wincodecpro infestation

Status
Not open for further replies.
Malwarebytes' Anti-Malware 1.36
Database version: 2118
Windows 5.1.2600 Service Pack 3

5/12/2009 9:53:42 PM
mbam-log-2009-05-12 (21-53-42).txt

Scan type: Quick Scan
Objects scanned: 86487
Time elapsed: 3 minute(s), 52 second(s)

Memory Processes Infected: 3
Memory Modules Infected: 0
Registry Keys Infected: 91
Registry Values Infected: 5
Registry Data Items Infected: 3
Folders Infected: 6
Files Infected: 7

Memory Processes Infected:
C:\Documents and Settings\All Users\Application Data\95779676\95779676.exe (Rogue.Multiple.H) -> Unloaded process successfully.
C:\Documents and Settings\All Users\Application Data\65789679\65789679.exe (Rogue.Multiple.H) -> Unloaded process successfully.
C:\Documents and Settings\All Users\Application Data\15769684\15769684.exe (Rogue.Installer) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCONSOL.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVP32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapw32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVNT.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVWNT.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCAN32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ZONEALARM.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\filemon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32X.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPF.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OllyDBG.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regtool.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\niu.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\A2SERVICE.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGNT.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGUARD.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSCAN.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdagent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CASECURITYCENTER.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EKRN.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FAMEH32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPAVSERVER.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPWIN.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSAV32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSGK32ST.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSMA32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwadins.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebupw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GFRing3.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArcaCheck.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arcavir.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashEnhcd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashServ.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashUpd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswUpdSv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avadmin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcls.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz4.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz_se.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdinit.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caav.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caavguiscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccupdate.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpupdat.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdagent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRWEB32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fpscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardgui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxservice.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxup.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navigator.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVSTUB.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nvcc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\preupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pskdr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SfFnUp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Vba32arkit.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vba32ldr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zanda.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zlh.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zoneband.dll (Security.Hijack) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\15769684 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\95779676 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\65789679 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\All Users\Application Data\15769684 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\95779676 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\65789679 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\Program Files\MyWaySA (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWaySA\SrchAsDe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWaySA\SrchAsDe\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\All Users\Application Data\15769684\15769684.exe (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\15769684\15769684.glu (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\15769684\pc15769684cnf (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\15769684\pc15769684ins (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\95779676\95779676.exe (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\65789679\65789679.exe (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
 
Well that turned out good. Malwarebytes deleted a lof of junk. Can you reboot and run it again, look to see if it deleted more items.

Are you still having the same issues now?
 
Malwarebytes' Anti-Malware 1.36
Database version: 2135
Windows 5.1.2600 Service Pack 3

5/15/2009 3:44:54 PM
mbam-log-2009-05-15 (15-44-54).txt

Scan type: Full Scan (C:\|)
Objects scanned: 164161
Time elapsed: 1 hour(s), 10 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispAppearancePage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




Still have the problem.

Trojan Remover is doing a quick scan on boot and is finding a task manager debugger as the PC boots and removes it each time but it comes back on next boot. The video looks ok on boot but resets to less than a wide screen after a few minutes.
 
***** THE SYSTEM HAS BEEN RESTARTED *****
5/15/2009 6:03:25 PM: Trojan Remover has been restarted
=======================================================
Deleting the following registry value(s):
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\[Debugger] - deleted
=======================================================
5/15/2009 6:03:25 PM: Trojan Remover closed
************************************************************


***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.8.2577. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 6:00:10 PM 15 May 2009
Using Database v7330
Operating System: Windows XP Home Edition (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Tim Murphy\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Documents and Settings\All Users\Application Data\Simply Super Software\Trojan Remover\Data\
Logfile directory: C:\Documents and Settings\Tim Murphy\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************

************************************************************
6:00:10 PM: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
6:00:12 PM: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [Explorer.exe]
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1033728 bytes
Created: 8/10/2004 2:51 PM
Modified: 4/13/2008 8:12 PM
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\WINDOWS\system32\userinit.exe,]
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26112 bytes
Created: 8/10/2004 2:51 PM
Modified: 4/13/2008 8:12 PM
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
Key value: [logonui.exe]
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
514560 bytes
Created: 8/10/2004 2:51 PM
Modified: 4/13/2008 8:12 PM
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: AVG8_TRAY
Value Data: C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
1601304 bytes
Created: 2/16/2009 5:35 PM
Modified: 2/16/2009 5:35 PM
Company: AVG Technologies CZ, s.r.o.
--------------------
Value Name: d
Value Data: C:\Program Files\Java\jre6\bin\dejusched.exe
C:\Program Files\Java\jre6\bin\dejusched.exe
67584 bytes
Created: 5/12/2009 7:33 PM
Modified: 5/12/2009 7:33 PM
Company: [no info]
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
1059208 bytes
Created: 5/13/2009 10:44 PM
Modified: 5/10/2009 1:59 PM
Company: Simply Super Software
--------------------
Value Name: dellsupportcenter
Value Data: "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
206064 bytes
Created: 8/13/2008 6:32 PM
Modified: 8/13/2008 6:32 PM
Company: SupportSoft, Inc.
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: ctfmon.exe
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 8/10/2004 2:51 PM
Modified: 4/13/2008 8:12 PM
Company: Microsoft Corporation
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty

************************************************************
6:00:14 PM: Scanning -----SHELLEXECUTEHOOKS-----
ShellExecuteHooks key is empty

************************************************************
6:00:14 PM: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
6:00:15 PM: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.

