Hi Dragon Master Jay:
Well here is the log. I am assuming this is a clean bill of health for my poor computer. I really appreciate all that you have done for me.
Thanks again,
Karen
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.8.1.2591. For information, email
support@simplysup.com[Unregistered version]
Scan started at: 5:47:41 PM 20 Oct 2009
Using Database v7411
Operating System: Windows XP Home Edition (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Owner\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Documents and Settings\All Users\Application Data\Simply Super Software\Trojan Remover\Data\
Logfile directory: C:\Documents and Settings\Owner\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges
************************************************************
************************************************************
5:47:41 PM: ----- SCANNING FOR ROOTKIT SERVICES -----
No hȋdden Services were detected.
************************************************************
5:47:44 PM: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [Explorer.exe]
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1033728 bytes
Created: 7/16/2003 1:28 PM
Modified: 4/14/2008 5:42 AM
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\WINDOWS\system32\userinit.exe,]
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26112 bytes
Created: 7/16/2003 1:49 PM
Modified: 4/14/2008 5:42 AM
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
Key value: [logonui.exe]
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
514560 bytes
Created: 7/16/2003 1:32 PM
Modified: 4/14/2008 5:42 AM
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: Windows Defender
Value Data: "C:\Program Files\Windows Defender\MSASCui.exe" -hide
C:\Program Files\Windows Defender\MSASCui.exe
866584 bytes
Created: 11/3/2006 7:20 PM
Modified: 11/3/2006 7:20 PM
Company: Microsoft Corporation
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
1070984 bytes
Created: 10/20/2009 5:33 PM
Modified: 10/17/2009 8:35 PM
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: ctfmon.exe
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 7/16/2003 1:26 PM
Modified: 4/14/2008 5:42 AM
Company: Microsoft Corporation
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
************************************************************
5:47:46 PM: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------
ValueName: {56F9679E-7826-4C84-81F3-532071A8BCC5}
File: C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll
C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll
304128 bytes
Created: 5/26/2008 10:19 PM
Modified: 5/24/2009 10:41 PM
Company: Microsoft Corporation
----------
ValueName: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}
Value: Microsoft AntiMalware ShellExecuteHook
File: C:\PROGRA~1\WINDOW~4\MpShHook.dll
C:\PROGRA~1\WINDOW~4\MpShHook.dll
83224 bytes
Created: 11/3/2006 7:20 PM
Modified: 11/3/2006 7:20 PM
Company: Microsoft Corporation
----------
************************************************************
5:47:46 PM: Scanning -----hȋdden REGISTRY ENTRIES-----
Taskdir check completed
----------
No hȋdden File-loading Registry Entries found
----------
************************************************************
5:47:47 PM: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.
************************************************************
5:47:47 PM: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
************************************************************
5:47:47 PM: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: AppMgmt
%SystemRoot%\System32\appmgmts.dll - file is globally excluded (file cannot be found)
--------------------
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------
Key: NwSapAgent
Path: %SystemRoot%\System32\ipxsap.dll
C:\WINDOWS\System32\ipxsap.dll
66560 bytes
Created: 7/16/2003 1:30 PM
Modified: 7/16/2003 1:30 PM
Company: Microsoft Corporation
--------------------
Key: srservice
Path: %SystemRoot%\system32\srsvc.dll
C:\WINDOWS\system32\srsvc.dll
171008 bytes
Created: 5/28/2004 1:03 PM
Modified: 4/14/2008 5:42 AM
Company: Microsoft Corporation
--------------------
************************************************************
5:47:48 PM: Scanning ----- SERVICES REGISTRY KEYS -----
Key: avg9emc
ImagePath: "C:\Program Files\AVG\AVG9\avgemc.exe"
C:\Program Files\AVG\AVG9\avgemc.exe
906520 bytes
Created: 10/17/2009 8:09 PM
Modified: 10/17/2009 8:09 PM
Company: AVG Technologies CZ, s.r.o.
----------
Key: avg9wd
ImagePath: "C:\Program Files\AVG\AVG9\avgwdsvc.exe"
C:\Program Files\AVG\AVG9\avgwdsvc.exe
285392 bytes
Created: 10/17/2009 8:09 PM
Modified: 10/17/2009 8:09 PM
Company: AVG Technologies CZ, s.r.o.
----------
Key: AvgTdiX
ImagePath: \SystemRoot\System32\Drivers\avgtdix.sys
C:\WINDOWS\System32\Drivers\avgtdix.sys
360584 bytes
Created: 6/9/2008 9:23 PM
Modified: 10/17/2009 8:10 PM
Company: AVG Technologies CZ, s.r.o.
