Free Malware Removal Forum

by **davem** » December 26th, 2009, 12:52 pm

Hi,
Firstly can I say many thanks for offering this service...and Merry Christmas and a Happy New Year

Ok, I have been having a problem over the last few weeks of being redirected to an unavailable server when using Googlesearch from my Firefox browser. Google gives a search list response but when I click on the link I get responses such as : Firefox can't find the server at newserversearch.com. The server name varies and seems to be merely the same letters shuffled. If I highlight the link and copy it into the firefox http address line my browser will access the correct site.
I have tried several malware removal tools, most of which can be seen in the lists below.
They found 19 'infections' of one form or another and one or two minor irritations have cleared up. The original problem as detailed above is still with me though.
I would be most appreciative if you could point me in the right direction with this issue.

Many thanks,
dave

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 16:49:32, on 26/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Icons\SetIcon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [\\STUDIO\EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P40 "\\STUDIO\EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [SetIcon] C:\Program Files\Icons\SetIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Exif Launcher.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c9cef3e7cd21c8) (gupdate1c9cef3e7cd21c8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

--
End of file - 6677 bytes

Uninstall list:

Acrobat.com
Ad-Aware
Ad-Aware
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
Avanquest update
avast! Antivirus
Belkin F5U248 Driver and Icon
Bonjour
Broadcom Gigabit Integrated Controller
CCleaner
Critical Update for Windows Media Player 11 (KB959772)
FinePixViewer Ver.4.0
FUJIFILM USB Driver
Google Chrome
Google Earth
Google Update Helper
Google Updater
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
ImageMixer VCD for FinePix
Intel(R) Graphics Media Accelerator Driver
iTunes
Java(TM) 6 Update 17
LAME v3.98.2 for Audacity
M318B Digital Video Camera
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
MicroStaff WINASPI NT
Motorola Phone Tools
Mozilla Firefox (3.5.6)
Mp3tag v2.43
OtsTurntables Free 1.00.027
QuickTime
RAW FILE CONVERTER LE
RIP Vinyl
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB976325)
Skype web features
Skype™ 4.1
SoundMAX
Trojan Remover 6.8.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11

Many thanks for your time and attention,

Dave

by **MWR 3 day Mod** » December 29th, 2009, 6:20 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.

by **Cypher** » December 30th, 2009, 2:06 pm

Hi, Welcome to the forum.
My name is Cypher, and I will be helping you with your malware problems.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

please note the following important guidelines.

The instructions being given are for YOUR computer and system only!.
Using these instructions on a different computer, can damage that computer and possibly make it inoperable!
If you don't know or understand something, please don't hesitate to ask.
Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
Absence of symptoms does not mean that everything is clear.
Please DO NOT run any other tools or scans whilst I am helping you.
Please DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
Print each set of instructions... if possible...your Internet connection might not be available during some fix processes.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
The logs from the tools we use can take some time to research so please be patient.
I am currently reviewing your log, and will return as soon as possible with your next set of instructions.
In the meantime please read this topic Rules of this forum where the conditions for receiving help here are explained.

by **davem** » December 30th, 2009, 7:08 pm

Hi Cypher,

Ok, many thanks for that...just to make you aware, this PC was purchased second hand from my sons school when they upgraded to new generation PCs. As such it was purchased ready built with certain applications installed. I do not have copies of either the operating system or applications to install should I need to re-format or re-install....
Is there anyway I can back up the operating system and use that should it be required?....if not I'd imagine the school would be able to help...

Thanks again,

Dave.

by **Cypher** » December 31st, 2009, 7:05 am

Hi davem.

I do not have copies of either the operating system or applications to install should I need to re-format or re-install, Is there anyway I can back up the operating system and use that should it be required?

we can deal with that later should the need arise

You mentioned you ran scans that found 19 infections.
I would like to see the log from the last scan you did with Malwarebytes' Anti-Malware.
Launch Malwarebytes' Anti-Malware and click on logs.
The logs are time dated, please post the log from the last scan you ran.

Next.

Please download GMER Rootkit Scanner from Here.

Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Uncheck the following ...
- Sections
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
Then click the Scan button & wait for it to finish
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
Save it where you can easily find it, such as your desktop, and post it in your next reply

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Note: Do not run any programs while Gmer is running.

Next.

RSIT (Random's System Information Tool)

Please download RSIT by random/random... and save it to your desktop.

Double click on RSIT.exe to run it.
Please read the disclaimer... click on Continue.
RSIT will start running. When done... 2 logs files...will be produced.
The first one, "log.txt", << will be maximized
The second one, "info.txt", << will be minimized.

Please post both... "log.txt" and "info.txt", file contents in your next reply.
(These logs can be lengthy, so post 1 log per reply please.)

Logs/Information to Post in your Next Reply

Malwarebytes log.
Gmer.txt log.
RSIT log.txt file contents and info.txt file contents.
Please give me an update on your computers performance.

by **davem** » December 31st, 2009, 8:04 am

Hi,
The last Malware Scan I ran was clear. I ran a couple more after the one that found the majority of entries and I think it found another one, which was subsequently dealt with.
Do you want me to provide the logs from all the runs that found 'stuff', or just the last log, showing it all clear?

Thanks,
Dave.

by **davem** » December 31st, 2009, 9:27 am

....in the meantime, here are the other logs requested

Firstly Gmer.txt log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2009-12-31 13:13:52
Windows 5.1.2600 Service Pack 3
Running: be0u9dkv.exe; Driver: C:\DOCUME~1\Name\LOCALS~1\Temp\pxryruob.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xAAD486B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xAAD48574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xAAD48A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xAAD4814C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xAAD4864E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xAAD4808C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xAAD480F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xAAD4876E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xAAD4872E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xAAD488AE]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

---- EOF - GMER 1.0.15 ----

Secondly RSIT log.txt file :

Logfile of random's system information tool 1.06 (written by random/random)
Run by Name at 2009-12-31 13:16:12
Microsoft Windows XP Professional Service Pack 3
System drive C: has 59 GB (77%) free of 76 GB
Total RAM: 502 MB (29% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:16:19, on 31/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Icons\SetIcon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Downloads\RSIT.exe
C:\Program Files\trend micro\Name.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [\\STUDIO\EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P40 "\\STUDIO\EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [SetIcon] C:\Program Files\Icons\SetIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Exif Launcher.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c9cef3e7cd21c8) (gupdate1c9cef3e7cd21c8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

--
End of file - 6627 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\hzcnucozh.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-05-13 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-01-23 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-01-23 126976]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-24 81000]
"REGSHAVE"=C:\Program Files\REGSHAVE\REGSHAVE.EXE [2002-02-04 53248]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-12-25 788880]
"\\STUDIO\EPSON Stylus Photo RX420 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE [2004-04-09 98304]
"SetIcon"=C:\Program Files\Icons\SetIcon.exe [2002-12-16 39936]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-09-05 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-10-28 141600]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"TrojanScanner"=C:\Program Files\Trojan Remover\Trjscan.exe [2009-10-17 1070984]
"EPSON Stylus Photo RX420 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE [2004-04-09 98304]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-05-13 39408]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2005-01-23 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"disablecad"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE"="C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Enabled:SAgent4"
"C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b1db79a-5b25-11de-b8f9-00123f4e6fca}]
shell\AutoRun\command - P:\setup.exe

======List of files/folders created in the last 1 months======

2009-12-31 13:16:13 ----D---- C:\Program Files\trend micro
2009-12-31 13:16:12 ----D---- C:\rsit
2009-12-31 12:38:53 ----A---- C:\WINDOWS\system32\E_DCINST.DLL
2009-12-31 12:38:51 ----A---- C:\WINDOWS\system32\E_FLM9CE.DLL
2009-12-31 12:38:51 ----A---- C:\WINDOWS\system32\E_FBCH9CE.DLL
2009-12-31 12:38:51 ----A---- C:\WINDOWS\system32\E_FBCB9CE.DLL
2009-12-31 12:38:35 ----D---- C:\WINDOWS\LastGood
2009-12-26 16:13:38 ----D---- C:\Program Files\TrendMicro
2009-12-26 16:10:12 ----A---- C:\TDSSKiller.2.1.1_26.12.2009_16.10.12_log.txt
2009-12-25 14:04:27 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-12-25 13:47:21 ----D---- C:\Documents and Settings\Name\Application Data\Malwarebytes
2009-12-25 13:47:07 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-12-19 13:27:29 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-12-19 13:22:58 ----A---- C:\WINDOWS\system32\ztvunrar36.dll
2009-12-19 13:22:58 ----A---- C:\WINDOWS\system32\ztvunace26.dll
2009-12-19 13:22:58 ----A---- C:\WINDOWS\system32\ztvcabinet.dll
2009-12-19 13:22:58 ----A---- C:\WINDOWS\system32\UNRAR3.dll
2009-12-19 13:22:58 ----A---- C:\WINDOWS\system32\unacev2.dll
2009-12-19 13:22:56 ----D---- C:\Program Files\Trojan Remover
2009-12-19 13:22:56 ----D---- C:\Documents and Settings\Name\Application Data\Simply Super Software
2009-12-19 13:22:56 ----D---- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2009-12-13 09:05:48 ----A---- C:\WINDOWS\rasqervy.dll
2009-12-13 09:05:35 ----A---- C:\WINDOWS\sdfinacs.dll
2009-12-13 09:05:30 ----A---- C:\WINDOWS\sdfixwcs.dll
2009-12-11 22:38:04 ----RASH---- C:\WINDOWS\system32\dpvsetupv.dll
2009-12-09 00:09:47 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2009-12-09 00:09:40 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-09 00:09:29 ----HDC---- C:\WINDOWS\$NtUninstallKB976325$
2009-12-09 00:09:20 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-09 00:09:14 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-09 00:09:02 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$

======List of files/folders modified in the last 1 months======

2009-12-31 13:16:13 ----RD---- C:\Program Files
2009-12-31 13:15:53 ----D---- C:\WINDOWS\Prefetch
2009-12-31 13:15:17 ----D---- C:\Downloads
2009-12-31 13:14:25 ----D---- C:\Program Files\Mozilla Firefox
2009-12-31 12:44:33 ----D---- C:\Documents and Settings\Name\Application Data\Skype
2009-12-31 12:42:16 ----D---- C:\WINDOWS\Temp
2009-12-31 12:38:53 ----D---- C:\WINDOWS\system32
2009-12-31 12:38:45 ----HD---- C:\WINDOWS\inf
2009-12-31 12:38:35 ----D---- C:\WINDOWS
2009-12-31 12:08:22 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-12-31 12:08:17 ----D---- C:\WINDOWS\system32\drivers
2009-12-31 12:06:27 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-31 10:01:39 ----SD---- C:\WINDOWS\Tasks
2009-12-31 00:17:28 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-12-30 22:54:39 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-12-26 16:38:20 ----D---- C:\Program Files\Vuze
2009-12-26 16:13:40 ----SHD---- C:\WINDOWS\Installer
2009-12-26 16:13:38 ----SD---- C:\Documents and Settings\Name\Application Data\Microsoft
2009-12-26 14:16:09 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-25 22:27:51 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-12-25 21:36:41 ----D---- C:\WINDOWS\msapps
2009-12-25 21:22:20 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-12-25 20:53:16 ----D---- C:\Documents and Settings\Name\Application Data\Azureus
2009-12-25 20:53:13 ----D---- C:\WINDOWS\Debug
2009-12-25 10:49:19 ----D---- C:\Documents and Settings\Name\Application Data\skypePM
2009-12-24 20:36:19 ----D---- C:\Program Files\Google
2009-12-24 17:02:19 ----A---- C:\WINDOWS\ModemLog_Motorola USB Modem.txt
2009-12-13 23:52:54 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-12-13 09:05:51 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-12-12 21:24:11 ----D---- C:\Program Files\Common Files\Adobe
2009-12-12 21:23:30 ----D---- C:\Program Files\Adobe
2009-12-12 15:14:46 ----D---- C:\Documents and Settings\Name\Application Data\Macromedia
2009-12-12 07:19:59 ----D---- C:\WINDOWS\system32\Restore
2009-12-12 07:19:58 ----SHD---- C:\System Volume Information
2009-12-09 00:09:19 ----HD---- C:\WINDOWS\$hf_mig$
2009-12-01 12:06:20 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-24 27408]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-24 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-24 48560]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-24 94160]
R2 MASPINT;MASPINT; C:\WINDOWS\system32\drivers\MASPINT.sys [2002-06-21 8224]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-24 23120]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2006-05-10 156160]
R3 DCamUSBLTN;M318B Digital Video Camera; C:\WINDOWS\system32\DRIVERS\vq318vid.sys [2002-04-22 113632]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-01-23 804317]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12160]
R3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-03-22 260224]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 pxryruob;pxryruob; \??\C:\DOCUME~1\Name\LOCALS~1\Temp\pxryruob.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-07-09 39424]
S3 usbsermpt;Motorola USB Modem Driver for MPT; C:\WINDOWS\system32\DRIVERS\usbsermpt.sys [2009-06-21 22768]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-24 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-24 138680]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-12-25 1181328]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-24 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-24 352920]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-10-28 545568]
S2 gupdate1c9cef3e7cd21c8;Google Update Service (gupdate1c9cef3e7cd21c8); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-07 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-13 183280]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