************************************************************
6:00:15 PM: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}
Path: "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
C:\WINDOWS\system32\rundll32.exe
33280 bytes
Created: 8/10/2004 2:51 PM
Modified: 4/13/2008 8:12 PM
Company: Microsoft Corporation
----------
Key: {44BBA851-CC51-11CF-AAFA-00AA00B6015C}
Path: rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\wpie4x86.inf,PerUserStub
C:\WINDOWS\INF\wpie4x86.inf
8644 bytes
Created: 10/23/1997 9:33 AM
Modified: 10/23/1997 9:33 AM
Company: [no info]
----------

************************************************************
6:00:16 PM: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: AppMgmt
%SystemRoot%\System32\appmgmts.dll - file is globally excluded (file cannot be found)
--------------------
Key: BITS
Path: %systemroot%\system32\qmgr.dll
C:\WINDOWS\system32\qmgr.dll
409088 bytes
Created: 8/10/2004 3:02 PM
Modified: 4/13/2008 8:12 PM
Company: Microsoft Corporation
--------------------

************************************************************
6:00:16 PM: Scanning ----- SERVICES REGISTRY KEYS -----
Key: Appdrv
ImagePath: \??\C:\Program Files\Dell\NICCONFIGSVC\Appdrv.sys
C:\Program Files\Dell\NICCONFIGSVC\Appdrv.sys
16128 bytes
Created: 3/3/2005 12:00 AM
Modified: 6/30/2004 11:39 AM
Company: Dell Inc
----------
Key: avg8emc
ImagePath: C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
903960 bytes
Created: 2/16/2009 5:35 PM
Modified: 2/16/2009 5:35 PM
Company: AVG Technologies CZ, s.r.o.
----------
Key: avg8wd
ImagePath: C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
298264 bytes
Created: 2/16/2009 5:35 PM
Modified: 2/16/2009 5:35 PM
Company: AVG Technologies CZ, s.r.o.
----------
Key: AvgLdx86
ImagePath: \SystemRoot\System32\Drivers\avgldx86.sys
C:\WINDOWS\System32\Drivers\avgldx86.sys
325128 bytes
Created: 2/16/2009 5:35 PM
Modified: 2/16/2009 5:35 PM
Company: AVG Technologies CZ, s.r.o.
----------
Key: AvgMfx86
ImagePath: \SystemRoot\System32\Drivers\avgmfx86.sys
C:\WINDOWS\System32\Drivers\avgmfx86.sys
27656 bytes
Created: 2/16/2009 5:35 PM
Modified: 2/16/2009 5:35 PM
Company: AVG Technologies CZ, s.r.o.
----------
Key: AvgTdiX
ImagePath: \SystemRoot\System32\Drivers\avgtdix.sys
C:\WINDOWS\System32\Drivers\avgtdix.sys
107272 bytes
Created: 2/16/2009 5:35 PM
Modified: 2/16/2009 5:35 PM
Company: AVG Technologies CZ, s.r.o.
----------
Key: AX88172
ImagePath: system32\DRIVERS\ax88172.sys
C:\WINDOWS\system32\DRIVERS\ax88172.sys
-R- 10496 bytes
Created: 3/9/2005 3:52 PM
Modified: 3/27/2003 1:20 PM
Company: ASIX Electronics Corp.
----------
Key: catchme
ImagePath: \??\C:\DOCUME~1\TIMMUR~1\LOCALS~1\Temp\catchme.sys - this file is globally excluded
----------
Key: dot4
ImagePath: system32\DRIVERS\Dot4.sys
C:\WINDOWS\system32\DRIVERS\Dot4.sys
206976 bytes
Created: 3/9/2005 9:46 AM
Modified: 4/13/2008 2:39 PM
Company: Microsoft Corporation
----------
Key: Dot4Print
ImagePath: system32\DRIVERS\Dot4Prt.sys
C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
12928 bytes
Created: 3/9/2005 9:46 AM
Modified: 8/17/2001 2:47 PM
Company: Microsoft Corporation
----------
Key: Dot4Scan
ImagePath: system32\DRIVERS\Dot4Scan.sys
C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys
8704 bytes
Created: 3/9/2005 9:46 AM
Modified: 8/17/2001 2:47 PM
Company: Microsoft Corporation
----------
Key: dot4usb
ImagePath: system32\DRIVERS\dot4usb.sys
C:\WINDOWS\system32\DRIVERS\dot4usb.sys
23808 bytes
Created: 3/9/2005 9:46 AM
Modified: 8/17/2001 2:47 PM
Company: Microsoft Corporation
----------
Key: dwusbdnt
ImagePath: system32\DRIVERS\dwusbdnt.sys
C:\WINDOWS\system32\DRIVERS\dwusbdnt.sys
10368 bytes
Created: 4/29/2009 8:44 PM
Modified: 5/24/2002 11:52 AM
Company: Digit@lway Co., Ltd.
