exe
C:\Windows\system32\userinit.exe
24576 bytes
Created: 11/2/2006
Modified: 11/2/2006
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: Windows Defender
Value Data: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
C:\Program Files\Windows Defender\MSASCui.exe
1006264 bytes
Created: 8/11/2007
Modified: 8/11/2007
Company: Microsoft Corporation
--------------------
Value Name: hpsysdrv
Value Data: c:\hp\support\hpsysdrv.exe
c:\hp\support\hpsysdrv.exe
65536 bytes
Created: 8/11/2007
Modified: 4/18/2007
Company: Hewlett-Packard Company
--------------------
Value Name: OsdMaestro
Value Data: "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
118784 bytes
Created: 8/11/2007
Modified: 2/15/2007
Company: OsdMaestro
--------------------
Value Name: RtHDVCpl
Value Data: RtHDVCpl.exe
C:\Windows\RtHDVCpl.exe
4702208 bytes
Created: 10/25/2007
Modified: 10/25/2007
Company: Realtek Semiconductor
--------------------
Value Name: HP Health Check Scheduler
Value Data: c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
71176 bytes
Created: 5/24/2007
Modified: 5/24/2007
Company: Hewlett-Packard
--------------------
Value Name: SunJavaUpdateReg
Value Data: "C:\Windows\system32\jureg.exe"
C:\Windows\system32\jureg.exe
54936 bytes
Created: 8/11/2007
Modified: 4/7/2007
Company: Sun Microsystems, Inc.
--------------------
Value Name: HP Software Update
Value Data: c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
49152 bytes
Created: 2/17/2005
Modified: 2/17/2005
Company: Hewlett-Packard Co.
--------------------
Value Name:
Value Data:
The Value Data for this entry appears to be blank
--------------------
Value Name: Adobe Reader Speed Launcher
Value Data: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
39792 bytes
Created: 1/12/2008
Modified: 1/12/2008
Company: Adobe Systems Incorporated
--------------------
Value Name: Symantec PIF AlertEng
Value Data: "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
583048 bytes
Created: 1/29/2008
Modified: 1/29/2008
Company: Symantec Corporation
--------------------
Value Name: AVG8_TRAY
Value Data: C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
1177368 bytes
Created: 5/6/2008
Modified: 5/6/2008
Company: AVG Technologies CZ, s.r.o.
--------------------
Value Name: IgfxTray
Value Data: C:\Windows\system32\igfxtray.exe
C:\Windows\system32\igfxtray.exe
141848 bytes
Created: 3/25/2008
Modified: 3/25/2008
Company: Intel Corporation
--------------------
Value Name: HotKeysCmds
Value Data: C:\Windows\system32\hkcmd.exe
C:\Windows\system32\hkcmd.exe
166424 bytes
Created: 3/25/2008
Modified: 3/25/2008
Company: Intel Corporation
--------------------
Value Name: Persistence
Value Data: C:\Windows\system32\igfxpers.exe
C:\Windows\system32\igfxpers.exe
133656 bytes
Created: 3/25/2008
Modified: 3/25/2008
Company: Intel Corporation
--------------------
Value Name: SpywareTerminator
Value Data: "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
1817600 bytes
Created: 5/19/2008
Modified: 5/19/2008
Company: Crawler.com
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe
C:\Program Files\Trojan Remover\Trjscan.exe
877136 bytes
Created: 5/20/2008
Modified: 5/18/2008
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Value Name: Launcher
Value Data: %WINDIR%\SMINST\launcher.exe
C:\Windows\SMINST\launcher.exe
44168 bytes
Created: 4/3/2007
Modified: 4/3/2007
Company: soft thinks
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: locks tick title proc
Value Data: "C:\ProgramData\Copy Show Store.npbn4w"
C:\ProgramData\Copy Show Store.npbn4w
4112 bytes
Created: 4/9/2008
Modified: 4/9/2008
Company:
--------------------
Value Name: 4 city
Value Data: "C:\ProgramData\ByteWinWin.h3hlel"
C:\ProgramData\ByteWinWin.h3hlel
8208 bytes
Created: 5/6/2008
Modified: 5/6/2008
Company:
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
**************************************************
6:03:27 PM: Scanning -----SHELLEXECUTEHOOKS-----
ShellExecuteHooks key is empty
**************************************************
6:03:27 PM: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------
**************************************************
6:03:27 PM: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver: C:\Windows\system32\logon.scr
C:\Windows\system32\logon.scr
5714432 bytes
Created: 11/2/2006
Modified: 11/2/2006
Company: Microsoft Corporation
--------------------
**************************************************
6:03:27 PM: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
**************************************************
6:03:27 PM: Scanning ----- SERVICEDLL REGISTRY KEYS -----
**************************************************
6:03:29 PM: Scanning ----- SERVICES REGISTRY KEYS -----
Key: Afc
ImagePath: system32\drivers\Afc.sys
C:\Windows\system32\drivers\Afc.sys
11776 bytes
Created: 12/17/2007
Modified: 2/23/2005
Company: Arcsoft, Inc.
----------
Key: Automatic LiveUpdate Scheduler
ImagePath: "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
554352 bytes
Created: 8/11/2007
Modified: 9/12/2007
Company: Symantec Corporation
----------
Key: avg8emc
ImagePath: C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
902424 bytes
Created: 5/6/2008
Modified: 5/6/2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: avg8wd
ImagePath: C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
282904 bytes
Created: 5/6/2008
Modified: 5/6/2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: AvgLdx86
ImagePath: \SystemRoot\System32\Drivers\avgldx86.sys
C:\Windows\System32\Drivers\avgldx86.sys
96520 bytes
Created: 5/6/2008
Modified: 5/6/2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: AvgMfx86
ImagePath: \SystemRoot\System32\Drivers\avgmfx86.sys
C:\Windows\System32\Drivers\avgmfx86.sys
26184 bytes
Created: 5/6/2008
Modified: 5/6/2008
Company: GRISOFT, s.r.o.
----------
Key: AvgWfpX
ImagePath: \SystemRoot\System32\Drivers\avgwfpx.sys
C:\Windows\System32\Drivers\avgwfpx.sys
67080 bytes
Created: 5/6/2008
Modified: 5/6/2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: BCM43XX
ImagePath: system32\DRIVERS\bcmwl6.sys
C:\Windows\system32\DRIVERS\bcmwl6.sys
534016 bytes
Created: 12/10/2007
Modified: 12/19/2006
Company: Broadcom Corporation
----------
Key: blbdrive
ImagePath: \SystemRoot\system32\drivers\blbdrive.sys - file is missing - alert is globally excluded
----------
Key: dot4
ImagePath: system32\DRIVERS\Dot4.sys
C:\Windows\system32\DRIVERS\Dot4.sys
131584 bytes
Created: 11/2/2006
Modified: 11/2/2006
Company: Microsoft Corporation
----------
Key: Dot4Print
ImagePath: system32\DRIVERS\Dot4Prt.sys
C:\Windows\system32\DRIVERS\Dot4Prt.sys
16384 bytes
Created: 11/2/2006
Modified: 11/2/2006
Company: Microsoft Corporation
----------
Key: Dot4Scan
ImagePath: system32\DRIVERS\Dot4Scan.sys
C:\Windows\system32\DRIVERS\Dot4Scan.sys
10752 bytes
Created: 11/2/2006
Modified: 11/2/2006
Company: Microsoft Corporation
----------
Key: dot4usb
ImagePath: system32\DRIVERS\dot4usb.sys
C:\Windows\system32\DRIVERS\dot4usb.sys
36864 bytes
Created: 11/2/2006
Modified: 11/2/2006
Company: Microsoft Corporation
----------
Key: HP Health Check Service
ImagePath: "c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe"
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
61440 bytes
Created: 5/24/2007
Modified: 5/24/2007
Company: Hewlett-Packard
----------
Key: HSF_DP
ImagePath: system32\DRIVERS\HSX_DP.sys
C:\Windows\system32\DRIVERS\HSX_DP.sys
985600 bytes
Created: 2/12/2008
Modified: 2/12/2008
Company: Conexant Systems, Inc.