New reply for RSIT info.txt to follow......

by **davem** » December 31st, 2009, 9:32 am

...and thirdly, RSIT info.txt

info.txt logfile of random's system information tool 1.06 2009-12-31 13:16:22

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A92000000001}
Apple Application Support-->MsiExec.exe /I{B607C354-CD79-4D22-86D1-92DC94153F42}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Avanquest update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -l0x9
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Belkin F5U248 Driver and Icon-->MsiExec.exe /I{9521BC04-0879-11D7-8FD2-0000E254D6CE}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Broadcom Gigabit Integrated Controller-->MsiExec.exe /X{7E369B27-13E2-41A5-9879-358EE1C8B5AD}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
FinePixViewer Ver.4.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE"
FUJIFILM USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
Google Chrome-->"C:\Program Files\Google\Chrome\Application\3.0.195.38\Installer\setup.exe" --uninstall --system-level
Google Earth-->MsiExec.exe /X{C084BC61-E537-11DE-8616-005056806466}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
HiJackThis-->MsiExec.exe /X{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
ImageMixer VCD for FinePix-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3AA158A-9421-4883-8767-E771B0964A1D}\setup.exe"
Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582
iTunes-->MsiExec.exe /I{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
LAME v3.98.2 for Audacity-->"C:\Program Files\Lame for Audacity\unins000.exe"
M318B Digital Video Camera-->C:\WINDOWS\system32\unM318B.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
MicroStaff WINASPI NT-->C:\MWASPINT\uninst.exe
Motorola Phone Tools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe" -l0x9 -removeonly
Mozilla Firefox (3.5.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mp3tag v2.43-->C:\Program Files\Mp3tag\Mp3tagUninstall.EXE
OtsTurntables Free 1.00.027-->"C:\WINDOWS\OTS_UI.EXE" "C:\OtsLabs\OtsTTfre.osi"
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
RAW FILE CONVERTER LE-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D680C913-5955-469D-9D88-C1940F7506D6}\SETUP.EXE" -l0x9
RIP Vinyl-->C:\PROGRA~1\RIPVIN~1\UNWISE.EXE C:\PROGRA~1\RIPVIN~1\INSTALL.LOG
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974455)-->"C:\WINDOWS\$NtUninstallKB974455$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB976325)-->"C:\WINDOWS\$NtUninstallKB976325$\spuninst\spuninst.exe"
Skype web features-->MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x9 -removeonly
Trojan Remover 6.8.1-->"C:\Program Files\Trojan Remover\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update for Windows XP (KB976749)-->"C:\WINDOWS\$NtUninstallKB976749$\spuninst\spuninst.exe"
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

======Security center information======

AV: avast! antivirus 4.8.1368 [VPS 091230-0]

======System event log======

Computer Name: STUDIO-DELL
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00123F4E6FCA. The following
error occurred:
The semaphore timeout period has expired.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 22096
Source Name: Dhcp
Time Written: 20091124220726.000000+000
Event Type: warning
User:

Computer Name: STUDIO-DELL
Event Code: 4
Message: Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected.

Record Number: 22088
Source Name: b57w2k
Time Written: 20091124125409.000000+000
Event Type: warning
User:

Computer Name: STUDIO-DELL
Event Code: 1002
Message: The IP address lease 192.168.0.3 for the Network Card with network address 00123F4E6FCA has been
denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

Record Number: 22060
Source Name: Dhcp
Time Written: 20091124122508.000000+000
Event Type: error
User:

Computer Name: STUDIO-DELL
Event Code: 4
Message: Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected.

Record Number: 22054
Source Name: b57w2k
Time Written: 20091123224207.000000+000
Event Type: warning
User:

Computer Name: STUDIO-DELL
Event Code: 4
Message: Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected.

Record Number: 22014
Source Name: b57w2k
Time Written: 20091123090726.000000+000
Event Type: warning
User:

=====Application event log=====

Computer Name: STUDIO-DELL
Event Code: 20
Message:
Record Number: 4865
Source Name: Google Update
Time Written: 20091219113005.000000+000
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: STUDIO-DELL
Event Code: 20
Message:
Record Number: 4864
Source Name: Google Update
Time Written: 20091219103005.000000+000
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: STUDIO-DELL
Event Code: 20
Message:
Record Number: 4860
Source Name: Google Update
Time Written: 20091219093007.000000+000
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: STUDIO-DELL
Event Code: 20
Message:
Record Number: 4859
Source Name: Google Update
Time Written: 20091219083008.000000+000
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: STUDIO-DELL
Event Code: 1000
Message: Faulting application mmcenter.exe, version 1.0.0.1, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Record Number: 4844
Source Name: Application Error
Time Written: 20091216081954.000000+000
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0401
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

I will post the Malwarebytes log(s) when you let me know which one(s) you want......

Computer is performing fine apart from the redirect of Google search results when links are clicked on, as per original fault post, whereupon I receive responses such as:-
Firefox can't find the server at newserversearch.com.

Many thanks again,

Dave

by **Cypher** » December 31st, 2009, 1:23 pm

Hi davem.
Please post the logs from the last couple of scans that removed anything, i would just like to see what was removed.
If Ad-Aware and Trojan Remover removed anything please post those logs also.

Can you tell me if you know what this is?.

C:\WINDOWS\tasks\hzcnucozh.job

Download LockSearch to your desktop

A window will pop up, Press 2 and then Enter. A scan will start, let it run uninterrupted. It should only take a few minutes.
A log will appear when it is finished, it will also be saved in the same location as LockSearch, which should be on your desktop. Post the contents of the log in your reply

Next

Set Your Computer to Show All Files/Folders.

Click Start.
Click My Computer (Computer in Vista)..
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck Hide protected operating system files (recommended).
Click Yes to confirm.
Uncheck the Hide file extensions for known file types.
Click OK.

In addition, go to Start, Search. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that 'Search system folders', 'Search hidden files and folders', and 'Search subfolders' are checked.

Next

Upload a File to Jotti

Please go to jotti.org

Copy/paste this file and path into the white box at the top:

C:\WINDOWS\system32\dpvsetupv.dll

Press Submit - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the results in your next response.

If you have trouble using jotti try Virustotal

Logs/Information to Post in your Next Reply

The logs from malwarebytes Ad-Aware and Trojan Remover.
LockSearch log.
Please let me know if you set that job.
jotti or virustotal results for the file.
Please give me an update on your computers performance.

by **davem** » December 31st, 2009, 2:10 pm

Hi Cypher,

I don't know what the job is that you referred to in the last post (C:\WINDOWS\tasks\hzcnucozh.job)

thanks for running with me on this. I'm afraid I am going to disappear for a couple of days due to NYE celebrations, will be celebrating hard tonight and recovering tomorrow.
Have a Happy New Year yourself and I'll be back with the requested info. on 02 Jan.

Cheers,

Dave.

by **Cypher** » December 31st, 2009, 2:42 pm

Hi davem.
Happy new year, i will wait for your reply

by **davem** » January 2nd, 2010, 4:55 pm

Hi there Cypher, welcome to 2010!! :drunken:

- hope you enjoyed it

Ok, here we go, followed instructions and logs are to be copy/pasted below....

Unfortunately the dpvsetupv.dll file is showing as empty / 0 bytes when I attempt to upload for the scans to be run, on both sites. The file is present in the location shown, and indicates a size of 129KB......

So, to the logs.....
Malwarebytes:

1st run

Malwarebytes' Anti-Malware 1.42
Database version: 3398
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

25/12/2009 21:21:21
mbam-log-2009-12-25 (21-21-21).txt

Scan type: Quick Scan
Objects scanned: 27085
Time elapsed: 13 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Name\Local Settings\Temp\b.exe.vir (Trojan.Downloader) -> Delete on reboot.

2nd run

Malwarebytes' Anti-Malware 1.42
Database version: 3398
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

25/12/2009 21:35:39
mbam-log-2009-12-25 (21-35-39).txt

Scan type: Quick Scan
Objects scanned: 115673
Time elapsed: 4 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 2
Registry Data Items Infected: 8
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\ZagrebLand (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Videocan (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rundll32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wab (Trojan.Dropper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\aux1 (Hijack.Sound) -> Bad: (C:\DOCUME~1\Name\APPLIC~1\MACROM~1\Common\405fe0261.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\aux2 (Hijack.Sound) -> Bad: (C:\DOCUME~1\Name\APPLIC~1\MACROM~1\Common\405fe0261.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midi1 (Hijack.Sound) -> Bad: (C:\DOCUME~1\Name\APPLIC~1\MACROM~1\Common\405fe0261.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midi2 (Hijack.Sound) -> Bad: (C:\DOCUME~1\Name\APPLIC~1\MACROM~1\Common\405fe0261.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer1 (Hijack.Sound) -> Bad: (C:\DOCUME~1\Name\APPLIC~1\MACROM~1\Common\405fe0261.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer2 (Hijack.Sound) -> Bad: (C:\DOCUME~1\Name\APPLIC~1\MACROM~1\Common\405fe0261.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\wave1 (Hijack.Sound) -> Bad: (C:\DOCUME~1\Name\APPLIC~1\MACROM~1\Common\405fe0261.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\wave2 (Hijack.Sound) -> Bad: (C:\DOCUME~1\Name\APPLIC~1\MACROM~1\Common\405fe0261.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Name\Application Data\Macromedia\Common\405fe0261.dll (Hijack.Sound) -> Quarantined and deleted successfully.
C:\WINDOWS\wuasirvy.dll (Trojan.Banker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Name\Application Data\Macromedia\Common\405fe02619.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

3rd run

Malwarebytes' Anti-Malware 1.42
Database version: 3398
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

25/12/2009 22:26:56
mbam-log-2009-12-25 (22-26-56).txt

Scan type: Full Scan (C:\|F:\|)
Objects scanned: 163243
Time elapsed: 14 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{E70288FF-FDA7-486E-86D3-59C1F4B01165}\RP2\A0000169.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

A couple of further further runs indicated no further infections......

Trojan Remover log is too big to include in this post and exceeds characters allowed..I will try to get it in the next post....

by **davem** » January 2nd, 2010, 5:11 pm

Trojan Remover:

(This is huge so I'll have to split it to be allowed to post)

***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.8.1.2593. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 13:28:58 26 Dec 2009
Using Database v7444
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Name\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Documents and Settings\All Users\Application Data\Simply Super Software\Trojan Remover\Data\
Logfile directory: C:\Documents and Settings\Name\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************
The following Anti-Malware program(s) are loaded:
Avast! Antivirus

************************************************************

************************************************************
13:28:58: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
13:28:59: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [Explorer.exe]
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1033728 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\WINDOWS\system32\userinit.exe,]
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26112 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
Key value: [logonui.exe]
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
514560 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: IgfxTray
Value Data: C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxtray.exe
155648 bytes
Created: 19/09/2008 21:18
Modified: 23/01/2005 17:36
Company: Intel Corporation
--------------------
Value Name: HotKeysCmds
Value Data: C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hkcmd.exe
126976 bytes
Created: 19/09/2008 21:18
Modified: 23/01/2005 17:31
Company: Intel Corporation
--------------------
Value Name: SoundMAXPnP
Value Data: C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
1404928 bytes
Created: 19/09/2008 21:18
Modified: 14/10/2004 21:42
Company: Analog Devices, Inc.
--------------------
Value Name: avast!
Value Data: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
81000 bytes
Created: 24/04/2009 22:20
Modified: 24/11/2009 23:51
Company: ALWIL Software
--------------------
Value Name: REGSHAVE
Value Data: C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
C:\Program Files\REGSHAVE\REGSHAVE.EXE
53248 bytes
Created: 24/04/2009 22:35
Modified: 04/02/2002 21:32
Company: FUJI PHOTO FILM CO., LTD.
--------------------
Value Name: Ad-Watch
Value Data: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
788880 bytes
Created: 24/09/2009 11:17
Modified: 25/12/2009 14:07
Company: Lavasoft
--------------------
Value Name: \\STUDIO\EPSON Stylus Photo RX420 Series
Value Data: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P40 "\\STUDIO\EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
98304 bytes
Created: 08/07/2008 12:11
Modified: 09/04/2004 02:00
Company: SEIKO EPSON CORPORATION
--------------------
Value Name: SetIcon
Value Data: C:\Program Files\Icons\SetIcon.exe
C:\Program Files\Icons\SetIcon.exe
39936 bytes
Created: 16/12/2002 09:02
Modified: 16/12/2002 09:02
Company: Standard Microsystems Corp.
--------------------
Value Name: SunJavaUpdateSched
Value Data: "C:\Program Files\Java\jre6\bin\jusched.exe"
C:\Program Files\Java\jre6\bin\jusched.exe
149280 bytes
Created: 25/04/2009 00:12
Modified: 11/10/2009 04:17
Company: Sun Microsystems, Inc.
--------------------
Value Name: QuickTime Task
Value Data: "C:\Program Files\QuickTime\qttask.exe" -atboottime
C:\Program Files\QuickTime\qttask.exe
417792 bytes
Created: 05/09/2009 01:54
Modified: 05/09/2009 01:54
Company: Apple Inc.
--------------------
Value Name: iTunesHelper
Value Data: "C:\Program Files\iTunes\iTunesHelper.exe"
C:\Program Files\iTunes\iTunesHelper.exe
141600 bytes
Created: 28/10/2009 20:21
Modified: 28/10/2009 20:21
Company: Apple Inc.
--------------------
Value Name: Adobe Reader Speed Launcher
Value Data: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
35696 bytes
Created: 03/10/2009 04:08
Modified: 03/10/2009 04:08
Company: Adobe Systems Incorporated
--------------------
Value Name: Adobe ARM
Value Data: "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
-R- 935288 bytes
Created: 04/09/2009 12:08
Modified: 04/09/2009 12:08
Company: Adobe Systems Incorporated
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
1070984 bytes
Created: 19/12/2009 13:22
Modified: 17/10/2009 19:35
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: CTFMON.EXE
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
--------------------
Value Name: swg
Value Data: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
39408 bytes
Created: 13/05/2009 13:54
Modified: 13/05/2009 13:54
Company: Google Inc.
--------------------
Value Name: Skype
Value Data: "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
C:\Program Files\Skype\Phone\Skype.exe
-R- 25623336 bytes
Created: 09/10/2009 13:11
Modified: 09/10/2009 13:11
Company: Skype Technologies S.A.
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty

************************************************************
13:29:01: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------

************************************************************
13:29:01: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
13:29:02: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver: C:\WINDOWS\system32\logon.scr
C:\WINDOWS\system32\logon.scr
220672 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
--------------------

************************************************************
13:29:02: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----

************************************************************
13:29:02: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------

************************************************************
13:29:02: Scanning ----- SERVICES REGISTRY KEYS -----
Key: ASKService
ImagePath: C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
464264 bytes
Created: 20/06/2009 17:56
Modified: 09/12/2008 17:40
Company: [no info]
----------
Key: ASKUpgrade
ImagePath: C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
234888 bytes
Created: 20/06/2009 17:56
Modified: 09/12/2008 17:40
Company: [no info]
----------
Key: aswFsBlk
ImagePath: system32\DRIVERS\aswFsBlk.sys
C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys
20560 bytes
Created: 24/04/2009 22:20
Modified: 24/11/2009 23:50
Company: ALWIL Software
----------
Key: aswUpdSv
ImagePath: "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
18752 bytes
Created: 24/04/2009 22:20
Modified: 24/11/2009 23:43
Company: ALWIL Software
----------
Key: atapi
ImagePath: system32\DRIVERS\atapi.sys
C:\WINDOWS\system32\DRIVERS\atapi.sys
96512 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
----------
Key: avast! Antivirus
ImagePath: "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
C:\Program Files\Alwil Software\Avast4\ashServ.exe
138680 bytes
Created: 24/04/2009 22:20
Modified: 24/11/2009 23:51
Company: ALWIL Software
----------
Key: avast! Mail Scanner
ImagePath: "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
254040 bytes
Created: 24/04/2009 22:20
Modified: 24/11/2009 23:51
Company: ALWIL Software
----------
Key: avast! Web Scanner
ImagePath: "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
352920 bytes
Created: 24/04/2009 22:20
Modified: 24/11/2009 23:48
Company: ALWIL Software
----------
Key: b57w2k
ImagePath: system32\DRIVERS\b57xp32.sys
C:\WINDOWS\system32\DRIVERS\b57xp32.sys
156160 bytes
Created: 19/09/2008 21:20
Modified: 10/05/2006 22:00
Company: Broadcom Corporation
----------
Key: DCamUSBLTN
ImagePath: system32\DRIVERS\vq318vid.sys
C:\WINDOWS\system32\DRIVERS\vq318vid.sys
113632 bytes
Created: 22/04/2002 09:28
Modified: 22/04/2002 09:28
Company:
----------
Key: motmodem
ImagePath: system32\DRIVERS\motmodem.sys
C:\WINDOWS\system32\DRIVERS\motmodem.sys
23680 bytes
Created: 18/06/2007 19:18
Modified: 18/06/2007 19:18
Company: Motorola
----------
Key: SwPrv
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{43AF571D-7702-4F23-8F2A-C43FD69511AF}
C:\WINDOWS\system32\dllhost.exe
5120 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
----------

************************************************************
13:29:04: Scanning -----VXD ENTRIES-----

************************************************************
13:29:04: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key : igfxcui
DLLName: igfxsrvc.dll
C:\WINDOWS\system32\igfxsrvc.dll
348160 bytes
Created: 19/09/2008 21:18
Modified: 23/01/2005 17:31
Company: Intel Corporation
----------

************************************************************
13:29:04: Scanning ----- CONTEXTMENUHANDLERS -----
Key: avast
CLSID: {472083B0-C522-11CF-8763-00608CC02F24}
Path: C:\Program Files\Alwil Software\Avast4\ashShell.dll
C:\Program Files\Alwil Software\Avast4\ashShell.dll
76880 bytes
Created: 24/04/2009 22:20
Modified: 24/11/2009 23:47
Company: ALWIL Software
----------
Key: LavasoftShellExt
CLSID: {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F}
Path: C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll
C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll
163728 bytes
Created: 23/09/2009 13:19
Modified: 22/11/2009 18:24
Company:
----------

************************************************************
13:29:04: Scanning ----- FOLDER\COLUMNHANDLERS -----

************************************************************
13:29:04: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {201f27d4-3704-41d6-89c1-aa35e39143ed}
BHO: C:\Program Files\AskBarDis\bar\bin\askBar.dll
C:\Program Files\AskBarDis\bar\bin\askBar.dll
333192 bytes
Created: 20/06/2009 17:56
Modified: 09/12/2008 17:40
Company: Ask.com
----------
Key: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
BHO: C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
668656 bytes
Created: 13/05/2009 13:54
Modified: 13/05/2009 13:54
Company: Google Inc.
----------

************************************************************
13:29:05: Scanning ----- SHELLSERVICEOBJECTS -----

************************************************************
13:29:05: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

************************************************************
13:29:05: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************************
13:29:05: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank or does not exist

************************************************************
13:29:05: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************************
13:29:05: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
-HS- 84 bytes
Created: 19/09/2008 12:25
Modified: 19/09/2008 20:05
Company: [no info]
--------------------
Exif Launcher.lnk - links to C:\PROGRA~1\FINEPI~1\QuickDCF.exe
C:\PROGRA~1\FINEPI~1\QuickDCF.exe
200704 bytes
Created: 24/04/2009 22:36
Modified: 20/12/2002 15:18
Company: FUJI PHOTO FILM CO., LTD.
--------------------

************************************************************
13:29:05: Scanning ------ USER STARTUP GROUPS ------
--------------------
Checking Startup Group for: Administrator
[C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP]
The Startup Group for Administrator attempts to load the following file(s):
C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 27/10/2008 10:52
Modified: 19/09/2008 20:05
Company: [no info]
----------
--------------------
Checking Startup Group for: Name
[C:\Documents and Settings\Name\START MENU\PROGRAMS\STARTUP]
The Startup Group for Name attempts to load the following file(s):
C:\Documents and Settings\Name\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 19/09/2008 20:13
Modified: 19/09/2008 20:05
Company: [no info]
----------

************************************************************
13:29:06: Scanning ----- SCHEDULED TASKS -----
Taskname: Ad-Aware Update (Daily 1)
File: C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
822904 bytes
Created: 01/10/2009 13:06
Modified: 25/12/2009 14:07
Company: Lavasoft
Parameters: update all silent
Schedule: At 18:24 every day, starting 15/11/2009
Next Run Time: 26/12/2009 18:24:00
Status: Has not run
Status: SYSTEM
Comments: This will perform a scheduled update with Ad-Aware
----------
Taskname: Ad-Aware Update (Daily 2)
File: C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
822904 bytes
Created: 01/10/2009 13:06
Modified: 25/12/2009 14:07
Company: Lavasoft
Parameters: update all silent
Schedule: At 00:24 every day, starting 15/11/2009
Next Run Time: 27/12/2009 00:24:00
Status: Has not run
Status: SYSTEM
Comments: This will perform a scheduled update with Ad-Aware
----------
Taskname: Ad-Aware Update (Daily 3)
File: C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
822904 bytes
Created: 01/10/2009 13:06
Modified: 25/12/2009 14:07
Company: Lavasoft
Parameters: update all silent
Schedule: At 06:24 every day, starting 15/11/2009
Next Run Time: 27/12/2009 06:24:00
Status: Has not run
Status: SYSTEM
Comments: This will perform a scheduled update with Ad-Aware
----------
Taskname: Ad-Aware Update (Daily 4)
File: C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
822904 bytes
Created: 01/10/2009 13:06
Modified: 25/12/2009 14:07
Company: Lavasoft
Parameters: update all silent
Schedule: At 12:24 every day, starting 15/11/2009
Next Run Time: 27/12/2009 12:24:00
Status: Has not run
Status: SYSTEM
Comments: This will perform a scheduled update with Ad-Aware
----------
Taskname: Ad-Aware Update (Weekly)
File: C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
822904 bytes
Created: 01/10/2009 13:06
Modified: 25/12/2009 14:07
Company: Lavasoft
Parameters: update all silent
Schedule: At 18:24 every Wed, Sun of every week, starting 15/11/2009
Next Run Time: 27/12/2009 18:24:00
Status: Has not run
Status: SYSTEM
Comments: This will perform a scheduled update with Ad-Aware
----------
Taskname: AppleSoftwareUpdate
File: C:\Program Files\Apple Software Update\SoftwareUpdate.exe
C:\Program Files\Apple Software Update\SoftwareUpdate.exe
566592 bytes
Created: 30/07/2008 11:34
Modified: 30/07/2008 11:34
Company: Apple Inc.
Parameters: -task
Schedule: At 12:46 every Fri of every week, starting 24/04/2009
Next Run Time: 01/01/2010 12:46:00
Status: Ready
Status: SYSTEM
Comments:
----------
Taskname: Google Software Updater
File: C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
183280 bytes
Created: 13/05/2009 13:54
Modified: 13/05/2009 13:54
Company: Google
Parameters: scheduled_start
Schedule: Multiple schedule times
Next Run Time: 26/12/2009 14:38:00
Status: Has not run
Status: SYSTEM
Comments: Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work.
----------
Taskname: GoogleUpdateTaskMachineCore
File: C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
133104 bytes
Created: 07/05/2009 09:12
Modified: 07/05/2009 09:12
Company: Google Inc.
Parameters: /c
Schedule: Multiple schedule times
Next Run Time: 27/12/2009 09:30:00
Status: Ready
Status: SYSTEM
Comments: Keeps your Google software up to date. If this task is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise can't be fixed and features may not work. This task uninstalls itself when there is no Google software using it.
----------
Taskname: GoogleUpdateTaskMachineUA
File: C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
133104 bytes
Created: 07/05/2009 09:12
Modified: 07/05/2009 09:12
Company: Google Inc.
Parameters: /ua /installsource scheduler
Schedule: Every 1 hour(s) from 09:30 for 24 hour(s) every day, starting 02/11/2009
Next Run Time: 26/12/2009 13:30:00
Status: Ready
Status: SYSTEM
Comments: Keeps your Google software up to date. If this task is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise can't be fixed and features may not work. This task uninstalls itself when there is no Google software using it.
----------

************************************************************
13:29:07: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----

************************************************************
13:29:07: Scanning ----- DEVICE DRIVER ENTRIES -----
Value: VIDC.VQC4
File: VQ318DEC.dll
C:\WINDOWS\system32\VQ318DEC.dll
81920 bytes
Created: 22/04/2002 09:34
Modified: 22/04/2002 09:34
Company: Unknown
----------

************************************************************
13:29:07: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Documents and Settings\Name\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Name\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
3686454 bytes
Created: 25/04/2009 00:27
Modified: 30/10/2009 16:30
Company: [no info]
----------
Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Name\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
3686454 bytes
Created: 25/04/2009 00:27
Modified: 30/10/2009 16:30
Company: [no info]
----------
Checks for rogue DNS NameServers completed
----------
Additional checks completed