----------
Key: elagopro
ImagePath: system32\DRIVERS\elagopro.sys
C:\WINDOWS\system32\DRIVERS\elagopro.sys
-S- 28672 bytes
Created: 3/22/2007 12:57 PM
Modified: 3/22/2007 12:57 PM
Company: Gteko Ltd.
----------
Key: elaunidr
ImagePath: system32\DRIVERS\elaunidr.sys
C:\WINDOWS\system32\DRIVERS\elaunidr.sys
-S- 5376 bytes
Created: 3/22/2007 12:57 PM
Modified: 3/22/2007 12:57 PM
Company: Gteko Ltd.
----------
Key: EvtEng
ImagePath: C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
86016 bytes
Created: 9/7/2004 6:02 PM
Modified: 9/7/2004 6:02 PM
Company: Intel Corporation
----------
Key: gupdate1c9d4c62c1a6df4
ImagePath: "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc
C:\Program Files\Google\Update\GoogleUpdate.exe
133104 bytes
Created: 5/14/2009 2:59 PM
Modified: 5/14/2009 2:59 PM
Company: Google Inc.
----------
Key: HSFHWICH
ImagePath: system32\DRIVERS\HSFHWICH.sys
C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
208384 bytes
Created: 3/2/2005 11:26 PM
Modified: 5/3/2005 3:08 PM
Company: Conexant Systems, Inc.
----------
Key: ImapiService
ImagePath: %systemroot%\system32\imapi.exe
C:\WINDOWS\system32\imapi.exe
150528 bytes
Created: 8/10/2004 2:51 PM
Modified: 4/13/2008 8:12 PM
Company: Microsoft Corporation
----------
Key: IWCA
ImagePath: system32\DRIVERS\iwca.sys
C:\WINDOWS\system32\DRIVERS\iwca.sys
234496 bytes
Created: 8/12/2004 10:44 AM
Modified: 8/12/2004 10:44 AM
Company: Intel Corporation
----------
Key: Lavasoft Ad-Aware Service
ImagePath: "C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe"
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
953168 bytes
Created: 1/18/2009 5:34 PM
Modified: 5/4/2009 4:37 PM
Company: Lavasoft
----------
Key: Lbd
ImagePath: system32\DRIVERS\Lbd.sys
C:\WINDOWS\system32\DRIVERS\Lbd.sys
64160 bytes
Created: 2/16/2009 5:35 PM
Modified: 5/4/2009 4:37 PM
Company: Lavasoft AB
----------
Key: MXOFX
ImagePath: system32\DRIVERS\MXOFX.SYS
C:\WINDOWS\system32\DRIVERS\MXOFX.SYS
32640 bytes
Created: 10/10/2003 12:23 PM
Modified: 10/10/2003 12:23 PM
Company: Cypress Semiconductor
----------
Key: MXOPSWD
ImagePath: system32\DRIVERS\mxopswd.sys
C:\WINDOWS\system32\DRIVERS\mxopswd.sys
14592 bytes
Created: 8/9/2004 6:49 PM
Modified: 8/9/2004 6:49 PM
Company: Maxtor Corp.
----------
Key: NICCONFIGSVC
ImagePath: C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
356352 bytes
Created: 3/3/2005 12:00 AM
Modified: 11/11/2004 8:18 PM
Company: Dell Inc.
----------
Key: Pml Driver HPZ12
ImagePath: C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\HPZipm12.exe
73728 bytes
Created: 8/27/2006 5:32 PM
Modified: 8/9/2007 3:27 AM
Company: HP
----------
Key: RegSrvc
ImagePath: C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
139264 bytes
Created: 9/7/2004 6:02 PM
Modified: 9/7/2004 6:02 PM
Company: Intel Corporation
----------
Key: RimSerPort
ImagePath: system32\DRIVERS\RimSerial.sys
C:\WINDOWS\system32\DRIVERS\RimSerial.sys
-R- 26496 bytes
Created: 4/1/2006 10:13 AM
Modified: 1/18/2007 10:24 AM
Company: Research in Motion Ltd
----------
Key: RimUsb
ImagePath: System32\Drivers\RimUsb.sys
C:\WINDOWS\System32\Drivers\RimUsb.sys - [file not found to scan]
----------
Key: RimVSerPort
ImagePath: system32\DRIVERS\RimSerial.sys
C:\WINDOWS\system32\DRIVERS\RimSerial.sys
-R- 26496 bytes
Created: 4/1/2006 10:13 AM
Modified: 1/18/2007 10:24 AM
Company: Research in Motion Ltd
----------
Key: RoxLiveShare9
ImagePath: "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe"
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe - [file not found to scan]
----------
Key: S24EventMonitor
ImagePath: C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
360521 bytes
Created: 9/7/2004 6:05 PM
Modified: 9/7/2004 6:05 PM
Company: Intel Corporation
----------
