***** THE SYSTEM HAS BEEN RESTARTED *****
06.04.2009 18:20:00: Trojan Remover has been restarted
=======================================================
Removing the following registry keys:
HKLM\SYSTEM\CurrentControlSet\Services\seneka - removed
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\seneka.sys - already removed (or did not exist)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\seneka.sys - already removed (or did not exist)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uti5ndu0.sys - already removed (or did not exist)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uti5ndu0.sys - already removed (or did not exist)
=======================================================
=======================================================
Deleting the following registry value(s):
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\[csrcs] - already deleted
HKLM\SYSTEM\CurrentControlSet\Services\uti5ndu0\[ImagePath] - already deleted
=======================================================
06.04.2009 18:20:00: Trojan Remover closed
************************************************************


***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.8.2572. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 18:15:47 06  2009
Using Database v7312
Operating System:  Windows XP Professional (SP3) [Build: 5.1.2600]
File System:       NTFS
UserData directory: C:\Documents and Settings\Admin\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory:  C:\Documents and Settings\Admin\ \Simply Super Software\Trojan Remover Logfiles\
Program directory:  C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************
The following Anti-Malware program(s) are loaded:
ESET NOD32 Antivirus

************************************************************


************************************************************
18:15:47: ----- SCANNING FOR ROOTKIT SERVICES -----
Hidden Service Keyname: seneka
C:\WINDOWS\system32\drivers\seneka.sys
53248 bytes
Modified: 24.01.2009 14:42
Company:  Microsoft Corporation
File appears to be hidden using rootkit techniques
C:\WINDOWS\system32\drivers\seneka.sys appears to contain: ROOTKIT.SENEKA
Entry has been scheduled for deletion when the PC is restarted
C:\WINDOWS\system32\drivers\seneka.sys - file renamed to: C:\WINDOWS\system32\drivers\seneka.sys.vir
----------

************************************************************
18:16:05: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [Explorer.exe csrcs.exe]
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1721344 bytes
Created:  21.06.2008 7:47
Modified: 21.06.2008 7:47
Company:   
----------
File: csrcs.exe
C:\WINDOWS\system32\csrcs.exe
-RHS- 492616 bytes
Created:  21.06.2008 12:21
Modified: 21.06.2008 12:21
Company:  
C:\WINDOWS\system32\csrcs.exe appears to contain: SUSPICIOUS.ENTRY
C:\WINDOWS\system32\csrcs.exe - running process located and terminated
C:\WINDOWS\system32\csrcs.exe - READ-ONLY, HIDDEN and SYSTEM file attributes removed
csrcs.exe - file renamed to: csrcs.exe.vir
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\WINDOWS\System32\userinit.exe]
File: C:\WINDOWS\System32\userinit.exe
C:\WINDOWS\System32\userinit.exe
26624 bytes
Created:  15.04.2008 15:00
Modified: 15.04.2008 15:00
Company:   
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
Key value: [logonui.exe]
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
6455296 bytes
Created:  21.06.2008 7:47
Modified: 21.06.2008 7:47
Company:   
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: SoundMan
Value Data: SOUNDMAN.EXE
C:\WINDOWS\SOUNDMAN.EXE
577536 bytes
Created:  17.07.2008 16:15
Modified: 16.04.2007 23:28
Company:  Realtek Semiconductor Corp.
--------------------
Value Name: MULTIMEDIA KEYBOARD
Value Data: C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
180224 bytes
Created:  22.07.2008 8:35
Modified: 19.06.2002 10:50
Company:  Netropa Corp.