************************************************************
13:29:08: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
50688 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\csrss.exe
6144 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\winlogon.exe
507904 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\services.exe
110592 bytes
Created: 14/04/2008 12:00
Modified: 06/02/2009 11:11
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\lsass.exe
13312 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\svchost.exe
14336 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe - file already scanned
--------------------
C:\WINDOWS\Explorer.EXE - file already scanned
--------------------
C:\Program Files\Alwil Software\Avast4\ashServ.exe - file already scanned
--------------------
C:\WINDOWS\system32\hkcmd.exe - file already scanned
--------------------
C:\Program Files\Analog Devices\Core\smax4pnp.exe - file already scanned
--------------------
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe - file already scanned
--------------------
C:\Program Files\Icons\SetIcon.exe - file already scanned
--------------------
C:\Program Files\Java\jre6\bin\jusched.exe - file already scanned
--------------------
C:\Program Files\iTunes\iTunesHelper.exe - file already scanned
--------------------
C:\WINDOWS\system32\ctfmon.exe - file already scanned
--------------------
C:\Program Files\FinePixViewer\QuickDCF.exe
200704 bytes
Created: 24/04/2009 22:36
Modified: 20/12/2002 15:18
Company: FUJI PHOTO FILM CO., LTD.
--------------------
C:\WINDOWS\system32\spoolsv.exe
57856 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\rundll32.exe
33280 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
144712 bytes
Created: 09/07/2009 11:22
Modified: 09/07/2009 11:22
Company: Apple Inc.
--------------------
C:\Program Files\AskBarDis\bar\bin\AskService.exe - file already scanned
--------------------
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe - file already scanned
--------------------
C:\Program Files\Bonjour\mDNSResponder.exe
238888 bytes
Created: 12/12/2008 10:17
Modified: 12/12/2008 10:17
Company: Apple Inc.
--------------------
C:\Program Files\Java\jre6\bin\jqs.exe
153376 bytes
Created: 25/04/2009 00:12
Modified: 11/10/2009 04:17
Company: Sun Microsystems, Inc.
--------------------
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
322120 bytes
Created: 20/06/2003 06:25
Modified: 20/06/2003 06:25
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\wbem\wmiprvse.exe
227840 bytes
Created: 19/09/2008 20:00
Modified: 06/02/2009 10:10
Company: Microsoft Corporation
--------------------
C:\Program Files\iPod\bin\iPodService.exe
545568 bytes
Created: 28/10/2009 20:21
Modified: 28/10/2009 20:21
Company: Apple Inc.
--------------------
C:\WINDOWS\System32\alg.exe
44544 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
--------------------
C:\Documents and Settings\Name\Application Data\Simply Super Software\Trojan Remover\jis113.exe
FileSize: 3613560
[This is a Trojan Remover component]
--------------------
C:\WINDOWS\system32\wscntfy.exe
13824 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
--------------------

************************************************************
13:29:12: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dl ... r=iesearch

************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 13:29:12 26 Dec 2009
Total Scan time: 00:00:13
************************************************************

***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.8.1.2593. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 13:28:30 26 Dec 2009
Using Database v7444
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Name\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Documents and Settings\All Users\Application Data\Simply Super Software\Trojan Remover\Data\
Logfile directory: C:\Documents and Settings\Name\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************
The following Anti-Malware program(s) are loaded:
Avast! Antivirus

************************************************************

************************************************************
13:28:30: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
13:28:31: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [Explorer.exe]
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1033728 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\WINDOWS\system32\userinit.exe,]
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26112 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
Key value: [logonui.exe]
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
514560 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: IgfxTray
Value Data: C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxtray.exe
155648 bytes
Created: 19/09/2008 21:18
Modified: 23/01/2005 17:36
Company: Intel Corporation
--------------------
Value Name: HotKeysCmds
Value Data: C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hkcmd.exe
126976 bytes
Created: 19/09/2008 21:18
Modified: 23/01/2005 17:31
Company: Intel Corporation
--------------------
Value Name: SoundMAXPnP
Value Data: C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
1404928 bytes
Created: 19/09/2008 21:18
Modified: 14/10/2004 21:42
Company: Analog Devices, Inc.
--------------------
Value Name: avast!
Value Data: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
81000 bytes
Created: 24/04/2009 22:20
Modified: 24/11/2009 23:51
Company: ALWIL Software
--------------------
Value Name: REGSHAVE
Value Data: C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
C:\Program Files\REGSHAVE\REGSHAVE.EXE
53248 bytes
Created: 24/04/2009 22:35
Modified: 04/02/2002 21:32
Company: FUJI PHOTO FILM CO., LTD.
--------------------
Value Name: Ad-Watch
Value Data: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
788880 bytes
Created: 24/09/2009 11:17
Modified: 25/12/2009 14:07
Company: Lavasoft
--------------------
Value Name: \\STUDIO\EPSON Stylus Photo RX420 Series
Value Data: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P40 "\\STUDIO\EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
98304 bytes
Created: 08/07/2008 12:11
Modified: 09/04/2004 02:00
Company: SEIKO EPSON CORPORATION
--------------------
Value Name: SetIcon
Value Data: C:\Program Files\Icons\SetIcon.exe
C:\Program Files\Icons\SetIcon.exe
39936 bytes
Created: 16/12/2002 09:02
Modified: 16/12/2002 09:02
Company: Standard Microsystems Corp.
--------------------
Value Name: SunJavaUpdateSched
Value Data: "C:\Program Files\Java\jre6\bin\jusched.exe"
C:\Program Files\Java\jre6\bin\jusched.exe
149280 bytes
Created: 25/04/2009 00:12
Modified: 11/10/2009 04:17
Company: Sun Microsystems, Inc.
--------------------
Value Name: QuickTime Task
Value Data: "C:\Program Files\QuickTime\qttask.exe" -atboottime
C:\Program Files\QuickTime\qttask.exe
417792 bytes
Created: 05/09/2009 01:54
Modified: 05/09/2009 01:54
Company: Apple Inc.
--------------------
Value Name: iTunesHelper
Value Data: "C:\Program Files\iTunes\iTunesHelper.exe"
C:\Program Files\iTunes\iTunesHelper.exe
141600 bytes
Created: 28/10/2009 20:21
Modified: 28/10/2009 20:21
Company: Apple Inc.
--------------------
Value Name: Adobe Reader Speed Launcher
Value Data: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
35696 bytes
Created: 03/10/2009 04:08
Modified: 03/10/2009 04:08
Company: Adobe Systems Incorporated
--------------------
Value Name: Adobe ARM
Value Data: "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
-R- 935288 bytes
Created: 04/09/2009 12:08
Modified: 04/09/2009 12:08
Company: Adobe Systems Incorporated
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
1070984 bytes
Created: 19/12/2009 13:22
Modified: 17/10/2009 19:35
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: CTFMON.EXE
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
--------------------
Value Name: swg
Value Data: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
39408 bytes
Created: 13/05/2009 13:54
Modified: 13/05/2009 13:54
Company: Google Inc.
--------------------
Value Name: Skype
Value Data: "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
C:\Program Files\Skype\Phone\Skype.exe
-R- 25623336 bytes
Created: 09/10/2009 13:11
Modified: 09/10/2009 13:11
Company: Skype Technologies S.A.
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty

************************************************************
13:28:34: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------

************************************************************
13:28:34: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
13:28:35: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver: C:\WINDOWS\system32\logon.scr
C:\WINDOWS\system32\logon.scr
220672 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
--------------------

************************************************************
13:28:35: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----

************************************************************
13:28:35: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------

************************************************************
13:28:36: Scanning ----- SERVICES REGISTRY KEYS -----
Key: ASKService
ImagePath: C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
464264 bytes
Created: 20/06/2009 17:56
Modified: 09/12/2008 17:40
Company: [no info]
----------
Key: ASKUpgrade
ImagePath: C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
234888 bytes
Created: 20/06/2009 17:56
Modified: 09/12/2008 17:40
Company: [no info]
----------
Key: aswFsBlk
ImagePath: system32\DRIVERS\aswFsBlk.sys
C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys
20560 bytes
Created: 24/04/2009 22:20
Modified: 24/11/2009 23:50
Company: ALWIL Software
----------
Key: aswUpdSv
ImagePath: "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
18752 bytes
Created: 24/04/2009 22:20
Modified: 24/11/2009 23:43
Company: ALWIL Software
----------
Key: atapi
ImagePath: system32\DRIVERS\atapi.sys
C:\WINDOWS\system32\DRIVERS\atapi.sys
96512 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
----------
Key: avast! Antivirus
ImagePath: "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
C:\Program Files\Alwil Software\Avast4\ashServ.exe
138680 bytes
Created: 24/04/2009 22:20
Modified: 24/11/2009 23:51
Company: ALWIL Software
----------
Key: avast! Mail Scanner
ImagePath: "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
254040 bytes
Created: 24/04/2009 22:20
Modified: 24/11/2009 23:51
Company: ALWIL Software
----------
Key: avast! Web Scanner
ImagePath: "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
352920 bytes
Created: 24/04/2009 22:20
Modified: 24/11/2009 23:48
Company: ALWIL Software
----------
Key: b57w2k
ImagePath: system32\DRIVERS\b57xp32.sys
C:\WINDOWS\system32\DRIVERS\b57xp32.sys
156160 bytes
Created: 19/09/2008 21:20
Modified: 10/05/2006 22:00
Company: Broadcom Corporation
----------
Key: DCamUSBLTN
ImagePath: system32\DRIVERS\vq318vid.sys
C:\WINDOWS\system32\DRIVERS\vq318vid.sys
113632 bytes
Created: 22/04/2002 09:28
Modified: 22/04/2002 09:28
Company:
----------
Key: motmodem
ImagePath: system32\DRIVERS\motmodem.sys
C:\WINDOWS\system32\DRIVERS\motmodem.sys
23680 bytes
Created: 18/06/2007 19:18
Modified: 18/06/2007 19:18
Company: Motorola
----------
Key: SwPrv
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{43AF571D-7702-4F23-8F2A-C43FD69511AF}
C:\WINDOWS\system32\dllhost.exe
5120 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
----------

************************************************************
13:28:40: Scanning -----VXD ENTRIES-----

************************************************************
13:28:40: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key : igfxcui
DLLName: igfxsrvc.dll
C:\WINDOWS\system32\igfxsrvc.dll
348160 bytes
Created: 19/09/2008 21:18
Modified: 23/01/2005 17:31
Company: Intel Corporation
----------

************************************************************
13:28:41: Scanning ----- CONTEXTMENUHANDLERS -----
Key: avast
CLSID: {472083B0-C522-11CF-8763-00608CC02F24}
Path: C:\Program Files\Alwil Software\Avast4\ashShell.dll
C:\Program Files\Alwil Software\Avast4\ashShell.dll
76880 bytes
Created: 24/04/2009 22:20
Modified: 24/11/2009 23:47
Company: ALWIL Software
----------
Key: LavasoftShellExt
CLSID: {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F}
Path: C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll
C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll
163728 bytes
Created: 23/09/2009 13:19
Modified: 22/11/2009 18:24
Company:
----------

************************************************************
13:28:41: Scanning ----- FOLDER\COLUMNHANDLERS -----

************************************************************
13:28:41: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {201f27d4-3704-41d6-89c1-aa35e39143ed}
BHO: C:\Program Files\AskBarDis\bar\bin\askBar.dll
C:\Program Files\AskBarDis\bar\bin\askBar.dll
333192 bytes
Created: 20/06/2009 17:56
Modified: 09/12/2008 17:40
Company: Ask.com
----------
Key: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
BHO: C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
668656 bytes
Created: 13/05/2009 13:54
Modified: 13/05/2009 13:54
Company: Google Inc.
----------

************************************************************
13:28:41: Scanning ----- SHELLSERVICEOBJECTS -----

************************************************************
13:28:41: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

************************************************************
13:28:42: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************************
13:28:42: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank or does not exist

************************************************************
13:28:42: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************************
13:28:42: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
-HS- 84 bytes
Created: 19/09/2008 12:25
Modified: 19/09/2008 20:05
Company: [no info]
--------------------
Exif Launcher.lnk - links to C:\PROGRA~1\FINEPI~1\QuickDCF.exe
C:\PROGRA~1\FINEPI~1\QuickDCF.exe
200704 bytes
Created: 24/04/2009 22:36
Modified: 20/12/2002 15:18
Company: FUJI PHOTO FILM CO., LTD.
--------------------

************************************************************
13:28:43: Scanning ------ USER STARTUP GROUPS ------
--------------------
Checking Startup Group for: Administrator
[C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP]
The Startup Group for Administrator attempts to load the following file(s):
C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 27/10/2008 10:52
Modified: 19/09/2008 20:05
Company: [no info]
----------
--------------------
Checking Startup Group for: Name
[C:\Documents and Settings\Name\START MENU\PROGRAMS\STARTUP]
The Startup Group for Name attempts to load the following file(s):
C:\Documents and Settings\Name\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 19/09/2008 20:13
Modified: 19/09/2008 20:05
Company: [no info]
----------

