You are on page 1of 29

***** NORMAL SCAN FOR ACTIVE MALWARE *****

Trojan Remover Ver 6.8.2.2595. For information, email support@simplysup.com


[Registered to: Mark T Dixon]
Scan started at: 2:04:03 06 .. 2010
Using Database v7577
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System:
NTFS
UserData directory: C:\Documents and Settings\Administrator\Application Data\Sim
ply Super Software\Trojan Remover\
Database directory: C:\Documents and Settings\All Users\Application Data\Simply
Super Software\Trojan Remover\Data\
Logfile directory: C:\Documents and Settings\Administrator\My Documents\Simply
Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges
************************************************************
************************************************************
2:04:03: ----- SCANNING FOR ROOTKIT SERVICES ----No hidden Services were detected.
************************************************************
2:04:03: Scanning -----WINDOWS REGISTRY-----------------------Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
-------------------Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [Explorer.exe]
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1033728 bytes
Created: 14/4/2008 17:00
Modified: 14/4/2008 17:00
Company: Microsoft Corporation
---------This key's "Userinit" value calls the following program(s):
Key value: [C:\WINDOWS\system32\userinit.exe,]
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26112 bytes
Created: 14/4/2008 17:00
Modified: 14/4/2008 17:00
Company: Microsoft Corporation
---------This key's "System" value appears to be blank
---------This key's "UIHost" value calls the following program:
Key value: [logonui.exe]
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
514560 bytes
Created: 14/4/2008 17:00
Modified: 14/4/2008 17:00
Company: Microsoft Corporation
----------------------------Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------

Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows


Value Name: load
-------------------Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: PDVD9LanguageShortcut
Value Data: "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe
50472 bytes
Created: 13/10/2008 20:41
Modified: 13/10/2008 20:41
Company: CyberLink Corp.
-------------------Value Name: UCam_Menu
Value Data: "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:
\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam
\3.0"
C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
222504 bytes
Created: 19/5/2009 22:16
Modified: 19/5/2009 22:16
Company: CyberLink Corp.
-------------------Value Name: egui
Value Data: "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitser
vice
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
1461080 bytes
Created: 7/10/2009 9:15
Modified: 7/10/2009 9:15
Company: ESET
-------------------Value Name: nusbantivirus
Value Data: "C:\Program Files\Naevius USB Antivirus\usbantivirus.exe" -hide
C:\Program Files\Naevius USB Antivirus\usbantivirus.exe
1956864 bytes
Created: 15/9/2010 10:26
Modified: 19/8/2009 1:46
Company: [no info]
-------------------Value Name: LManager
Value Data: C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Launch Manager\LManager.exe
968272 bytes
Created: 25/2/2010 21:35
Modified: 22/6/2010 13:34
Company: Dritek System Inc.
-------------------Value Name: NvMediaCenter
Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
C:\WINDOWS\system32\NvMcTray.dll
110696 bytes
Created: 16/10/2010 12:05
Modified: 16/10/2010 12:05
Company: NVIDIA Corporation
-------------------Value Name: NvCplDaemon
Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
C:\WINDOWS\system32\NvCpl.dll
13851752 bytes
Created: 16/10/2010 12:05

Modified: 16/10/2010 12:05


Company: NVIDIA Corporation
-------------------Value Name: nwiz
Value Data: C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
C:\Program Files\NVIDIA Corporation\nView\nwiz.exe
1753192 bytes
Created: 14/9/2010 18:46
Modified: 26/8/2010 0:12
Company: NVIDIA Corporation
--------------------------------------Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
-------------------Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: CTFMON.EXE
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 14/4/2008 17:00
Modified: 14/4/2008 17:00
Company: Microsoft Corporation
-------------------Value Name: swg
Value Data: "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier
.exe"
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
39408 bytes
Created: 18/1/2010 11:41
Modified: 18/1/2010 11:41
Company: Google Inc.
-------------------Value Name: Google Update
Value Data: "C:\Documents and Settings\Administrator\Local Settings\Application
Data\Google\Update\GoogleUpdate.exe" /c
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\U
pdate\GoogleUpdate.exe
135664 bytes
Created: 5/11/2010 21:56
Modified: 6/7/2010 16:23
Company: Google Inc.
--------------------------------------Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
************************************************************
2:04:05: Scanning -----SHELLEXECUTEHOOKS----ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File:
shell32.dll - this file is expected and has been left in place
---------************************************************************
2:04:05: Scanning -----HIDDEN REGISTRY ENTRIES----Taskdir check completed
---------No Hidden File-loading Registry Entries found
----------

************************************************************
2:04:05: Scanning -----ACTIVE SCREENSAVER----ScreenSaver: C:\WINDOWS\system32\logon.scr
C:\WINDOWS\system32\logon.scr
220672 bytes
Created: 14/4/2008 17:00
Modified: 14/4/2008 17:00
Company: Microsoft Corporation
-------------------************************************************************
2:04:06: Scanning ----- REGISTRY ACTIVE SETUP KEYS ----************************************************************
2:04:06: Scanning ----- SERVICEDLL REGISTRY KEYS ----Key: HsfXAudioService
Path: C:\WINDOWS\system32\XAudio32.dll
C:\WINDOWS\system32\XAudio32.dll
-R- 410624 bytes
Created: 18/1/2010 9:37
Modified: 29/4/2009 10:21
Company: Conexant Systems, Inc.
-------------------Key: UxTuneUp
Path: %SystemRoot%\System32\uxtuneup.dll
C:\WINDOWS\System32\uxtuneup.dll
28416 bytes
Created: 16/1/2010 18:53
Modified: 4/4/2008 14:51
Company: TuneUp Software GmbH
-------------------************************************************************
2:04:07: Scanning ----- SERVICES REGISTRY KEYS ----Key:
Ambfilt
ImagePath: system32\drivers\Ambfilt.sys
C:\WINDOWS\system32\drivers\Ambfilt.sys
1691480 bytes
Created: 16/12/2009 10:35
Modified: 18/11/2009 6:16
Company: Creative
---------Key:
AR5416
ImagePath: system32\DRIVERS\athw.sys
C:\WINDOWS\system32\DRIVERS\athw.sys
1602856 bytes
Created: 18/1/2010 9:39
Modified: 4/1/2010 16:54
Company: Atheros Communications, Inc.
---------Key:
atapi
ImagePath: system32\DRIVERS\atapi.sys
C:\WINDOWS\system32\DRIVERS\atapi.sys
96512 bytes
Created: 14/4/2008 17:00
Modified: 14/4/2008 0:10
Company: Microsoft Corporation
---------Key:
athr
ImagePath: system32\DRIVERS\athr.sys