Key: Ser2pl
ImagePath: system32\DRIVERS\ser2pl.sys
C:\WINDOWS\system32\DRIVERS\ser2pl.sys
-R- 41344 bytes
Created: 3/9/2005 3:54 PM
Modified: 2/18/2003 12:04 PM
Company: Prolific Technology Inc.
----------
Key: SONYPVU1
ImagePath: system32\DRIVERS\SONYPVU1.SYS
C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
7552 bytes
Created: 3/26/2005 9:04 AM
Modified: 8/17/2001 2:56 PM
Company: Sony Corporation
----------
Key: sprtsvc_dellsupportcenter
ImagePath: C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
201968 bytes
Created: 8/13/2008 6:32 PM
Modified: 8/13/2008 6:32 PM
Company: SupportSoft, Inc.
----------
Key: sscdbhk5
ImagePath: system32\drivers\sscdbhk5.sys
C:\WINDOWS\system32\drivers\sscdbhk5.sys
5627 bytes
Created: 3/3/2005 12:27 AM
Modified: 7/14/2004 1:29 PM
Company: Sonic Solutions
----------
Key: ssrtln
ImagePath: system32\drivers\ssrtln.sys
C:\WINDOWS\system32\drivers\ssrtln.sys
23545 bytes
Created: 3/3/2005 12:27 AM
Modified: 7/14/2004 1:28 PM
Company: Sonic Solutions
----------
Key: tfsnboio
ImagePath: system32\dla\tfsnboio.sys
C:\WINDOWS\system32\dla\tfsnboio.sys
25883 bytes
Created: 3/3/2005 12:27 AM
Modified: 12/6/2004 3:05 AM
Company: Sonic Solutions
----------
Key: tfsncofs
ImagePath: system32\dla\tfsncofs.sys
C:\WINDOWS\system32\dla\tfsncofs.sys
34843 bytes
Created: 3/3/2005 12:27 AM
Modified: 12/6/2004 3:05 AM
Company: Sonic Solutions
----------
Key: tfsndrct
ImagePath: system32\dla\tfsndrct.sys
C:\WINDOWS\system32\dla\tfsndrct.sys
4123 bytes
Created: 3/3/2005 12:27 AM
Modified: 12/6/2004 3:05 AM
Company: Sonic Solutions
----------
Key: tfsndres
ImagePath: system32\dla\tfsndres.sys
C:\WINDOWS\system32\dla\tfsndres.sys
2239 bytes
Created: 3/3/2005 12:27 AM
Modified: 12/6/2004 3:05 AM
Company: Sonic Solutions
----------
Key: tfsnifs
ImagePath: system32\dla\tfsnifs.sys
C:\WINDOWS\system32\dla\tfsnifs.sys
86586 bytes
Created: 3/3/2005 12:27 AM
Modified: 12/6/2004 3:05 AM
Company: Sonic Solutions
----------
Key: tfsnopio
ImagePath: system32\dla\tfsnopio.sys
C:\WINDOWS\system32\dla\tfsnopio.sys
15227 bytes
Created: 3/3/2005 12:27 AM
Modified: 12/6/2004 3:05 AM
Company: Sonic Solutions
----------
Key: tfsnpool
ImagePath: system32\dla\tfsnpool.sys
C:\WINDOWS\system32\dla\tfsnpool.sys
6363 bytes
Created: 3/3/2005 12:27 AM
Modified: 12/6/2004 3:05 AM
Company: Sonic Solutions
----------
Key: tfsnudf
ImagePath: system32\dla\tfsnudf.sys
C:\WINDOWS\system32\dla\tfsnudf.sys
98714 bytes
Created: 3/3/2005 12:27 AM
Modified: 12/6/2004 3:05 AM
Company: Sonic Solutions
----------
Key: tfsnudfa
ImagePath: system32\dla\tfsnudfa.sys
C:\WINDOWS\system32\dla\tfsnudfa.sys
100603 bytes
Created: 3/3/2005 12:27 AM
Modified: 12/6/2004 3:05 AM
Company: Sonic Solutions
----------
Key: usb_rndisx
ImagePath: system32\DRIVERS\usb8023x.sys
C:\WINDOWS\system32\DRIVERS\usb8023x.sys
12800 bytes
Created: 10/20/2007 8:12 AM
Modified: 4/13/2008 2:56 PM
Company: Microsoft Corporation
----------
Key: VNUSB
ImagePath: system32\DRIVERS\VNUSB.sys
C:\WINDOWS\system32\DRIVERS\VNUSB.sys - [file not found to scan]
----------
Key: w29n51
ImagePath: system32\DRIVERS\w29n51.sys
C:\WINDOWS\system32\DRIVERS\w29n51.sys
3210496 bytes
Created: 3/2/2005 11:21 PM
Modified: 10/21/2004 10:56 PM
Company: Intel® Corporation
----------
Key: wanatw
ImagePath: system32\DRIVERS\wanatw4.sys
C:\WINDOWS\system32\DRIVERS\wanatw4.sys - [file not found to scan]
----------
Key: WLANKEEPER
ImagePath: C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
225353 bytes
Created: 9/7/2004 6:12 PM
Modified: 9/7/2004 6:12 PM
Company: Intel® Corporation
----------
Key: WMPNetworkSvc
ImagePath: C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
823808 bytes
Created: 5/9/2006 9:03 PM
Modified: 5/9/2006 9:03 PM
Company: Microsoft Corporation
----------

