2nd half of Trojan Remover Log....***** LAYERED SERVICE PROVIDER CHECKS *****
Trojan Remover Ver 6.8.1.2593. For information, email
support@simplysup.com[Unregistered version]
Scan started at: 21:29:28 21 Dec 2009
Using Database v7442
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Name\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Documents and Settings\All Users\Application Data\Simply Super Software\Trojan Remover\Data\
Logfile directory: C:\Documents and Settings\Name\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges
************************************************************
The following Anti-Malware program(s) are loaded:
Avast! Antivirus
************************************************************
No errors were located in the Layered Service Provider Registry entries.
No action was taken.
************************************************************
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.8.1.2593. For information, email
support@simplysup.com[Unregistered version]
Scan started at: 21:27:46 21 Dec 2009
Using Database v7442
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Name\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Documents and Settings\All Users\Application Data\Simply Super Software\Trojan Remover\Data\
Logfile directory: C:\Documents and Settings\Name\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges
************************************************************
The following Anti-Malware program(s) are loaded:
Avast! Antivirus
************************************************************
************************************************************
21:27:47: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.
************************************************************
21:27:47: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [Explorer.exe]
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1033728 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\WINDOWS\system32\userinit.exe,]
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26112 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
Key value: [logonui.exe]
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
514560 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: IgfxTray
Value Data: C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxtray.exe
155648 bytes
Created: 19/09/2008 21:18
Modified: 23/01/2005 17:36
Company: Intel Corporation
--------------------
Value Name: HotKeysCmds
Value Data: C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hkcmd.exe
126976 bytes
Created: 19/09/2008 21:18
Modified: 23/01/2005 17:31
Company: Intel Corporation
--------------------
Value Name: SoundMAXPnP
Value Data: C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
1404928 bytes
Created: 19/09/2008 21:18
Modified: 14/10/2004 21:42
Company: Analog Devices, Inc.
--------------------
Value Name: avast!
Value Data: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
81000 bytes
Created: 24/04/2009 22:20
Modified: 24/11/2009 23:51
Company: ALWIL Software
--------------------
Value Name: REGSHAVE
Value Data: C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
C:\Program Files\REGSHAVE\REGSHAVE.EXE
53248 bytes
Created: 24/04/2009 22:35
Modified: 04/02/2002 21:32
Company: FUJI PHOTO FILM CO., LTD.
--------------------
Value Name: Ad-Watch
Value Data: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
788880 bytes
Created: 24/09/2009 11:17
Modified: 22/11/2009 18:24
Company: Lavasoft
--------------------
Value Name: \\STUDIO\EPSON Stylus Photo RX420 Series
Value Data: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P40 "\\STUDIO\EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
98304 bytes
Created: 08/07/2008 12:11
Modified: 09/04/2004 02:00
Company: SEIKO EPSON CORPORATION
--------------------
Value Name: SetIcon
Value Data: C:\Program Files\Icons\SetIcon.exe
C:\Program Files\Icons\SetIcon.exe
39936 bytes
Created: 16/12/2002 09:02
Modified: 16/12/2002 09:02
Company: Standard Microsystems Corp.
--------------------
Value Name: SunJavaUpdateSched
Value Data: "C:\Program Files\Java\jre6\bin\jusched.exe"
C:\Program Files\Java\jre6\bin\jusched.exe
149280 bytes
Created: 25/04/2009 00:12
Modified: 11/10/2009 04:17
Company: Sun Microsystems, Inc.
--------------------
Value Name: QuickTime Task
Value Data: "C:\Program Files\QuickTime\qttask.exe" -atboottime
C:\Program Files\QuickTime\qttask.exe
417792 bytes
Created: 05/09/2009 01:54
Modified: 05/09/2009 01:54
Company: Apple Inc.
--------------------
Value Name: iTunesHelper
Value Data: "C:\Program Files\iTunes\iTunesHelper.exe"
C:\Program Files\iTunes\iTunesHelper.exe
141600 bytes
Created: 28/10/2009 20:21
Modified: 28/10/2009 20:21
Company: Apple Inc.
--------------------
Value Name: Adobe Reader Speed Launcher
Value Data: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
35696 bytes
Created: 03/10/2009 04:08
Modified: 03/10/2009 04:08
Company: Adobe Systems Incorporated
--------------------
Value Name: Adobe ARM
Value Data: "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
-R- 935288 bytes
Created: 04/09/2009 12:08
Modified: 04/09/2009 12:08
Company: Adobe Systems Incorporated
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
1070984 bytes
Created: 19/12/2009 13:22
Modified: 17/10/2009 19:35
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: CTFMON.EXE
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
--------------------
Value Name: swg
Value Data: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
39408 bytes
Created: 13/05/2009 13:54
Modified: 13/05/2009 13:54
Company: Google Inc.
--------------------
Value Name: Skype
Value Data: "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
C:\Program Files\Skype\Phone\Skype.exe
-R- 25623336 bytes
Created: 09/10/2009 13:11
Modified: 09/10/2009 13:11
Company: Skype Technologies S.A.