C:\WINDOWS\system32\DRIVERS\athr.sys
-R- 1184768 bytes
Created: 18/1/2010 9:31
Modified: 30/9/2009 13:53
Company: Atheros Communications, Inc.
---------Key:
ATSwpWDF
ImagePath: System32\Drivers\ATSwpWDF.sys
C:\WINDOWS\System32\Drivers\ATSwpWDF.sys - [file not found to scan]
---------Key:
btwhid
ImagePath: system32\DRIVERS\btwhid.sys
C:\WINDOWS\system32\DRIVERS\btwhid.sys
56992 bytes
Created: 18/1/2010 11:20
Modified: 11/5/2009 14:45
Company: Broadcom Corporation.
---------Key:
DKbFltr
ImagePath: system32\DRIVERS\DKbFltr.sys
C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
24072 bytes
Created: 26/3/2009 10:05
Modified: 26/3/2009 10:05
Company: Dritek System Inc.
---------Key:
DsiWMIService
ImagePath: C:\Program Files\Launch Manager\dsiwmis.exe
C:\Program Files\Launch Manager\dsiwmis.exe
321104 bytes
Created: 25/2/2010 21:35
Modified: 22/6/2010 13:34
Company: Dritek System Inc.
---------Key:
eamon
ImagePath: system32\DRIVERS\eamon.sys
C:\WINDOWS\system32\DRIVERS\eamon.sys
40824 bytes
Created: 25/10/2007 9:25
Modified: 7/10/2009 9:11
Company: ESET
---------Key:
easdrv
ImagePath: system32\DRIVERS\easdrv.sys
C:\WINDOWS\system32\DRIVERS\easdrv.sys
54184 bytes
Created: 25/10/2007 9:25
Modified: 7/10/2009 9:12
Company: ESET
---------Key:
EhttpSrv
ImagePath: "C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe"
C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
20680 bytes
Created: 7/10/2009 9:21
Modified: 7/10/2009 9:21
Company: ESET
---------Key:
ekrn
ImagePath: "C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe


472280 bytes
Created: 7/10/2009 9:16
Modified: 7/10/2009 9:16
Company: ESET
---------Key:
epfwtdir
ImagePath: system32\DRIVERS\epfwtdir.sys
C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
35168 bytes
Created: 25/10/2007 9:27
Modified: 7/10/2009 9:18
Company: [no info]
---------Key:
HECI
ImagePath: system32\DRIVERS\HECI.sys
C:\WINDOWS\system32\DRIVERS\HECI.sys
-R- 41088 bytes
Created: 18/1/2010 9:46
Modified: 17/9/2009 11:54
Company: Intel Corporation
---------Key:
HSXHWAZL
ImagePath: system32\DRIVERS\HSXHWAZL.sys
C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
-R- 207360 bytes
Created: 18/1/2010 9:37
Modified: 12/2/2009 20:58
Company: Conexant Systems, Inc.
---------Key:
ialm
ImagePath: system32\DRIVERS\igxpmp32.sys
C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
1912256 bytes
Created: 18/1/2010 10:19
Modified: 30/11/2009 10:51
Company: Intel Corporation
---------Key:
igfx
ImagePath: system32\DRIVERS\igdkmd32.sys
C:\WINDOWS\system32\DRIVERS\igdkmd32.sys
-R- 6212096 bytes
Created: 18/1/2010 9:50
Modified: 26/10/2009 3:46
Company: Intel Corporation
---------Key:
Impcd
ImagePath: system32\DRIVERS\Impcd.sys
C:\WINDOWS\system32\DRIVERS\Impcd.sys
125696 bytes
Created: 18/1/2010 9:49
Modified: 26/10/2009 12:39
Company: Intel Corporation
---------Key:
int15
ImagePath: \??\C:\WINDOWS\system32\drivers\int15.sys
C:\WINDOWS\system32\drivers\int15.sys - [file not found to scan]
---------Key:
IntcDAud
ImagePath: system32\DRIVERS\IntcDAud.sys

C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
215040 bytes
Created: 18/1/2010 10:19
Modified: 13/11/2009 1:59
Company: Intel(R) Corporation
---------Key:
k57w2k
ImagePath: system32\DRIVERS\k57xp32.sys
C:\WINDOWS\system32\DRIVERS\k57xp32.sys
-R- 209960 bytes
Created: 18/1/2010 9:29
Modified: 31/5/2009 0:41
Company: Broadcom Corporation
---------Key:
LMS
ImagePath: C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.
exe
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
-R- 268824 bytes
Created: 18/1/2010 9:46
Modified: 30/9/2009 19:01
Company: Intel Corporation
---------Key:
Monfilt
ImagePath: system32\drivers\Monfilt.sys
C:\WINDOWS\system32\drivers\Monfilt.sys
1395800 bytes
Created: 16/12/2009 10:37
Modified: 18/11/2009 6:17
Company: Creative Technology Ltd.
---------Key:
NVHDA
ImagePath: system32\drivers\nvhda32.sys
C:\WINDOWS\system32\drivers\nvhda32.sys
100712 bytes
Created: 14/9/2010 17:50
Modified: 8/9/2010 3:08
Company: NVIDIA Corporation
---------Key:
nvsvc
ImagePath: C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\nvsvc32.exe
156776 bytes
Created: 16/10/2010 12:05
Modified: 16/10/2010 12:05
Company: NVIDIA Corporation
---------Key:
pccsmcfd
ImagePath: system32\DRIVERS\pccsmcfd.sys
C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
18816 bytes
Created: 18/1/2010 11:13
Modified: 26/8/2008 10:26
Company: Nokia
---------Key:
SeaPort
ImagePath: "C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.e
xe"
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
226656 bytes