************************************************************
13:28:43: Scanning ----- SCHEDULED TASKS -----
Taskname: Ad-Aware Update (Daily 1)
File: C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
822904 bytes
Created: 01/10/2009 13:06
Modified: 25/12/2009 14:07
Company: Lavasoft
Parameters: update all silent
Schedule: At 18:24 every day, starting 15/11/2009
Next Run Time: 26/12/2009 18:24:00
Status: Has not run
Status: SYSTEM
Comments: This will perform a scheduled update with Ad-Aware
----------
Taskname: Ad-Aware Update (Daily 2)
File: C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
822904 bytes
Created: 01/10/2009 13:06
Modified: 25/12/2009 14:07
Company: Lavasoft
Parameters: update all silent
Schedule: At 00:24 every day, starting 15/11/2009
Next Run Time: 27/12/2009 00:24:00
Status: Has not run
Status: SYSTEM
Comments: This will perform a scheduled update with Ad-Aware
----------
Taskname: Ad-Aware Update (Daily 3)
File: C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
822904 bytes
Created: 01/10/2009 13:06
Modified: 25/12/2009 14:07
Company: Lavasoft
Parameters: update all silent
Schedule: At 06:24 every day, starting 15/11/2009
Next Run Time: 27/12/2009 06:24:00
Status: Has not run
Status: SYSTEM
Comments: This will perform a scheduled update with Ad-Aware
----------
Taskname: Ad-Aware Update (Daily 4)
File: C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
822904 bytes
Created: 01/10/2009 13:06
Modified: 25/12/2009 14:07
Company: Lavasoft
Parameters: update all silent
Schedule: At 12:24 every day, starting 15/11/2009
Next Run Time: 27/12/2009 12:24:00
Status: Has not run
Status: SYSTEM
Comments: This will perform a scheduled update with Ad-Aware
----------
Taskname: Ad-Aware Update (Weekly)
File: C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
822904 bytes
Created: 01/10/2009 13:06
Modified: 25/12/2009 14:07
Company: Lavasoft
Parameters: update all silent
Schedule: At 18:24 every Wed, Sun of every week, starting 15/11/2009
Next Run Time: 27/12/2009 18:24:00
Status: Has not run
Status: SYSTEM
Comments: This will perform a scheduled update with Ad-Aware
----------
Taskname: AppleSoftwareUpdate
File: C:\Program Files\Apple Software Update\SoftwareUpdate.exe
C:\Program Files\Apple Software Update\SoftwareUpdate.exe
566592 bytes
Created: 30/07/2008 11:34
Modified: 30/07/2008 11:34
Company: Apple Inc.
Parameters: -task
Schedule: At 12:46 every Fri of every week, starting 24/04/2009
Next Run Time: 01/01/2010 12:46:00
Status: Ready
Status: SYSTEM
Comments:
----------
Taskname: Google Software Updater
File: C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
183280 bytes
Created: 13/05/2009 13:54
Modified: 13/05/2009 13:54
Company: Google
Parameters: scheduled_start
Schedule: Multiple schedule times
Next Run Time: 26/12/2009 14:38:00
Status: Has not run
Status: SYSTEM
Comments: Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work.
----------
Taskname: GoogleUpdateTaskMachineCore
File: C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
133104 bytes
Created: 07/05/2009 09:12
Modified: 07/05/2009 09:12
Company: Google Inc.
Parameters: /c
Schedule: Multiple schedule times
Next Run Time: 27/12/2009 09:30:00
Status: Ready
Status: SYSTEM
Comments: Keeps your Google software up to date. If this task is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise can't be fixed and features may not work. This task uninstalls itself when there is no Google software using it.
----------
Taskname: GoogleUpdateTaskMachineUA
File: C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
133104 bytes
Created: 07/05/2009 09:12
Modified: 07/05/2009 09:12
Company: Google Inc.
Parameters: /ua /installsource scheduler
Schedule: Every 1 hour(s) from 09:30 for 24 hour(s) every day, starting 02/11/2009
Next Run Time: 26/12/2009 13:30:00
Status: Ready
Status: SYSTEM
Comments: Keeps your Google software up to date. If this task is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise can't be fixed and features may not work. This task uninstalls itself when there is no Google software using it.
----------

************************************************************
13:28:44: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----

************************************************************
13:28:44: Scanning ----- DEVICE DRIVER ENTRIES -----
Value: VIDC.VQC4
File: VQ318DEC.dll
C:\WINDOWS\system32\VQ318DEC.dll
81920 bytes
Created: 22/04/2002 09:34
Modified: 22/04/2002 09:34
Company: Unknown
----------

************************************************************
13:28:45: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Documents and Settings\Name\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Name\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
3686454 bytes
Created: 25/04/2009 00:27
Modified: 30/10/2009 16:30
Company: [no info]
----------
Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Name\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
3686454 bytes
Created: 25/04/2009 00:27
Modified: 30/10/2009 16:30
Company: [no info]
----------
Checks for rogue DNS NameServers completed
----------
Additional checks completed

************************************************************
13:28:46: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
50688 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\csrss.exe
6144 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\winlogon.exe
507904 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\services.exe
110592 bytes
Created: 14/04/2008 12:00
Modified: 06/02/2009 11:11
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\lsass.exe
13312 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\svchost.exe
14336 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe - file already scanned
--------------------
C:\WINDOWS\Explorer.EXE - file already scanned
--------------------
C:\Program Files\Alwil Software\Avast4\ashServ.exe - file already scanned
--------------------
C:\WINDOWS\system32\hkcmd.exe - file already scanned
--------------------
C:\Program Files\Analog Devices\Core\smax4pnp.exe - file already scanned
--------------------
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe - file already scanned
--------------------
C:\Program Files\Icons\SetIcon.exe - file already scanned
--------------------
C:\Program Files\Java\jre6\bin\jusched.exe - file already scanned
--------------------
C:\Program Files\iTunes\iTunesHelper.exe - file already scanned
--------------------
C:\WINDOWS\system32\ctfmon.exe - file already scanned
--------------------
C:\Program Files\FinePixViewer\QuickDCF.exe
200704 bytes
Created: 24/04/2009 22:36
Modified: 20/12/2002 15:18
Company: FUJI PHOTO FILM CO., LTD.
--------------------
C:\WINDOWS\system32\spoolsv.exe
57856 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\rundll32.exe
33280 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
144712 bytes
Created: 09/07/2009 11:22
Modified: 09/07/2009 11:22
Company: Apple Inc.
--------------------
C:\Program Files\AskBarDis\bar\bin\AskService.exe - file already scanned
--------------------
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe - file already scanned
--------------------
C:\Program Files\Bonjour\mDNSResponder.exe
238888 bytes
Created: 12/12/2008 10:17
Modified: 12/12/2008 10:17
Company: Apple Inc.
--------------------
C:\Program Files\Java\jre6\bin\jqs.exe
153376 bytes
Created: 25/04/2009 00:12
Modified: 11/10/2009 04:17
Company: Sun Microsystems, Inc.
--------------------
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
322120 bytes
Created: 20/06/2003 06:25
Modified: 20/06/2003 06:25
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\wbem\wmiprvse.exe
227840 bytes
Created: 19/09/2008 20:00
Modified: 06/02/2009 10:10
Company: Microsoft Corporation
--------------------
C:\Program Files\iPod\bin\iPodService.exe
545568 bytes
Created: 28/10/2009 20:21
Modified: 28/10/2009 20:21
Company: Apple Inc.
--------------------
C:\WINDOWS\System32\alg.exe
44544 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
--------------------
C:\Documents and Settings\Name\Application Data\Simply Super Software\Trojan Remover\jis113.exe
FileSize: 3613560
[This is a Trojan Remover component]
--------------------
C:\WINDOWS\system32\wscntfy.exe
13824 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
--------------------

************************************************************
13:28:50: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dl ... r=iesearch

************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 13:28:50 26 Dec 2009
Total Scan time: 00:00:20
************************************************************

***** INDIVIDUAL FILE SCAN *****
Trojan Remover Ver 6.8.1.2593. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 11:02:20 25 Dec 2009
Using Database v7442
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Name\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Documents and Settings\All Users\Application Data\Simply Super Software\Trojan Remover\Data\
Logfile directory: C:\Documents and Settings\Name\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************
The following Anti-Malware program(s) are loaded:
Avast! Antivirus

************************************************************

Carrying out individual file scan on C:\Documents and Settings\Name\Application Data\Macromedia\Common\405fe02619.exe
This file appears to be OK
************************************************************

2nd half to follow in next post....

by **davem** » January 2nd, 2010, 5:13 pm

2nd half of Trojan Remover Log....

***** LAYERED SERVICE PROVIDER CHECKS *****
Trojan Remover Ver 6.8.1.2593. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 21:29:28 21 Dec 2009
Using Database v7442
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Name\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Documents and Settings\All Users\Application Data\Simply Super Software\Trojan Remover\Data\
Logfile directory: C:\Documents and Settings\Name\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************
The following Anti-Malware program(s) are loaded:
Avast! Antivirus

************************************************************

No errors were located in the Layered Service Provider Registry entries.
No action was taken.
************************************************************

***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.8.1.2593. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 21:27:46 21 Dec 2009
Using Database v7442
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Name\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Documents and Settings\All Users\Application Data\Simply Super Software\Trojan Remover\Data\
Logfile directory: C:\Documents and Settings\Name\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************
The following Anti-Malware program(s) are loaded:
Avast! Antivirus

************************************************************

************************************************************
21:27:47: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
21:27:47: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [Explorer.exe]
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1033728 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\WINDOWS\system32\userinit.exe,]
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26112 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
Key value: [logonui.exe]
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
514560 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: IgfxTray
Value Data: C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxtray.exe
155648 bytes
Created: 19/09/2008 21:18
Modified: 23/01/2005 17:36
Company: Intel Corporation
--------------------
Value Name: HotKeysCmds
Value Data: C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hkcmd.exe
126976 bytes
Created: 19/09/2008 21:18
Modified: 23/01/2005 17:31
Company: Intel Corporation
--------------------
Value Name: SoundMAXPnP
Value Data: C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
1404928 bytes
Created: 19/09/2008 21:18
Modified: 14/10/2004 21:42
Company: Analog Devices, Inc.
--------------------
Value Name: avast!
Value Data: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
81000 bytes
Created: 24/04/2009 22:20
Modified: 24/11/2009 23:51
Company: ALWIL Software
--------------------
Value Name: REGSHAVE
Value Data: C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
C:\Program Files\REGSHAVE\REGSHAVE.EXE
53248 bytes
Created: 24/04/2009 22:35
Modified: 04/02/2002 21:32
Company: FUJI PHOTO FILM CO., LTD.
--------------------
Value Name: Ad-Watch
Value Data: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
788880 bytes
Created: 24/09/2009 11:17
Modified: 22/11/2009 18:24
Company: Lavasoft
--------------------
Value Name: \\STUDIO\EPSON Stylus Photo RX420 Series
Value Data: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P40 "\\STUDIO\EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
98304 bytes
Created: 08/07/2008 12:11
Modified: 09/04/2004 02:00
Company: SEIKO EPSON CORPORATION
--------------------
Value Name: SetIcon
Value Data: C:\Program Files\Icons\SetIcon.exe
C:\Program Files\Icons\SetIcon.exe
39936 bytes
Created: 16/12/2002 09:02
Modified: 16/12/2002 09:02
Company: Standard Microsystems Corp.
--------------------
Value Name: SunJavaUpdateSched
Value Data: "C:\Program Files\Java\jre6\bin\jusched.exe"
C:\Program Files\Java\jre6\bin\jusched.exe
149280 bytes
Created: 25/04/2009 00:12
Modified: 11/10/2009 04:17
Company: Sun Microsystems, Inc.
--------------------
Value Name: QuickTime Task
Value Data: "C:\Program Files\QuickTime\qttask.exe" -atboottime
C:\Program Files\QuickTime\qttask.exe
417792 bytes
Created: 05/09/2009 01:54
Modified: 05/09/2009 01:54
Company: Apple Inc.
--------------------
Value Name: iTunesHelper
Value Data: "C:\Program Files\iTunes\iTunesHelper.exe"
C:\Program Files\iTunes\iTunesHelper.exe
141600 bytes
Created: 28/10/2009 20:21
Modified: 28/10/2009 20:21
Company: Apple Inc.
--------------------
Value Name: Adobe Reader Speed Launcher
Value Data: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
35696 bytes
Created: 03/10/2009 04:08
Modified: 03/10/2009 04:08
Company: Adobe Systems Incorporated
--------------------
Value Name: Adobe ARM
Value Data: "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
-R- 935288 bytes
Created: 04/09/2009 12:08
Modified: 04/09/2009 12:08
Company: Adobe Systems Incorporated
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
1070984 bytes
Created: 19/12/2009 13:22
Modified: 17/10/2009 19:35
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: CTFMON.EXE
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
--------------------
Value Name: swg
Value Data: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
39408 bytes
Created: 13/05/2009 13:54
Modified: 13/05/2009 13:54
Company: Google Inc.
--------------------
Value Name: Skype
Value Data: "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
C:\Program Files\Skype\Phone\Skype.exe
-R- 25623336 bytes
Created: 09/10/2009 13:11
Modified: 09/10/2009 13:11
Company: Skype Technologies S.A.
--------------------
Value Name: ZagrebLand
Value Data: C:\DOCUME~1\Name\LOCALS~1\Temp\c.exe
C:\DOCUME~1\Name\LOCALS~1\Temp\c.exe - [file not found to scan]
--------------------
Value Name: rundll32.exe
Value Data:
Blank entry: []
--------------------
Value Name: WAB
Value Data: C:\Documents and Settings\Name\Application Data\Macromedia\Common\405fe02619.exe
C:\Documents and Settings\Name\Application Data\Macromedia\Common\405fe02619.exe
24576 bytes
Created: 20/12/2009 06:45
Modified: 21/12/2009 21:27
Company: [no info]
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty

************************************************************
21:27:54: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------

************************************************************
21:27:54: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
21:27:55: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver: C:\WINDOWS\system32\logon.scr
C:\WINDOWS\system32\logon.scr
220672 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
--------------------

************************************************************
21:27:55: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----

************************************************************
21:27:55: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------