--------------------
Value Name: ZagrebLand
Value Data: C:\DOCUME~1\Name\LOCALS~1\Temp\c.exe
C:\DOCUME~1\Name\LOCALS~1\Temp\c.exe - [file not found to scan]
--------------------
Value Name: rundll32.exe
Value Data:
Blank entry: []
--------------------
Value Name: WAB
Value Data: C:\Documents and Settings\Name\Application Data\Macromedia\Common\405fe02619.exe
C:\Documents and Settings\Name\Application Data\Macromedia\Common\405fe02619.exe
24576 bytes
Created: 20/12/2009 06:45
Modified: 21/12/2009 21:27
Company: [no info]
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
************************************************************
21:27:54: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------
************************************************************
21:27:54: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------
************************************************************
21:27:55: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver: C:\WINDOWS\system32\logon.scr
C:\WINDOWS\system32\logon.scr
220672 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
--------------------
************************************************************
21:27:55: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
************************************************************
21:27:55: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------
************************************************************
21:27:57: Scanning ----- SERVICES REGISTRY KEYS -----
Key: ASKService
ImagePath: C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
464264 bytes
Created: 20/06/2009 17:56
Modified: 09/12/2008 17:40
Company: [no info]
----------
Key: ASKUpgrade
ImagePath: C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
234888 bytes
Created: 20/06/2009 17:56
Modified: 09/12/2008 17:40
Company: [no info]
----------
Key: aswFsBlk
ImagePath: system32\DRIVERS\aswFsBlk.sys
C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys
20560 bytes
Created: 24/04/2009 22:20
Modified: 24/11/2009 23:50
Company: ALWIL Software
----------
Key: aswUpdSv
ImagePath: "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
18752 bytes
Created: 24/04/2009 22:20
Modified: 24/11/2009 23:43
Company: ALWIL Software
----------
Key: atapi
ImagePath: system32\DRIVERS\atapi.sys
C:\WINDOWS\system32\DRIVERS\atapi.sys
96512 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
----------
Key: avast! Antivirus
ImagePath: "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
C:\Program Files\Alwil Software\Avast4\ashServ.exe
138680 bytes
Created: 24/04/2009 22:20
Modified: 24/11/2009 23:51
Company: ALWIL Software
----------
Key: avast! Mail Scanner
ImagePath: "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
254040 bytes
Created: 24/04/2009 22:20
Modified: 24/11/2009 23:51
Company: ALWIL Software
----------
Key: avast! Web Scanner
ImagePath: "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
352920 bytes
Created: 24/04/2009 22:20
Modified: 24/11/2009 23:48
Company: ALWIL Software
----------
Key: b57w2k
ImagePath: system32\DRIVERS\b57xp32.sys
C:\WINDOWS\system32\DRIVERS\b57xp32.sys
156160 bytes
Created: 19/09/2008 21:20
Modified: 10/05/2006 22:00
Company: Broadcom Corporation
----------
Key: DCamUSBLTN
ImagePath: system32\DRIVERS\vq318vid.sys
C:\WINDOWS\system32\DRIVERS\vq318vid.sys
113632 bytes
Created: 22/04/2002 09:28
Modified: 22/04/2002 09:28
Company:
----------
Key: motmodem
ImagePath: system32\DRIVERS\motmodem.sys
C:\WINDOWS\system32\DRIVERS\motmodem.sys
23680 bytes
Created: 18/06/2007 19:18
Modified: 18/06/2007 19:18
Company: Motorola
----------
Key: SwPrv
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{43AF571D-7702-4F23-8F2A-C43FD69511AF}
C:\WINDOWS\system32\dllhost.exe
5120 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
----------
************************************************************
21:28:05: Scanning -----VXD ENTRIES-----
************************************************************
21:28:05: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key : igfxcui
DLLName: igfxsrvc.dll
C:\WINDOWS\system32\igfxsrvc.dll
348160 bytes
Created: 19/09/2008 21:18
Modified: 23/01/2005 17:31
Company: Intel Corporation
----------
************************************************************
21:28:06: Scanning ----- CONTEXTMENUHANDLERS -----
Key: avast
CLSID: {472083B0-C522-11CF-8763-00608CC02F24}
Path: C:\Program Files\Alwil Software\Avast4\ashShell.dll
C:\Program Files\Alwil Software\Avast4\ashShell.dll
76880 bytes
Created: 24/04/2009 22:20
Modified: 24/11/2009 23:47
Company: ALWIL Software
----------
Key: LavasoftShellExt
CLSID: {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F}
Path: C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll
C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll
163728 bytes
Created: 23/09/2009 13:19
Modified: 22/11/2009 18:24
Company:
----------
************************************************************
21:28:06: Scanning ----- FOLDER\COLUMNHANDLERS -----
************************************************************
21:28:06: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {201f27d4-3704-41d6-89c1-aa35e39143ed}
BHO: C:\Program Files\AskBarDis\bar\bin\askBar.dll
C:\Program Files\AskBarDis\bar\bin\askBar.dll
333192 bytes
Created: 20/06/2009 17:56
Modified: 09/12/2008 17:40
Company: Ask.com
----------
Key: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
BHO: C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
668656 bytes
Created: 13/05/2009 13:54
Modified: 13/05/2009 13:54
Company: Google Inc.
----------
************************************************************
21:28:07: Scanning ----- SHELLSERVICEOBJECTS -----
************************************************************
21:28:07: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
************************************************************
21:28:07: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.
************************************************************
21:28:07: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank or does not exist
************************************************************
21:28:07: Scanning ----- SECURITY PROVIDER DLLS -----
************************************************************
21:28:07: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
-HS- 84 bytes
Created: 19/09/2008 12:25
Modified: 19/09/2008 20:05
Company: [no info]
--------------------
Exif Launcher.lnk - links to C:\PROGRA~1\FINEPI~1\QuickDCF.exe
C:\PROGRA~1\FINEPI~1\QuickDCF.exe
200704 bytes
Created: 24/04/2009 22:36
Modified: 20/12/2002 15:18
Company: FUJI PHOTO FILM CO., LTD.