----------
Key: ialm
ImagePath: system32\DRIVERS\igdkmd32.sys
C:\Windows\system32\DRIVERS\igdkmd32.sys
2307072 bytes
Created: 3/25/2008
Modified: 3/25/2008
Company: Intel Corporation
----------
Key: IDriverT
ImagePath: "c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"
c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
73728 bytes
Created: 10/22/2004
Modified: 10/22/2004
Company: Macrovision Corporation
----------
Key: igfx
ImagePath: system32\DRIVERS\igdkmd32.sys
C:\Windows\system32\DRIVERS\igdkmd32.sys
2307072 bytes
Created: 3/25/2008
Modified: 3/25/2008
Company: Intel Corporation
----------
Key: IpInIp
ImagePath: system32\DRIVERS\ipinip.sys - file is missing - alert is globally excluded
----------
Key: kbdhid
ImagePath: \SystemRoot\system32\drivers\kbdhid.sys
C:\Windows\system32\drivers\kbdhid.sys
15872 bytes
Created: 11/2/2006
Modified: 11/2/2006
Company: Microsoft Corporation
----------
Key: LiveUpdate
ImagePath: "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
2999664 bytes
Created: 8/11/2007
Modified: 9/12/2007
Company: Symantec Corporation
----------
Key: LiveUpdate Notice Ex
ImagePath: "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [file not found to scan]
----------
Key: LiveUpdate Notice Service
ImagePath: "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll"
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
583048 bytes
Created: 1/29/2008
Modified: 1/29/2008
Company: Symantec Corporation
----------
Key: msiserver
ImagePath: %systemroot%\system32\msiexec /V
----------
Key: NwlnkFlt
ImagePath: system32\DRIVERS\nwlnkflt.sys - file is missing - alert is globally excluded
----------
Key: NwlnkFwd
ImagePath: system32\DRIVERS\nwlnkfwd.sys - file is missing - alert is globally excluded
----------
Key: pfc
ImagePath: system32\drivers\pfc.sys
C:\Windows\system32\drivers\pfc.sys [file not found to scan]
----------
Key: RoxMediaDB9
ImagePath: "c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe"
c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
887544 bytes
Created: 5/11/2007
Modified: 5/11/2007
Company: Sonic Solutions
----------
Key: RTL8169
ImagePath: system32\DRIVERS\Rtlh86.sys
C:\Windows\system32\DRIVERS\Rtlh86.sys
104448 bytes
Created: 12/28/2007
Modified: 12/28/2007
Company: Realtek Corporation
----------
Key: Serenum
ImagePath: \SystemRoot\system32\drivers\serenum.sys
C:\Windows\system32\drivers\serenum.sys
17920 bytes
Created: 11/2/2006
Modified: 11/2/2006
Company: Microsoft Corporation
----------
Key: Serial
ImagePath: \SystemRoot\system32\drivers\serial.sys
C:\Windows\system32\drivers\serial.sys
83456 bytes
Created: 11/2/2006
Modified: 11/2/2006
Company: Microsoft Corporation
----------
Key: sp_rsdrv2
ImagePath: \??\C:\Windows\system32\drivers\sp_rsdrv2.sys
C:\Windows\system32\drivers\sp_rsdrv2.sys
141312 bytes
Created: 5/19/2008
Modified: 5/19/2008
Company:
----------
Key: sp_rssrv
ImagePath: "C:\Program Files\Spyware Terminator\sp_rsser.exe"
C:\Program Files\Spyware Terminator\sp_rsser.exe
606720 bytes
Created: 5/19/2008
Modified: 5/19/2008
Company: Crawler.com
----------
Key: stllssvr
ImagePath: "c:\Program Files\Common Files\SureThing Shared\stllssvr.exe"
c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
-R- 74656 bytes
Created: 5/3/2007
Modified: 5/3/2007
Company: MicroVision Development, Inc.
----------
Key: WpdUsb
ImagePath: system32\DRIVERS\wpdusb.sys
C:\Windows\system32\DRIVERS\wpdusb.sys
39936 bytes
Created: 11/2/2006
Modified: 11/2/2006
Company: Microsoft Corporation
----------
**************************************************
6:03:36 PM: Scanning -----VXD ENTRIES-----
Checking the following VxD entries:
**************************************************
6:03:36 PM: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key: igfxcui
DLL: igfxdev.dll
C:\Windows\system32\igfxdev.dll
204800 bytes
Created: 8/11/2007
Modified: 3/25/2008
Company: Intel Corporation
----------
**************************************************
6:03:36 PM: Scanning ----- CONTEXTMENUHANDLERS -----
Key: AVG8 Shell Extension
CLSID: {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
Path: C:\Program Files\AVG\AVG8\avgse.dll
C:\Program Files\AVG\AVG8\avgse.dll
108824 bytes
Created: 5/6/2008
Modified: 5/6/2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: SPTContMenu
CLSID: {BD88A479-9623-4897-8546-BC62B9628F44}
Path: C:\Program Files\Spyware Terminator\sptcontmenu.dll
C:\Program Files\Spyware Terminator\sptcontmenu.dll
164352 bytes
Created: 5/19/2008
Modified: 5/19/2008
Company: Crawler.com
----------
**************************************************
6:03:36 PM: Scanning ----- FOLDER\COLUMNHANDLERS -----
**************************************************
6:03:36 PM: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
BHO: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
62080 bytes
Created: 10/23/2006
Modified: 10/23/2006
Company: Adobe Systems Incorporated
----------
Key: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
BHO: C:\Program Files\AVG\AVG8\avgssie.dll
C:\Program Files\AVG\AVG8\avgssie.dll
419096 bytes
Created: 5/6/2008
Modified: 5/6/2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
BHO: C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
501400 bytes
Created: 8/11/2007
Modified: 4/7/2007
Company: Sun Microsystems, Inc.
----------
**************************************************
6:03:36 PM: Scanning ----- SHELLSERVICEOBJECTS -----
**************************************************
6:03:36 PM: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
**************************************************
6:03:36 PM: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.
**************************************************
6:03:36 PM: Scanning ----- APPINIT_DLLS -----
AppInitDLLs entry = [avgrsstx.dll]
File: avgrsstx.dll
C:\Windows\system32\avgrsstx.dll
10520 bytes
Created: 5/6/2008
Modified: 5/6/2008
Company: AVG Technologies CZ, s.r.o.