----------
Key: BANTExt
ImagePath: \SystemRoot\System32\Drivers\BANTExt.sys
C:\WINDOWS\System32\Drivers\BANTExt.sys
3840 bytes
Created: 1/2/2009 4:01 PM
Modified: 3/6/2008 11:51 AM
Company: [no info]
----------
Key: catchme
ImagePath: \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys - this file is globally excluded
----------
Key: CoachUsb
ImagePath: system32\DRIVERS\CoachUsb.sys
C:\WINDOWS\system32\DRIVERS\CoachUsb.sys
46944 bytes
Created: 7/26/2008 2:06 PM
Modified: 1/22/2004 12:41 PM
Company: FotoNation Ltd.
----------
Key: CoachVc
ImagePath: system32\DRIVERS\CoachVc.sys
C:\WINDOWS\system32\DRIVERS\CoachVc.sys - [file not found to scan]
----------
Key: ImapiService
ImagePath: %systemroot%\system32\imapi.exe
C:\WINDOWS\system32\imapi.exe
150528 bytes
Created: 7/16/2003 1:30 PM
Modified: 4/14/2008 5:42 AM
Company: Microsoft Corporation
----------
Key: MREMPR5
ImagePath: \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS
C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS
19345 bytes
Created: 9/25/2006 4:33 AM
Modified: 3/11/2007 2:37 PM
Company: Motive, Inc.
----------
Key: MRENDIS5
ImagePath: \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
18003 bytes
Created: 9/25/2006 4:33 AM
Modified: 3/11/2007 2:37 PM
Company: Motive, Inc.
----------
Key: NwlnkIpx
ImagePath: system32\DRIVERS\nwlnkipx.sys
C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
88320 bytes
Created: 7/16/2003 1:40 PM
Modified: 4/14/2008 12:26 AM
Company: Microsoft Corporation
----------
Key: NwlnkNb
ImagePath: system32\DRIVERS\nwlnknb.sys
C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
63232 bytes
Created: 7/16/2003 1:40 PM
Modified: 7/16/2003 1:40 PM
Company: Microsoft Corporation
----------
Key: NwlnkSpx
ImagePath: system32\DRIVERS\nwlnkspx.sys
C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
55936 bytes
Created: 7/16/2003 1:40 PM
Modified: 7/16/2003 1:40 PM
Company: Microsoft Corporation
----------
Key: SABProcEnum
ImagePath: \??\C:\Program Files\Internet Explorer\SABProcEnum.sys
C:\Program Files\Internet Explorer\SABProcEnum.sys - [file not found to scan]
----------
Key: SASENUM
ImagePath: \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
-R- 7408 bytes
Created: 9/15/2009 11:42 AM
Modified: 9/15/2009 11:42 AM
Company: SUPERAdBlocker.com and SUPERAntiSpyware.com
----------
Key: SVKP
ImagePath: \??\C:\WINDOWS\system32\SVKP.sys
C:\WINDOWS\system32\SVKP.sys - [file not found to scan]
----------
Key: SwPrv
ImagePath: C:\WINDOWS\System32\dllhost.exe /Processid:{D755A93D-E25D-4DDE-9969-30EC6DFA8F7A}
C:\WINDOWS\System32\dllhost.exe
5120 bytes
Created: 7/16/2003 1:27 PM
Modified: 4/14/2008 5:42 AM
Company: Microsoft Corporation
----------
Key: vsdatant
ImagePath: \??\C:\WINDOWS\System32\vsdatant.sys
C:\WINDOWS\System32\vsdatant.sys
228344 bytes
Created: 6/3/2004 5:23 PM
Modified: 2/17/2004 4:52 PM
Company: Zone Labs Inc.
----------
Key: WinDefend
ImagePath: "C:\Program Files\Windows Defender\MsMpEng.exe"
C:\Program Files\Windows Defender\MsMpEng.exe
13592 bytes
Created: 11/3/2006 7:19 PM
Modified: 11/3/2006 7:19 PM
Company: Microsoft Corporation
----------
Key: WpdUsb
ImagePath: System32\Drivers\wpdusb.sys
C:\WINDOWS\System32\Drivers\wpdusb.sys
38528 bytes
Created: 8/11/2004 1:45 AM
Modified: 10/18/2006 10:00 PM
Company: Microsoft Corporation
----------
Key: zntport
ImagePath: \??\C:\WINDOWS\system32\zntport.sys
C:\WINDOWS\system32\zntport.sys - [file not found to scan]
----------
************************************************************
5:47:53 PM: Scanning -----VXD ENTRIES-----
Checking the following VxD entries:
C:\WINDOWS\system32\JAVASUP.VXD
7315 bytes
Created: 5/31/2004 6:27 PM
Modified: 2/28/2003 4:54 PM
Company: [no info]
VxD Key = JAVASUP
----------
----------
************************************************************
5:47:54 PM: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key : igfxcui
DLLName: igfxsrvc.dll
C:\WINDOWS\system32\igfxsrvc.dll
348160 bytes
Created: 5/28/2004 3:18 PM
Modified: 10/19/2005 8:59 AM
Company: Intel Corporation
----------
************************************************************
5:47:54 PM: Scanning ----- CONTEXTMENUHANDLERS -----
Key: AVG9 Shell Extension
CLSID: {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
Path: C:\Program Files\AVG\AVG9\avgse.dll
C:\Program Files\AVG\AVG9\avgse.dll
109336 bytes
Created: 10/17/2009 8:09 PM
Modified: 10/17/2009 8:09 PM
Company: AVG Technologies CZ, s.r.o.