--------------------
Value Name: BluetoothAuthenticationAgent
Value Data: rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
C:\WINDOWS\system32\bthprops.cpl
110592 bytes
Created:  15.04.2008 15:00
Modified: 15.04.2008 15:00
Company:  Microsoft Corporation
--------------------
Value Name: egui
Value Data: "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
1443072 bytes
Created:  13.03.2008 17:48
Modified: 13.03.2008 17:48
Company:  ESET
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
1213320 bytes
Created:  06.04.2009 18:14
Modified: 30.03.2009 16:07
Company:  Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
Value Name: csrcs
Value Data: C:\WINDOWS\system32\csrcs.exe
C:\WINDOWS\system32\csrcs.exe - this registry entry has been removed [file already renamed]
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: CTFMON.EXE
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
30208 bytes
Created:  21.06.2008 7:47
Modified: 21.06.2008 7:47
Company:  Microsoft Corporation
--------------------
Value Name: VistaIcon
Value Data: C:\Program Files\VistaDriveIcon\VistaDrv.exe
C:\Program Files\VistaDriveIcon\VistaDrv.exe
132096 bytes
Created:  17.07.2008 12:25
Modified: 02.01.2008 13:52
Company:  [no info]
--------------------
Value Name: Facegame
Value Data: "C:\Documents and Settings\Admin\Application Data\Facegame\Facegame.exe" 61A847B5BBF72813349330466188719AB689201522886B092CBD44BD8689220221DD3257
C:\Documents and Settings\Admin\Application Data\Facegame\Facegame.exe - [file not found to scan]
--------------------
Value Name: AuthClient
Value Data: C:\Program Files\Bestlink\Bestlink.exe
C:\Program Files\Bestlink\Bestlink.exe
268800 bytes
Created:  10.03.2007 23:18
Modified: 10.03.2007 23:18
Company:  [no info]
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty

************************************************************
18:16:17: Scanning -----SHELLEXECUTEHOOKS-----
ShellExecuteHooks key is empty

************************************************************
18:16:17: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
18:16:17: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.

************************************************************
18:16:17: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key:  {2C7339CF-2B09-4501-B3F3-F3508C9228ED}
Path: %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
C:\WINDOWS\system32\themeui.dll
393216 bytes
Created:  21.06.2008 7:49
Modified: 21.06.2008 7:49
Company:   
----------
Key:  {44BBA840-CC51-11CF-AAFA-00AA00B6015C}
Path: "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
C:\Program Files\Outlook Express\setup50.exe
73216 bytes
Created:  17.07.2008 12:21
Modified: 15.04.2008 15:00
Company:   
----------
Key:  {7790769C-0471-11d2-AF11-00C04FA35D02}
Path: "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
C:\Program Files\Outlook Express\setup50.exe
73216 bytes
Created:  17.07.2008 12:21
Modified: 15.04.2008 15:00
Company:   
----------
Key:  {89820200-ECBD-11cf-8B85-00AA005B4340}
Path: regsvr32.exe /s /n /i:U shell32.dll
C:\WINDOWS\system32\shell32.dll
26688512 bytes
Created:  21.06.2008 7:49
Modified: 21.06.2008 7:49
Company:   
----------

************************************************************
18:16:18: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key:  AppMgmt