Created: 14/1/2009 17:53


Modified: 14/1/2009 17:53
Company: Microsoft Corp.
---------Key:
ServiceLayer
ImagePath: "C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
621056 bytes
Created: 4/3/2009 11:25
Modified: 4/3/2009 11:25
Company: Nokia.
---------Key:
SwPrv
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{DDFE2DA2-B28A-4C28-9B11-C
7F5C4576229}
C:\WINDOWS\system32\dllhost.exe
5120 bytes
Created: 14/4/2008 17:00
Modified: 14/4/2008 17:00
Company: Microsoft Corporation
---------Key:
TuneUp.Defrag
ImagePath: %SystemRoot%\System32\TuneUpDefragService.exe
C:\WINDOWS\System32\TuneUpDefragService.exe
354560 bytes
Created: 16/1/2010 18:53
Modified: 21/4/2010 10:29
Company: TuneUp Software GmbH
---------Key:
UNS
ImagePath: "C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS
.exe"
C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
-R- 2320920 bytes
Created: 18/1/2010 9:46
Modified: 30/9/2009 19:01
Company: Intel Corporation
---------Key:
usbvideo
ImagePath: System32\Drivers\usbvideo.sys
C:\WINDOWS\System32\Drivers\usbvideo.sys
121984 bytes
Created: 17/1/2010 1:37
Modified: 14/4/2008 7:16
Company: Microsoft Corporation
---------Key:
XAudio
ImagePath: system32\DRIVERS\XAudio32.sys
C:\WINDOWS\system32\DRIVERS\XAudio32.sys
-R- 8704 bytes
Created: 18/1/2010 9:37
Modified: 29/4/2009 10:20
Company: Conexant Systems, Inc.
---------Key:
{B154377D-700F-42cc-9474-23858FBDF4BD}
ImagePath: \??\C:\Program Files\CyberLink\PowerDVD9\000.fcl
C:\Program Files\CyberLink\PowerDVD9\000.fcl
87536 bytes
Created: 28/2/2009 19:40
Modified: 28/2/2009 19:40

Company: CyberLink Corp.


---------************************************************************
2:04:15: Scanning -----VXD ENTRIES----************************************************************
2:04:15: Scanning ----- WINLOGON\NOTIFY DLLS ----************************************************************
2:04:15: Scanning ----- CONTEXTMENUHANDLERS ----Key: AIMPClassic
CLSID: {1F77B17B-F531-44DB-ACA4-76ABB5010A28}
Path: C:\PROGRA~1\AIMP2\System\AIMP_S~1.DLL
C:\PROGRA~1\AIMP2\System\AIMP_S~1.DLL
145408 bytes
Created: 7/3/2009 3:58
Modified: 7/3/2009 3:58
Company: AIMP DevTeam
---------Key: Eset Smart Security - Context Menu Shell Extension
CLSID: {B089FE88-FB52-11D3-BDF1-0050DA34150D}
Path: C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll
171520 bytes
Created: 7/10/2009 9:24
Modified: 7/10/2009 9:24
Company: ESET
---------Key: TuneUp Shredder Shell Extension
CLSID: {4858E7D9-8E12-45a3-B6A3-1CD128C9D403}
Path: C:\Program Files\TuneUp Utilities 2008\SDShelEx-win32.dll
C:\Program Files\TuneUp Utilities 2008\SDShelEx-win32.dll
27656 bytes
Created: 4/4/2008 14:51
Modified: 4/4/2008 14:51
Company: TuneUp Software GmbH
---------************************************************************
2:04:16: Scanning ----- FOLDER\COLUMNHANDLERS ----Key: {7D4D6379-F301-4311-BEBA-E26EB0561882}
File: C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll
C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll
1946920 bytes
Created: 18/1/2010 11:08
Modified: 5/3/2008 12:41
Company: Nero AG
---------************************************************************
2:04:16: Scanning ----- BROWSER HELPER OBJECTS ----Key: {0055C089-8582-441B-A0BF-17B458C2A3A8}
BHO: C:\Program Files\Internet Download Manager\IDMIECC.dll
C:\Program Files\Internet Download Manager\IDMIECC.dll
173488 bytes
Created: 20/12/2007 22:40
Modified: 9/9/2009 17:42
Company: Tonec Inc.
----------

Key: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B}
BHO: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelp
er.dll
C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dl
l
92504 bytes
Created: 14/1/2009 17:49
Modified: 14/1/2009 17:49
Company: Microsoft Corp.
---------Key: {AA58ED58-01DD-4d91-8333-CF10577473F7}
BHO: C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
278192 bytes
Created: 18/1/2010 11:41
Modified: 14/9/2010 18:01
Company: Google Inc.
---------Key: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
BHO: C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
814648 bytes
Created: 14/9/2010 18:09
Modified: 14/9/2010 18:09
Company: Google Inc.
---------Key: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}
BHO: C:\Program Files\Windows Live\Toolbar\wltcore.dll
C:\Program Files\Windows Live\Toolbar\wltcore.dll
1068904 bytes
Created: 6/2/2009 18:17
Modified: 6/2/2009 18:17
Company: Microsoft Corporation
---------************************************************************
2:04:16: Scanning ----- SHELLSERVICEOBJECTS ----************************************************************
2:04:16: Scanning ----- SHAREDTASKSCHEDULER ENTRIES ----************************************************************
2:04:16: Scanning ----- IMAGEFILE DEBUGGERS ----No "Debugger" entries found.
************************************************************
2:04:16: Scanning ----- APPINIT_DLLS ----The AppInit_DLLs value is blank or does not exist
************************************************************
2:04:17: Scanning ----- SECURITY PROVIDER DLLS ----************************************************************
2:04:17: Scanning ------ COMMON STARTUP GROUP -----[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
Bluetooth.lnk - links to C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe
607584 bytes
Created: 20/6/2009 10:16

Modified: 20/6/2009 10:16


Company: Broadcom Corporation.
-------------------C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
-HS- 84 bytes
Created: 17/1/2010 1:31
Modified: 16/1/2010 18:47
Company: [no info]
-------------------************************************************************
2:04:17: Scanning ------ USER STARTUP GROUPS ------------------------Checking Startup Group for: Administrator
[C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP]
The Startup Group for Administrator attempts to load the following file(s):
C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 16/1/2010 19:02
Modified: 16/1/2010 18:47
Company: [no info]
----------

************************************************************
2:04:17: Scanning ----- SCHEDULED TASKS ----Taskname:
1-Click Maintenance
File:
C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
33024 bytes
Created: 16/4/2008 9:59
Modified: 16/4/2008 9:59
Company: [no info]
Parameters:
/schedulestart
Schedule:
Multiple schedule times
Next Run Time: 6/11/2010 3:00:00
Status:
Ready
Creator:
Administrator
Comments:
Runs 1-Click Maintenance at specified times
---------Taskname:
GoogleUpdateTaskMachineCore
File:
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
135664 bytes
Created: 6/7/2010 16:23
Modified: 6/7/2010 16:23
Company: Google Inc.
Parameters:
/c
Schedule:
Multiple schedule times
Next Run Time: 6/11/2010 16:28:00
Status:
Ready
Creator:
SYSTEM
Comments:
Google Goog
---------Taskname:
GoogleUpdateTaskMachineUA
File:
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
135664 bytes
Created: 6/7/2010 16:23
Modified: 6/7/2010 16:23
Company: Google Inc.