----------
Key: ShellExtension
CLSID: [empty]
----------
Key: {CA8ACAFA-5FBB-467B-B348-90DD488DE003}
Path: C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL
C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL
61440 bytes
Created: 2/27/2007 12:39 PM
Modified: 2/27/2007 12:39 PM
Company: SUPERAntiSpyware.com
----------
************************************************************
5:47:55 PM: Scanning ----- FOLDER\COLUMNHANDLERS -----
************************************************************
5:47:55 PM: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
BHO: C:\Program Files\AVG\AVG9\avgssie.dll
C:\Program Files\AVG\AVG9\avgssie.dll
1471768 bytes
Created: 10/17/2009 8:10 PM
Modified: 10/17/2009 8:10 PM
Company: AVG Technologies CZ, s.r.o.
----------
************************************************************
5:47:55 PM: Scanning ----- SHELLSERVICEOBJECTS -----
************************************************************
5:47:55 PM: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
************************************************************
5:47:55 PM: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.
************************************************************
5:47:55 PM: Scanning ----- APPINIT_DLLS -----
No APPINIT_DLLS value found to check
************************************************************
5:47:56 PM: Scanning ----- SECURITY PROVIDER DLLS -----
************************************************************
5:47:56 PM: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk.disabled
1757 bytes
Created: 12/2/2008 2:33 PM
Modified: 12/2/2008 2:33 PM
Company: [no info]
--------------------
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
-HS- 84 bytes
Created: 5/28/2004 5:53 AM
Modified: 5/28/2004 1:06 PM
Company: [no info]
--------------------
Windows Search.lnk - links to C:\PROGRA~1\WI459E~1\WINDOW~1.EXE
C:\PROGRA~1\WI459E~1\WINDOW~1.EXE
123904 bytes
Created: 5/26/2008 10:19 PM
Modified: 5/26/2008 10:19 PM
Company: Microsoft Corporation
--------------------
************************************************************
5:47:57 PM: Scanning ------ USER STARTUP GROUPS ------
--------------------
Checking Startup Group for: Administrator
[C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP]
The Startup Group for Administrator attempts to load the following file(s):
C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP\desktop(2).ini
-HS- 84 bytes
Created: 10/17/2009 11:01 AM
Modified: 5/28/2004 1:06 PM
Company: [no info]
C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP\desktop(2).ini - no action taken on this file
----------
C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 10/17/2009 11:01 AM
Modified: 5/28/2004 1:06 PM
Company: [no info]
----------
--------------------
Checking Startup Group for: Guest
[C:\Documents and Settings\Guest\START MENU\PROGRAMS\STARTUP]
The Startup Group for Guest attempts to load the following file(s):
C:\Documents and Settings\Guest\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 9/6/2004 10:03 AM
Modified: 5/28/2004 1:06 PM
Company: [no info]
----------
--------------------
Checking Startup Group for: JEFF
[C:\Documents and Settings\JEFF\START MENU\PROGRAMS\STARTUP]
The Startup Group for JEFF attempts to load the following file(s):
C:\Documents and Settings\JEFF\START MENU\PROGRAMS\STARTUP\desktop(2).ini
-HS- 84 bytes
Created: 6/23/2008 9:51 PM
Modified: 5/28/2004 1:06 PM
Company: [no info]
C:\Documents and Settings\JEFF\START MENU\PROGRAMS\STARTUP\desktop(2).ini - no action taken on this file
----------
C:\Documents and Settings\JEFF\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 6/23/2008 9:51 PM
Modified: 5/28/2004 1:06 PM
Company: [no info]
----------
--------------------
Checking Startup Group for: Owner
[C:\Documents and Settings\Owner\START MENU\PROGRAMS\STARTUP]
The Startup Group for Owner attempts to load the following file(s):
C:\Documents and Settings\Owner\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 5/28/2004 1:13 PM
Modified: 5/28/2004 1:06 PM
Company: [no info]
----------
************************************************************
5:47:59 PM: Scanning ----- SCHEDULED TASKS -----
No Scheduled Tasks found to scan
************************************************************
5:47:59 PM: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----
************************************************************
5:47:59 PM: Scanning ----- DEVICE DRIVER ENTRIES -----
Value: msacm.iac2
File: iac25_32.ax
C:\WINDOWS\system32\iac25_32.ax
199680 bytes
Created: 11/14/2002 12:58 PM
Modified: 4/14/2008 5:42 AM
Company: Intel Corporation
----------
************************************************************
5:47:59 PM: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hȋdden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\WINDOWS\wallpaper.bmp
C:\WINDOWS\wallpaper.bmp
2359350 bytes
Created: 12/12/2006 7:04 PM