--------------------
************************************************************
21:28:08: Scanning ------ USER STARTUP GROUPS ------
--------------------
Checking Startup Group for: Administrator
[C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP]
The Startup Group for Administrator attempts to load the following file(s):
C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 27/10/2008 10:52
Modified: 19/09/2008 20:05
Company: [no info]
----------
--------------------
Checking Startup Group for: Name
[C:\Documents and Settings\Name\START MENU\PROGRAMS\STARTUP]
The Startup Group for Name attempts to load the following file(s):
C:\Documents and Settings\Name\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 19/09/2008 20:13
Modified: 19/09/2008 20:05
Company: [no info]
----------
************************************************************
21:28:08: Scanning ----- SCHEDULED TASKS -----
Taskname: Ad-Aware Update (Weekly)
File: C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
822904 bytes
Created: 01/10/2009 13:06
Modified: 22/11/2009 18:24
Company: Lavasoft
Parameters: update all silent
Schedule: At 18:24 every Wed, Sun of every week, starting 15/11/2009
Next Run Time: 23/12/2009 18:24:00
Status: Has not run
Status: SYSTEM
Comments: This will perform a scheduled update with Ad-Aware
----------
Taskname: AppleSoftwareUpdate
File: C:\Program Files\Apple Software Update\SoftwareUpdate.exe
C:\Program Files\Apple Software Update\SoftwareUpdate.exe
566592 bytes
Created: 30/07/2008 11:34
Modified: 30/07/2008 11:34
Company: Apple Inc.
Parameters: -task
Schedule: At 12:46 every Fri of every week, starting 24/04/2009
Next Run Time: 25/12/2009 12:46:00
Status: Ready
Status: SYSTEM
Comments:
----------
Taskname: Google Software Updater
File: C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
183280 bytes
Created: 13/05/2009 13:54
Modified: 13/05/2009 13:54
Company: Google
Parameters: scheduled_start
Schedule: Multiple schedule times
Next Run Time: 22/12/2009 10:59:00
Status: Has not run
Status: SYSTEM
Comments: Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work.
----------
Taskname: GoogleUpdateTaskMachineCore
File: C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
133104 bytes
Created: 07/05/2009 09:12
Modified: 07/05/2009 09:12
Company: Google Inc.
Parameters: /c
Schedule: Multiple schedule times
Next Run Time: 22/12/2009 09:30:00
Status: Ready
Status: SYSTEM
Comments: Keeps your Google software up to date. If this task is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise can't be fixed and features may not work. This task uninstalls itself when there is no Google software using it.
----------
Taskname: GoogleUpdateTaskMachineUA
File: C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
133104 bytes
Created: 07/05/2009 09:12
Modified: 07/05/2009 09:12
Company: Google Inc.
Parameters: /ua /installsource scheduler
Schedule: Every 1 hour(s) from 09:30 for 24 hour(s) every day, starting 02/11/2009
Next Run Time: 21/12/2009 21:30:00
Status: Ready
Status: SYSTEM
Comments: Keeps your Google software up to date. If this task is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise can't be fixed and features may not work. This task uninstalls itself when there is no Google software using it.
----------
************************************************************
21:28:09: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----
************************************************************
21:28:09: Scanning ----- DEVICE DRIVER ENTRIES -----
Value: VIDC.VQC4
File: VQ318DEC.dll
C:\WINDOWS\system32\VQ318DEC.dll
81920 bytes
Created: 22/04/2002 09:34
Modified: 22/04/2002 09:34
Company: Unknown
----------
Value: midi2
File: C:\DOCUME~1\Name\APPLIC~1\MACROM~1\Common\405fe0261.dll
C:\DOCUME~1\Name\APPLIC~1\MACROM~1\Common\405fe0261.dll
113664 bytes
Created: 12/12/2009 15:14
Modified: 20/12/2009 06:08
Company: [no info]
----------
Value: wave2
File: C:\DOCUME~1\Name\APPLIC~1\MACROM~1\Common\405fe0261.dll
C:\DOCUME~1\Name\APPLIC~1\MACROM~1\Common\405fe0261.dll - file already scanned
----------
Value: aux2
File: C:\DOCUME~1\Name\APPLIC~1\MACROM~1\Common\405fe0261.dll
C:\DOCUME~1\Name\APPLIC~1\MACROM~1\Common\405fe0261.dll - file already scanned
----------
Value: mixer1
File: C:\DOCUME~1\Name\APPLIC~1\MACROM~1\Common\405fe0261.dll
C:\DOCUME~1\Name\APPLIC~1\MACROM~1\Common\405fe0261.dll - file already scanned
----------
Value: midi1
File: C:\DOCUME~1\Name\APPLIC~1\MACROM~1\Common\405fe0261.dll
C:\DOCUME~1\Name\APPLIC~1\MACROM~1\Common\405fe0261.dll - file already scanned
----------
Value: wave1
File: C:\DOCUME~1\Name\APPLIC~1\MACROM~1\Common\405fe0261.dll
C:\DOCUME~1\Name\APPLIC~1\MACROM~1\Common\405fe0261.dll - file already scanned
----------
Value: aux1
File: C:\DOCUME~1\Name\APPLIC~1\MACROM~1\Common\405fe0261.dll
C:\DOCUME~1\Name\APPLIC~1\MACROM~1\Common\405fe0261.dll - file already scanned
----------
Value: mixer2
File: C:\DOCUME~1\Name\APPLIC~1\MACROM~1\Common\405fe0261.dll
C:\DOCUME~1\Name\APPLIC~1\MACROM~1\Common\405fe0261.dll - file already scanned
----------
************************************************************
21:28:11: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Documents and Settings\Name\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Name\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
3686454 bytes
Created: 25/04/2009 00:27
Modified: 30/10/2009 16:30
Company: [no info]
----------
Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Name\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
3686454 bytes
Created: 25/04/2009 00:27
Modified: 30/10/2009 16:30
Company: [no info]
----------
Checks for rogue DNS NameServers completed
----------
Additional checks completed
************************************************************
21:28:13: Scanning ----- RUNNING PROCESSES -----
C:\WINDOWS\System32\smss.exe
50688 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\csrss.exe
6144 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\winlogon.exe
507904 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\services.exe
110592 bytes
Created: 14/04/2008 12:00
Modified: 06/02/2009 11:11
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\lsass.exe
13312 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\svchost.exe
14336 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe - file already scanned
--------------------
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
1184912 bytes
Created: 24/09/2009 11:17
Modified: 22/11/2009 18:24
Company: Lavasoft
--------------------
C:\WINDOWS\Explorer.EXE - file already scanned
--------------------
C:\Program Files\Alwil Software\Avast4\ashServ.exe - file already scanned
--------------------
C:\WINDOWS\system32\hkcmd.exe - file already scanned
--------------------
C:\Program Files\Analog Devices\Core\smax4pnp.exe - file already scanned
--------------------
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe - file already scanned
--------------------
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe - file already scanned
--------------------
C:\Program Files\Icons\SetIcon.exe - file already scanned
--------------------
C:\Program Files\Java\jre6\bin\jusched.exe - file already scanned
--------------------
C:\Program Files\iTunes\iTunesHelper.exe - file already scanned
--------------------
C:\WINDOWS\system32\ctfmon.exe - file already scanned
--------------------
C:\Program Files\FinePixViewer\QuickDCF.exe
200704 bytes
Created: 24/04/2009 22:36
Modified: 20/12/2002 15:18
Company: FUJI PHOTO FILM CO., LTD.