Parameters:
/ua /installsource scheduler
Schedule:
Every 1 hour(s) from 16:28 for 24 hour(s) every day, starting 6/7
/2553
Next Run Time: 6/11/2010 2:28:00
Status:
Ready
Creator:
SYSTEM
Comments:
Google Goog
---------Taskname:
GoogleUpdateTaskUserS-1-5-21-1229272821-362288127-1417001333-500C
ore
File:
C:\Documents and Settings\Administrator\Local Settings\Applicatio
n Data\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\U
pdate\GoogleUpdate.exe
135664 bytes
Created: 5/11/2010 21:56
Modified: 6/7/2010 16:23
Company: Google Inc.
Parameters:
/c
Schedule:
At 22:01 every day, starting 5/11/2553
Next Run Time: 6/11/2010 22:01:00
Status:
Ready
Creator:
Administrator
Comments:
Google Goog
---------Taskname:
GoogleUpdateTaskUserS-1-5-21-1229272821-362288127-1417001333-500U
A
File:
C:\Documents and Settings\Administrator\Local Settings\Applicatio
n Data\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\U
pdate\GoogleUpdate.exe
135664 bytes
Created: 5/11/2010 21:56
Modified: 6/7/2010 16:23
Company: Google Inc.
Parameters:
/ua /installsource scheduler
Schedule:
Every 1 hour(s) from 22:01 for 24 hour(s) every day, starting 5/1
1/2553
Next Run Time: 6/11/2010 3:01:00
Status:
Ready
Creator:
Administrator
Comments:
Google Goog
---------Taskname:
User_Feed_Synchronization-{ED6D583D-0A2F-445C-9153-FAACB8E0D22C}
File:
C:\WINDOWS\system32\msfeedssync.exe
C:\WINDOWS\system32\msfeedssync.exe
13312 bytes
Created: 8/3/2009 4:31
Modified: 8/3/2009 4:31
Company: Microsoft Corporation
Parameters:
sync
Schedule:
Multiple schedule times
Next Run Time: 6/11/2010 4:40:00
Status:
Ready
Creator:
Administrator
Comments:
Updates out-of-date system feeds.
---------************************************************************
2:04:18: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----

************************************************************
2:04:18: Scanning ----- DEVICE DRIVER ENTRIES ----Value: msacm.divxa32
File: msaud32_divx.acm
C:\WINDOWS\system32\msaud32_divx.acm
186368 bytes
Created: 3/2/2003 13:01
Modified: 3/2/2003 13:01
Company: Microsoft Corporation
---------Value: VIDC.ACDV
File: ACDV.dll
ACDV.dll - [file not found to scan]
---------************************************************************
2:04:19: ----- ADDITIONAL CHECKS ----PE386 rootkit checks completed
---------Winlogon registry rootkit checks completed
---------Heuristic checks for hidden files/drivers completed
---------Layered Service Provider entries checks completed
---------Windows Explorer Policies checks completed
---------Desktop Wallpaper: C:\WINDOWS\web\wallpaper\Bliss.bmp
C:\WINDOWS\web\wallpaper\Bliss.bmp
1440054 bytes
Created: 16/1/2010 18:46
Modified: 16/1/2010 18:46
Company: [no info]
---------Web Desktop Wallpaper: %SystemRoot%\web\wallpaper\Bliss.bmp
C:\WINDOWS\web\wallpaper\Bliss.bmp
1440054 bytes
Created: 16/1/2010 18:46
Modified: 16/1/2010 18:46
Company: [no info]
---------Checks for rogue DNS NameServers completed
---------The Windows Update service is disabled
The Security Center service is disabled
[Service set to DISABLED]
Additional checks completed
************************************************************
2:04:19: Scanning ----- RUNNING PROCESSES ----C:\WINDOWS\System32\smss.exe
50688 bytes
Created: 14/4/2008 17:00
Modified: 14/4/2008 17:00
Company: Microsoft Corporation
-------------------C:\WINDOWS\system32\winlogon.exe
507904 bytes

Created: 14/4/2008 17:00


Modified: 14/4/2008 17:00
Company: Microsoft Corporation
-------------------C:\WINDOWS\system32\services.exe
108544 bytes
Created: 14/4/2008 17:00
Modified: 14/4/2008 17:00
Company: Microsoft Corporation
-------------------C:\WINDOWS\system32\lsass.exe
13312 bytes
Created: 14/4/2008 17:00
Modified: 14/4/2008 17:00
Company: Microsoft Corporation
-------------------C:\WINDOWS\system32\nvsvc32.exe - file already scanned
-------------------C:\WINDOWS\system32\svchost.exe
14336 bytes
Created: 14/4/2008 17:00
Modified: 14/4/2008 17:00
Company: Microsoft Corporation
-------------------C:\WINDOWS\System32\svchost.exe - file already scanned
-------------------C:\WINDOWS\system32\spoolsv.exe
57856 bytes
Created: 14/4/2008 17:00
Modified: 14/4/2008 17:00
Company: Microsoft Corporation
-------------------C:\WINDOWS\Explorer.EXE - file already scanned
-------------------C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe - file already scanned
-------------------C:\Program Files\Naevius USB Antivirus\usbantivirus.exe - file already scanned
-------------------C:\Program Files\Launch Manager\LManager.exe - file already scanned
-------------------C:\WINDOWS\system32\RUNDLL32.EXE
33280 bytes
Created: 14/4/2008 17:00
Modified: 14/4/2008 17:00
Company: Microsoft Corporation
-------------------C:\WINDOWS\system32\ctfmon.exe - file already scanned
-------------------C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
607584 bytes
Created: 20/6/2009 10:16
Modified: 20/6/2009 10:16
Company: Broadcom Corporation.
-------------------C:\Program Files\Launch Manager\dsiwmis.exe - file already scanned
-------------------C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe - file already scanned
-------------------C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe - file
already scanned