Modified: 10/14/2009 9:38 PM
Company: [no info]
----------
Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
231677766 bytes
Created: 6/23/2009 8:49 AM
Modified: 10/14/2009 9:35 PM
Company: [no info]
----------
Checks for rogue DNS NameServers completed
----------
Additional checks completed
************************************************************
5:48:00 PM: Scanning ----- RUNNING PROCESSES -----
C:\WINDOWS\System32\smss.exe
50688 bytes
Created: 7/16/2003 1:45 PM
Modified: 4/14/2008 5:42 AM
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\csrss.exe
6144 bytes
Created: 7/16/2003 1:26 PM
Modified: 4/14/2008 5:42 AM
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\winlogon.exe
507904 bytes
Created: 7/16/2003 1:51 PM
Modified: 4/14/2008 5:42 AM
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\services.exe
110592 bytes
Created: 7/16/2003 1:44 PM
Modified: 2/6/2009 4:11 AM
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\lsass.exe
13312 bytes
Created: 7/16/2003 1:32 PM
Modified: 4/14/2008 5:42 AM
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\svchost.exe
14336 bytes
Created: 7/16/2003 1:47 PM
Modified: 4/14/2008 5:42 AM
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\Program Files\AVG\AVG9\avgchsvx.exe
1055000 bytes
Created: 10/17/2009 8:09 PM
Modified: 10/17/2009 8:10 PM
Company: AVG Technologies CZ, s.r.o.
--------------------
C:\Program Files\AVG\AVG9\avgrsx.exe
502040 bytes
Created: 10/17/2009 8:09 PM
Modified: 10/17/2009 8:09 PM
Company: AVG Technologies CZ, s.r.o.
--------------------
C:\Program Files\AVG\AVG9\avgcsrvx.exe
702744 bytes
Created: 10/17/2009 8:09 PM
Modified: 10/17/2009 8:09 PM
Company: AVG Technologies CZ, s.r.o.
--------------------
C:\WINDOWS\system32\spoolsv.exe
57856 bytes
Created: 7/16/2003 1:46 PM
Modified: 4/14/2008 5:42 AM
Company: Microsoft Corporation
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\Program Files\AVG\AVG9\avgwdsvc.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\Program Files\AVG\AVG9\avgemc.exe - file already scanned
--------------------
C:\Program Files\AVG\AVG9\avgnsx.exe
600344 bytes
Created: 10/17/2009 8:09 PM
Modified: 10/17/2009 8:09 PM
Company: AVG Technologies CZ, s.r.o.
--------------------
C:\WINDOWS\system32\SearchIndexer.exe
439808 bytes
Created: 5/26/2008 10:18 PM
Modified: 5/26/2008 10:18 PM
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\wuauclt.exe
53472 bytes
Created: 5/28/2004 1:01 PM
Modified: 8/6/2009 7:24 PM
Company: Microsoft Corporation
--------------------
C:\Program Files\AVG\AVG9\avgcsrvx.exe - file already scanned
--------------------
C:\WINDOWS\System32\alg.exe
44544 bytes
Created: 7/16/2003 1:24 PM
Modified: 4/14/2008 5:42 AM
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\wscntfy.exe
13824 bytes
Created: 8/4/2004 12:56 AM
Modified: 4/14/2008 5:42 AM
Company: Microsoft Corporation
--------------------
C:\WINDOWS\Explorer.EXE - file already scanned
--------------------
C:\WINDOWS\system32\ctfmon.exe - file already scanned
--------------------
C:\Documents and Settings\Owner\Application Data\Simply Super Software\Trojan Remover\cnr2.exe
FileSize: 3101560
[This is a Trojan Remover component]
--------------------
************************************************************
5:48:06 PM: Checking HOSTS file
No malicious entries were found in the HOSTS file
************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://go.microsoft.com/fwlink/?LinkId=69157HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://go.microsoft.com/fwlink/?LinkId=54896HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://go.microsoft.com/fwlink/?LinkId=69157HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://go.microsoft.com/fwlink/?LinkId=54896HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
http://ie.search.msn.comHKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
http://www.google.com/ieHKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.dogpile.com/HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 5:48:07 PM 20 Oct 2009
Total Scan time: 00:00:25
************************************************************
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.8.1.2591. For information, email
support@simplysup.com[Unregistered version]
Scan started at: 5:35:07 PM 20 Oct 2009
Using Database v7411
Operating System: Windows XP Home Edition (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Owner\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Documents and Settings\All Users\Application Data\Simply Super Software\Trojan Remover\Data\
Logfile directory: C:\Documents and Settings\Owner\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges
************************************************************
************************************************************
5:35:07 PM: ----- SCANNING FOR ROOTKIT SERVICES -----
No hȋdden Services were detected.