************************************************************
*******************
 
6:00:29 PM: Scanning -----VXD ENTRIES-----
Checking the following VxD entries:
C:\WINDOWS\system32\JAVASUP.VXD
7315 bytes
Created: 6/9/2005 9:06 AM
Modified: 2/28/2003 4:54 PM
Company: [no info]
VxD Key = JAVASUP
----------
----------

************************************************************
6:00:30 PM: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key : IntelWireless
DLLName: C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
110592 bytes
Created: 9/7/2004 6:08 PM
Modified: 9/7/2004 6:08 PM
Company: Intel Corporation
----------

************************************************************
6:00:30 PM: Scanning ----- CONTEXTMENUHANDLERS -----
Key: AVG8 Shell Extension
CLSID: {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
Path: C:\Program Files\AVG\AVG8\avgse.dll
C:\Program Files\AVG\AVG8\avgse.dll
117528 bytes
Created: 2/16/2009 5:35 PM
Modified: 2/16/2009 5:35 PM
Company: AVG Technologies CZ, s.r.o.
----------
Key: LavasoftShellExt
CLSID: {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F}
Path: C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll
C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll
82784 bytes
Created: 1/18/2009 5:34 PM
Modified: 5/4/2009 4:37 PM
Company:
----------
Key: ShellExtension
CLSID: [empty]
----------

************************************************************
6:00:30 PM: Scanning ----- FOLDER\COLUMNHANDLERS -----

************************************************************
6:00:30 PM: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
BHO: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
62080 bytes
Created: 10/23/2006 12:08 AM
Modified: 10/23/2006 12:08 AM
Company: Adobe Systems Incorporated
----------
Key: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
BHO: C:\Program Files\AVG\AVG8\avgssie.dll
C:\Program Files\AVG\AVG8\avgssie.dll
1078552 bytes
Created: 2/16/2009 5:35 PM
Modified: 2/16/2009 5:35 PM
Company: AVG Technologies CZ, s.r.o.
----------
Key: {5CA3D70E-1895-11CF-8E15-001234567890}
BHO: C:\WINDOWS\system32\dla\tfswshx.dll
C:\WINDOWS\system32\dla\tfswshx.dll
118842 bytes
Created: 3/3/2005 12:27 AM
Modified: 12/6/2004 3:05 AM
Company: Sonic Solutions
----------
Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
BHO: C:\Program Files\Java\jre6\bin\ssv.dll
C:\Program Files\Java\jre6\bin\ssv.dll
320920 bytes
Created: 4/29/2009 3:35 PM
Modified: 4/29/2009 3:35 PM
Company: Sun Microsystems, Inc.
----------
Key: {DBC80044-A445-435b-BC74-9C25C1C588A9}
BHO: C:\Program Files\Java\jre6\bin\jp2ssv.dll
C:\Program Files\Java\jre6\bin\jp2ssv.dll
34816 bytes
Created: 4/29/2009 3:35 PM
Modified: 4/29/2009 3:35 PM
Company: Sun Microsystems, Inc.
----------
Key: {E7E6F031-17CE-4C07-BC86-EABFE594F69C}
BHO: C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
73728 bytes
Created: 4/29/2009 3:35 PM
Modified: 4/29/2009 3:35 PM
Company: Sun Microsystems, Inc.
----------

************************************************************
6:00:31 PM: Scanning ----- SHELLSERVICEOBJECTS -----
Key: SysTray
CLSID: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Path: %systemroot%\system32\stobject.dll
C:\WINDOWS\system32\stobject.dll
121856 bytes
Created: 8/10/2004 2:51 PM
Modified: 4/13/2008 8:12 PM
Company: Microsoft Corporation
----------

************************************************************
6:00:31 PM: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

************************************************************
6:00:31 PM: Scanning ----- IMAGEFILE DEBUGGERS -----
Key = taskmgr.exe
Debugger entry = E3004 - this entry has been removed [file not found to scan]
----------

************************************************************
6:00:48 PM: Scanning ----- APPINIT_DLLS -----
No APPINIT_DLLS value found to check

************************************************************
6:00:49 PM: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************************
6:00:49 PM: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
-HS- 84 bytes
Created: 8/10/2004 2:57 PM
Modified: 8/10/2004 3:04 PM
Company: [no info]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini - no action taken on this file
--------------------