-------------------C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE


322120 bytes
Created: 19/6/2003 23:25
Modified: 19/6/2003 23:25
Company: Microsoft Corporation
-------------------C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe - file al
ready scanned
-------------------C:\WINDOWS\system32\svchost.exe - file already scanned
-------------------C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe - file
already scanned
-------------------C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
349528 bytes
Created: 20/6/2009 10:16
Modified: 20/6/2009 10:16
Company: Broadcom Corporation.
-------------------C:\WINDOWS\system32\wbem\unsecapp.exe
16896 bytes
Created: 16/1/2010 18:42
Modified: 14/4/2008 17:00
Company: Microsoft Corporation
-------------------C:\Program Files\Launch Manager\LMworker.exe
305744 bytes
Created: 25/2/2010 21:35
Modified: 22/6/2010 13:34
Company: Dritek System Inc.
-------------------C:\Documents and Settings\Administrator\Application Data\Simply Super Software\T
rojan Remover\feiB.exe
FileSize:
3687344
[This is a Trojan Remover component]
-------------------************************************************************
2:04:21: Checking HOSTS file
No malicious entries were found in the HOSTS file
************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS -----HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://go.microsoft.com/fwlink/?LinkId=69157
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://go.microsoft.com/fwlink/?LinkId=69157
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":

http://www.rcnsearch.com/
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://go.microsoft.com/fwlink/?LinkId=54896
************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 2:04:22 06 .. 2010
Total Scan time: 00:00:18
************************************************************
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.8.2.2595. For information, email support@simplysup.com
[Registered to: Mark T Dixon]
Scan started at: 9:34:17 15 .. 2010
Using Database v7577
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System:
NTFS
UserData directory: C:\Documents and Settings\Administrator\Application Data\Sim
ply Super Software\Trojan Remover\
Database directory: C:\Documents and Settings\All Users\Application Data\Simply
Super Software\Trojan Remover\Data\
Logfile directory: C:\Documents and Settings\Administrator\My Documents\Simply
Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges
************************************************************
************************************************************
9:34:17: ----- SCANNING FOR ROOTKIT SERVICES ----No hidden Services were detected.
************************************************************
9:34:17: Scanning -----WINDOWS REGISTRY-----------------------Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
-------------------Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [Explorer.exe]
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1033728 bytes
Created: 14/4/2008 17:00
Modified: 14/4/2008 17:00
Company: Microsoft Corporation
---------This key's "Userinit" value calls the following program(s):
Key value: [C:\WINDOWS\system32\userinit.exe,]
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26112 bytes
Created: 14/4/2008 17:00
Modified: 14/4/2008 17:00
Company: Microsoft Corporation
---------This key's "System" value appears to be blank

---------This key's "UIHost" value calls the following program:


Key value: [logonui.exe]
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
514560 bytes
Created: 14/4/2008 17:00
Modified: 14/4/2008 17:00
Company: Microsoft Corporation
----------------------------Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
-------------------Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
-------------------Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: PDVD9LanguageShortcut
Value Data: "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe
50472 bytes
Created: 13/10/2008 20:41
Modified: 13/10/2008 20:41
Company: CyberLink Corp.
-------------------Value Name: UCam_Menu
Value Data: "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:
\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam
\3.0"
C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
222504 bytes
Created: 19/5/2009 22:16
Modified: 19/5/2009 22:16
Company: CyberLink Corp.
-------------------Value Name: egui
Value Data: "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitser
vice
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
1461080 bytes
Created: 7/10/2009 9:15
Modified: 7/10/2009 9:15
Company: ESET
-------------------Value Name: nusbantivirus
Value Data: "C:\Program Files\Naevius USB Antivirus\usbantivirus.exe" -hide
C:\Program Files\Naevius USB Antivirus\usbantivirus.exe
1956864 bytes
Created: 15/9/2010 10:26
Modified: 19/8/2009 1:46
Company: [no info]
--------------------------------------Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
-------------------Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: CTFMON.EXE
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe

15360 bytes
Created: 14/4/2008 17:00
Modified: 14/4/2008 17:00
Company: Microsoft Corporation
--------------------------------------Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
************************************************************
9:34:18: Scanning -----SHELLEXECUTEHOOKS----ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File:
shell32.dll - this file is expected and has been left in place
---------************************************************************
9:34:18: Scanning -----HIDDEN REGISTRY ENTRIES----Taskdir check completed
---------No Hidden File-loading Registry Entries found
---------************************************************************
9:34:18: Scanning -----ACTIVE SCREENSAVER----ScreenSaver: C:\WINDOWS\system32\logon.scr
C:\WINDOWS\system32\logon.scr
220672 bytes
Created: 14/4/2008 17:00
Modified: 14/4/2008 17:00
Company: Microsoft Corporation
-------------------************************************************************
9:34:19: Scanning ----- REGISTRY ACTIVE SETUP KEYS ----************************************************************
9:34:19: Scanning ----- SERVICEDLL REGISTRY KEYS ----Key: HsfXAudioService
Path: C:\WINDOWS\system32\XAudio32.dll
C:\WINDOWS\system32\XAudio32.dll
-R- 410624 bytes
Created: 18/1/2010 9:37
Modified: 29/4/2009 10:21
Company: Conexant Systems, Inc.
-------------------Key: UxTuneUp
Path: %SystemRoot%\System32\uxtuneup.dll
C:\WINDOWS\System32\uxtuneup.dll
28416 bytes
Created: 16/1/2010 18:53
Modified: 4/4/2008 14:51
Company: TuneUp Software GmbH
-------------------************************************************************
9:34:20: Scanning ----- SERVICES REGISTRY KEYS ----Key:
Ambfilt
ImagePath: system32\drivers\Ambfilt.sys
C:\WINDOWS\system32\drivers\Ambfilt.sys
1691480 bytes