************************************************************
5:35:11 PM: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [Explorer.exe]
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1033728 bytes
Created: 7/16/2003 1:28 PM
Modified: 4/14/2008 5:42 AM
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\WINDOWS\system32\userinit.exe,]
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26112 bytes
Created: 7/16/2003 1:49 PM
Modified: 4/14/2008 5:42 AM
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
Key value: [logonui.exe]
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
514560 bytes
Created: 7/16/2003 1:32 PM
Modified: 4/14/2008 5:42 AM
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: Windows Defender
Value Data: "C:\Program Files\Windows Defender\MSASCui.exe" -hide
C:\Program Files\Windows Defender\MSASCui.exe
866584 bytes
Created: 11/3/2006 7:20 PM
Modified: 11/3/2006 7:20 PM
Company: Microsoft Corporation
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
1070984 bytes
Created: 10/20/2009 5:33 PM
Modified: 10/17/2009 8:35 PM
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: ctfmon.exe
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 7/16/2003 1:26 PM
Modified: 4/14/2008 5:42 AM
Company: Microsoft Corporation
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
************************************************************
5:35:13 PM: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------
ValueName: {56F9679E-7826-4C84-81F3-532071A8BCC5}
File: C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll
C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll
304128 bytes
Created: 5/26/2008 10:19 PM
Modified: 5/24/2009 10:41 PM
Company: Microsoft Corporation
----------
ValueName: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}
Value: Microsoft AntiMalware ShellExecuteHook
File: C:\PROGRA~1\WINDOW~4\MpShHook.dll
C:\PROGRA~1\WINDOW~4\MpShHook.dll
83224 bytes
Created: 11/3/2006 7:20 PM
Modified: 11/3/2006 7:20 PM
Company: Microsoft Corporation
----------
************************************************************
5:35:13 PM: Scanning -----hȋdden REGISTRY ENTRIES-----
Taskdir check completed
----------
No hȋdden File-loading Registry Entries found
----------
************************************************************
5:35:14 PM: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.
************************************************************
5:35:14 PM: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
************************************************************
5:35:14 PM: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: AppMgmt
%SystemRoot%\System32\appmgmts.dll - file is globally excluded (file cannot be found)
--------------------
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------
Key: NwSapAgent
Path: %SystemRoot%\System32\ipxsap.dll
C:\WINDOWS\System32\ipxsap.dll
66560 bytes
Created: 7/16/2003 1:30 PM
Modified: 7/16/2003 1:30 PM
Company: Microsoft Corporation
--------------------
Key: srservice
Path: %SystemRoot%\system32\srsvc.dll
C:\WINDOWS\system32\srsvc.dll
171008 bytes
Created: 5/28/2004 1:03 PM
Modified: 4/14/2008 5:42 AM
Company: Microsoft Corporation
--------------------
************************************************************
5:35:17 PM: Scanning ----- SERVICES REGISTRY KEYS -----
Key: avg9emc
ImagePath: "C:\Program Files\AVG\AVG9\avgemc.exe"
C:\Program Files\AVG\AVG9\avgemc.exe
906520 bytes
Created: 10/17/2009 8:09 PM
Modified: 10/17/2009 8:09 PM
Company: AVG Technologies CZ, s.r.o.
----------
Key: avg9wd
ImagePath: "C:\Program Files\AVG\AVG9\avgwdsvc.exe"
C:\Program Files\AVG\AVG9\avgwdsvc.exe
285392 bytes
Created: 10/17/2009 8:09 PM
Modified: 10/17/2009 8:09 PM
Company: AVG Technologies CZ, s.r.o.
----------
Key: AvgTdiX
ImagePath: \SystemRoot\System32\Drivers\avgtdix.sys
C:\WINDOWS\System32\Drivers\avgtdix.sys
360584 bytes
Created: 6/9/2008 9:23 PM
Modified: 10/17/2009 8:10 PM
Company: AVG Technologies CZ, s.r.o.
----------
Key: BANTExt
ImagePath: \SystemRoot\System32\Drivers\BANTExt.sys
C:\WINDOWS\System32\Drivers\BANTExt.sys
3840 bytes
Created: 1/2/2009 4:01 PM
Modified: 3/6/2008 11:51 AM
Company: [no info]
----------
Key: catchme
ImagePath: \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys - this file is globally excluded
----------
Key: CoachUsb
ImagePath: system32\DRIVERS\CoachUsb.sys
C:\WINDOWS\system32\DRIVERS\CoachUsb.sys
46944 bytes
Created: 7/26/2008 2:06 PM
Modified: 1/22/2004 12:41 PM
Company: FotoNation Ltd.