----------
**************************************************
6:03:37 PM: Scanning ----- SECURITY PROVIDER DLLS -----
**************************************************
6:03:37 PM: Scanning ------ COMMON STARTUP GROUP ------
[C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created: 11/2/2006
Modified: 1/21/2008
Company:
--------------------
**************************************************
6:03:37 PM: Scanning ----- USER STARTUP GROUPS -----
Checking Startup Group for: Arty Tovar
[C:\Users\Arty Tovar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]
C:\Users\Arty Tovar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created: 12/10/2007
Modified: 1/21/2008
Company:
----------
--------------------
**************************************************
6:03:37 PM: Scanning ----- SCHEDULED TASKS -----
No Scheduled Tasks found to scan
**************************************************
6:03:37 PM: ----- ADDITIONAL CHECKS -----
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Users\Arty Tovar\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
C:\Users\Arty Tovar\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
1440054 bytes
Created: 4/9/2008
Modified: 4/9/2008
Company:
----------
Web Desktop Wallpaper: %APPDATA%\Mozilla\Firefox\Desktop Background.bmp
%APPDATA%\Mozilla\Firefox\Desktop Background.bmp [file not found to scan]
----------
Checking Drivers32 entries:
Value Name: midi1
File: wdmaud.drv
C:\Windows\system32\wdmaud.drv
168448 bytes
Created: 11/2/2006
Modified: 11/2/2006
Company: Microsoft Corporation
----------
--------------------
Additional file checks completed
**************************************************
6:03:38 PM: Scanning ----- RUNNING PROCESSES -----
C:\Windows\System32\smss.exe
--------------------
C:\Windows\system32\csrss.exe
--------------------
C:\Windows\system32\wininit.exe
--------------------
C:\Windows\system32\csrss.exe
--------------------
C:\Windows\system32\services.exe
--------------------
C:\Windows\system32\lsass.exe
--------------------
C:\Windows\system32\lsm.exe
--------------------
C:\Windows\system32\winlogon.exe
--------------------
C:\Windows\system32\svchost.exe
--------------------
C:\Windows\system32\svchost.exe
--------------------
C:\Windows\System32\svchost.exe
--------------------
C:\Windows\System32\svchost.exe
--------------------
C:\Windows\System32\svchost.exe
--------------------
C:\Windows\system32\svchost.exe
--------------------
C:\Windows\system32\SLsvc.exe
--------------------
C:\Windows\system32\svchost.exe
--------------------
C:\Windows\system32\svchost.exe
--------------------
C:\Windows\system32\Dwm.exe
--------------------
C:\Windows\Explorer.EXE
--------------------
C:\Windows\System32\spoolsv.exe
--------------------
C:\Windows\system32\svchost.exe
--------------------
C:\Windows\system32\taskeng.exe
--------------------
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
--------------------
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
--------------------
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
--------------------
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
--------------------
C:\Windows\system32\svchost.exe
--------------------
C:\Program Files\Spyware Terminator\sp_rsser.exe
--------------------
C:\Windows\system32\svchost.exe
--------------------
C:\Windows\System32\svchost.exe
--------------------
C:\Windows\system32\SearchIndexer.exe
--------------------
C:\Windows\system32\DRIVERS\xaudio.exe
--------------------
C:\Windows\system32\WUDFHost.exe
--------------------
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
--------------------
C:\PROGRA~1\AVG\AVG8\avgemc.exe
--------------------
C:\Windows\system32\taskeng.exe
--------------------
C:\Program Files\Windows Defender\MSASCui.exe
--------------------
C:\hp\support\hpsysdrv.exe
--------------------
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
--------------------
C:\Windows\RtHDVCpl.exe
--------------------
C:\Windows\system32\schtasks.exe
--------------------
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
--------------------
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
--------------------
C:\Program Files\AVG\AVG8\avgtray.exe
--------------------
C:\Windows\System32\hkcmd.exe
--------------------
C:\Windows\System32\igfxpers.exe
--------------------
C:\Windows\system32\igfxsrvc.exe
--------------------
C:\Program Files\Internet Explorer\iexplore.exe
--------------------
C:\Program Files\Internet Explorer\iexplore.exe
--------------------
C:\Program Files\Internet Explorer\iexplore.exe
--------------------
C:\Windows\System32\mobsync.exe
--------------------
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
--------------------
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
--------------------
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
--------------------
C:\Program Files\Microsoft Works\wkswp.exe
--------------------
C:\Program Files\Microsoft Works\WkDStore.exe
--------------------
C:\Program Files\Microsoft Works\wkgdcach.exe
--------------------
C:\Program Files\Trojan Remover\Rmvtrjan.exe
FileSize: 2482752
[This is a Trojan Remover component]
--------------------
--------------------
C:\Windows\NOTEPAD.EXE
--------------------
**************************************************
6:03:42 PM: Checking HOSTS file
No malicious entries were found in the HOSTS file
**************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Start Page":
[url="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Presario&pf=desktop"]AOL.com - Welcome to AOL[/url]
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Search Page":
[url="http://go.microsoft.com/fwlink/?LinkId=54896"]Live Search[/url]
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
[url="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Presario&pf=desktop"]AOL.com - Welcome to AOL[/url]
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
[url="http://go.microsoft.com/fwlink/?LinkId=54896"]Live Search[/url]
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
[url="http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327"]Search Assistant[/url]
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
[url="http://www.crawler.com/search/ie.aspx?tb_id=60327"]Internet Explorer Search[/url]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Start Page":
[url="http://www.yahoo.com/"]Yahoo![/url]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Search Page":
[url="http://go.microsoft.com/fwlink/?LinkId=54896"]Live Search[/url]
**************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 6:03:42 PM 20 May 2008
************************************************************
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.6.9.2533. For information, email [email]support@simplysup1.com[/email]
[Unregistered version]
Scan started at: 5:55:31 PM 20 May 2008
Using Database v6998
Operating System: Windows Vista [Windows Vista (Build 6000)]
Edition: Windows Vista (TM) Home Premium
File System: NTFS
User Account Control is Enabled.
Data directory: C:\Users\Arty Tovar\AppData\Roaming\Simply Super Software\Trojan Remover\
Logfile directory: C:\Users\Arty Tovar\Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges
**************************************************
The following Anti-Malware program(s) are loaded:
Microsoft Windows Defender
**************************************************
**************************************************
5:55:31 PM: Scanning ----------WIN.INI-----------
WIN.INI found in C:\Windows
**************************************************
5:55:31 PM: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\Windows
**************************************************
5:55:31 PM: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.
**************************************************
5:55:32 PM: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: explorer.exe
C:\Windows\explorer.exe
2923520 bytes
Created: 1/21/2008
Modified: 1/21/2008
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\Windows\system32\userinit.exe
C:\Windows\system32\userinit.exe
24576 bytes
Created: 11/2/2006
Modified: 11/2/2006
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: Windows Defender
Value Data: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
C:\Program Files\Windows Defender\MSASCui.exe
1006264 bytes
Created: 8/11/2007
Modified: 8/11/2007
Company: Microsoft Corporation
--------------------
Value Name: hpsysdrv
Value Data: c:\hp\support\hpsysdrv.exe
c:\hp\support\hpsysdrv.exe
65536 bytes
Created: 8/11/2007
Modified: 4/18/2007
Company: Hewlett-Packard Company
--------------------
Value Name: OsdMaestro
Value Data: "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
118784 bytes
Created: 8/11/2007
Modified: 2/15/2007
Company: OsdMaestro
--------------------
Value Name: RtHDVCpl
Value Data: RtHDVCpl.exe
C:\Windows\RtHDVCpl.exe
4702208 bytes
Created: 10/25/2007
Modified: 10/25/2007
Company: Realtek Semiconductor
--------------------
Value Name: HP Health Check Scheduler
Value Data: c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
71176 bytes
Created: 5/24/2007
Modified: 5/24/2007
Company: Hewlett-Packard
--------------------
Value Name: SunJavaUpdateReg
Value Data: "C:\Windows\system32\jureg.exe"
C:\Windows\system32\jureg.exe
54936 bytes
Created: 8/11/2007
Modified: 4/7/2007
Company: Sun Microsystems, Inc.
--------------------
Value Name: HP Software Update
Value Data: c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
49152 bytes
Created: 2/17/2005
Modified: 2/17/2005
Company: Hewlett-Packard Co.
--------------------
Value Name:
Value Data:
The Value Data for this entry appears to be blank
--------------------
Value Name: Adobe Reader Speed Launcher
Value Data: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
39792 bytes
Created: 1/12/2008
Modified: 1/12/2008
Company: Adobe Systems Incorporated
--------------------
Value Name: Symantec PIF AlertEng
Value Data: "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
583048 bytes
Created: 1/29/2008
Modified: 1/29/2008
Company: Symantec Corporation
--------------------
Value Name: AVG8_TRAY
Value Data: C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
1177368 bytes
Created: 5/6/2008
Modified: 5/6/2008
Company: AVG Technologies CZ, s.r.o.