************************************************************
21:27:57: Scanning ----- SERVICES REGISTRY KEYS -----
Key: ASKService
ImagePath: C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
464264 bytes
Created: 20/06/2009 17:56
Modified: 09/12/2008 17:40
Company: [no info]
----------
Key: ASKUpgrade
ImagePath: C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
234888 bytes
Created: 20/06/2009 17:56
Modified: 09/12/2008 17:40
Company: [no info]
----------
Key: aswFsBlk
ImagePath: system32\DRIVERS\aswFsBlk.sys
C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys
20560 bytes
Created: 24/04/2009 22:20
Modified: 24/11/2009 23:50
Company: ALWIL Software
----------
Key: aswUpdSv
ImagePath: "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
18752 bytes
Created: 24/04/2009 22:20
Modified: 24/11/2009 23:43
Company: ALWIL Software
----------
Key: atapi
ImagePath: system32\DRIVERS\atapi.sys
C:\WINDOWS\system32\DRIVERS\atapi.sys
96512 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
----------
Key: avast! Antivirus
ImagePath: "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
C:\Program Files\Alwil Software\Avast4\ashServ.exe
138680 bytes
Created: 24/04/2009 22:20
Modified: 24/11/2009 23:51
Company: ALWIL Software
----------
Key: avast! Mail Scanner
ImagePath: "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
254040 bytes
Created: 24/04/2009 22:20
Modified: 24/11/2009 23:51
Company: ALWIL Software
----------
Key: avast! Web Scanner
ImagePath: "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
352920 bytes
Created: 24/04/2009 22:20
Modified: 24/11/2009 23:48
Company: ALWIL Software
----------
Key: b57w2k
ImagePath: system32\DRIVERS\b57xp32.sys
C:\WINDOWS\system32\DRIVERS\b57xp32.sys
156160 bytes
Created: 19/09/2008 21:20
Modified: 10/05/2006 22:00
Company: Broadcom Corporation
----------
Key: DCamUSBLTN
ImagePath: system32\DRIVERS\vq318vid.sys
C:\WINDOWS\system32\DRIVERS\vq318vid.sys
113632 bytes
Created: 22/04/2002 09:28
Modified: 22/04/2002 09:28
Company:
----------
Key: motmodem
ImagePath: system32\DRIVERS\motmodem.sys
C:\WINDOWS\system32\DRIVERS\motmodem.sys
23680 bytes
Created: 18/06/2007 19:18
Modified: 18/06/2007 19:18
Company: Motorola
----------
Key: SwPrv
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{43AF571D-7702-4F23-8F2A-C43FD69511AF}
C:\WINDOWS\system32\dllhost.exe
5120 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
----------

************************************************************
21:28:05: Scanning -----VXD ENTRIES-----

************************************************************
21:28:05: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key : igfxcui
DLLName: igfxsrvc.dll
C:\WINDOWS\system32\igfxsrvc.dll
348160 bytes
Created: 19/09/2008 21:18
Modified: 23/01/2005 17:31
Company: Intel Corporation
----------

************************************************************
21:28:06: Scanning ----- CONTEXTMENUHANDLERS -----
Key: avast
CLSID: {472083B0-C522-11CF-8763-00608CC02F24}
Path: C:\Program Files\Alwil Software\Avast4\ashShell.dll
C:\Program Files\Alwil Software\Avast4\ashShell.dll
76880 bytes
Created: 24/04/2009 22:20
Modified: 24/11/2009 23:47
Company: ALWIL Software
----------
Key: LavasoftShellExt
CLSID: {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F}
Path: C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll
C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll
163728 bytes
Created: 23/09/2009 13:19
Modified: 22/11/2009 18:24
Company:
----------

************************************************************
21:28:06: Scanning ----- FOLDER\COLUMNHANDLERS -----

************************************************************
21:28:06: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {201f27d4-3704-41d6-89c1-aa35e39143ed}
BHO: C:\Program Files\AskBarDis\bar\bin\askBar.dll
C:\Program Files\AskBarDis\bar\bin\askBar.dll
333192 bytes
Created: 20/06/2009 17:56
Modified: 09/12/2008 17:40
Company: Ask.com
----------
Key: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
BHO: C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
668656 bytes
Created: 13/05/2009 13:54
Modified: 13/05/2009 13:54
Company: Google Inc.
----------

************************************************************
21:28:07: Scanning ----- SHELLSERVICEOBJECTS -----

************************************************************
21:28:07: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

************************************************************
21:28:07: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************************
21:28:07: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank or does not exist

************************************************************
21:28:07: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************************
21:28:07: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
-HS- 84 bytes
Created: 19/09/2008 12:25
Modified: 19/09/2008 20:05
Company: [no info]
--------------------
Exif Launcher.lnk - links to C:\PROGRA~1\FINEPI~1\QuickDCF.exe
C:\PROGRA~1\FINEPI~1\QuickDCF.exe
200704 bytes
Created: 24/04/2009 22:36
Modified: 20/12/2002 15:18
Company: FUJI PHOTO FILM CO., LTD.
--------------------

************************************************************
21:28:08: Scanning ------ USER STARTUP GROUPS ------
--------------------
Checking Startup Group for: Administrator
[C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP]
The Startup Group for Administrator attempts to load the following file(s):
C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 27/10/2008 10:52
Modified: 19/09/2008 20:05
Company: [no info]
----------
--------------------
Checking Startup Group for: Name
[C:\Documents and Settings\Name\START MENU\PROGRAMS\STARTUP]
The Startup Group for Name attempts to load the following file(s):
C:\Documents and Settings\Name\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 19/09/2008 20:13
Modified: 19/09/2008 20:05
Company: [no info]
----------

************************************************************
21:28:08: Scanning ----- SCHEDULED TASKS -----
Taskname: Ad-Aware Update (Weekly)
File: C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
822904 bytes
Created: 01/10/2009 13:06
Modified: 22/11/2009 18:24
Company: Lavasoft
Parameters: update all silent
Schedule: At 18:24 every Wed, Sun of every week, starting 15/11/2009
Next Run Time: 23/12/2009 18:24:00
Status: Has not run
Status: SYSTEM
Comments: This will perform a scheduled update with Ad-Aware
----------
Taskname: AppleSoftwareUpdate
File: C:\Program Files\Apple Software Update\SoftwareUpdate.exe
C:\Program Files\Apple Software Update\SoftwareUpdate.exe
566592 bytes
Created: 30/07/2008 11:34
Modified: 30/07/2008 11:34
Company: Apple Inc.
Parameters: -task
Schedule: At 12:46 every Fri of every week, starting 24/04/2009
Next Run Time: 25/12/2009 12:46:00
Status: Ready
Status: SYSTEM
Comments:
----------
Taskname: Google Software Updater
File: C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
183280 bytes
Created: 13/05/2009 13:54
Modified: 13/05/2009 13:54
Company: Google
Parameters: scheduled_start
Schedule: Multiple schedule times
Next Run Time: 22/12/2009 10:59:00
Status: Has not run
Status: SYSTEM
Comments: Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work.
----------
Taskname: GoogleUpdateTaskMachineCore
File: C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
133104 bytes
Created: 07/05/2009 09:12
Modified: 07/05/2009 09:12
Company: Google Inc.
Parameters: /c
Schedule: Multiple schedule times
Next Run Time: 22/12/2009 09:30:00
Status: Ready
Status: SYSTEM
Comments: Keeps your Google software up to date. If this task is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise can't be fixed and features may not work. This task uninstalls itself when there is no Google software using it.
----------
Taskname: GoogleUpdateTaskMachineUA
File: C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
133104 bytes
Created: 07/05/2009 09:12
Modified: 07/05/2009 09:12
Company: Google Inc.
Parameters: /ua /installsource scheduler
Schedule: Every 1 hour(s) from 09:30 for 24 hour(s) every day, starting 02/11/2009
Next Run Time: 21/12/2009 21:30:00
Status: Ready
Status: SYSTEM
Comments: Keeps your Google software up to date. If this task is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise can't be fixed and features may not work. This task uninstalls itself when there is no Google software using it.
----------

************************************************************
21:28:09: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----

************************************************************
21:28:09: Scanning ----- DEVICE DRIVER ENTRIES -----
Value: VIDC.VQC4
File: VQ318DEC.dll
C:\WINDOWS\system32\VQ318DEC.dll
81920 bytes
Created: 22/04/2002 09:34
Modified: 22/04/2002 09:34
Company: Unknown
----------
Value: midi2
File: C:\DOCUME~1\Name\APPLIC~1\MACROM~1\Common\405fe0261.dll
C:\DOCUME~1\Name\APPLIC~1\MACROM~1\Common\405fe0261.dll
113664 bytes
Created: 12/12/2009 15:14
Modified: 20/12/2009 06:08
Company: [no info]
----------
Value: wave2
File: C:\DOCUME~1\Name\APPLIC~1\MACROM~1\Common\405fe0261.dll
C:\DOCUME~1\Name\APPLIC~1\MACROM~1\Common\405fe0261.dll - file already scanned
----------
Value: aux2
File: C:\DOCUME~1\Name\APPLIC~1\MACROM~1\Common\405fe0261.dll
C:\DOCUME~1\Name\APPLIC~1\MACROM~1\Common\405fe0261.dll - file already scanned
----------
Value: mixer1
File: C:\DOCUME~1\Name\APPLIC~1\MACROM~1\Common\405fe0261.dll
C:\DOCUME~1\Name\APPLIC~1\MACROM~1\Common\405fe0261.dll - file already scanned
----------
Value: midi1
File: C:\DOCUME~1\Name\APPLIC~1\MACROM~1\Common\405fe0261.dll
C:\DOCUME~1\Name\APPLIC~1\MACROM~1\Common\405fe0261.dll - file already scanned
----------
Value: wave1
File: C:\DOCUME~1\Name\APPLIC~1\MACROM~1\Common\405fe0261.dll
C:\DOCUME~1\Name\APPLIC~1\MACROM~1\Common\405fe0261.dll - file already scanned
----------
Value: aux1
File: C:\DOCUME~1\Name\APPLIC~1\MACROM~1\Common\405fe0261.dll
C:\DOCUME~1\Name\APPLIC~1\MACROM~1\Common\405fe0261.dll - file already scanned
----------
Value: mixer2
File: C:\DOCUME~1\Name\APPLIC~1\MACROM~1\Common\405fe0261.dll
C:\DOCUME~1\Name\APPLIC~1\MACROM~1\Common\405fe0261.dll - file already scanned
----------

************************************************************
21:28:11: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Documents and Settings\Name\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Name\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
3686454 bytes
Created: 25/04/2009 00:27
Modified: 30/10/2009 16:30
Company: [no info]
----------
Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Name\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
3686454 bytes
Created: 25/04/2009 00:27
Modified: 30/10/2009 16:30
Company: [no info]
----------
Checks for rogue DNS NameServers completed
----------
Additional checks completed

************************************************************
21:28:13: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
50688 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\csrss.exe
6144 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\winlogon.exe
507904 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\services.exe
110592 bytes
Created: 14/04/2008 12:00
Modified: 06/02/2009 11:11
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\lsass.exe
13312 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\svchost.exe
14336 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe - file already scanned
--------------------
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
1184912 bytes
Created: 24/09/2009 11:17
Modified: 22/11/2009 18:24
Company: Lavasoft
--------------------
C:\WINDOWS\Explorer.EXE - file already scanned
--------------------
C:\Program Files\Alwil Software\Avast4\ashServ.exe - file already scanned
--------------------
C:\WINDOWS\system32\hkcmd.exe - file already scanned
--------------------
C:\Program Files\Analog Devices\Core\smax4pnp.exe - file already scanned
--------------------
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe - file already scanned
--------------------
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe - file already scanned
--------------------
C:\Program Files\Icons\SetIcon.exe - file already scanned
--------------------
C:\Program Files\Java\jre6\bin\jusched.exe - file already scanned
--------------------
C:\Program Files\iTunes\iTunesHelper.exe - file already scanned
--------------------
C:\WINDOWS\system32\ctfmon.exe - file already scanned
--------------------
C:\Program Files\FinePixViewer\QuickDCF.exe
200704 bytes
Created: 24/04/2009 22:36
Modified: 20/12/2002 15:18
Company: FUJI PHOTO FILM CO., LTD.
--------------------
C:\WINDOWS\system32\spoolsv.exe
57856 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\rundll32.exe
33280 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
144712 bytes
Created: 09/07/2009 11:22
Modified: 09/07/2009 11:22
Company: Apple Inc.
--------------------
C:\Program Files\AskBarDis\bar\bin\AskService.exe - file already scanned
--------------------
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe - file already scanned
--------------------
C:\Program Files\Bonjour\mDNSResponder.exe
238888 bytes
Created: 12/12/2008 10:17
Modified: 12/12/2008 10:17
Company: Apple Inc.
--------------------
C:\Program Files\Java\jre6\bin\jqs.exe
153376 bytes
Created: 25/04/2009 00:12
Modified: 11/10/2009 04:17
Company: Sun Microsystems, Inc.
--------------------
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
322120 bytes
Created: 20/06/2003 06:25
Modified: 20/06/2003 06:25
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\wbem\unsecapp.exe
16896 bytes
Created: 19/09/2008 20:01
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
--------------------
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe - file already scanned
--------------------
C:\WINDOWS\system32\wbem\wmiprvse.exe
227840 bytes
Created: 19/09/2008 20:00
Modified: 06/02/2009 10:10
Company: Microsoft Corporation
--------------------
C:\Program Files\iPod\bin\iPodService.exe
545568 bytes
Created: 28/10/2009 20:21
Modified: 28/10/2009 20:21
Company: Apple Inc.
--------------------
C:\WINDOWS\System32\alg.exe
44544 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\Documents and Settings\Name\Application Data\Simply Super Software\Trojan Remover\mdc2F.exe
FileSize: 3613560
[This is a Trojan Remover component]
--------------------
C:\WINDOWS\system32\wscntfy.exe
13824 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
--------------------