************************************************************
6:00:49 PM: Scanning ------ USER STARTUP GROUPS ------
--------------------
Checking Startup Group for: Administrator
[C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP]
The Startup Group for Administrator attempts to load the following file(s):
C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 6/16/2006 1:28 PM
Modified: 8/10/2004 3:04 PM
Company: [no info]
C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP\desktop.ini - no action taken on this file
----------
--------------------
Checking Startup Group for: Tim Murphy
[C:\Documents and Settings\Tim Murphy\START MENU\PROGRAMS\STARTUP]
The Startup Group for Tim Murphy attempts to load the following file(s):
C:\Documents and Settings\Tim Murphy\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 3/8/2005 5:02 PM
Modified: 8/10/2004 3:04 PM
Company: [no info]
C:\Documents and Settings\Tim Murphy\START MENU\PROGRAMS\STARTUP\desktop.ini - no action taken on this file
----------

************************************************************
6:00:49 PM: Scanning ----- SCHEDULED TASKS -----
Taskname: Ad-Aware Update (Weekly)
File: C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
552808 bytes
Created: 1/18/2009 5:34 PM
Modified: 5/4/2009 4:37 PM
Company: Lavasoft
Parameters: update all silent
Schedule: At 16:35 every Mon of every week, starting 2/16/2009
Next Run Time: 5/18/2009 4:35:00 PM
Status: Ready
Status: SYSTEM
Comments: This will perform a scheduled update with Ad-Aware
----------
Taskname: GoogleUpdateTaskMachine
File: C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
133104 bytes
Created: 5/14/2009 2:59 PM
Modified: 5/14/2009 2:59 PM
Company: Google Inc.
Parameters: /c
Schedule: Multiple schedule times
Next Run Time:
Status: Ready
Status: Tim Murphy
Comments: Keeps your Google software up to date. If this task is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This task uninstalls itself when there is no Google software using it.
----------
Taskname: McAfee.com Scan for Viruses - My Computer (1) (TIM-Tim Murphy)
File: c:\program files\mcafee.com\vso\mcmnhdlr.exe
Parameters: /runtask:1
Schedule: At 18:30 every Fri of every week, starting 3/8/2005
Next Run Time: 5/15/2009 6:30:00 PM
Status: Has not run
Status: Tim Murphy
Comments: McAfee.com Scan for Viruses - My Computer
c:\program files\mcafee.com\vso\mcmnhdlr.exe - [file not found to scan]
----------

************************************************************
6:00:50 PM: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----

************************************************************
6:00:50 PM: Scanning ----- DEVICE DRIVER ENTRIES -----
Value: MSACM.MI-SC4
File: MI-SC4.acm
C:\WINDOWS\system32\MI-SC4.acm
57344 bytes
Created: 4/29/2009 8:44 PM
Modified: 4/20/1999 5:34 PM
Company: Micronas Intermetall
----------

************************************************************
6:00:50 PM: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper entry is blank
----------
Web Desktop Wallpaper: %USERPROFILE%\d
C:\Documents and Settings\Tim Murphy\d
3534 bytes
Created: 5/12/2009 10:13 PM
Modified: 5/15/2009 5:33 PM
Company: [no info]
----------
Checks for rogue DNS NameServers completed
----------
----------
Additional checks completed