--------------------
Value Name: IgfxTray
Value Data: C:\Windows\system32\igfxtray.exe
C:\Windows\system32\igfxtray.exe
141848 bytes
Created: 3/25/2008
Modified: 3/25/2008
Company: Intel Corporation
--------------------
Value Name: HotKeysCmds
Value Data: C:\Windows\system32\hkcmd.exe
C:\Windows\system32\hkcmd.exe
166424 bytes
Created: 3/25/2008
Modified: 3/25/2008
Company: Intel Corporation
--------------------
Value Name: Persistence
Value Data: C:\Windows\system32\igfxpers.exe
C:\Windows\system32\igfxpers.exe
133656 bytes
Created: 3/25/2008
Modified: 3/25/2008
Company: Intel Corporation
--------------------
Value Name: SpywareTerminator
Value Data: "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
1817600 bytes
Created: 5/19/2008
Modified: 5/19/2008
Company: Crawler.com
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe
C:\Program Files\Trojan Remover\Trjscan.exe
877136 bytes
Created: 5/20/2008
Modified: 5/18/2008
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Value Name: Launcher
Value Data: %WINDIR%\SMINST\launcher.exe
C:\Windows\SMINST\launcher.exe
44168 bytes
Created: 4/3/2007
Modified: 4/3/2007
Company: soft thinks
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: locks tick title proc
Value Data: "C:\ProgramData\Copy Show Store.npbn4w"
C:\ProgramData\Copy Show Store.npbn4w
4112 bytes
Created: 4/9/2008
Modified: 4/9/2008
Company:
--------------------
Value Name: 4 city
Value Data: "C:\ProgramData\ByteWinWin.h3hlel"
C:\ProgramData\ByteWinWin.h3hlel
8208 bytes
Created: 5/6/2008
Modified: 5/6/2008
Company:
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
**************************************************
5:55:34 PM: Scanning -----SHELLEXECUTEHOOKS-----
ShellExecuteHooks key is empty
**************************************************
5:55:34 PM: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------
**************************************************
5:55:34 PM: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver: C:\Windows\system32\logon.scr
C:\Windows\system32\logon.scr
5714432 bytes
Created: 11/2/2006
Modified: 11/2/2006
Company: Microsoft Corporation
--------------------
**************************************************
5:55:34 PM: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
**************************************************
5:55:35 PM: Scanning ----- SERVICEDLL REGISTRY KEYS -----
**************************************************
5:55:36 PM: Scanning ----- SERVICES REGISTRY KEYS -----
Key: Afc
ImagePath: system32\drivers\Afc.sys
C:\Windows\system32\drivers\Afc.sys
11776 bytes
Created: 12/17/2007
Modified: 2/23/2005
Company: Arcsoft, Inc.
----------
Key: Automatic LiveUpdate Scheduler
ImagePath: "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
554352 bytes
Created: 8/11/2007
Modified: 9/12/2007
Company: Symantec Corporation
----------
Key: avg8emc
ImagePath: C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
902424 bytes
Created: 5/6/2008
Modified: 5/6/2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: avg8wd
ImagePath: C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
282904 bytes
Created: 5/6/2008
Modified: 5/6/2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: AvgLdx86
ImagePath: \SystemRoot\System32\Drivers\avgldx86.sys
C:\Windows\System32\Drivers\avgldx86.sys
96520 bytes
Created: 5/6/2008
Modified: 5/6/2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: AvgMfx86
ImagePath: \SystemRoot\System32\Drivers\avgmfx86.sys
C:\Windows\System32\Drivers\avgmfx86.sys
26184 bytes
Created: 5/6/2008
Modified: 5/6/2008
Company: GRISOFT, s.r.o.
----------
Key: AvgWfpX
ImagePath: \SystemRoot\System32\Drivers\avgwfpx.sys
C:\Windows\System32\Drivers\avgwfpx.sys
67080 bytes
Created: 5/6/2008
Modified: 5/6/2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: BCM43XX
ImagePath: system32\DRIVERS\bcmwl6.sys
C:\Windows\system32\DRIVERS\bcmwl6.sys
534016 bytes
Created: 12/10/2007
Modified: 12/19/2006
Company: Broadcom Corporation
----------
Key: blbdrive
ImagePath: \SystemRoot\system32\drivers\blbdrive.sys - file is missing - alert is globally excluded
----------
Key: dot4
ImagePath: system32\DRIVERS\Dot4.sys
C:\Windows\system32\DRIVERS\Dot4.sys
131584 bytes
Created: 11/2/2006
Modified: 11/2/2006
Company: Microsoft Corporation
----------
Key: Dot4Print
ImagePath: system32\DRIVERS\Dot4Prt.sys
C:\Windows\system32\DRIVERS\Dot4Prt.sys
16384 bytes
Created: 11/2/2006
Modified: 11/2/2006
Company: Microsoft Corporation
----------
Key: Dot4Scan
ImagePath: system32\DRIVERS\Dot4Scan.sys
C:\Windows\system32\DRIVERS\Dot4Scan.sys
10752 bytes
Created: 11/2/2006
Modified: 11/2/2006
Company: Microsoft Corporation
----------
Key: dot4usb
ImagePath: system32\DRIVERS\dot4usb.sys
C:\Windows\system32\DRIVERS\dot4usb.sys
36864 bytes
Created: 11/2/2006
Modified: 11/2/2006
Company: Microsoft Corporation
----------
Key: HP Health Check Service
ImagePath: "c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe"
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
61440 bytes
Created: 5/24/2007
Modified: 5/24/2007
Company: Hewlett-Packard
----------
Key: HSF_DP
ImagePath: system32\DRIVERS\HSX_DP.sys
C:\Windows\system32\DRIVERS\HSX_DP.sys
985600 bytes
Created: 2/12/2008
Modified: 2/12/2008
Company: Conexant Systems, Inc.
----------
Key: ialm
ImagePath: system32\DRIVERS\igdkmd32.sys
C:\Windows\system32\DRIVERS\igdkmd32.sys
2307072 bytes
Created: 3/25/2008
Modified: 3/25/2008
Company: Intel Corporation
----------
Key: IDriverT
ImagePath: "c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"
c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
73728 bytes
Created: 10/22/2004
Modified: 10/22/2004
Company: Macrovision Corporation
----------
Key: igfx
ImagePath: system32\DRIVERS\igdkmd32.sys
C:\Windows\system32\DRIVERS\igdkmd32.sys
2307072 bytes
Created: 3/25/2008
Modified: 3/25/2008
Company: Intel Corporation
----------
Key: IpInIp
ImagePath: system32\DRIVERS\ipinip.sys - file is missing - alert is globally excluded
----------
Key: kbdhid
ImagePath: \SystemRoot\system32\drivers\kbdhid.sys
C:\Windows\system32\drivers\kbdhid.sys
15872 bytes
Created: 11/2/2006
Modified: 11/2/2006
Company: Microsoft Corporation
----------
Key: LiveUpdate
ImagePath: "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
2999664 bytes
Created: 8/11/2007
Modified: 9/12/2007
Company: Symantec Corporation
----------
Key: LiveUpdate Notice Ex
ImagePath: "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [file not found to scan]
----------
Key: LiveUpdate Notice Service
ImagePath: "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll"
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
583048 bytes
Created: 1/29/2008
Modified: 1/29/2008
Company: Symantec Corporation
----------
Key: msiserver
ImagePath: %systemroot%\system32\msiexec /V
----------
Key: NwlnkFlt
ImagePath: system32\DRIVERS\nwlnkflt.sys - file is missing - alert is globally excluded
----------
Key: NwlnkFwd
ImagePath: system32\DRIVERS\nwlnkfwd.sys - file is missing - alert is globally excluded
----------
Key: pfc
ImagePath: system32\drivers\pfc.sys
C:\Windows\system32\drivers\pfc.sys [file not found to scan]
----------
Key: RoxMediaDB9
ImagePath: "c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe"
c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
887544 bytes
Created: 5/11/2007
Modified: 5/11/2007
Company: Sonic Solutions
----------
Key: RTL8169
ImagePath: system32\DRIVERS\Rtlh86.sys
C:\Windows\system32\DRIVERS\Rtlh86.sys
104448 bytes
Created: 12/28/2007
Modified: 12/28/2007
Company: Realtek Corporation
----------
Key: Serenum
ImagePath: \SystemRoot\system32\drivers\serenum.sys
C:\Windows\system32\drivers\serenum.sys
17920 bytes
Created: 11/2/2006
Modified: 11/2/2006
Company: Microsoft Corporation
----------
Key: Serial
ImagePath: \SystemRoot\system32\drivers\serial.sys
C:\Windows\system32\drivers\serial.sys
83456 bytes
Created: 11/2/2006
Modified: 11/2/2006
Company: Microsoft Corporation
----------
Key: sp_rsdrv2
ImagePath: \??\C:\Windows\system32\drivers\sp_rsdrv2.sys
C:\Windows\system32\drivers\sp_rsdrv2.sys
141312 bytes
Created: 5/19/2008
Modified: 5/19/2008
Company:
----------
Key: sp_rssrv
ImagePath: "C:\Program Files\Spyware Terminator\sp_rsser.exe"
C:\Program Files\Spyware Terminator\sp_rsser.exe
606720 bytes
Created: 5/19/2008
Modified: 5/19/2008
Company: Crawler.com
----------
Key: stllssvr
ImagePath: "c:\Program Files\Common Files\SureThing Shared\stllssvr.exe"
c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
-R- 74656 bytes
Created: 5/3/2007
Modified: 5/3/2007
Company: MicroVision Development, Inc.