----------
Key: CoachVc
ImagePath: system32\DRIVERS\CoachVc.sys
C:\WINDOWS\system32\DRIVERS\CoachVc.sys - [file not found to scan]
----------
Key: ImapiService
ImagePath: %systemroot%\system32\imapi.exe
C:\WINDOWS\system32\imapi.exe
150528 bytes
Created: 7/16/2003 1:30 PM
Modified: 4/14/2008 5:42 AM
Company: Microsoft Corporation
----------
Key: MREMPR5
ImagePath: \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS
C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS
19345 bytes
Created: 9/25/2006 4:33 AM
Modified: 3/11/2007 2:37 PM
Company: Motive, Inc.
----------
Key: MRENDIS5
ImagePath: \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
18003 bytes
Created: 9/25/2006 4:33 AM
Modified: 3/11/2007 2:37 PM
Company: Motive, Inc.
----------
Key: NwlnkIpx
ImagePath: system32\DRIVERS\nwlnkipx.sys
C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
88320 bytes
Created: 7/16/2003 1:40 PM
Modified: 4/14/2008 12:26 AM
Company: Microsoft Corporation
----------
Key: NwlnkNb
ImagePath: system32\DRIVERS\nwlnknb.sys
C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
63232 bytes
Created: 7/16/2003 1:40 PM
Modified: 7/16/2003 1:40 PM
Company: Microsoft Corporation
----------
Key: NwlnkSpx
ImagePath: system32\DRIVERS\nwlnkspx.sys
C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
55936 bytes
Created: 7/16/2003 1:40 PM
Modified: 7/16/2003 1:40 PM
Company: Microsoft Corporation
----------
Key: SABProcEnum
ImagePath: \??\C:\Program Files\Internet Explorer\SABProcEnum.sys
C:\Program Files\Internet Explorer\SABProcEnum.sys - [file not found to scan]
----------
Key: SASENUM
ImagePath: \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
-R- 7408 bytes
Created: 9/15/2009 11:42 AM
Modified: 9/15/2009 11:42 AM
Company: SUPERAdBlocker.com and SUPERAntiSpyware.com
----------
Key: SVKP
ImagePath: \??\C:\WINDOWS\system32\SVKP.sys
C:\WINDOWS\system32\SVKP.sys - [file not found to scan]
----------
Key: SwPrv
ImagePath: C:\WINDOWS\System32\dllhost.exe /Processid:{D755A93D-E25D-4DDE-9969-30EC6DFA8F7A}
C:\WINDOWS\System32\dllhost.exe
5120 bytes
Created: 7/16/2003 1:27 PM
Modified: 4/14/2008 5:42 AM
Company: Microsoft Corporation
----------
Key: vsdatant
ImagePath: \??\C:\WINDOWS\System32\vsdatant.sys
C:\WINDOWS\System32\vsdatant.sys
228344 bytes
Created: 6/3/2004 5:23 PM
Modified: 2/17/2004 4:52 PM
Company: Zone Labs Inc.
----------
Key: WinDefend
ImagePath: "C:\Program Files\Windows Defender\MsMpEng.exe"
C:\Program Files\Windows Defender\MsMpEng.exe
13592 bytes
Created: 11/3/2006 7:19 PM
Modified: 11/3/2006 7:19 PM
Company: Microsoft Corporation
----------
Key: WpdUsb
ImagePath: System32\Drivers\wpdusb.sys
C:\WINDOWS\System32\Drivers\wpdusb.sys
38528 bytes
Created: 8/11/2004 1:45 AM
Modified: 10/18/2006 10:00 PM
Company: Microsoft Corporation
----------
Key: zntport
ImagePath: \??\C:\WINDOWS\system32\zntport.sys
C:\WINDOWS\system32\zntport.sys - [file not found to scan]
----------
************************************************************
5:35:22 PM: Scanning -----VXD ENTRIES-----
Checking the following VxD entries:
C:\WINDOWS\system32\JAVASUP.VXD
7315 bytes
Created: 5/31/2004 6:27 PM
Modified: 2/28/2003 4:54 PM
Company: [no info]
VxD Key = JAVASUP
----------
----------
************************************************************
5:35:23 PM: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key : igfxcui
DLLName: igfxsrvc.dll
C:\WINDOWS\system32\igfxsrvc.dll
348160 bytes
Created: 5/28/2004 3:18 PM
Modified: 10/19/2005 8:59 AM
Company: Intel Corporation
----------
************************************************************
5:35:23 PM: Scanning ----- CONTEXTMENUHANDLERS -----
Key: AVG9 Shell Extension
CLSID: {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
Path: C:\Program Files\AVG\AVG9\avgse.dll
C:\Program Files\AVG\AVG9\avgse.dll
109336 bytes
Created: 10/17/2009 8:09 PM
Modified: 10/17/2009 8:09 PM
Company: AVG Technologies CZ, s.r.o.