************************************************************
6:00:51 PM: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
50688 bytes
Created: 8/10/2004 2:51 PM
Modified: 4/13/2008 8:12 PM
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\csrss.exe
6144 bytes
Created: 8/10/2004 2:50 PM
Modified: 4/13/2008 8:12 PM
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\winlogon.exe
507904 bytes
Created: 8/10/2004 2:51 PM
Modified: 4/13/2008 8:12 PM
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\services.exe
110592 bytes
Created: 8/10/2004 2:51 PM
Modified: 2/6/2009 7:11 AM
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\lsass.exe
13312 bytes
Created: 8/10/2004 2:51 PM
Modified: 4/13/2008 8:12 PM
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\svchost.exe
14336 bytes
Created: 8/10/2004 2:51 PM
Modified: 4/13/2008 8:12 PM
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe - file already scanned
--------------------
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe - file already scanned
--------------------
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe - file already scanned
--------------------
C:\WINDOWS\system32\spoolsv.exe
57856 bytes
Created: 8/10/2004 2:51 PM
Modified: 4/13/2008 8:12 PM
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe - file already scanned
--------------------
C:\Program Files\Java\jre6\bin\jqs.exe
152984 bytes
Created: 4/29/2009 3:35 PM
Modified: 4/29/2009 3:35 PM
Company: Sun Microsystems, Inc.
--------------------
C:\Program Files\Google\Update\GoogleUpdate.exe - file already scanned
--------------------
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
49152 bytes
Created: 6/20/2006 9:08 PM
Modified: 6/20/2006 9:08 PM
Company: Hewlett-Packard Company
--------------------
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
322120 bytes
Created: 6/20/2003 1:25 AM
Modified: 6/20/2003 1:25 AM
Company: Microsoft Corporation
--------------------
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe - file already scanned
--------------------
C:\WINDOWS\system32\HPZipm12.exe - file already scanned
--------------------
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe - file already scanned
--------------------
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
201968 bytes
Created: 8/13/2008 6:32 PM
Modified: 8/13/2008 6:32 PM
Company: SupportSoft, Inc.
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\PROGRA~1\AVG\AVG8\avgemc.exe - file already scanned
--------------------
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
484120 bytes
Created: 2/16/2009 5:35 PM
Modified: 2/16/2009 5:35 PM
Company: AVG Technologies CZ, s.r.o.
--------------------
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
592128 bytes
Created: 2/16/2009 5:35 PM
Modified: 2/16/2009 5:35 PM
Company: AVG Technologies CZ, s.r.o.
--------------------
C:\Program Files\AVG\AVG8\avgcsrvx.exe
687896 bytes
Created: 2/16/2009 5:35 PM
Modified: 2/16/2009 5:35 PM
Company: AVG Technologies CZ, s.r.o.
--------------------
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
389120 bytes
Created: 9/7/2004 6:08 PM
Modified: 9/7/2004 6:08 PM
Company: Intel Corporation
--------------------
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
245760 bytes
Created: 9/7/2004 6:03 PM
Modified: 9/7/2004 6:03 PM
Company: Intel
--------------------
C:\WINDOWS\system32\wbem\unsecapp.exe
16896 bytes
Created: 8/10/2004 3:01 PM
Modified: 8/4/2004 7:00 AM
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\wbem\wmiprvse.exe
227840 bytes
Created: 8/10/2004 3:01 PM
Modified: 2/6/2009 6:10 AM
Company: Microsoft Corporation
--------------------
C:\WINDOWS\System32\alg.exe
44544 bytes
Created: 8/10/2004 2:50 PM
Modified: 4/13/2008 8:12 PM
Company: Microsoft Corporation
--------------------
C:\WINDOWS\Explorer.EXE - file already scanned
--------------------
C:\Program Files\Java\jre6\bin\dejusched.exe - file already scanned
--------------------
C:\Program Files\Dell Support Center\bin\sprtcmd.exe - file already scanned
--------------------
C:\WINDOWS\system32\ctfmon.exe - file already scanned
--------------------
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
516440 bytes
Created: 1/18/2009 5:34 PM
Modified: 5/4/2009 4:37 PM
Company: Lavasoft
--------------------
C:\Documents and Settings\Tim Murphy\Application Data\Simply Super Software\Trojan Remover\xhh4.exe
FileSize: 2945912
[This is a Trojan Remover component]
--------------------

************************************************************
 
6:00:56 PM: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************************
=== CHANGES WERE MADE TO THE WINDOWS REGISTRY ===
Scan completed at: 6:00:56 PM 15 May 2009
Total Scan time: 00:00:45
-------------------------------------------------------------------------
One or more files could not be moved or renamed as requested.
They may be in use by Windows, so Trojan Remover needs
to restart the system in order to deal with these files.
5/15/2009 6:01:03 PM: restart commenced
************************************************************


***** WINDOWS EXPLORER POLICIES RESET *****
Trojan Remover Ver 6.7.8.2577. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 5:56:40 PM 15 May 2009
Using Database v7330
Operating System: Windows XP Home Edition (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Tim Murphy\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Documents and Settings\All Users\Application Data\Simply Super Software\Trojan Remover\Data\
Logfile directory: C:\Documents and Settings\Tim Murphy\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************
The following Anti-Malware program(s) are loaded:
AVG Anti-Virus
AVG Anti-Virus

************************************************************

Checking for HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
- this key has been removed
----------
Checking for HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum
- no action required on this key as it does not exist
Checking for HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
- no action required: value either does not exist or is set to False
Checking for HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{450D8FBA-AD25-11D0-98A8-0800361B1103}
- no action required: value either does not exist or is set to False
----------
Checking for HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun
- no action required on this key as it does not exist
----------
Checking Values in:
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Value: DisallowRun - value does not exist, no action required
Value: NoActiveDesktopChanges - value does not exist, no action required
Value: NoActiveDesktop - not set, no action required
Value: NoFileMenu - value does not exist, no action required
Value: NoClose - value does not exist, no action required
Value: NoDesktop - value does not exist, no action required
Value: NoDrives - value does not exist, no action required
Value: NoFind - value does not exist, no action required
Value: NoFolderOptions - value does not exist, no action required
Value: NoRun - value does not exist, no action required
Value: NoFavoritesMenu - value does not exist, no action required
Value: NoSetFolders - value does not exist, no action required
Value: NoControlPanel - value does not exist, no action required
----------
Checking Values in:
HKCU\Control Panel\Desktop
----------
Checking HKCU ActiveDesktop Policies:
----------
Checking HKCU Add/Remove Programs Policies:
----------
Checking for HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun
- no action required on this key as it does not exist
----------
Checking Values in:
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Value: DisallowRun - value does not exist, no action required
Value: NoActiveDesktopChanges - value does not exist, no action required
Value: NoActiveDesktop - not set, no action required
Value: NoFileMenu - value does not exist, no action required
Value: NoClose - value does not exist, no action required
Value: NoDesktop - value does not exist, no action required
Value: NoDrives - value does not exist, no action required
Value: NoFind - value does not exist, no action required
Value: NoFolderOptions - value does not exist, no action required
Value: NoRun - value does not exist, no action required
Value: NoFavoritesMenu - value does not exist, no action required
Value: NoSetFolders - value does not exist, no action required
Value: NoControlPanel - value does not exist, no action required
----------
Checking HKLM ActiveDesktop Policies:
----------
Checking HKLM Add/Remove Programs Policies:
----------
************************************************************