--------------------
C:\WINDOWS\system32\spoolsv.exe
57856 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\rundll32.exe
33280 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
144712 bytes
Created: 09/07/2009 11:22
Modified: 09/07/2009 11:22
Company: Apple Inc.
--------------------
C:\Program Files\AskBarDis\bar\bin\AskService.exe - file already scanned
--------------------
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe - file already scanned
--------------------
C:\Program Files\Bonjour\mDNSResponder.exe
238888 bytes
Created: 12/12/2008 10:17
Modified: 12/12/2008 10:17
Company: Apple Inc.
--------------------
C:\Program Files\Java\jre6\bin\jqs.exe
153376 bytes
Created: 25/04/2009 00:12
Modified: 11/10/2009 04:17
Company: Sun Microsystems, Inc.
--------------------
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
322120 bytes
Created: 20/06/2003 06:25
Modified: 20/06/2003 06:25
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\wbem\unsecapp.exe
16896 bytes
Created: 19/09/2008 20:01
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
--------------------
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe - file already scanned
--------------------
C:\WINDOWS\system32\wbem\wmiprvse.exe
227840 bytes
Created: 19/09/2008 20:00
Modified: 06/02/2009 10:10
Company: Microsoft Corporation
--------------------
C:\Program Files\iPod\bin\iPodService.exe
545568 bytes
Created: 28/10/2009 20:21
Modified: 28/10/2009 20:21
Company: Apple Inc.
--------------------
C:\WINDOWS\System32\alg.exe
44544 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\Documents and Settings\Name\Application Data\Simply Super Software\Trojan Remover\mdc2F.exe
FileSize: 3613560
[This is a Trojan Remover component]
--------------------
C:\WINDOWS\system32\wscntfy.exe
13824 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
--------------------
************************************************************
21:28:24: Checking HOSTS file
No malicious entries were found in the HOSTS file
************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dl ... r=iesearchHKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://www.microsoft.com/isapi/redir.dl ... ar=msnhomeHKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/redir.dl ... r=iesearchHKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.microsoft.com/isapi/redir.dl ... ar=msnhomeHKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dl ... r=iesearch************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 21:28:24 21 Dec 2009
Total Scan time: 00:00:37
************************************************************
***** THE SYSTEM HAS BEEN RESTARTED *****
19/12/2009 13:35:12: Trojan Remover has been restarted
=======================================================
Deleting the following registry value(s):
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\[Videocan] - already deleted
=======================================================
Unable to rename C:\WINDOWS\msa.exe to C:\WINDOWS\msa.exe.vir
(C:\WINDOWS\msa.exe does not appear to exist)
19/12/2009 13:35:13: Trojan Remover closed
************************************************************
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.8.1.2593. For information, email
support@simplysup.com[Unregistered version]
Scan started at: 13:29:26 19 Dec 2009
Using Database v7440
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Name\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Documents and Settings\All Users\Application Data\Simply Super Software\Trojan Remover\Data\
Logfile directory: C:\Documents and Settings\Name\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges
************************************************************
The following Anti-Malware program(s) are loaded:
Avast! Antivirus
************************************************************
************************************************************
13:29:26: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.
************************************************************
13:29:27: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [Explorer.exe]
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1033728 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\WINDOWS\system32\userinit.exe,]
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26112 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
Key value: [logonui.exe]
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
514560 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: IgfxTray
Value Data: C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxtray.exe
155648 bytes
Created: 19/09/2008 21:18
Modified: 23/01/2005 17:36
Company: Intel Corporation
--------------------
Value Name: HotKeysCmds
Value Data: C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hkcmd.exe
126976 bytes
Created: 19/09/2008 21:18
Modified: 23/01/2005 17:31
Company: Intel Corporation
--------------------
Value Name: SoundMAXPnP
Value Data: C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
1404928 bytes
Created: 19/09/2008 21:18
Modified: 14/10/2004 21:42
Company: Analog Devices, Inc.
--------------------
Value Name: avast!
Value Data: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
81000 bytes
Created: 24/04/2009 22:20
Modified: 24/11/2009 23:51
Company: ALWIL Software
--------------------
Value Name: REGSHAVE
Value Data: C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
C:\Program Files\REGSHAVE\REGSHAVE.EXE
53248 bytes
Created: 24/04/2009 22:35
Modified: 04/02/2002 21:32
Company: FUJI PHOTO FILM CO., LTD.