Path: %SystemRoot%\System32\appmgmts.dll
C:\WINDOWS\System32\appmgmts.dll
171008 bytes
Created:  15.04.2008 15:00
Modified: 15.04.2008 15:00
Company:   
--------------------
Key:  BITS
Path: C:\WINDOWS\system32\qmgr.dll
C:\WINDOWS\system32\qmgr.dll
409088 bytes
Created:  17.07.2008 12:21
Modified: 15.04.2008 15:00
Company:   
--------------------
Key:  BthServ
Path: %SystemRoot%\System32\bthserv.dll
C:\WINDOWS\System32\bthserv.dll
30208 bytes
Created:  15.04.2008 15:00
Modified: 15.04.2008 15:00
Company:  Microsoft Corporation
--------------------
Key:  Dhcp
Path: %SystemRoot%\System32\dhcpcsvc.dll
C:\WINDOWS\System32\dhcpcsvc.dll
126464 bytes
Created:  15.04.2008 15:00
Modified: 15.04.2008 15:00
Company:   
--------------------
Key:  dmserver
Path: %SystemRoot%\System32\dmserver.dll
C:\WINDOWS\System32\dmserver.dll
24064 bytes
Created:  15.04.2008 15:00
Modified: 15.04.2008 15:00
Company:   
--------------------
Key:  Dnscache
Path: %SystemRoot%\System32\dnsrslvr.dll
C:\WINDOWS\System32\dnsrslvr.dll
45568 bytes
Created:  15.04.2008 15:00
Modified: 15.04.2008 15:00
Company:   
--------------------
Key:  FastUserSwitchingCompatibility
Path: %SystemRoot%\System32\shsvcs.dll
C:\WINDOWS\System32\shsvcs.dll
135680 bytes
Created:  15.04.2008 15:00
Modified: 15.04.2008 15:00
Company:   
--------------------
Key:  Netman
Path: %SystemRoot%\System32\netman.dll
C:\WINDOWS\System32\netman.dll
198144 bytes
Created:  15.04.2008 15:00
Modified: 15.04.2008 15:00
Company:   
--------------------
Key:  Nla
Path: %SystemRoot%\System32\mswsock.dll
C:\WINDOWS\System32\mswsock.dll
247296 bytes
Created:  15.04.2008 15:00
Modified: 15.04.2008 15:00
Company:   
--------------------
Key:  NtmsSvc
Path: %SystemRoot%\system32\ntmssvc.dll
C:\WINDOWS\system32\ntmssvc.dll
436736 bytes
Created:  15.04.2008 15:00
Modified: 15.04.2008 15:00
Company:   
--------------------
Key:  Schedule
Path: %SystemRoot%\system32\schedsvc.dll
C:\WINDOWS\system32\schedsvc.dll
193024 bytes
Created:  17.07.2008 12:21
Modified: 15.04.2008 15:00
Company:   
--------------------
Key:  seclogon
Path: %SystemRoot%\System32\seclogon.dll
C:\WINDOWS\System32\seclogon.dll
18944 bytes
Created:  15.04.2008 15:00
Modified: 15.04.2008 15:00
Company:   
--------------------
Key:  SharedAccess
Path: %SystemRoot%\System32\ipnathlp.dll
C:\WINDOWS\System32\ipnathlp.dll
330752 bytes
Created:  21.06.2008 7:26
Modified: 21.06.2008 7:26
Company:   
--------------------
Key:  ShellHWDetection
Path: %SystemRoot%\System32\shsvcs.dll
C:\WINDOWS\System32\shsvcs.dll
135680 bytes
Created:  15.04.2008 15:00
Modified: 15.04.2008 15:00
Company:   
--------------------
Key:  srservice
Path: C:\WINDOWS\system32\srsvc.dll
C:\WINDOWS\system32\srsvc.dll
171008 bytes
Created:  17.07.2008 12:21
Modified: 15.04.2008 15:00
Company:   
--------------------
Key:  stisvc
Path: %SystemRoot%\system32\wiaservc.dll
C:\WINDOWS\system32\wiaservc.dll
333824 bytes
Created:  15.04.2008 15:00
Modified: 15.04.2008 15:00
Company:   
--------------------
Key:  TapiSrv
Path: %SystemRoot%\System32\tapisrv.dll
C:\WINDOWS\System32\tapisrv.dll
249856 bytes
Created:  15.04.2008 15:00
Modified: 15.04.2008 15:00
Company:   
--------------------
Key:  TermService
Path: %SystemRoot%\System32\termsrv.dll
C:\WINDOWS\System32\termsrv.dll