************************************************************
21:28:24: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dl ... r=iesearch

************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 21:28:24 21 Dec 2009
Total Scan time: 00:00:37
************************************************************

***** THE SYSTEM HAS BEEN RESTARTED *****
19/12/2009 13:35:12: Trojan Remover has been restarted
=======================================================
Deleting the following registry value(s):
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\[Videocan] - already deleted
=======================================================
Unable to rename C:\WINDOWS\msa.exe to C:\WINDOWS\msa.exe.vir
(C:\WINDOWS\msa.exe does not appear to exist)
19/12/2009 13:35:13: Trojan Remover closed
************************************************************

***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.8.1.2593. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 13:29:26 19 Dec 2009
Using Database v7440
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Name\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Documents and Settings\All Users\Application Data\Simply Super Software\Trojan Remover\Data\
Logfile directory: C:\Documents and Settings\Name\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************
The following Anti-Malware program(s) are loaded:
Avast! Antivirus

************************************************************

************************************************************
13:29:26: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
13:29:27: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [Explorer.exe]
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1033728 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\WINDOWS\system32\userinit.exe,]
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26112 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
Key value: [logonui.exe]
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
514560 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: IgfxTray
Value Data: C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxtray.exe
155648 bytes
Created: 19/09/2008 21:18
Modified: 23/01/2005 17:36
Company: Intel Corporation
--------------------
Value Name: HotKeysCmds
Value Data: C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hkcmd.exe
126976 bytes
Created: 19/09/2008 21:18
Modified: 23/01/2005 17:31
Company: Intel Corporation
--------------------
Value Name: SoundMAXPnP
Value Data: C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
1404928 bytes
Created: 19/09/2008 21:18
Modified: 14/10/2004 21:42
Company: Analog Devices, Inc.
--------------------
Value Name: avast!
Value Data: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
81000 bytes
Created: 24/04/2009 22:20
Modified: 24/11/2009 23:51
Company: ALWIL Software
--------------------
Value Name: REGSHAVE
Value Data: C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
C:\Program Files\REGSHAVE\REGSHAVE.EXE
53248 bytes
Created: 24/04/2009 22:35
Modified: 04/02/2002 21:32
Company: FUJI PHOTO FILM CO., LTD.
--------------------
Value Name: Ad-Watch
Value Data: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
788880 bytes
Created: 24/09/2009 11:17
Modified: 22/11/2009 18:24
Company: Lavasoft
--------------------
Value Name: \\STUDIO\EPSON Stylus Photo RX420 Series
Value Data: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P40 "\\STUDIO\EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
98304 bytes
Created: 08/07/2008 12:11
Modified: 09/04/2004 02:00
Company: SEIKO EPSON CORPORATION
--------------------
Value Name: SetIcon
Value Data: C:\Program Files\Icons\SetIcon.exe
C:\Program Files\Icons\SetIcon.exe
39936 bytes
Created: 16/12/2002 09:02
Modified: 16/12/2002 09:02
Company: Standard Microsystems Corp.
--------------------
Value Name: SunJavaUpdateSched
Value Data: "C:\Program Files\Java\jre6\bin\jusched.exe"
C:\Program Files\Java\jre6\bin\jusched.exe
149280 bytes
Created: 25/04/2009 00:12
Modified: 11/10/2009 04:17
Company: Sun Microsystems, Inc.
--------------------
Value Name: QuickTime Task
Value Data: "C:\Program Files\QuickTime\qttask.exe" -atboottime
C:\Program Files\QuickTime\qttask.exe
417792 bytes
Created: 05/09/2009 01:54
Modified: 05/09/2009 01:54
Company: Apple Inc.
--------------------
Value Name: iTunesHelper
Value Data: "C:\Program Files\iTunes\iTunesHelper.exe"
C:\Program Files\iTunes\iTunesHelper.exe
141600 bytes
Created: 28/10/2009 20:21
Modified: 28/10/2009 20:21
Company: Apple Inc.
--------------------
Value Name: Adobe Reader Speed Launcher
Value Data: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
35696 bytes
Created: 03/10/2009 04:08
Modified: 03/10/2009 04:08
Company: Adobe Systems Incorporated
--------------------
Value Name: Adobe ARM
Value Data: "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
-R- 935288 bytes
Created: 04/09/2009 12:08
Modified: 04/09/2009 12:08
Company: Adobe Systems Incorporated
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
1070984 bytes
Created: 19/12/2009 13:22
Modified: 17/10/2009 19:35
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: CTFMON.EXE
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
--------------------
Value Name: swg
Value Data: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
39408 bytes
Created: 13/05/2009 13:54
Modified: 13/05/2009 13:54
Company: Google Inc.
--------------------
Value Name: Skype
Value Data: "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
C:\Program Files\Skype\Phone\Skype.exe
-R- 25623336 bytes
Created: 09/10/2009 13:11
Modified: 09/10/2009 13:11
Company: Skype Technologies S.A.
--------------------
Value Name: ZagrebLand
Value Data: C:\DOCUME~1\Name\LOCALS~1\Temp\c.exe
C:\DOCUME~1\Name\LOCALS~1\Temp\c.exe - [file not found to scan]
--------------------
Value Name: rundll32.exe
Value Data:
Blank entry: []
--------------------
Value Name: WAB
Value Data: C:\Documents and Settings\Name\Application Data\Macromedia\Common\405fe02619.exe
C:\Documents and Settings\Name\Application Data\Macromedia\Common\405fe02619.exe
24576 bytes
Created: 12/12/2009 15:14
Modified: 19/12/2009 13:29
Company: [no info]
--------------------
Value Name: Videocan
Value Data: C:\WINDOWS\msa.exe
C:\WINDOWS\msa.exe - has a *known* Malware filename: PUS.MSANTIVIRUS
C:\WINDOWS\msa.exe - this registry value has been removed [file not found to scan]
C:\WINDOWS\msa.exe - process is either not running or could not be terminated
C:\WINDOWS\msa.exe - could not take ownership: The operation completed successfully
C:\WINDOWS\msa.exe - marked for renaming when the PC is restarted (if it exists)
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty

************************************************************
13:30:01: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------

************************************************************
13:30:01: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
13:30:02: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver: C:\WINDOWS\system32\logon.scr
C:\WINDOWS\system32\logon.scr
220672 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
--------------------

************************************************************
13:30:02: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----

************************************************************
13:30:02: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------

************************************************************
13:30:03: Scanning ----- SERVICES REGISTRY KEYS -----
Key: ASKService
ImagePath: C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
464264 bytes
Created: 20/06/2009 17:56
Modified: 09/12/2008 17:40
Company: [no info]
----------
Key: ASKUpgrade
ImagePath: C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
234888 bytes
Created: 20/06/2009 17:56
Modified: 09/12/2008 17:40
Company: [no info]
----------
Key: aswFsBlk
ImagePath: system32\DRIVERS\aswFsBlk.sys
C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys
20560 bytes
Created: 24/04/2009 22:20
Modified: 24/11/2009 23:50
Company: ALWIL Software
----------
Key: aswUpdSv
ImagePath: "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
18752 bytes
Created: 24/04/2009 22:20
Modified: 24/11/2009 23:43
Company: ALWIL Software
----------
Key: atapi
ImagePath: system32\DRIVERS\atapi.sys
C:\WINDOWS\system32\DRIVERS\atapi.sys
96512 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
----------
Key: avast! Antivirus
ImagePath: "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
C:\Program Files\Alwil Software\Avast4\ashServ.exe
138680 bytes
Created: 24/04/2009 22:20
Modified: 24/11/2009 23:51
Company: ALWIL Software
----------
Key: avast! Mail Scanner
ImagePath: "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
254040 bytes
Created: 24/04/2009 22:20
Modified: 24/11/2009 23:51
Company: ALWIL Software
----------
Key: avast! Web Scanner
ImagePath: "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
352920 bytes
Created: 24/04/2009 22:20
Modified: 24/11/2009 23:48
Company: ALWIL Software
----------
Key: b57w2k
ImagePath: system32\DRIVERS\b57xp32.sys
C:\WINDOWS\system32\DRIVERS\b57xp32.sys
156160 bytes
Created: 19/09/2008 21:20
Modified: 10/05/2006 22:00
Company: Broadcom Corporation
----------
Key: DCamUSBLTN
ImagePath: system32\DRIVERS\vq318vid.sys
C:\WINDOWS\system32\DRIVERS\vq318vid.sys
113632 bytes
Created: 22/04/2002 09:28
Modified: 22/04/2002 09:28
Company:
----------
Key: motmodem
ImagePath: system32\DRIVERS\motmodem.sys
C:\WINDOWS\system32\DRIVERS\motmodem.sys
23680 bytes
Created: 18/06/2007 19:18
Modified: 18/06/2007 19:18
Company: Motorola
----------
Key: SwPrv
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{43AF571D-7702-4F23-8F2A-C43FD69511AF}
C:\WINDOWS\system32\dllhost.exe
5120 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
----------

************************************************************
13:30:11: Scanning -----VXD ENTRIES-----

************************************************************
13:30:11: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key : igfxcui
DLLName: igfxsrvc.dll
C:\WINDOWS\system32\igfxsrvc.dll
348160 bytes
Created: 19/09/2008 21:18
Modified: 23/01/2005 17:31
Company: Intel Corporation
----------

************************************************************
13:30:12: Scanning ----- CONTEXTMENUHANDLERS -----
Key: avast
CLSID: {472083B0-C522-11CF-8763-00608CC02F24}
Path: C:\Program Files\Alwil Software\Avast4\ashShell.dll
C:\Program Files\Alwil Software\Avast4\ashShell.dll
76880 bytes
Created: 24/04/2009 22:20
Modified: 24/11/2009 23:47
Company: ALWIL Software
----------
Key: LavasoftShellExt
CLSID: {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F}
Path: C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll
C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll
163728 bytes
Created: 23/09/2009 13:19
Modified: 22/11/2009 18:24
Company:
----------

************************************************************
13:30:12: Scanning ----- FOLDER\COLUMNHANDLERS -----

************************************************************
13:30:12: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {201f27d4-3704-41d6-89c1-aa35e39143ed}
BHO: C:\Program Files\AskBarDis\bar\bin\askBar.dll
C:\Program Files\AskBarDis\bar\bin\askBar.dll
333192 bytes
Created: 20/06/2009 17:56
Modified: 09/12/2008 17:40
Company: Ask.com
----------
Key: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
BHO: C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
668656 bytes
Created: 13/05/2009 13:54
Modified: 13/05/2009 13:54
Company: Google Inc.
----------

************************************************************
13:30:13: Scanning ----- SHELLSERVICEOBJECTS -----

************************************************************
13:30:13: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

************************************************************
13:30:13: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************************
13:30:13: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank or does not exist

************************************************************
13:30:13: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************************
13:30:14: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
-HS- 84 bytes
Created: 19/09/2008 12:25
Modified: 19/09/2008 20:05
Company: [no info]
--------------------
Exif Launcher.lnk - links to C:\PROGRA~1\FINEPI~1\QuickDCF.exe
C:\PROGRA~1\FINEPI~1\QuickDCF.exe
200704 bytes
Created: 24/04/2009 22:36
Modified: 20/12/2002 15:18
Company: FUJI PHOTO FILM CO., LTD.
--------------------

************************************************************
13:30:14: Scanning ------ USER STARTUP GROUPS ------
--------------------
Checking Startup Group for: Administrator
[C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP]
The Startup Group for Administrator attempts to load the following file(s):
C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 27/10/2008 10:52
Modified: 19/09/2008 20:05
Company: [no info]
----------
--------------------
Checking Startup Group for: Name
[C:\Documents and Settings\Name\START MENU\PROGRAMS\STARTUP]
The Startup Group for Name attempts to load the following file(s):
C:\Documents and Settings\Name\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 19/09/2008 20:13
Modified: 19/09/2008 20:05
Company: [no info]
----------