--------------------
Value Name: Ad-Watch
Value Data: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
788880 bytes
Created: 24/09/2009 11:17
Modified: 22/11/2009 18:24
Company: Lavasoft
--------------------
Value Name: \\STUDIO\EPSON Stylus Photo RX420 Series
Value Data: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P40 "\\STUDIO\EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
98304 bytes
Created: 08/07/2008 12:11
Modified: 09/04/2004 02:00
Company: SEIKO EPSON CORPORATION
--------------------
Value Name: SetIcon
Value Data: C:\Program Files\Icons\SetIcon.exe
C:\Program Files\Icons\SetIcon.exe
39936 bytes
Created: 16/12/2002 09:02
Modified: 16/12/2002 09:02
Company: Standard Microsystems Corp.
--------------------
Value Name: SunJavaUpdateSched
Value Data: "C:\Program Files\Java\jre6\bin\jusched.exe"
C:\Program Files\Java\jre6\bin\jusched.exe
149280 bytes
Created: 25/04/2009 00:12
Modified: 11/10/2009 04:17
Company: Sun Microsystems, Inc.
--------------------
Value Name: QuickTime Task
Value Data: "C:\Program Files\QuickTime\qttask.exe" -atboottime
C:\Program Files\QuickTime\qttask.exe
417792 bytes
Created: 05/09/2009 01:54
Modified: 05/09/2009 01:54
Company: Apple Inc.
--------------------
Value Name: iTunesHelper
Value Data: "C:\Program Files\iTunes\iTunesHelper.exe"
C:\Program Files\iTunes\iTunesHelper.exe
141600 bytes
Created: 28/10/2009 20:21
Modified: 28/10/2009 20:21
Company: Apple Inc.
--------------------
Value Name: Adobe Reader Speed Launcher
Value Data: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
35696 bytes
Created: 03/10/2009 04:08
Modified: 03/10/2009 04:08
Company: Adobe Systems Incorporated
--------------------
Value Name: Adobe ARM
Value Data: "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
-R- 935288 bytes
Created: 04/09/2009 12:08
Modified: 04/09/2009 12:08
Company: Adobe Systems Incorporated
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
1070984 bytes
Created: 19/12/2009 13:22
Modified: 17/10/2009 19:35
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: CTFMON.EXE
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
--------------------
Value Name: swg
Value Data: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
39408 bytes
Created: 13/05/2009 13:54
Modified: 13/05/2009 13:54
Company: Google Inc.
--------------------
Value Name: Skype
Value Data: "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
C:\Program Files\Skype\Phone\Skype.exe
-R- 25623336 bytes
Created: 09/10/2009 13:11
Modified: 09/10/2009 13:11
Company: Skype Technologies S.A.
--------------------
Value Name: ZagrebLand
Value Data: C:\DOCUME~1\Name\LOCALS~1\Temp\c.exe
C:\DOCUME~1\Name\LOCALS~1\Temp\c.exe - [file not found to scan]
--------------------
Value Name: rundll32.exe
Value Data:
Blank entry: []
--------------------
Value Name: WAB
Value Data: C:\Documents and Settings\Name\Application Data\Macromedia\Common\405fe02619.exe
C:\Documents and Settings\Name\Application Data\Macromedia\Common\405fe02619.exe
24576 bytes
Created: 12/12/2009 15:14
Modified: 19/12/2009 13:29
Company: [no info]
--------------------
Value Name: Videocan
Value Data: C:\WINDOWS\msa.exe
C:\WINDOWS\msa.exe - has a *known* Malware filename: PUS.MSANTIVIRUS
C:\WINDOWS\msa.exe - this registry value has been removed [file not found to scan]
C:\WINDOWS\msa.exe - process is either not running or could not be terminated
C:\WINDOWS\msa.exe - could not take ownership: The operation completed successfully
C:\WINDOWS\msa.exe - marked for renaming when the PC is restarted (if it exists)
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
************************************************************
13:30:01: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------
************************************************************
13:30:01: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------
************************************************************
13:30:02: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver: C:\WINDOWS\system32\logon.scr
C:\WINDOWS\system32\logon.scr
220672 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
--------------------
************************************************************
13:30:02: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
************************************************************
13:30:02: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------
************************************************************
13:30:03: Scanning ----- SERVICES REGISTRY KEYS -----
Key: ASKService
ImagePath: C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
464264 bytes
Created: 20/06/2009 17:56
Modified: 09/12/2008 17:40
Company: [no info]
----------
Key: ASKUpgrade
ImagePath: C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
234888 bytes
Created: 20/06/2009 17:56
Modified: 09/12/2008 17:40
Company: [no info]
----------
Key: aswFsBlk
ImagePath: system32\DRIVERS\aswFsBlk.sys
C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys
20560 bytes
Created: 24/04/2009 22:20
Modified: 24/11/2009 23:50
Company: ALWIL Software
----------
Key: aswUpdSv
ImagePath: "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
18752 bytes
Created: 24/04/2009 22:20
Modified: 24/11/2009 23:43
Company: ALWIL Software
----------
Key: atapi
ImagePath: system32\DRIVERS\atapi.sys
C:\WINDOWS\system32\DRIVERS\atapi.sys
96512 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
----------
Key: avast! Antivirus
ImagePath: "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
C:\Program Files\Alwil Software\Avast4\ashServ.exe
138680 bytes
Created: 24/04/2009 22:20
Modified: 24/11/2009 23:51
Company: ALWIL Software
----------
Key: avast! Mail Scanner
ImagePath: "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
254040 bytes
Created: 24/04/2009 22:20
Modified: 24/11/2009 23:51
Company: ALWIL Software
----------
Key: avast! Web Scanner
ImagePath: "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
352920 bytes
Created: 24/04/2009 22:20
Modified: 24/11/2009 23:48
Company: ALWIL Software
----------
Key: b57w2k
ImagePath: system32\DRIVERS\b57xp32.sys
C:\WINDOWS\system32\DRIVERS\b57xp32.sys
156160 bytes
Created: 19/09/2008 21:20
Modified: 10/05/2006 22:00
Company: Broadcom Corporation
----------