Created: 16/12/2009 10:35


Modified: 18/11/2009 6:16
Company: Creative
---------Key:
AR5416
ImagePath: system32\DRIVERS\athw.sys
C:\WINDOWS\system32\DRIVERS\athw.sys
1602856 bytes
Created: 18/1/2010 9:39
Modified: 4/1/2010 16:54
Company: Atheros Communications, Inc.
---------Key:
atapi
ImagePath: system32\DRIVERS\atapi.sys
C:\WINDOWS\system32\DRIVERS\atapi.sys
96512 bytes
Created: 14/4/2008 17:00
Modified: 14/4/2008 0:10
Company: Microsoft Corporation
---------Key:
athr
ImagePath: system32\DRIVERS\athr.sys
C:\WINDOWS\system32\DRIVERS\athr.sys
-R- 1184768 bytes
Created: 18/1/2010 9:31
Modified: 30/9/2009 13:53
Company: Atheros Communications, Inc.
---------Key:
ATSwpWDF
ImagePath: System32\Drivers\ATSwpWDF.sys
C:\WINDOWS\System32\Drivers\ATSwpWDF.sys - [file not found to scan]
---------Key:
btwhid
ImagePath: system32\DRIVERS\btwhid.sys
C:\WINDOWS\system32\DRIVERS\btwhid.sys
56992 bytes
Created: 18/1/2010 11:20
Modified: 11/5/2009 14:45
Company: Broadcom Corporation.
---------Key:
DKbFltr
ImagePath: system32\DRIVERS\DKbFltr.sys
C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
24072 bytes
Created: 26/3/2009 10:05
Modified: 26/3/2009 10:05
Company: Dritek System Inc.
---------Key:
DsiWMIService
ImagePath: C:\Program Files\Launch Manager\dsiwmis.exe
C:\Program Files\Launch Manager\dsiwmis.exe
325200 bytes
Created: 25/2/2010 21:35
Modified: 25/2/2010 21:35
Company: Dritek System Inc.
---------Key:
eamon
ImagePath: system32\DRIVERS\eamon.sys
C:\WINDOWS\system32\DRIVERS\eamon.sys
40824 bytes

Created: 25/10/2007 9:25


Modified: 7/10/2009 9:11
Company: ESET
---------Key:
easdrv
ImagePath: system32\DRIVERS\easdrv.sys
C:\WINDOWS\system32\DRIVERS\easdrv.sys
54184 bytes
Created: 25/10/2007 9:25
Modified: 7/10/2009 9:12
Company: ESET
---------Key:
EhttpSrv
ImagePath: "C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe"
C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
20680 bytes
Created: 7/10/2009 9:21
Modified: 7/10/2009 9:21
Company: ESET
---------Key:
ekrn
ImagePath: "C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
472280 bytes
Created: 7/10/2009 9:16
Modified: 7/10/2009 9:16
Company: ESET
---------Key:
epfwtdir
ImagePath: system32\DRIVERS\epfwtdir.sys
C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
35168 bytes
Created: 25/10/2007 9:27
Modified: 7/10/2009 9:18
Company: [no info]
---------Key:
HECI
ImagePath: system32\DRIVERS\HECI.sys
C:\WINDOWS\system32\DRIVERS\HECI.sys
-R- 41088 bytes
Created: 18/1/2010 9:46
Modified: 17/9/2009 11:54
Company: Intel Corporation
---------Key:
HSXHWAZL
ImagePath: system32\DRIVERS\HSXHWAZL.sys
C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
-R- 207360 bytes
Created: 18/1/2010 9:37
Modified: 12/2/2009 20:58
Company: Conexant Systems, Inc.
---------Key:
ialm
ImagePath: system32\DRIVERS\igxpmp32.sys
C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
1912256 bytes
Created: 18/1/2010 10:19
Modified: 30/11/2009 10:51
Company: Intel Corporation
----------

Key:
igfx
ImagePath: system32\DRIVERS\igdkmd32.sys
C:\WINDOWS\system32\DRIVERS\igdkmd32.sys
-R- 6212096 bytes
Created: 18/1/2010 9:50
Modified: 26/10/2009 3:46
Company: Intel Corporation
---------Key:
Impcd
ImagePath: system32\DRIVERS\Impcd.sys
C:\WINDOWS\system32\DRIVERS\Impcd.sys
125696 bytes
Created: 18/1/2010 9:49
Modified: 26/10/2009 12:39
Company: Intel Corporation
---------Key:
int15
ImagePath: \??\C:\WINDOWS\system32\drivers\int15.sys
C:\WINDOWS\system32\drivers\int15.sys - [file not found to scan]
---------Key:
IntcDAud
ImagePath: system32\DRIVERS\IntcDAud.sys
C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
215040 bytes
Created: 18/1/2010 10:19
Modified: 13/11/2009 1:59
Company: Intel(R) Corporation
---------Key:
k57w2k
ImagePath: system32\DRIVERS\k57xp32.sys
C:\WINDOWS\system32\DRIVERS\k57xp32.sys
-R- 209960 bytes
Created: 18/1/2010 9:29
Modified: 31/5/2009 0:41
Company: Broadcom Corporation
---------Key:
LMS
ImagePath: C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.
exe
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
-R- 268824 bytes
Created: 18/1/2010 9:46
Modified: 30/9/2009 19:01
Company: Intel Corporation
---------Key:
Monfilt
ImagePath: system32\drivers\Monfilt.sys
C:\WINDOWS\system32\drivers\Monfilt.sys
1395800 bytes
Created: 16/12/2009 10:37
Modified: 18/11/2009 6:17
Company: Creative Technology Ltd.
---------Key:
NVHDA
ImagePath: system32\drivers\nvhda32.sys
C:\WINDOWS\system32\drivers\nvhda32.sys
91496 bytes
Created: 14/9/2010 17:50
Modified: 22/6/2010 5:07
Company: NVIDIA Corporation

---------Key:
nvsvc
ImagePath: C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\nvsvc32.exe
155752 bytes
Created: 9/7/2010 16:24
Modified: 9/7/2010 16:24
Company: NVIDIA Corporation
---------Key:
pccsmcfd
ImagePath: system32\DRIVERS\pccsmcfd.sys
C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
18816 bytes
Created: 18/1/2010 11:13
Modified: 26/8/2008 10:26
Company: Nokia
---------Key:
SeaPort
ImagePath: "C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.e
xe"
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
226656 bytes
Created: 14/1/2009 17:53
Modified: 14/1/2009 17:53
Company: Microsoft Corp.
---------Key:
ServiceLayer
ImagePath: "C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
621056 bytes
Created: 4/3/2009 11:25
Modified: 4/3/2009 11:25
Company: Nokia.
---------Key:
SwPrv
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{DDFE2DA2-B28A-4C28-9B11-C
7F5C4576229}
C:\WINDOWS\system32\dllhost.exe
5120 bytes
Created: 14/4/2008 17:00
Modified: 14/4/2008 17:00
Company: Microsoft Corporation
---------Key:
TuneUp.Defrag
ImagePath: %SystemRoot%\System32\TuneUpDefragService.exe
C:\WINDOWS\System32\TuneUpDefragService.exe
354560 bytes
Created: 16/1/2010 18:53
Modified: 21/4/2010 10:29
Company: TuneUp Software GmbH
---------Key:
UNS
ImagePath: "C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS
.exe"
C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
-R- 2320920 bytes
Created: 18/1/2010 9:46
Modified: 30/9/2009 19:01
Company: Intel Corporation
----------