----------
Key: WpdUsb
ImagePath: system32\DRIVERS\wpdusb.sys
C:\Windows\system32\DRIVERS\wpdusb.sys
39936 bytes
Created: 11/2/2006
Modified: 11/2/2006
Company: Microsoft Corporation
----------
**************************************************
5:55:43 PM: Scanning -----VXD ENTRIES-----
Checking the following VxD entries:
**************************************************
5:55:43 PM: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key: igfxcui
DLL: igfxdev.dll
C:\Windows\system32\igfxdev.dll
204800 bytes
Created: 8/11/2007
Modified: 3/25/2008
Company: Intel Corporation
----------
**************************************************
5:55:43 PM: Scanning ----- CONTEXTMENUHANDLERS -----
Key: AVG8 Shell Extension
CLSID: {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
Path: C:\Program Files\AVG\AVG8\avgse.dll
C:\Program Files\AVG\AVG8\avgse.dll
108824 bytes
Created: 5/6/2008
Modified: 5/6/2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: SPTContMenu
CLSID: {BD88A479-9623-4897-8546-BC62B9628F44}
Path: C:\Program Files\Spyware Terminator\sptcontmenu.dll
C:\Program Files\Spyware Terminator\sptcontmenu.dll
164352 bytes
Created: 5/19/2008
Modified: 5/19/2008
Company: Crawler.com
----------
**************************************************
5:55:43 PM: Scanning ----- FOLDER\COLUMNHANDLERS -----
**************************************************
5:55:43 PM: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
BHO: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
62080 bytes
Created: 10/23/2006
Modified: 10/23/2006
Company: Adobe Systems Incorporated
----------
Key: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
BHO: C:\Program Files\AVG\AVG8\avgssie.dll
C:\Program Files\AVG\AVG8\avgssie.dll
419096 bytes
Created: 5/6/2008
Modified: 5/6/2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
BHO: C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
501400 bytes
Created: 8/11/2007
Modified: 4/7/2007
Company: Sun Microsystems, Inc.
----------
**************************************************
5:55:44 PM: Scanning ----- SHELLSERVICEOBJECTS -----
**************************************************
5:55:44 PM: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
**************************************************
5:55:44 PM: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.
**************************************************
5:55:44 PM: Scanning ----- APPINIT_DLLS -----
AppInitDLLs entry = [avgrsstx.dll]
File: avgrsstx.dll
C:\Windows\system32\avgrsstx.dll
10520 bytes
Created: 5/6/2008
Modified: 5/6/2008
Company: AVG Technologies CZ, s.r.o.
----------
**************************************************
5:55:44 PM: Scanning ----- SECURITY PROVIDER DLLS -----
**************************************************
5:55:44 PM: Scanning ------ COMMON STARTUP GROUP ------
[C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created: 11/2/2006
Modified: 1/21/2008
Company:
--------------------
**************************************************
5:55:45 PM: Scanning ----- USER STARTUP GROUPS -----
Checking Startup Group for: Arty Tovar
[C:\Users\Arty Tovar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]
C:\Users\Arty Tovar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created: 12/10/2007
Modified: 1/21/2008
Company:
----------
--------------------
**************************************************
5:55:45 PM: Scanning ----- SCHEDULED TASKS -----
No Scheduled Tasks found to scan
**************************************************
5:55:45 PM: ----- ADDITIONAL CHECKS -----
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Users\Arty Tovar\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
C:\Users\Arty Tovar\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
1440054 bytes
Created: 4/9/2008
Modified: 4/9/2008
Company:
----------
Web Desktop Wallpaper: %APPDATA%\Mozilla\Firefox\Desktop Background.bmp
%APPDATA%\Mozilla\Firefox\Desktop Background.bmp [file not found to scan]
----------
Checking Drivers32 entries:
Value Name: midi1
File: wdmaud.drv
C:\Windows\system32\wdmaud.drv
168448 bytes
Created: 11/2/2006
Modified: 11/2/2006
Company: Microsoft Corporation
----------
--------------------
Additional file checks completed
**************************************************
5:55:45 PM: Scanning ----- RUNNING PROCESSES -----
C:\Windows\System32\smss.exe
--------------------
C:\Windows\system32\csrss.exe
--------------------
C:\Windows\system32\wininit.exe
--------------------
C:\Windows\system32\csrss.exe
--------------------
C:\Windows\system32\services.exe
--------------------
C:\Windows\system32\lsass.exe
--------------------
C:\Windows\system32\lsm.exe
--------------------
C:\Windows\system32\winlogon.exe
--------------------
C:\Windows\system32\svchost.exe
--------------------
C:\Windows\system32\svchost.exe
--------------------
C:\Windows\System32\svchost.exe
--------------------
C:\Windows\System32\svchost.exe
--------------------
C:\Windows\System32\svchost.exe
--------------------
C:\Windows\system32\svchost.exe
--------------------
C:\Windows\system32\SLsvc.exe
--------------------
C:\Windows\system32\svchost.exe
--------------------
C:\Windows\system32\svchost.exe
--------------------
C:\Windows\system32\Dwm.exe
--------------------
C:\Windows\Explorer.EXE
--------------------
C:\Windows\System32\spoolsv.exe
--------------------
C:\Windows\system32\svchost.exe
--------------------
C:\Windows\system32\taskeng.exe
--------------------
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
--------------------
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
--------------------
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
--------------------
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
--------------------
C:\Windows\system32\svchost.exe
--------------------
C:\Program Files\Spyware Terminator\sp_rsser.exe
--------------------
C:\Windows\system32\svchost.exe
--------------------
C:\Windows\System32\svchost.exe
--------------------
C:\Windows\system32\SearchIndexer.exe
--------------------
C:\Windows\system32\DRIVERS\xaudio.exe
--------------------
C:\Windows\system32\WUDFHost.exe
--------------------
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
--------------------
C:\PROGRA~1\AVG\AVG8\avgemc.exe
--------------------
C:\Windows\system32\taskeng.exe
--------------------
C:\Program Files\Windows Defender\MSASCui.exe
--------------------
C:\hp\support\hpsysdrv.exe
--------------------
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
--------------------
C:\Windows\RtHDVCpl.exe
--------------------
C:\Windows\system32\schtasks.exe
--------------------
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
--------------------
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
--------------------
C:\Program Files\AVG\AVG8\avgtray.exe
--------------------
C:\Windows\System32\hkcmd.exe
--------------------
C:\Windows\System32\igfxpers.exe
--------------------
C:\Windows\system32\igfxsrvc.exe
--------------------
C:\Program Files\Internet Explorer\iexplore.exe
--------------------
C:\Program Files\Internet Explorer\iexplore.exe
--------------------
C:\Program Files\Internet Explorer\iexplore.exe
--------------------
C:\Windows\System32\mobsync.exe
--------------------
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
--------------------
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
--------------------
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
--------------------
C:\Program Files\Microsoft Works\wkswp.exe
--------------------
C:\Program Files\Microsoft Works\WkDStore.exe
--------------------
C:\Program Files\Microsoft Works\wkgdcach.exe
--------------------
C:\Program Files\Trojan Remover\Rmvtrjan.exe
FileSize: 2482752
[This is a Trojan Remover component]
--------------------
--------------------
C:\Windows\system32\taskeng.exe