Key: DCamUSBLTN
ImagePath: system32\DRIVERS\vq318vid.sys
C:\WINDOWS\system32\DRIVERS\vq318vid.sys
113632 bytes
Created: 22/04/2002 09:28
Modified: 22/04/2002 09:28
Company:
----------
Key: motmodem
ImagePath: system32\DRIVERS\motmodem.sys
C:\WINDOWS\system32\DRIVERS\motmodem.sys
23680 bytes
Created: 18/06/2007 19:18
Modified: 18/06/2007 19:18
Company: Motorola
----------
Key: SwPrv
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{43AF571D-7702-4F23-8F2A-C43FD69511AF}
C:\WINDOWS\system32\dllhost.exe
5120 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
----------
************************************************************
13:30:11: Scanning -----VXD ENTRIES-----
************************************************************
13:30:11: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key : igfxcui
DLLName: igfxsrvc.dll
C:\WINDOWS\system32\igfxsrvc.dll
348160 bytes
Created: 19/09/2008 21:18
Modified: 23/01/2005 17:31
Company: Intel Corporation
----------
************************************************************
13:30:12: Scanning ----- CONTEXTMENUHANDLERS -----
Key: avast
CLSID: {472083B0-C522-11CF-8763-00608CC02F24}
Path: C:\Program Files\Alwil Software\Avast4\ashShell.dll
C:\Program Files\Alwil Software\Avast4\ashShell.dll
76880 bytes
Created: 24/04/2009 22:20
Modified: 24/11/2009 23:47
Company: ALWIL Software
----------
Key: LavasoftShellExt
CLSID: {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F}
Path: C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll
C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll
163728 bytes
Created: 23/09/2009 13:19
Modified: 22/11/2009 18:24
Company:
----------
************************************************************
13:30:12: Scanning ----- FOLDER\COLUMNHANDLERS -----
************************************************************
13:30:12: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {201f27d4-3704-41d6-89c1-aa35e39143ed}
BHO: C:\Program Files\AskBarDis\bar\bin\askBar.dll
C:\Program Files\AskBarDis\bar\bin\askBar.dll
333192 bytes
Created: 20/06/2009 17:56
Modified: 09/12/2008 17:40
Company: Ask.com
----------
Key: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
BHO: C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
668656 bytes
Created: 13/05/2009 13:54
Modified: 13/05/2009 13:54
Company: Google Inc.
----------
************************************************************
13:30:13: Scanning ----- SHELLSERVICEOBJECTS -----
************************************************************
13:30:13: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
************************************************************
13:30:13: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.
************************************************************
13:30:13: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank or does not exist
************************************************************
13:30:13: Scanning ----- SECURITY PROVIDER DLLS -----
************************************************************
13:30:14: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
-HS- 84 bytes
Created: 19/09/2008 12:25
Modified: 19/09/2008 20:05
Company: [no info]
--------------------
Exif Launcher.lnk - links to C:\PROGRA~1\FINEPI~1\QuickDCF.exe
C:\PROGRA~1\FINEPI~1\QuickDCF.exe
200704 bytes
Created: 24/04/2009 22:36
Modified: 20/12/2002 15:18
Company: FUJI PHOTO FILM CO., LTD.
--------------------
************************************************************
13:30:14: Scanning ------ USER STARTUP GROUPS ------
--------------------
Checking Startup Group for: Administrator
[C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP]
The Startup Group for Administrator attempts to load the following file(s):
C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 27/10/2008 10:52
Modified: 19/09/2008 20:05
Company: [no info]
----------
--------------------
Checking Startup Group for: Name
[C:\Documents and Settings\Name\START MENU\PROGRAMS\STARTUP]
The Startup Group for Name attempts to load the following file(s):
C:\Documents and Settings\Name\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 19/09/2008 20:13
Modified: 19/09/2008 20:05
Company: [no info]
----------
************************************************************
13:30:15: Scanning ----- SCHEDULED TASKS -----
Taskname: Ad-Aware Update (Weekly)
File: C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
822904 bytes
Created: 01/10/2009 13:06
Modified: 22/11/2009 18:24
Company: Lavasoft
Parameters: update all silent
Schedule: At 18:24 every Wed, Sun of every week, starting 15/11/2009
Next Run Time: 20/12/2009 18:24:00
Status: Has not run
Status: SYSTEM
Comments: This will perform a scheduled update with Ad-Aware
----------
Taskname: AppleSoftwareUpdate
File: C:\Program Files\Apple Software Update\SoftwareUpdate.exe
C:\Program Files\Apple Software Update\SoftwareUpdate.exe
566592 bytes
Created: 30/07/2008 11:34
Modified: 30/07/2008 11:34
Company: Apple Inc.
Parameters: -task
Schedule: At 12:46 every Fri of every week, starting 24/04/2009
Next Run Time: 25/12/2009 12:46:00
Status: Ready
Status: SYSTEM
Comments:
----------
Taskname: Google Software Updater
File: C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
183280 bytes
Created: 13/05/2009 13:54
Modified: 13/05/2009 13:54
Company: Google
Parameters: scheduled_start
Schedule: Multiple schedule times
Next Run Time: 19/12/2009 14:52:00
Status: Has not run
Status: SYSTEM
Comments: Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work.
----------
Taskname: GoogleUpdateTaskMachineCore
File: C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
133104 bytes
Created: 07/05/2009 09:12
Modified: 07/05/2009 09:12
Company: Google Inc.
Parameters: /c
Schedule: Multiple schedule times
Next Run Time: 20/12/2009 09:30:00
Status: Ready
Status: SYSTEM
Comments: Keeps your Google software up to date. If this task is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise can't be fixed and features may not work. This task uninstalls itself when there is no Google software using it.
----------
Taskname: GoogleUpdateTaskMachineUA
File: C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
133104 bytes
Created: 07/05/2009 09:12
Modified: 07/05/2009 09:12
Company: Google Inc.