Key:
usbvideo
ImagePath: System32\Drivers\usbvideo.sys
C:\WINDOWS\System32\Drivers\usbvideo.sys
121984 bytes
Created: 17/1/2010 1:37
Modified: 14/4/2008 7:16
Company: Microsoft Corporation
---------Key:
XAudio
ImagePath: system32\DRIVERS\XAudio32.sys
C:\WINDOWS\system32\DRIVERS\XAudio32.sys
-R- 8704 bytes
Created: 18/1/2010 9:37
Modified: 29/4/2009 10:20
Company: Conexant Systems, Inc.
---------Key:
{B154377D-700F-42cc-9474-23858FBDF4BD}
ImagePath: \??\C:\Program Files\CyberLink\PowerDVD9\000.fcl
C:\Program Files\CyberLink\PowerDVD9\000.fcl
87536 bytes
Created: 28/2/2009 19:40
Modified: 28/2/2009 19:40
Company: CyberLink Corp.
---------************************************************************
9:34:26: Scanning -----VXD ENTRIES----************************************************************
9:34:26: Scanning ----- WINLOGON\NOTIFY DLLS ----************************************************************
9:34:27: Scanning ----- CONTEXTMENUHANDLERS ----Key: AIMPClassic
CLSID: {1F77B17B-F531-44DB-ACA4-76ABB5010A28}
Path: C:\PROGRA~1\AIMP2\System\AIMP_S~1.DLL
C:\PROGRA~1\AIMP2\System\AIMP_S~1.DLL
145408 bytes
Created: 7/3/2009 3:58
Modified: 7/3/2009 3:58
Company: AIMP DevTeam
---------Key: Eset Smart Security - Context Menu Shell Extension
CLSID: {B089FE88-FB52-11D3-BDF1-0050DA34150D}
Path: C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll
171520 bytes
Created: 7/10/2009 9:24
Modified: 7/10/2009 9:24
Company: ESET
---------Key: TuneUp Shredder Shell Extension
CLSID: {4858E7D9-8E12-45a3-B6A3-1CD128C9D403}
Path: C:\Program Files\TuneUp Utilities 2008\SDShelEx-win32.dll
C:\Program Files\TuneUp Utilities 2008\SDShelEx-win32.dll
27656 bytes
Created: 4/4/2008 14:51
Modified: 4/4/2008 14:51
Company: TuneUp Software GmbH
----------

************************************************************
9:34:27: Scanning ----- FOLDER\COLUMNHANDLERS ----Key: {7D4D6379-F301-4311-BEBA-E26EB0561882}
File: C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll
C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll
1946920 bytes
Created: 18/1/2010 11:08
Modified: 5/3/2008 12:41
Company: Nero AG
---------************************************************************
9:34:27: Scanning ----- BROWSER HELPER OBJECTS ----Key: {0055C089-8582-441B-A0BF-17B458C2A3A8}
BHO: C:\Program Files\Internet Download Manager\IDMIECC.dll
C:\Program Files\Internet Download Manager\IDMIECC.dll
173488 bytes
Created: 20/12/2007 22:40
Modified: 9/9/2009 17:42
Company: Tonec Inc.
---------Key: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B}
BHO: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelp
er.dll
C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dl
l
92504 bytes
Created: 14/1/2009 17:49
Modified: 14/1/2009 17:49
Company: Microsoft Corp.
---------Key: {AA58ED58-01DD-4d91-8333-CF10577473F7}
BHO: C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
278192 bytes
Created: 18/1/2010 11:41
Modified: 14/9/2010 18:01
Company: Google Inc.
---------Key: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
BHO: C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
814648 bytes
Created: 14/9/2010 18:09
Modified: 14/9/2010 18:09
Company: Google Inc.
---------Key: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}
BHO: C:\Program Files\Windows Live\Toolbar\wltcore.dll
C:\Program Files\Windows Live\Toolbar\wltcore.dll
1068904 bytes
Created: 6/2/2009 18:17
Modified: 6/2/2009 18:17
Company: Microsoft Corporation
---------************************************************************
9:34:28: Scanning ----- SHELLSERVICEOBJECTS -----

************************************************************
9:34:28: Scanning ----- SHAREDTASKSCHEDULER ENTRIES ----************************************************************
9:34:28: Scanning ----- IMAGEFILE DEBUGGERS ----No "Debugger" entries found.
************************************************************
9:34:28: Scanning ----- APPINIT_DLLS ----The AppInit_DLLs value is blank or does not exist
************************************************************
9:34:28: Scanning ----- SECURITY PROVIDER DLLS ----************************************************************
9:34:28: Scanning ------ COMMON STARTUP GROUP -----[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
Bluetooth.lnk - links to C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe
607584 bytes
Created: 20/6/2009 10:16
Modified: 20/6/2009 10:16
Company: Broadcom Corporation.
-------------------C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
-HS- 84 bytes
Created: 17/1/2010 1:31
Modified: 16/1/2010 18:47
Company: [no info]
-------------------************************************************************
9:34:28: Scanning ------ USER STARTUP GROUPS ------------------------Checking Startup Group for: Administrator
[C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP]
The Startup Group for Administrator attempts to load the following file(s):
C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 16/1/2010 19:02
Modified: 16/1/2010 18:47
Company: [no info]
---------************************************************************
9:34:28: Scanning ----- SCHEDULED TASKS ----Taskname:
1-Click Maintenance
File:
C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
33024 bytes
Created: 16/4/2008 9:59
Modified: 16/4/2008 9:59
Company: [no info]
Parameters:
/schedulestart
Schedule:
Multiple schedule times
Next Run Time: 15/9/2010 10:00:00
Status:
Ready
Creator:
Administrator
Comments:
Runs 1-Click Maintenance at specified times