--------------------
C:\Windows\system32\SearchProtocolHost.exe
--------------------
C:\Windows\system32\SearchFilterHost.exe
--------------------
**************************************************
5:55:49 PM: Checking HOSTS file
No malicious entries were found in the HOSTS file
**************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Start Page":
[url="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Presario&pf=desktop"]AOL.com - Welcome to AOL[/url]
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Search Page":
[url="http://go.microsoft.com/fwlink/?LinkId=54896"]Live Search[/url]
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
[url="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Presario&pf=desktop"]AOL.com - Welcome to AOL[/url]
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
[url="http://go.microsoft.com/fwlink/?LinkId=54896"]Live Search[/url]
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
[url="http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327"]Search Assistant[/url]
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
[url="http://www.crawler.com/search/ie.aspx?tb_id=60327"]Internet Explorer Search[/url]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Start Page":
[url="http://www.yahoo.com/"]Yahoo![/url]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Search Page":
[url="http://go.microsoft.com/fwlink/?LinkId=54896"]Live Search[/url]
**************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 5:55:50 PM 20 May 2008
************************************************************
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.6.9.2533. For information, email [email]support@simplysup1.com[/email]
[Unregistered version]
Scan started at: 5:54:47 PM 20 May 2008
Using Database v6998
Operating System: Windows Vista [Windows Vista (Build 6000)]
Edition: Windows Vista (TM) Home Premium
File System: NTFS
User Account Control is Enabled.
Data directory: C:\Users\Arty Tovar\AppData\Roaming\Simply Super Software\Trojan Remover\
Logfile directory: C:\Users\Arty Tovar\Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges
**************************************************
The following Anti-Malware program(s) are loaded:
Microsoft Windows Defender
**************************************************
**************************************************
5:54:47 PM: Scanning ----------WIN.INI-----------
WIN.INI found in C:\Windows
**************************************************
5:54:47 PM: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\Windows
**************************************************
5:54:47 PM: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.
**************************************************
5:54:49 PM: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: explorer.exe
C:\Windows\explorer.exe
2923520 bytes
Created: 1/21/2008
Modified: 1/21/2008
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\Windows\system32\userinit.exe
C:\Windows\system32\userinit.exe
24576 bytes
Created: 11/2/2006
Modified: 11/2/2006
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: Windows Defender
Value Data: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
C:\Program Files\Windows Defender\MSASCui.exe
1006264 bytes
Created: 8/11/2007
Modified: 8/11/2007
Company: Microsoft Corporation
--------------------
Value Name: hpsysdrv
Value Data: c:\hp\support\hpsysdrv.exe
c:\hp\support\hpsysdrv.exe
65536 bytes
Created: 8/11/2007
Modified: 4/18/2007
Company: Hewlett-Packard Company
--------------------
Value Name: OsdMaestro
Value Data: "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
118784 bytes
Created: 8/11/2007
Modified: 2/15/2007
Company: OsdMaestro
--------------------
Value Name: RtHDVCpl
Value Data: RtHDVCpl.exe
C:\Windows\RtHDVCpl.exe
4702208 bytes
Created: 10/25/2007
Modified: 10/25/2007
Company: Realtek Semiconductor
--------------------
Value Name: HP Health Check Scheduler
Value Data: c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
71176 bytes
Created: 5/24/2007
Modified: 5/24/2007
Company: Hewlett-Packard
--------------------
Value Name: SunJavaUpdateReg
Value Data: "C:\Windows\system32\jureg.exe"
C:\Windows\system32\jureg.exe
54936 bytes
Created: 8/11/2007
Modified: 4/7/2007
Company: Sun Microsystems, Inc.
--------------------
Value Name: HP Software Update
Value Data: c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
49152 bytes
Created: 2/17/2005
Modified: 2/17/2005
Company: Hewlett-Packard Co.
--------------------
Value Name:
Value Data:
The Value Data for this entry appears to be blank
--------------------
Value Name: Adobe Reader Speed Launcher
Value Data: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
39792 bytes
Created: 1/12/2008
Modified: 1/12/2008
Company: Adobe Systems Incorporated
--------------------
Value Name: Symantec PIF AlertEng
Value Data: "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
583048 bytes
Created: 1/29/2008
Modified: 1/29/2008
Company: Symantec Corporation
--------------------
Value Name: AVG8_TRAY
Value Data: C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
1177368 bytes
Created: 5/6/2008
Modified: 5/6/2008
Company: AVG Technologies CZ, s.r.o.
--------------------
Value Name: IgfxTray
Value Data: C:\Windows\system32\igfxtray.exe
C:\Windows\system32\igfxtray.exe
141848 bytes
Created: 3/25/2008
Modified: 3/25/2008
Company: Intel Corporation
--------------------
Value Name: HotKeysCmds
Value Data: C:\Windows\system32\hkcmd.exe
C:\Windows\system32\hkcmd.exe
166424 bytes
Created: 3/25/2008
Modified: 3/25/2008
Company: Intel Corporation
--------------------
Value Name: Persistence
Value Data: C:\Windows\system32\igfxpers.exe
C:\Windows\system32\igfxpers.exe
133656 bytes
Created: 3/25/2008
Modified: 3/25/2008
Company: Intel Corporation
--------------------
Value Name: SpywareTerminator
Value Data: "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
1817600 bytes
Created: 5/19/2008
Modified: 5/19/2008
Company: Crawler.com
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe
C:\Program Files\Trojan Remover\Trjscan.exe
877136 bytes
Created: 5/20/2008
Modified: 5/18/2008
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Value Name: Launcher
Value Data: %WINDIR%\SMINST\launcher.exe
C:\Windows\SMINST\launcher.exe
44168 bytes
Created: 4/3/2007
Modified: 4/3/2007
Company: soft thinks
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: locks tick title proc
Value Data: "C:\ProgramData\Copy Show Store.npbn4w"
C:\ProgramData\Copy Show Store.npbn4w
4112 bytes
Created: 4/9/2008
Modified: 4/9/2008
Company:
--------------------
Value Name: 4 city
Value Data: "C:\ProgramData\ByteWinWin.h3hlel"
C:\ProgramData\ByteWinWin.h3hlel
8208 bytes
Created: 5/6/2008
Modified: 5/6/2008
Company:
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
**************************************************
5:54:51 PM: Scanning -----SHELLEXECUTEHOOKS-----
ShellExecuteHooks key is empty
**************************************************
5:54:51 PM: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------
**************************************************
5:54:52 PM: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver: C:\Windows\system32\logon.scr
C:\Windows\system32\logon.scr
5714432 bytes
Created: 11/2/2006
Modified: 11/2/2006
Company: Microsoft Corporation
--------------------
**************************************************
5:54:52 PM: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
**************************************************
5:54:52 PM: Scanning ----- SERVICEDLL REGISTRY KEYS -----
**************************************************
5:54:55 PM: Scanning ----- SERVICES REGISTRY KEYS -----
Key: Afc
ImagePath: system32\drivers\Afc.sys
C:\Windows\system32\drivers\Afc.sys
11776 bytes
Created: 12/17/2007
Modified: 2/23/2005
Company: Arcsoft, Inc.