----------
Key: ShellExtension
CLSID: [empty]
----------
Key: {CA8ACAFA-5FBB-467B-B348-90DD488DE003}
Path: C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL
C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL
61440 bytes
Created: 2/27/2007 12:39 PM
Modified: 2/27/2007 12:39 PM
Company: SUPERAntiSpyware.com
----------
************************************************************
5:35:24 PM: Scanning ----- FOLDER\COLUMNHANDLERS -----
************************************************************
5:35:24 PM: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
BHO: C:\Program Files\AVG\AVG9\avgssie.dll
C:\Program Files\AVG\AVG9\avgssie.dll
1471768 bytes
Created: 10/17/2009 8:10 PM
Modified: 10/17/2009 8:10 PM
Company: AVG Technologies CZ, s.r.o.
----------
************************************************************
5:35:24 PM: Scanning ----- SHELLSERVICEOBJECTS -----
************************************************************
5:35:24 PM: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
************************************************************
5:35:24 PM: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.
************************************************************
5:35:24 PM: Scanning ----- APPINIT_DLLS -----
No APPINIT_DLLS value found to check
************************************************************
5:35:25 PM: Scanning ----- SECURITY PROVIDER DLLS -----
************************************************************
5:35:25 PM: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk.disabled
1757 bytes
Created: 12/2/2008 2:33 PM
Modified: 12/2/2008 2:33 PM
Company: [no info]
--------------------
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
-HS- 84 bytes
Created: 5/28/2004 5:53 AM
Modified: 5/28/2004 1:06 PM
Company: [no info]
--------------------
Windows Search.lnk - links to C:\PROGRA~1\WI459E~1\WINDOW~1.EXE
C:\PROGRA~1\WI459E~1\WINDOW~1.EXE
123904 bytes
Created: 5/26/2008 10:19 PM
Modified: 5/26/2008 10:19 PM
Company: Microsoft Corporation
--------------------
************************************************************
5:35:26 PM: Scanning ------ USER STARTUP GROUPS ------
--------------------
Checking Startup Group for: Administrator
[C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP]
The Startup Group for Administrator attempts to load the following file(s):
C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP\desktop(2).ini
-HS- 84 bytes
Created: 10/17/2009 11:01 AM
Modified: 5/28/2004 1:06 PM
Company: [no info]
C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP\desktop(2).ini - no action taken on this file
----------
C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 10/17/2009 11:01 AM
Modified: 5/28/2004 1:06 PM
Company: [no info]
----------
--------------------
Checking Startup Group for: Guest
[C:\Documents and Settings\Guest\START MENU\PROGRAMS\STARTUP]
The Startup Group for Guest attempts to load the following file(s):
C:\Documents and Settings\Guest\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 9/6/2004 10:03 AM
Modified: 5/28/2004 1:06 PM
Company: [no info]
----------
--------------------
Checking Startup Group for: JEFF
[C:\Documents and Settings\JEFF\START MENU\PROGRAMS\STARTUP]
The Startup Group for JEFF attempts to load the following file(s):
C:\Documents and Settings\JEFF\START MENU\PROGRAMS\STARTUP\desktop(2).ini
-HS- 84 bytes
Created: 6/23/2008 9:51 PM
Modified: 5/28/2004 1:06 PM
Company: [no info]
C:\Documents and Settings\JEFF\START MENU\PROGRAMS\STARTUP\desktop(2).ini - no action taken on this file
----------
C:\Documents and Settings\JEFF\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 6/23/2008 9:51 PM
Modified: 5/28/2004 1:06 PM
Company: [no info]
----------
--------------------
Checking Startup Group for: Owner
[C:\Documents and Settings\Owner\START MENU\PROGRAMS\STARTUP]
The Startup Group for Owner attempts to load the following file(s):
C:\Documents and Settings\Owner\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 5/28/2004 1:13 PM
Modified: 5/28/2004 1:06 PM
Company: [no info]
----------
************************************************************
5:35:28 PM: Scanning ----- SCHEDULED TASKS -----
No Scheduled Tasks found to scan
************************************************************
5:35:28 PM: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----
************************************************************
5:35:28 PM: Scanning ----- DEVICE DRIVER ENTRIES -----
Value: msacm.iac2
File: iac25_32.ax
C:\WINDOWS\system32\iac25_32.ax
199680 bytes
Created: 11/14/2002 12:58 PM
Modified: 4/14/2008 5:42 AM
Company: Intel Corporation
----------
************************************************************
5:35:29 PM: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hȋdden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
==============================