---------Taskname:
GoogleUpdateTaskMachineCore
File:
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
135664 bytes
Created: 6/7/2010 16:23
Modified: 6/7/2010 16:23
Company: Google Inc.
Parameters:
/c
Schedule:
Multiple schedule times
Next Run Time: 15/9/2010 16:28:00
Status:
Ready
Creator:
SYSTEM
Comments:
Google Goog
---------Taskname:
GoogleUpdateTaskMachineUA
File:
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
135664 bytes
Created: 6/7/2010 16:23
Modified: 6/7/2010 16:23
Company: Google Inc.
Parameters:
/ua /installsource scheduler
Schedule:
Every 1 hour(s) from 16:28 for 24 hour(s) every day, starting 6/7
/2553
Next Run Time: 15/9/2010 10:28:00
Status:
Ready
Creator:
SYSTEM
Comments:
Google Goog
---------Taskname:
User_Feed_Synchronization-{ED6D583D-0A2F-445C-9153-FAACB8E0D22C}
File:
C:\WINDOWS\system32\msfeedssync.exe
C:\WINDOWS\system32\msfeedssync.exe
13312 bytes
Created: 8/3/2009 4:31
Modified: 8/3/2009 4:31
Company: Microsoft Corporation
Parameters:
sync
Schedule:
Multiple schedule times
Next Run Time: 15/9/2010 16:47:00
Status:
Ready
Creator:
Administrator
Comments:
Updates out-of-date system feeds.
---------************************************************************
9:34:29: Scanning ----- SHELLICONOVERLAYIDENTIFIERS ----************************************************************
9:34:29: Scanning ----- DEVICE DRIVER ENTRIES ----Value: msacm.divxa32
File: msaud32_divx.acm
C:\WINDOWS\system32\msaud32_divx.acm
186368 bytes
Created: 3/2/2003 13:01
Modified: 3/2/2003 13:01
Company: Microsoft Corporation
---------Value: VIDC.ACDV
File: ACDV.dll

ACDV.dll - [file not found to scan]


---------************************************************************
9:34:30: ----- ADDITIONAL CHECKS ----PE386 rootkit checks completed
---------Winlogon registry rootkit checks completed
---------Heuristic checks for hidden files/drivers completed
---------Layered Service Provider entries checks completed
---------Windows Explorer Policies checks completed
---------Desktop Wallpaper: C:\WINDOWS\web\wallpaper\Bliss.bmp
C:\WINDOWS\web\wallpaper\Bliss.bmp
1440054 bytes
Created: 16/1/2010 18:46
Modified: 16/1/2010 18:46
Company: [no info]
---------Web Desktop Wallpaper: %SystemRoot%\web\wallpaper\Bliss.bmp
C:\WINDOWS\web\wallpaper\Bliss.bmp
1440054 bytes
Created: 16/1/2010 18:46
Modified: 16/1/2010 18:46
Company: [no info]
---------Checks for rogue DNS NameServers completed
---------The Windows Update service is disabled
The Security Center service is disabled
[Service set to DISABLED]
Additional checks completed
************************************************************
9:34:30: Scanning ----- RUNNING PROCESSES ----C:\WINDOWS\System32\smss.exe
50688 bytes
Created: 14/4/2008 17:00
Modified: 14/4/2008 17:00
Company: Microsoft Corporation
-------------------C:\WINDOWS\system32\winlogon.exe
507904 bytes
Created: 14/4/2008 17:00
Modified: 14/4/2008 17:00
Company: Microsoft Corporation
-------------------C:\WINDOWS\system32\services.exe
108544 bytes
Created: 14/4/2008 17:00
Modified: 14/4/2008 17:00
Company: Microsoft Corporation
-------------------C:\WINDOWS\system32\lsass.exe
13312 bytes
Created: 14/4/2008 17:00

Modified: 14/4/2008 17:00


Company: Microsoft Corporation
-------------------C:\WINDOWS\system32\nvsvc32.exe - file already scanned
-------------------C:\WINDOWS\system32\svchost.exe
14336 bytes
Created: 14/4/2008 17:00
Modified: 14/4/2008 17:00
Company: Microsoft Corporation
-------------------C:\WINDOWS\System32\svchost.exe - file already scanned
-------------------C:\WINDOWS\system32\spoolsv.exe
57856 bytes
Created: 14/4/2008 17:00
Modified: 14/4/2008 17:00
Company: Microsoft Corporation
-------------------C:\Program Files\Google\Update\GoogleUpdate.exe - file already scanned
-------------------C:\WINDOWS\Explorer.EXE - file already scanned
-------------------C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe - file already scanned
-------------------C:\Program Files\Naevius USB Antivirus\usbantivirus.exe - file already scanned
-------------------C:\WINDOWS\system32\ctfmon.exe - file already scanned
-------------------C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
607584 bytes
Created: 20/6/2009 10:16
Modified: 20/6/2009 10:16
Company: Broadcom Corporation.
-------------------C:\Documents and Settings\Administrator\Application Data\Simply Super Software\T
rojan Remover\nlf2.exe
FileSize:
3687344
[This is a Trojan Remover component]
-------------------C:\Program Files\Launch Manager\dsiwmis.exe - file already scanned
-------------------C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe - file already scanned
-------------------C:\Program Files\Google\Update\GoogleUpdate.exe - file already scanned
-------------------C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe - file
already scanned
-------------------C:\Program Files\Google\Update\GoogleUpdate.exe - file already scanned
-------------------C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
322120 bytes
Created: 19/6/2003 23:25
Modified: 19/6/2003 23:25
Company: Microsoft Corporation
-------------------C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe - file al
ready scanned
--------------------

C:\WINDOWS\system32\svchost.exe - file already scanned


-------------------C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe - file
already scanned
-------------------C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
349528 bytes
Created: 20/6/2009 10:16
Modified: 20/6/2009 10:16
Company: Broadcom Corporation.
-------------------************************************************************
9:34:32: Checking HOSTS file
No malicious entries were found in the HOSTS file
************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS -----HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://go.microsoft.com/fwlink/?LinkId=69157
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://go.microsoft.com/fwlink/?LinkId=69157
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.rcnsearch.com/
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://go.microsoft.com/fwlink/?LinkId=54896
************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 9:34:32 15 .. 2010
Total Scan time: 00:00:15
************************************************************