295936 bytes
Created:  17.07.2008 12:19
Modified: 15.04.2008 15:00
Company:   
--------------------
Key:  Themes
Path: %SystemRoot%\System32\shsvcs.dll
C:\WINDOWS\System32\shsvcs.dll
135680 bytes
Created:  15.04.2008 15:00
Modified: 15.04.2008 15:00
Company:   
--------------------
Key:  upnphost
Path: %SystemRoot%\System32\upnphost.dll
C:\WINDOWS\System32\upnphost.dll
186368 bytes
Created:  15.04.2008 15:00
Modified: 15.04.2008 15:00
Company:   
--------------------
Key:  W32Time
Path: C:\WINDOWS\system32\w32time.dll
C:\WINDOWS\system32\w32time.dll
175616 bytes
Created:  21.06.2008 7:26
Modified: 21.06.2008 7:26
Company:   
--------------------
Key:  winmgmt
Path: %SystemRoot%\system32\wbem\WMIsvc.dll
C:\WINDOWS\system32\wbem\WMIsvc.dll
145408 bytes
Created:  17.07.2008 12:19
Modified: 15.04.2008 15:00
Company:   
--------------------
Key:  Wmi
Path: %SystemRoot%\System32\advapi32.dll
C:\WINDOWS\System32\advapi32.dll
687616 bytes
Created:  15.04.2008 15:00
Modified: 15.04.2008 15:00
Company:   
--------------------
Key:  WZCSVC
Path: %SystemRoot%\System32\wzcsvc.dll
C:\WINDOWS\System32\wzcsvc.dll
483328 bytes
Created:  21.06.2008 11:28
Modified: 21.06.2008 7:35
Company:   
--------------------

************************************************************
18:16:24: Scanning ----- SERVICES REGISTRY KEYS -----
Key:       ACPI
ImagePath: system32\DRIVERS\ACPI.sys
C:\WINDOWS\system32\DRIVERS\ACPI.sys
188288 bytes
Created:  15.04.2008 15:00
Modified: 15.04.2008 15:00
Company:   
----------
Key:       actser
ImagePath: system32\drivers\actser.sys
C:\WINDOWS\system32\drivers\actser.sys
29440 bytes
Created:  23.08.2004 14:55
Modified: 23.08.2004 14:55
Company:  Siemens AG
----------
Key:       BlueletAudio
ImagePath: system32\DRIVERS\blueletaudio.sys
C:\WINDOWS\system32\DRIVERS\blueletaudio.sys
19712 bytes
Created:  25.07.2008 16:32
Modified: 21.09.2004 17:18
Company:  IVT Corporation
----------
Key:       BlueSoleil Hid Service
ImagePath: C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
106496 bytes
Created:  25.07.2008 16:32
Modified: 21.09.2004 17:36
Company:  [no info]
----------
Key:       BT
ImagePath: system32\DRIVERS\btnetdrv.sys
C:\WINDOWS\system32\DRIVERS\btnetdrv.sys
10804 bytes
Created:  25.07.2008 16:32
Modified: 21.09.2004 17:15
Company:  IVT Corporation
----------
Key:       Btcsrusb
ImagePath: System32\Drivers\btcusb.sys
C:\WINDOWS\System32\Drivers\btcusb.sys
23640 bytes
Created:  25.07.2008 16:32
Modified: 21.09.2004 17:18
Company:  IVT Corporation
----------
Key:       BthEnum
ImagePath: system32\DRIVERS\BthEnum.sys
C:\WINDOWS\system32\DRIVERS\BthEnum.sys
17024 bytes
Created:  23.07.2008 20:30
Modified: 21.06.2008 7:28
Company:  Microsoft Corporation
----------
Key:       BTHidEnum
ImagePath: system32\DRIVERS\vbtenum.sys
C:\WINDOWS\system32\DRIVERS\vbtenum.sys
11604 bytes
Created:  25.07.2008 16:32
Modified: 21.09.2004 17:18
Company:  [no info]
----------
Key:       BTHidMgr
ImagePath: System32\Drivers\BTHidMgr.sys
C:\WINDOWS\System32\Drivers\BTHidMgr.sys
28719 bytes
Created:  25.07.2008 16:32
Modified: 21.09.2004 17:18
Company:  IVT Corporation
----------
Key:       BthPan
ImagePath: system32\DRIVERS\bthpan.sys
C:\WINDOWS\system32\DRIVERS\bthpan.sys
101120 bytes
Created:  23.07.2008 20:31
Modified: 21.06.2008 7:28