************************************************************
13:30:15: Scanning ----- SCHEDULED TASKS -----
Taskname: Ad-Aware Update (Weekly)
File: C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
822904 bytes
Created: 01/10/2009 13:06
Modified: 22/11/2009 18:24
Company: Lavasoft
Parameters: update all silent
Schedule: At 18:24 every Wed, Sun of every week, starting 15/11/2009
Next Run Time: 20/12/2009 18:24:00
Status: Has not run
Status: SYSTEM
Comments: This will perform a scheduled update with Ad-Aware
----------
Taskname: AppleSoftwareUpdate
File: C:\Program Files\Apple Software Update\SoftwareUpdate.exe
C:\Program Files\Apple Software Update\SoftwareUpdate.exe
566592 bytes
Created: 30/07/2008 11:34
Modified: 30/07/2008 11:34
Company: Apple Inc.
Parameters: -task
Schedule: At 12:46 every Fri of every week, starting 24/04/2009
Next Run Time: 25/12/2009 12:46:00
Status: Ready
Status: SYSTEM
Comments:
----------
Taskname: Google Software Updater
File: C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
183280 bytes
Created: 13/05/2009 13:54
Modified: 13/05/2009 13:54
Company: Google
Parameters: scheduled_start
Schedule: Multiple schedule times
Next Run Time: 19/12/2009 14:52:00
Status: Has not run
Status: SYSTEM
Comments: Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work.
----------
Taskname: GoogleUpdateTaskMachineCore
File: C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
133104 bytes
Created: 07/05/2009 09:12
Modified: 07/05/2009 09:12
Company: Google Inc.
Parameters: /c
Schedule: Multiple schedule times
Next Run Time: 20/12/2009 09:30:00
Status: Ready
Status: SYSTEM
Comments: Keeps your Google software up to date. If this task is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise can't be fixed and features may not work. This task uninstalls itself when there is no Google software using it.
----------
Taskname: GoogleUpdateTaskMachineUA
File: C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
133104 bytes
Created: 07/05/2009 09:12
Modified: 07/05/2009 09:12
Company: Google Inc.
Parameters: /ua /installsource scheduler
Schedule: Every 1 hour(s) from 09:30 for 24 hour(s) every day, starting 02/11/2009
Next Run Time: 19/12/2009 14:30:00
Status: Ready
Status: SYSTEM
Comments: Keeps your Google software up to date. If this task is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise can't be fixed and features may not work. This task uninstalls itself when there is no Google software using it.
----------

************************************************************
13:30:16: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----

************************************************************
13:30:16: Scanning ----- DEVICE DRIVER ENTRIES -----
Value: VIDC.VQC4
File: VQ318DEC.dll
C:\WINDOWS\system32\VQ318DEC.dll
81920 bytes
Created: 22/04/2002 09:34
Modified: 22/04/2002 09:34
Company: Unknown
----------
Value: midi2
File: C:\DOCUME~1\Name\APPLIC~1\MACROM~1\Common\405fe0261.dll
C:\DOCUME~1\Name\APPLIC~1\MACROM~1\Common\405fe0261.dll
113664 bytes
Created: 12/12/2009 15:14
Modified: 18/12/2009 08:37
Company: [no info]
----------
Value: wave2
File: C:\DOCUME~1\Name\APPLIC~1\MACROM~1\Common\405fe0261.dll
C:\DOCUME~1\Name\APPLIC~1\MACROM~1\Common\405fe0261.dll - file already scanned
----------
Value: aux2
File: C:\DOCUME~1\Name\APPLIC~1\MACROM~1\Common\405fe0261.dll
C:\DOCUME~1\Name\APPLIC~1\MACROM~1\Common\405fe0261.dll - file already scanned
----------
Value: mixer1
File: C:\DOCUME~1\Name\APPLIC~1\MACROM~1\Common\405fe0261.dll
C:\DOCUME~1\Name\APPLIC~1\MACROM~1\Common\405fe0261.dll - file already scanned
----------
Value: midi1
File: C:\DOCUME~1\Name\APPLIC~1\MACROM~1\Common\405fe0261.dll
C:\DOCUME~1\Name\APPLIC~1\MACROM~1\Common\405fe0261.dll - file already scanned
----------
Value: wave1
File: C:\DOCUME~1\Name\APPLIC~1\MACROM~1\Common\405fe0261.dll
C:\DOCUME~1\Name\APPLIC~1\MACROM~1\Common\405fe0261.dll - file already scanned
----------
Value: aux1
File: C:\DOCUME~1\Name\APPLIC~1\MACROM~1\Common\405fe0261.dll
C:\DOCUME~1\Name\APPLIC~1\MACROM~1\Common\405fe0261.dll - file already scanned
----------
Value: mixer2
File: C:\DOCUME~1\Name\APPLIC~1\MACROM~1\Common\405fe0261.dll
C:\DOCUME~1\Name\APPLIC~1\MACROM~1\Common\405fe0261.dll - file already scanned
----------

************************************************************
13:30:18: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Checking autorun.inf in F:\
F:\autorun.inf
-RHS- 52 bytes
Created: 05/11/2008 13:19
Modified: 05/11/2008 13:19
Company: [no info]
F:\autorun.inf open entry: [setup.exe]
F:\setup.exe
319488 bytes
Created: 03/12/2008 13:38
Modified: 03/12/2008 13:38
Company: Western Digital Corporation
F:\autorun.inf - READ-ONLY, HIDDEN and SYSTEM file attributes removed
F:\autorun.inf - file renamed to: F:\autorun.inf.vir
----------
--------------------
Desktop Wallpaper: C:\Documents and Settings\Name\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Name\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
3686454 bytes
Created: 25/04/2009 00:27
Modified: 30/10/2009 16:30
Company: [no info]
----------
Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Name\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
3686454 bytes
Created: 25/04/2009 00:27
Modified: 30/10/2009 16:30
Company: [no info]
----------
Checks for rogue DNS NameServers completed
----------
Additional checks completed

************************************************************
13:30:43: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
50688 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
[1 loaded module]
--------------------
C:\WINDOWS\system32\csrss.exe
6144 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
[13 loaded modules in total]
--------------------
C:\WINDOWS\system32\winlogon.exe
507904 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
[76 loaded modules in total]
--------------------
C:\WINDOWS\system32\services.exe
110592 bytes
Created: 14/04/2008 12:00
Modified: 06/02/2009 11:11
Company: Microsoft Corporation
[25 loaded modules in total]
--------------------
C:\WINDOWS\system32\lsass.exe
13312 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
[59 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
14336 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
[50 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
[42 loaded modules in total]
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
[147 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
[35 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
[47 loaded modules in total]
--------------------
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe - file already scanned
[16 loaded modules in total]
--------------------
C:\WINDOWS\Explorer.EXE - file already scanned
[122 loaded modules in total]
--------------------
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
1184912 bytes
Created: 24/09/2009 11:17
Modified: 22/11/2009 18:24
Company: Lavasoft
[72 loaded modules in total]
--------------------
C:\Program Files\Alwil Software\Avast4\ashServ.exe - file already scanned
[55 loaded modules in total]
--------------------
C:\WINDOWS\system32\spoolsv.exe
57856 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
[57 loaded modules in total]
--------------------
C:\WINDOWS\system32\rundll32.exe
33280 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
[39 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
[35 loaded modules in total]
--------------------
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
144712 bytes
Created: 09/07/2009 11:22
Modified: 09/07/2009 11:22
Company: Apple Inc.
[27 loaded modules in total]
--------------------
C:\Program Files\AskBarDis\bar\bin\AskService.exe - file already scanned
[44 loaded modules in total]
--------------------
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe - file already scanned
[43 loaded modules in total]
--------------------
C:\Program Files\Bonjour\mDNSResponder.exe
238888 bytes
Created: 12/12/2008 10:17
Modified: 12/12/2008 10:17
Company: Apple Inc.
[30 loaded modules in total]
--------------------
C:\Program Files\Java\jre6\bin\jqs.exe
153376 bytes
Created: 25/04/2009 00:12
Modified: 11/10/2009 04:17
Company: Sun Microsystems, Inc.
[31 loaded modules in total]
--------------------
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
322120 bytes
Created: 20/06/2003 06:25
Modified: 20/06/2003 06:25
Company: Microsoft Corporation
[19 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
[44 loaded modules in total]
--------------------
C:\WINDOWS\system32\wbem\unsecapp.exe
16896 bytes
Created: 19/09/2008 20:01
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
[40 loaded modules in total]
--------------------
C:\WINDOWS\system32\wbem\wmiprvse.exe
227840 bytes
Created: 19/09/2008 20:00
Modified: 06/02/2009 10:10
Company: Microsoft Corporation
[46 loaded modules in total]
--------------------
C:\WINDOWS\System32\alg.exe
44544 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
[38 loaded modules in total]
--------------------
C:\WINDOWS\system32\hkcmd.exe - file already scanned
[35 loaded modules in total]
--------------------
C:\Program Files\Analog Devices\Core\smax4pnp.exe - file already scanned
[40 loaded modules in total]
--------------------
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe - file already scanned
[63 loaded modules in total]
--------------------
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe - file already scanned
[30 loaded modules in total]
--------------------
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE - file already scanned
[28 loaded modules in total]
--------------------
C:\Program Files\Icons\SetIcon.exe - file already scanned
[19 loaded modules in total]
--------------------
C:\Program Files\Java\jre6\bin\jusched.exe - file already scanned
[46 loaded modules in total]
--------------------
C:\Program Files\iTunes\iTunesHelper.exe - file already scanned
[65 loaded modules in total]
--------------------
C:\WINDOWS\system32\ctfmon.exe - file already scanned
[32 loaded modules in total]
--------------------
C:\Program Files\FinePixViewer\QuickDCF.exe
200704 bytes
Created: 24/04/2009 22:36
Modified: 20/12/2002 15:18
Company: FUJI PHOTO FILM CO., LTD.
[28 loaded modules in total]
--------------------
C:\Program Files\iPod\bin\iPodService.exe
545568 bytes
Created: 28/10/2009 20:21
Modified: 28/10/2009 20:21
Company: Apple Inc.
[27 loaded modules in total]
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
[36 loaded modules in total]
--------------------
C:\Program Files\Mozilla Firefox\firefox.exe
908248 bytes
Created: 24/04/2009 22:12
Modified: 03/11/2009 03:28
Company: Mozilla Corporation
[118 loaded modules in total]
--------------------
C:\Documents and Settings\Name\Application Data\Simply Super Software\Trojan Remover\gfx2A.exe
FileSize: 3613560
[This is a Trojan Remover component]
[64 loaded modules in total]
--------------------
C:\WINDOWS\system32\wscntfy.exe
13824 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
[28 loaded modules in total]
--------------------

************************************************************
13:31:55: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************************
13:31:55: Scanning ------ %TEMP% DIRECTORY ------
C:\DOCUME~1\Name\LOCALS~1\Temp\b.exe
210944 bytes
Created: 11/12/2009 22:38
Modified: 11/12/2009 22:38
Company: [no info]
C:\DOCUME~1\Name\LOCALS~1\Temp\b.exe appears to contain: SUSPICIOUS.ENTRY
C:\DOCUME~1\Name\LOCALS~1\Temp\b.exe - process is either not running or could not be terminated
C:\DOCUME~1\Name\LOCALS~1\Temp\b.exe - file renamed to: C:\DOCUME~1\Name\LOCALS~1\Temp\b.exe.vir
--------------------
C:\DOCUME~1\Name\LOCALS~1\Temp\wuasirvy.dll
181 bytes
Created: 13/12/2009 09:05
Modified: 13/12/2009 09:05
Company: [no info]
C:\DOCUME~1\Name\LOCALS~1\Temp\wuasirvy.dll appears to contain: TROJAN.SILENTBANKER
C:\DOCUME~1\Name\LOCALS~1\Temp\wuasirvy.dll - file renamed to: C:\DOCUME~1\Name\LOCALS~1\Temp\wuasirvy.dll.vir
--------------------
************************************************************
13:32:51: Scanning ------ C:\WINDOWS\Temp DIRECTORY ------
************************************************************
13:32:51: Scanning ------ ROOT DIRECTORY ------

************************************************************
13:32:51: ------ Scan for other files to remove ------
C:\WINDOWS\msacm32.drv, associated with Trojan.SilentBanker, has been deleted
----------
1 malware-related files deleted (or marked for deletion)

************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dl ... r=iesearch

************************************************************
=== CHANGES WERE MADE TO THE WINDOWS REGISTRY ===
=== ONE OR MORE FILES WERE RENAMED OR REMOVED ===
Scan completed at: 13:32:51 19 Dec 2009
Total Scan time: 00:03:25
-------------------------------------------------------------------------
One or more files could not be moved or renamed as requested.
They may be in use by Windows, so Trojan Remover needs
to restart the system in order to deal with these files.
19/12/2009 13:32:57: restart commenced
************************************************************

...will continue in next post....

by **davem** » January 2nd, 2010, 5:28 pm

Ad-Aware logs.....

Can't find any logs for Ad-Aware, presume as I'm using the free home version it doesn't create any.....

LockSearch Log...

LockSearch by jpshortstuff (05.11.09.1)
Log created at 20:26 on 02/01/2010 (Name)
Scanning C:\

C:\pagefile.sys
-------------------------

C:\WINDOWS\system32\dpvsetupv.dll
-------------------------
C:\WINDOWS\system32\dpvsetupv.dll [Unable to get md5 : 132096 bytes]

-=E.O.F=-

You ask me to let you know if I '....set that job...' - sorry I don't understand this request - which job and what do you mean by 'set it'?

My P.C. is still performing well, with the only obvious problem being the google search result link mis-direction.

Many thanks again for all your effort with this, very much appreciated.

Dave

Free Malware Removal Forum

davem hijackthis report

davem hijackthis report

Re: davem hijackthis report

Re: davem hijackthis report

Re: davem hijackthis report

Re: davem hijackthis report

Re: davem hijackthis report

Re: davem hijackthis report

Re: davem hijackthis report

Re: davem hijackthis report

Re: davem hijackthis report

Re: davem hijackthis report

Re: davem hijackthis report

Re: davem hijackthis report

Re: davem hijackthis report

Re: davem hijackthis report

Who is online