----------
Key: Automatic LiveUpdate Scheduler
ImagePath: "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
554352 bytes
Created: 8/11/2007
Modified: 9/12/2007
Company: Symantec Corporation
----------
Key: avg8emc
ImagePath: C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
902424 bytes
Created: 5/6/2008
Modified: 5/6/2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: avg8wd
ImagePath: C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
282904 bytes
Created: 5/6/2008
Modified: 5/6/2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: AvgLdx86
ImagePath: \SystemRoot\System32\Drivers\avgldx86.sys
C:\Windows\System32\Drivers\avgldx86.sys
96520 bytes
Created: 5/6/2008
Modified: 5/6/2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: AvgMfx86
ImagePath: \SystemRoot\System32\Drivers\avgmfx86.sys
C:\Windows\System32\Drivers\avgmfx86.sys
26184 bytes
Created: 5/6/2008
Modified: 5/6/2008
Company: GRISOFT, s.r.o.
----------
Key: AvgWfpX
ImagePath: \SystemRoot\System32\Drivers\avgwfpx.sys
C:\Windows\System32\Drivers\avgwfpx.sys
67080 bytes
Created: 5/6/2008
Modified: 5/6/2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: BCM43XX
ImagePath: system32\DRIVERS\bcmwl6.sys
C:\Windows\system32\DRIVERS\bcmwl6.sys
534016 bytes
Created: 12/10/2007
Modified: 12/19/2006
Company: Broadcom Corporation
----------
Key: blbdrive
ImagePath: \SystemRoot\system32\drivers\blbdrive.sys - file is missing - alert is globally excluded
----------
Key: dot4
ImagePath: system32\DRIVERS\Dot4.sys
C:\Windows\system32\DRIVERS\Dot4.sys
131584 bytes
Created: 11/2/2006
Modified: 11/2/2006
Company: Microsoft Corporation
----------
Key: Dot4Print
ImagePath: system32\DRIVERS\Dot4Prt.sys
C:\Windows\system32\DRIVERS\Dot4Prt.sys
16384 bytes
Created: 11/2/2006
Modified: 11/2/2006
Company: Microsoft Corporation
----------
Key: Dot4Scan
ImagePath: system32\DRIVERS\Dot4Scan.sys
C:\Windows\system32\DRIVERS\Dot4Scan.sys
10752 bytes
Created: 11/2/2006
Modified: 11/2/2006
Company: Microsoft Corporation
----------
Key: dot4usb
ImagePath: system32\DRIVERS\dot4usb.sys
C:\Windows\system32\DRIVERS\dot4usb.sys
36864 bytes
Created: 11/2/2006
Modified: 11/2/2006
Company: Microsoft Corporation
----------
Key: HP Health Check Service
ImagePath: "c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe"
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
61440 bytes
Created: 5/24/2007
Modified: 5/24/2007
Company: Hewlett-Packard
----------
Key: HSF_DP
ImagePath: system32\DRIVERS\HSX_DP.sys
C:\Windows\system32\DRIVERS\HSX_DP.sys
985600 bytes
Created: 2/12/2008
Modified: 2/12/2008
Company: Conexant Systems, Inc.
----------
Key: ialm
ImagePath: system32\DRIVERS\igdkmd32.sys
C:\Windows\system32\DRIVERS\igdkmd32.sys
2307072 bytes
Created: 3/25/2008
Modified: 3/25/2008
Company: Intel Corporation
----------
Key: IDriverT
ImagePath: "c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"
c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
73728 bytes
Created: 10/22/2004
Modified: 10/22/2004
Company: Macrovision Corporation
----------
Key: igfx
ImagePath: system32\DRIVERS\igdkmd32.sys
C:\Windows\system32\DRIVERS\igdkmd32.sys
2307072 bytes
Created: 3/25/2008
Modified: 3/25/2008
Company: Intel Corporation
----------
Key: IpInIp
ImagePath: system32\DRIVERS\ipinip.sys - file is missing - alert is globally excluded
----------
Key: kbdhid
ImagePath: \SystemRoot\system32\drivers\kbdhid.sys
C:\Windows\system32\drivers\kbdhid.sys
15872 bytes
Created: 11/2/2006
Modified: 11/2/2006
Company: Microsoft Corporation
----------
Key: LiveUpdate
ImagePath: "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
2999664 bytes
Created: 8/11/2007
Modified: 9/12/2007
Company: Symantec Corporation
----------
Key: LiveUpdate Notice Ex
ImagePath: "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [file not found to scan]
----------
Key: LiveUpdate Notice Service
ImagePath: "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll"
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
583048 bytes
Created: 1/29/2008
Modified: 1/29/2008
Company: Symantec Corporation
----------
Key: msiserver
ImagePath: %systemroot%\system32\msiexec /V
----------
Key: NwlnkFlt
ImagePath: system32\DRIVERS\nwlnkflt.sys - file is missing - alert is globally excluded
----------
Key: NwlnkFwd
ImagePath: system32\DRIVERS\nwlnkfwd.sys - file is missing - alert is globally excluded
----------
Key: pfc
ImagePath: system32\drivers\pfc.sys
C:\Windows\system32\drivers\pfc.sys [file not found to scan]
----------
Key: RoxMediaDB9
ImagePath: "c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe"
c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
887544 bytes
Created: 5/11/2007
Modified: 5/11/2007
Company: Sonic Solutions
----------
Key: RTL8169
ImagePath: system32\DRIVERS\Rtlh86.sys
C:\Windows\system32\DRIVERS\Rtlh86.sys
104448 bytes
Created: 12/28/2007
Modified: 12/28/2007
Company: Realtek Corporation
----------
Key: Serenum
ImagePath: \SystemRoot\system32\drivers\serenum.sys
C:\Windows\system32\drivers\serenum.sys
17920 bytes
Created: 11/2/2006
Modified: 11/2/2006
Company: Microsoft Corporation
----------
Key: Serial
ImagePath: \SystemRoot\system32\drivers\serial.sys
C:\Windows\system32\drivers\serial.sys
83456 bytes
Created: 11/2/2006
Modified: 11/2/2006
Company: Microsoft Corporation
----------
Key: sp_rsdrv2
ImagePath: \??\C:\Windows\system32\drivers\sp_rsdrv2.sys
C:\Windows\system32\drivers\sp_rsdrv2.sys
141312 bytes
Created: 5/19/2008
Modified: 5/19/2008
Company:
----------
Key: sp_rssrv
ImagePath: "C:\Program Files\Spyware Terminator\sp_rsser.exe"
C:\Program Files\Spyware Terminator\sp_rsser.exe
606720 bytes
Created: 5/19/2008
Modified: 5/19/2008
Company: Crawler.com
----------
Key: stllssvr
ImagePath: "c:\Program Files\Common Files\SureThing Shared\stllssvr.exe"
c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
-R- 74656 bytes
Created: 5/3/2007
Modified: 5/3/2007
Company: MicroVision Development, Inc.