***** LAYERED SERVICE PROVIDER CHECKS *****
Trojan Remover Ver 6.7.8.2577. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 5:56:34 PM 15 May 2009
Using Database v7330
Operating System: Windows XP Home Edition (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Tim Murphy\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Documents and Settings\All Users\Application Data\Simply Super Software\Trojan Remover\Data\
Logfile directory: C:\Documents and Settings\Tim Murphy\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************
The following Anti-Malware program(s) are loaded:
AVG Anti-Virus
AVG Anti-Virus

************************************************************

No errors were located in the Layered Service Provider Registry entries.
No action was taken.
************************************************************


***** WINDOWS UPDATE POLICIES RESET *****
Trojan Remover Ver 6.7.8.2577. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 5:56:27 PM 15 May 2009
Using Database v7330
Operating System: Windows XP Home Edition (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Tim Murphy\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Documents and Settings\All Users\Application Data\Simply Super Software\Trojan Remover\Data\
Logfile directory: C:\Documents and Settings\Tim Murphy\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************
The following Anti-Malware program(s) are loaded:
AVG Anti-Virus
AVG Anti-Virus

************************************************************

The following Windows Update Policies have been reset:
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate - key removed
************************************************************


***** WINDOWS HOSTS FILE RESET *****
Trojan Remover Ver 6.7.8.2577. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 5:56:21 PM 15 May 2009
Using Database v7330
Operating System: Windows XP Home Edition (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Tim Murphy\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Documents and Settings\All Users\Application Data\Simply Super Software\Trojan Remover\Data\
Logfile directory: C:\Documents and Settings\Tim Murphy\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************
The following Anti-Malware program(s) are loaded:
AVG Anti-Virus
AVG Anti-Virus

************************************************************

C:\WINDOWS\system32\DRIVERS\ETC\HOSTS has been copied to C:\WINDOWS\system32\DRIVERS\ETC\HOSTS.TRB
The default HOSTS file was successfully reset.
************************************************************


***** INTERNET EXPLORER HOME/START/SEARCH PAGE AND POLICY RESTRICTIONS RESET ****
Trojan Remover Ver 6.7.8.2577. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 5:56:15 PM 15 May 2009
Using Database v7330
Operating System: Windows XP Home Edition (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Tim Murphy\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Documents and Settings\All Users\Application Data\Simply Super Software\Trojan Remover\Data\
Logfile directory: C:\Documents and Settings\Tim Murphy\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************
The following Anti-Malware program(s) are loaded:
AVG Anti-Virus
AVG Anti-Virus

************************************************************

Existing Home/Start/Search Page settings are as follows:
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\windows\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
Live Search
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
MSN.com
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
Live Search
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
MSN.com
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\windows\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
Live Search
HKCU\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
Live Search
These settings will now be reset to their defaults:
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\"NoDrives" policy found and removed
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\"NoToolbarCustomize" policy reset to default
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\"NoBandCustomize" policy reset to default
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL" has been reset
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL" has been reset
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page" has been reset
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page" has been reset
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch" has been reset
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant" has been reset
HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes\"www" has been reset
HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes\"ftp" has been reset
HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes\"gopher" has been reset
HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes\"home" has been reset
HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes\"mosaic" has been reset
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel has been reset
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\"HomePage" value has been reset
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\"NoDrives" policy found and removed
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\"NoToolbarCustomize" policy reset to default
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\"NoBandCustomize" policy reset to default
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Local Page" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Search Page" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Show_FullURL" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Show_ToolBar" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Show_URLToolBar" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Start Page" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Show_StatusBar" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Show_URLinStatusBar" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Window_Placement" has been reset
--------------------
************************************************************


***** THE SYSTEM HAS BEEN RESTARTED *****
5/14/2009 6:52:21 PM: Trojan Remover has been restarted
5/14/2009 6:52:21 PM: Trojan Remover closed
*****************************************
 
The bad guys have won. I couldn't wait any longer so I have reinstalled everything. Thanks.
 
Status
Not open for further replies.

Similar threads

XWrench3
hijack this scan
Replies
6
Views
2K
XWrench3
XWrench3
G
Computer slow and work in background
Replies
0
Views
2K
grecycle99
G
N
Laptop slowing down in function (internet and general apps)
Replies
1
Views
3K
Trotter
Trotter
M
computer suddenly slowed down.
Replies
0
Views
3K
mike3dp
M
C
Hacked by malware
2
Replies
10
Views
8K
PP Mguire
PP Mguire
Back
Top Bottom