Parameters: /ua /installsource scheduler
Schedule: Every 1 hour(s) from 09:30 for 24 hour(s) every day, starting 02/11/2009
Next Run Time: 19/12/2009 14:30:00
Status: Ready
Status: SYSTEM
Comments: Keeps your Google software up to date. If this task is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise can't be fixed and features may not work. This task uninstalls itself when there is no Google software using it.
----------
************************************************************
13:30:16: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----
************************************************************
13:30:16: Scanning ----- DEVICE DRIVER ENTRIES -----
Value: VIDC.VQC4
File: VQ318DEC.dll
C:\WINDOWS\system32\VQ318DEC.dll
81920 bytes
Created: 22/04/2002 09:34
Modified: 22/04/2002 09:34
Company: Unknown
----------
Value: midi2
File: C:\DOCUME~1\Name\APPLIC~1\MACROM~1\Common\405fe0261.dll
C:\DOCUME~1\Name\APPLIC~1\MACROM~1\Common\405fe0261.dll
113664 bytes
Created: 12/12/2009 15:14
Modified: 18/12/2009 08:37
Company: [no info]
----------
Value: wave2
File: C:\DOCUME~1\Name\APPLIC~1\MACROM~1\Common\405fe0261.dll
C:\DOCUME~1\Name\APPLIC~1\MACROM~1\Common\405fe0261.dll - file already scanned
----------
Value: aux2
File: C:\DOCUME~1\Name\APPLIC~1\MACROM~1\Common\405fe0261.dll
C:\DOCUME~1\Name\APPLIC~1\MACROM~1\Common\405fe0261.dll - file already scanned
----------
Value: mixer1
File: C:\DOCUME~1\Name\APPLIC~1\MACROM~1\Common\405fe0261.dll
C:\DOCUME~1\Name\APPLIC~1\MACROM~1\Common\405fe0261.dll - file already scanned
----------
Value: midi1
File: C:\DOCUME~1\Name\APPLIC~1\MACROM~1\Common\405fe0261.dll
C:\DOCUME~1\Name\APPLIC~1\MACROM~1\Common\405fe0261.dll - file already scanned
----------
Value: wave1
File: C:\DOCUME~1\Name\APPLIC~1\MACROM~1\Common\405fe0261.dll
C:\DOCUME~1\Name\APPLIC~1\MACROM~1\Common\405fe0261.dll - file already scanned
----------
Value: aux1
File: C:\DOCUME~1\Name\APPLIC~1\MACROM~1\Common\405fe0261.dll
C:\DOCUME~1\Name\APPLIC~1\MACROM~1\Common\405fe0261.dll - file already scanned
----------
Value: mixer2
File: C:\DOCUME~1\Name\APPLIC~1\MACROM~1\Common\405fe0261.dll
C:\DOCUME~1\Name\APPLIC~1\MACROM~1\Common\405fe0261.dll - file already scanned
----------
************************************************************
13:30:18: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Checking autorun.inf in F:\
F:\autorun.inf
-RHS- 52 bytes
Created: 05/11/2008 13:19
Modified: 05/11/2008 13:19
Company: [no info]
F:\autorun.inf open entry: [setup.exe]
F:\setup.exe
319488 bytes
Created: 03/12/2008 13:38
Modified: 03/12/2008 13:38
Company: Western Digital Corporation
F:\autorun.inf - READ-ONLY, HIDDEN and SYSTEM file attributes removed
F:\autorun.inf - file renamed to: F:\autorun.inf.vir
----------
--------------------
Desktop Wallpaper: C:\Documents and Settings\Name\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Name\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
3686454 bytes
Created: 25/04/2009 00:27
Modified: 30/10/2009 16:30
Company: [no info]
----------
Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Name\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
3686454 bytes
Created: 25/04/2009 00:27
Modified: 30/10/2009 16:30
Company: [no info]
----------
Checks for rogue DNS NameServers completed
----------
Additional checks completed
************************************************************
13:30:43: Scanning ----- RUNNING PROCESSES -----
C:\WINDOWS\System32\smss.exe
50688 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
[1 loaded module]
--------------------
C:\WINDOWS\system32\csrss.exe
6144 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
[13 loaded modules in total]
--------------------
C:\WINDOWS\system32\winlogon.exe
507904 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
[76 loaded modules in total]
--------------------
C:\WINDOWS\system32\services.exe
110592 bytes
Created: 14/04/2008 12:00
Modified: 06/02/2009 11:11
Company: Microsoft Corporation
[25 loaded modules in total]
--------------------
C:\WINDOWS\system32\lsass.exe
13312 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
[59 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
14336 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
[50 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
[42 loaded modules in total]
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
[147 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
[35 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
[47 loaded modules in total]
--------------------
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe - file already scanned
[16 loaded modules in total]
--------------------
C:\WINDOWS\Explorer.EXE - file already scanned
[122 loaded modules in total]
--------------------
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
1184912 bytes
Created: 24/09/2009 11:17
Modified: 22/11/2009 18:24
Company: Lavasoft
[72 loaded modules in total]
--------------------
C:\Program Files\Alwil Software\Avast4\ashServ.exe - file already scanned
[55 loaded modules in total]
--------------------
C:\WINDOWS\system32\spoolsv.exe
57856 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
[57 loaded modules in total]
--------------------
C:\WINDOWS\system32\rundll32.exe
33280 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
[39 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
[35 loaded modules in total]
--------------------
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
144712 bytes
Created: 09/07/2009 11:22
Modified: 09/07/2009 11:22
Company: Apple Inc.