Restrictive Windows Explorer Policies found in force on this computer:
HKCU\Software\Microsoft\Internet Explorer\Download
CheckExeSignatures - default policy reset
RunInvalidSignatures - default policy reset
All Policy Values listed have been removed or reset
==============================
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\WINDOWS\wallpaper.bmp
C:\WINDOWS\wallpaper.bmp
2359350 bytes
Created: 12/12/2006 7:04 PM
Modified: 10/14/2009 9:38 PM
Company: [no info]
----------
Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
231677766 bytes
Created: 6/23/2009 8:49 AM
Modified: 10/14/2009 9:35 PM
Company: [no info]
----------
Checks for rogue DNS NameServers completed
----------
Additional checks completed
************************************************************
5:37:35 PM: Scanning ----- RUNNING PROCESSES -----
C:\WINDOWS\System32\smss.exe
50688 bytes
Created: 7/16/2003 1:45 PM
Modified: 4/14/2008 5:42 AM
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\csrss.exe
6144 bytes
Created: 7/16/2003 1:26 PM
Modified: 4/14/2008 5:42 AM
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\winlogon.exe
507904 bytes
Created: 7/16/2003 1:51 PM
Modified: 4/14/2008 5:42 AM
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\services.exe
110592 bytes
Created: 7/16/2003 1:44 PM
Modified: 2/6/2009 4:11 AM
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\lsass.exe
13312 bytes
Created: 7/16/2003 1:32 PM
Modified: 4/14/2008 5:42 AM
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\svchost.exe
14336 bytes
Created: 7/16/2003 1:47 PM
Modified: 4/14/2008 5:42 AM
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\Program Files\AVG\AVG9\avgchsvx.exe
1055000 bytes
Created: 10/17/2009 8:09 PM
Modified: 10/17/2009 8:10 PM
Company: AVG Technologies CZ, s.r.o.
--------------------
C:\Program Files\AVG\AVG9\avgrsx.exe
502040 bytes
Created: 10/17/2009 8:09 PM
Modified: 10/17/2009 8:09 PM
Company: AVG Technologies CZ, s.r.o.
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\Program Files\AVG\AVG9\avgcsrvx.exe
702744 bytes
Created: 10/17/2009 8:09 PM
Modified: 10/17/2009 8:09 PM
Company: AVG Technologies CZ, s.r.o.
--------------------
C:\WINDOWS\system32\spoolsv.exe
57856 bytes
Created: 7/16/2003 1:46 PM
Modified: 4/14/2008 5:42 AM
Company: Microsoft Corporation
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\Program Files\AVG\AVG9\avgwdsvc.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\SearchIndexer.exe
439808 bytes
Created: 5/26/2008 10:18 PM
Modified: 5/26/2008 10:18 PM
Company: Microsoft Corporation
--------------------
C:\Program Files\AVG\AVG9\avgemc.exe - file already scanned
--------------------
C:\Program Files\AVG\AVG9\avgnsx.exe
600344 bytes
Created: 10/17/2009 8:09 PM
Modified: 10/17/2009 8:09 PM
Company: AVG Technologies CZ, s.r.o.
--------------------
C:\Program Files\AVG\AVG9\avgcsrvx.exe - file already scanned
--------------------
C:\WINDOWS\System32\alg.exe
44544 bytes
Created: 7/16/2003 1:24 PM
Modified: 4/14/2008 5:42 AM
Company: Microsoft Corporation
--------------------
C:\WINDOWS\Explorer.EXE - file already scanned
--------------------
C:\WINDOWS\system32\ctfmon.exe - file already scanned
--------------------
C:\Program Files\Internet Explorer\IEXPLORE.EXE
638816 bytes
Created: 5/28/2004 1:03 PM
Modified: 3/8/2009 2:09 PM
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\wscntfy.exe
13824 bytes
Created: 8/4/2004 12:56 AM
Modified: 4/14/2008 5:42 AM
Company: Microsoft Corporation
--------------------
C:\Program Files\Internet Explorer\IEXPLORE.EXE - file already scanned
--------------------
C:\Documents and Settings\Owner\Application Data\Simply Super Software\Trojan Remover\kux80.exe
FileSize: 3101560
[This is a Trojan Remover component]
--------------------
************************************************************
5:37:41 PM: Checking HOSTS file
No malicious entries were found in the HOSTS file
************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://go.microsoft.com/fwlink/?LinkId=69157HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://go.microsoft.com/fwlink/?LinkId=54896HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://go.microsoft.com/fwlink/?LinkId=69157HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://go.microsoft.com/fwlink/?LinkId=54896HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
http://ie.search.msn.comHKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
http://www.google.com/ieHKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.dogpile.com/HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch************************************************************
=== CHANGES WERE MADE TO THE WINDOWS REGISTRY ===
Scan completed at: 5:37:41 PM 20 Oct 2009
Total Scan time: 00:02:34
************************************************************