----------
Key: WpdUsb
ImagePath: system32\DRIVERS\wpdusb.sys
C:\Windows\system32\DRIVERS\wpdusb.sys
39936 bytes
Created: 11/2/2006
Modified: 11/2/2006
Company: Microsoft Corporation
----------
**************************************************
5:55:11 PM: Scanning -----VXD ENTRIES-----
Checking the following VxD entries:
**************************************************
5:55:11 PM: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key: igfxcui
DLL: igfxdev.dll
C:\Windows\system32\igfxdev.dll
204800 bytes
Created: 8/11/2007
Modified: 3/25/2008
Company: Intel Corporation
----------
**************************************************
5:55:11 PM: Scanning ----- CONTEXTMENUHANDLERS -----
Key: AVG8 Shell Extension
CLSID: {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
Path: C:\Program Files\AVG\AVG8\avgse.dll
C:\Program Files\AVG\AVG8\avgse.dll
108824 bytes
Created: 5/6/2008
Modified: 5/6/2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: SPTContMenu
CLSID: {BD88A479-9623-4897-8546-BC62B9628F44}
Path: C:\Program Files\Spyware Terminator\sptcontmenu.dll
C:\Program Files\Spyware Terminator\sptcontmenu.dll
164352 bytes
Created: 5/19/2008
Modified: 5/19/2008
Company: Crawler.com
----------
**************************************************
5:55:12 PM: Scanning ----- FOLDER\COLUMNHANDLERS -----
**************************************************
5:55:13 PM: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
BHO: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
62080 bytes
Created: 10/23/2006
Modified: 10/23/2006
Company: Adobe Systems Incorporated
----------
Key: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
BHO: C:\Program Files\AVG\AVG8\avgssie.dll
C:\Program Files\AVG\AVG8\avgssie.dll
419096 bytes
Created: 5/6/2008
Modified: 5/6/2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
BHO: C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
501400 bytes
Created: 8/11/2007
Modified: 4/7/2007
Company: Sun Microsystems, Inc.
----------
**************************************************
5:55:13 PM: Scanning ----- SHELLSERVICEOBJECTS -----
**************************************************
5:55:13 PM: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
**************************************************
5:55:13 PM: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.
**************************************************
5:55:13 PM: Scanning ----- APPINIT_DLLS -----
AppInitDLLs entry = [avgrsstx.dll]
File: avgrsstx.dll
C:\Windows\system32\avgrsstx.dll
10520 bytes
Created: 5/6/2008
Modified: 5/6/2008
Company: AVG Technologies CZ, s.r.o.
----------
**************************************************
5:55:13 PM: Scanning ----- SECURITY PROVIDER DLLS -----
**************************************************
5:55:14 PM: Scanning ------ COMMON STARTUP GROUP ------
[C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created: 11/2/2006
Modified: 1/21/2008
Company:
--------------------
**************************************************
5:55:14 PM: Scanning ----- USER STARTUP GROUPS -----
Checking Startup Group for: Arty Tovar
[C:\Users\Arty Tovar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]
C:\Users\Arty Tovar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created: 12/10/2007
Modified: 1/21/2008
Company:
----------
--------------------
**************************************************
5:55:14 PM: Scanning ----- SCHEDULED TASKS -----
No Scheduled Tasks found to scan
**************************************************
5:55:14 PM: ----- ADDITIONAL CHECKS -----
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Users\Arty Tovar\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
C:\Users\Arty Tovar\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
1440054 bytes
Created: 4/9/2008
Modified: 4/9/2008
Company:
----------
Web Desktop Wallpaper: %APPDATA%\Mozilla\Firefox\Desktop Background.bmp
%APPDATA%\Mozilla\Firefox\Desktop Background.bmp [file not found to scan]
----------
Checking Drivers32 entries:
Value Name: midi1
File: wdmaud.drv
C:\Windows\system32\wdmaud.drv
168448 bytes
Created: 11/2/2006
Modified: 11/2/2006
Company: Microsoft Corporation
----------
--------------------
Additional file checks completed
**************************************************
5:55:14 PM: Scanning ----- RUNNING PROCESSES -----
C:\Windows\System32\smss.exe
--------------------
C:\Windows\system32\csrss.exe
--------------------
C:\Windows\system32\wininit.exe
--------------------
C:\Windows\system32\csrss.exe
--------------------
C:\Windows\system32\services.exe
--------------------
C:\Windows\system32\lsass.exe
--------------------
C:\Windows\system32\lsm.exe
--------------------
C:\Windows\system32\winlogon.exe
--------------------
C:\Windows\system32\svchost.exe
--------------------
C:\Windows\system32\svchost.exe
--------------------
C:\Windows\System32\svchost.exe
--------------------
C:\Windows\System32\svchost.exe
--------------------
C:\Windows\System32\svchost.exe
--------------------
C:\Windows\system32\svchost.exe
--------------------
C:\Windows\system32\SLsvc.exe
--------------------
C:\Windows\system32\svchost.exe
--------------------
C:\Windows\system32\svchost.exe
--------------------
C:\Windows\system32\Dwm.exe
--------------------
C:\Windows\Explorer.EXE
--------------------
C:\Windows\System32\spoolsv.exe
--------------------
C:\Windows\system32\svchost.exe
--------------------
C:\Windows\system32\taskeng.exe
--------------------
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
--------------------
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
--------------------
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
--------------------
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
--------------------
C:\Windows\system32\svchost.exe
--------------------
C:\Program Files\Spyware Terminator\sp_rsser.exe
--------------------
C:\Windows\system32\svchost.exe
--------------------
C:\Windows\System32\svchost.exe
--------------------
C:\Windows\system32\SearchIndexer.exe
--------------------
C:\Windows\system32\DRIVERS\xaudio.exe
--------------------
C:\Windows\system32\WUDFHost.exe
--------------------
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
--------------------
C:\PROGRA~1\AVG\AVG8\avgemc.exe
--------------------
C:\Windows\system32\taskeng.exe
--------------------
C:\Program Files\Windows Defender\MSASCui.exe
--------------------
C:\hp\support\hpsysdrv.exe
--------------------
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
--------------------
C:\Windows\RtHDVCpl.exe
--------------------
C:\Windows\system32\schtasks.exe
--------------------
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
--------------------
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
--------------------
C:\Program Files\AVG\AVG8\avgtray.exe
--------------------
C:\Windows\System32\hkcmd.exe
--------------------
C:\Windows\System32\igfxpers.exe
--------------------
C:\Windows\system32\igfxsrvc.exe
--------------------
C:\Program Files\Internet Explorer\iexplore.exe
--------------------
C:\Program Files\Internet Explorer\iexplore.exe
--------------------
C:\Program Files\Internet Explorer\iexplore.exe
--------------------
C:\Windows\System32\mobsync.exe
--------------------
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
--------------------
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
--------------------
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
--------------------
C:\Program Files\Microsoft Works\wkswp.exe
--------------------
C:\Program Files\Microsoft Works\WkDStore.exe
--------------------
C:\Program Files\Microsoft Works\wkgdcach.exe
--------------------
C:\Program Files\Trojan Remover\Rmvtrjan.exe
FileSize: 2482752
[This is a Trojan Remover component]
--------------------
--------------------
C:\Windows\system32\taskeng.exe
--------------------
**************************************************
5:55:20 PM: Checking HOSTS file
No malicious entries were found in the HOSTS file
**************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Start Page":
[url="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Presario&pf=desktop"]AOL.com - Welcome to AOL[/url]
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Search Page":
[url="http://go.microsoft.com/fwlink/?LinkId=54896"]Live Search[/url]
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
[url="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Presario&pf=desktop"]AOL.com - Welcome to AOL[/url]
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
[url="http://go.microsoft.com/fwlink/?LinkId=54896"]Live Search[/url]
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
[url="http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327"]Search Assistant[/url]
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
[url="http://www.crawler.com/search/ie.aspx?tb_id=60327"]Internet Explorer Search[/url]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Start Page":
[url="http://www.yahoo.com/"]Yahoo![/url]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Search Page":
[url="http://go.microsoft.com/fwlink/?LinkId=54896"]Live Search[/url]
**************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 5:55:20 PM 20 May 2008
************************************************************