Company:  Microsoft Corporation
----------
Key:       BTHPORT
ImagePath: System32\Drivers\BTHport.sys
C:\WINDOWS\System32\Drivers\BTHport.sys
272512 bytes
Created:  21.06.2008 7:26
Modified: 21.06.2008 7:26
Company:   
----------
Key:       BTHUSB
ImagePath: System32\Drivers\BTHUSB.sys
C:\WINDOWS\System32\Drivers\BTHUSB.sys
18944 bytes
Created:  23.07.2008 20:30
Modified: 21.06.2008 7:28
Company:  Microsoft Corporation
----------
Key:       dmadmin
ImagePath: %SystemRoot%\System32\dmadmin.exe /com
C:\WINDOWS\System32\dmadmin.exe 
224768 bytes
Created:  15.04.2008 15:00
Modified: 15.04.2008 15:00
Company:   Microsoft  VERITAS Software
----------
Key:       dmboot
ImagePath: System32\drivers\dmboot.sys
C:\WINDOWS\System32\drivers\dmboot.sys
799872 bytes
Created:  15.04.2008 15:00
Modified: 15.04.2008 15:00
Company:   Microsoft  VERITAS Software
----------
Key:       dmio
ImagePath: System32\drivers\dmio.sys
C:\WINDOWS\System32\drivers\dmio.sys
153600 bytes
Created:  15.04.2008 15:00
Modified: 15.04.2008 15:00
Company:   Microsoft  VERITAS Software
----------
Key:       eamon
ImagePath: system32\DRIVERS\eamon.sys
C:\WINDOWS\system32\DRIVERS\eamon.sys
40456 bytes
Created:  13.03.2008 17:43
Modified: 13.03.2008 17:43
Company:  ESET
----------
Key:       easdrv
ImagePath: system32\DRIVERS\easdrv.sys
C:\WINDOWS\system32\DRIVERS\easdrv.sys
29704 bytes
Created:  13.03.2008 17:44
Modified: 13.03.2008 17:44
Company:  ESET
----------
Key:       EhttpSrv
ImagePath: "C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe"
C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
19200 bytes
Created:  13.03.2008 17:55
Modified: 13.03.2008 17:55
Company:  ESET
----------
Key:       ekrn
ImagePath: "C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
472320 bytes
Created:  13.03.2008 17:49
Modified: 13.03.2008 17:49
Company:  ESET
----------
Key:       epfwtdir
ImagePath: system32\DRIVERS\epfwtdir.sys
C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
33800 bytes
Created:  13.03.2008 17:52
Modified: 13.03.2008 17:52
Company:  [no info]
----------
Key:       Eventlog
ImagePath: %SystemRoot%\system32\services.exe
C:\WINDOWS\system32\services.exe
109056 bytes
Created:  15.04.2008 15:00
Modified: 15.04.2008 15:00
Company:   
----------
Key:       Ftdisk
ImagePath: system32\DRIVERS\ftdisk.sys
C:\WINDOWS\system32\DRIVERS\ftdisk.sys
125440 bytes
Created:  15.04.2008 15:00
Modified: 15.04.2008 15:00
Company:   
----------
Key:       i8042prt
ImagePath: system32\DRIVERS\i8042prt.sys
C:\WINDOWS\system32\DRIVERS\i8042prt.sys
53120 bytes
Created:  15.04.2008 15:00
Modified: 15.04.2008 15:00
Company:   
----------
Key:       ImapiService
ImagePath: C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\system32\imapi.exe
150528 bytes
Created:  15.04.2008 15:00
Modified: 15.04.2008 15:00
Company:   
----------
Key:       ip100xp
ImagePath: system32\DRIVERS\ipfnd51.sys
C:\WINDOWS\system32\DRIVERS\ipfnd51.sys
-R- 26752 bytes
Created:  06.08.2008 9:44
Modified: 27.03.2006 5:48
Company:  ASUSTek Computer Inc.                                                                                                                                                                                                                                         
----------