[27 loaded modules in total]
--------------------
C:\Program Files\AskBarDis\bar\bin\AskService.exe - file already scanned
[44 loaded modules in total]
--------------------
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe - file already scanned
[43 loaded modules in total]
--------------------
C:\Program Files\Bonjour\mDNSResponder.exe
238888 bytes
Created: 12/12/2008 10:17
Modified: 12/12/2008 10:17
Company: Apple Inc.
[30 loaded modules in total]
--------------------
C:\Program Files\Java\jre6\bin\jqs.exe
153376 bytes
Created: 25/04/2009 00:12
Modified: 11/10/2009 04:17
Company: Sun Microsystems, Inc.
[31 loaded modules in total]
--------------------
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
322120 bytes
Created: 20/06/2003 06:25
Modified: 20/06/2003 06:25
Company: Microsoft Corporation
[19 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
[44 loaded modules in total]
--------------------
C:\WINDOWS\system32\wbem\unsecapp.exe
16896 bytes
Created: 19/09/2008 20:01
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
[40 loaded modules in total]
--------------------
C:\WINDOWS\system32\wbem\wmiprvse.exe
227840 bytes
Created: 19/09/2008 20:00
Modified: 06/02/2009 10:10
Company: Microsoft Corporation
[46 loaded modules in total]
--------------------
C:\WINDOWS\System32\alg.exe
44544 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
[38 loaded modules in total]
--------------------
C:\WINDOWS\system32\hkcmd.exe - file already scanned
[35 loaded modules in total]
--------------------
C:\Program Files\Analog Devices\Core\smax4pnp.exe - file already scanned
[40 loaded modules in total]
--------------------
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe - file already scanned
[63 loaded modules in total]
--------------------
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe - file already scanned
[30 loaded modules in total]
--------------------
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE - file already scanned
[28 loaded modules in total]
--------------------
C:\Program Files\Icons\SetIcon.exe - file already scanned
[19 loaded modules in total]
--------------------
C:\Program Files\Java\jre6\bin\jusched.exe - file already scanned
[46 loaded modules in total]
--------------------
C:\Program Files\iTunes\iTunesHelper.exe - file already scanned
[65 loaded modules in total]
--------------------
C:\WINDOWS\system32\ctfmon.exe - file already scanned
[32 loaded modules in total]
--------------------
C:\Program Files\FinePixViewer\QuickDCF.exe
200704 bytes
Created: 24/04/2009 22:36
Modified: 20/12/2002 15:18
Company: FUJI PHOTO FILM CO., LTD.
[28 loaded modules in total]
--------------------
C:\Program Files\iPod\bin\iPodService.exe
545568 bytes
Created: 28/10/2009 20:21
Modified: 28/10/2009 20:21
Company: Apple Inc.
[27 loaded modules in total]
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
[36 loaded modules in total]
--------------------
C:\Program Files\Mozilla Firefox\firefox.exe
908248 bytes
Created: 24/04/2009 22:12
Modified: 03/11/2009 03:28
Company: Mozilla Corporation
[118 loaded modules in total]
--------------------
C:\Documents and Settings\Name\Application Data\Simply Super Software\Trojan Remover\gfx2A.exe
FileSize: 3613560
[This is a Trojan Remover component]
[64 loaded modules in total]
--------------------
C:\WINDOWS\system32\wscntfy.exe
13824 bytes
Created: 14/04/2008 12:00
Modified: 14/04/2008 12:00
Company: Microsoft Corporation
[28 loaded modules in total]
--------------------
************************************************************
13:31:55: Checking HOSTS file
No malicious entries were found in the HOSTS file
************************************************************
13:31:55: Scanning ------ %TEMP% DIRECTORY ------
C:\DOCUME~1\Name\LOCALS~1\Temp\b.exe
210944 bytes
Created: 11/12/2009 22:38
Modified: 11/12/2009 22:38
Company: [no info]
C:\DOCUME~1\Name\LOCALS~1\Temp\b.exe appears to contain: SUSPICIOUS.ENTRY
C:\DOCUME~1\Name\LOCALS~1\Temp\b.exe - process is either not running or could not be terminated
C:\DOCUME~1\Name\LOCALS~1\Temp\b.exe - file renamed to: C:\DOCUME~1\Name\LOCALS~1\Temp\b.exe.vir
--------------------
C:\DOCUME~1\Name\LOCALS~1\Temp\wuasirvy.dll
181 bytes
Created: 13/12/2009 09:05
Modified: 13/12/2009 09:05
Company: [no info]
C:\DOCUME~1\Name\LOCALS~1\Temp\wuasirvy.dll appears to contain: TROJAN.SILENTBANKER
C:\DOCUME~1\Name\LOCALS~1\Temp\wuasirvy.dll - file renamed to: C:\DOCUME~1\Name\LOCALS~1\Temp\wuasirvy.dll.vir
--------------------
************************************************************
13:32:51: Scanning ------ C:\WINDOWS\Temp DIRECTORY ------
************************************************************
13:32:51: Scanning ------ ROOT DIRECTORY ------
************************************************************
13:32:51: ------ Scan for other files to remove ------
C:\WINDOWS\msacm32.drv, associated with Trojan.SilentBanker, has been deleted
----------
1 malware-related files deleted (or marked for deletion)
************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dl ... r=iesearchHKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://www.microsoft.com/isapi/redir.dl ... ar=msnhomeHKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/redir.dl ... r=iesearchHKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.microsoft.com/isapi/redir.dl ... ar=msnhomeHKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dl ... r=iesearch************************************************************
=== CHANGES WERE MADE TO THE WINDOWS REGISTRY ===
=== ONE OR MORE FILES WERE RENAMED OR REMOVED ===
Scan completed at: 13:32:51 19 Dec 2009
Total Scan time: 00:03:25
-------------------------------------------------------------------------
One or more files could not be moved or renamed as requested.
They may be in use by Windows, so Trojan Remover needs
to restart the system in order to deal with these files.
19/12/2009 13:32:57: restart commenced
************************************************************
...will continue in next post....