Key:       isapnp
ImagePath: system32\DRIVERS\isapnp.sys
C:\WINDOWS\system32\DRIVERS\isapnp.sys
37504 bytes
Created:  15.04.2008 15:00
Modified: 15.04.2008 15:00
Company:   
----------
Key:       Kbdclass
ImagePath: system32\DRIVERS\kbdclass.sys
C:\WINDOWS\system32\DRIVERS\kbdclass.sys
24832 bytes
Created:  15.04.2008 15:00
Modified: 15.04.2008 15:00
Company:   
----------
Key:       KernelPort
ImagePath: \??\D:\Game\CS 1.6\myac_client\MyAC Client\acdev.sys
D:\Game\CS 1.6\myac_client\MyAC Client\acdev.sys
115480 bytes
Created:  14.11.2008 17:38
Modified: 31.10.2008 13:07
Company:  [no info]
----------
Key:       Mouclass
ImagePath: system32\DRIVERS\mouclass.sys
C:\WINDOWS\system32\DRIVERS\mouclass.sys
23296 bytes
Created:  21.06.2008 11:28
Modified: 21.06.2008 7:35
Company:   
----------
Key:       mouhid
ImagePath: system32\DRIVERS\mouhid.sys
C:\WINDOWS\system32\DRIVERS\mouhid.sys
12160 bytes
Created:  03.09.2008 17:24
Modified: 21.06.2008 8:27
Company:   
----------
Key:       msikbd2k
ImagePath: System32\DRIVERS\msikbd2k.sys
C:\WINDOWS\System32\DRIVERS\msikbd2k.sys
6656 bytes
Created:  22.07.2008 8:35
Modified: 20.12.2001 9:02
Company:  Netropa Corporation
----------
Key:       NetDDE
ImagePath: %SystemRoot%\system32\netdde.exe
C:\WINDOWS\system32\netdde.exe
113664 bytes
Created:  15.04.2008 15:00
Modified: 15.04.2008 15:00
Company:   
----------
Key:       NetDDEdsdm
ImagePath: %SystemRoot%\system32\netdde.exe
C:\WINDOWS\system32\netdde.exe
113664 bytes
Created:  15.04.2008 15:00
Modified: 15.04.2008 15:00
Company:   
----------
Key:       nhksrv
ImagePath: C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
28672 bytes
Created:  22.07.2008 8:35
Modified: 06.08.2001 6:41
Company:  [no info]
----------
Key:       NPF
ImagePath: \??\C:\WINDOWS\system32\drivers\packet.sys
C:\WINDOWS\system32\drivers\packet.sys
13299 bytes
Created:  25.07.2008 16:32
Modified: 21.09.2004 17:18
Company:  [no info]
----------
Key:       nvatabus
ImagePath: system32\DRIVERS\nvatabus.sys
C:\WINDOWS\system32\DRIVERS\nvatabus.sys
89856 bytes
Created:  21.06.2008 7:52
Modified: 26.02.2006 18:21
Company:  NVIDIA Corporation
----------
Key:       nvcchflt
ImagePath: system32\DRIVERS\nvcchflt.sys
C:\WINDOWS\system32\DRIVERS\nvcchflt.sys
16640 bytes
Created:  17.07.2008 16:14
Modified: 26.02.2006 18:21
Company:  NVIDIA Corporation
----------
Key:       NVENETFD
ImagePath: system32\DRIVERS\NVENETFD.sys
C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
33280 bytes
Created:  17.07.2008 16:14
Modified: 17.05.2004 9:00
Company:  NVIDIA Corporation
----------
Key:       nvnetbus
ImagePath: system32\DRIVERS\nvnetbus.sys
C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
-R- 12928 bytes
Created:  17.07.2008 16:14
Modified: 17.05.2004 9:00
Company:  NVIDIA Corporation
----------
Key:       nvrd32
ImagePath: system32\DRIVERS\nvrd32.sys
C:\WINDOWS\system32\DRIVERS\nvrd32.sys
116736 bytes
Created:  17.07.2008 16:14
Modified: 27.07.2007 23:15
Company:  NVIDIA Corporation
----------
Key:       nv_agp
ImagePath: system32\DRIVERS\nv_agp.sys
C:\WINDOWS\system32\DRIVERS\nv_agp.sys
-R- 21760 bytes
Created:  17.07.2008 16:13
Modified: 02.04.2004 10:40
Company:  NVIDIA Corporation
----------
Key:       Parport
ImagePath: system32\DRIVERS\parport.sys
C:\WINDOWS\system32\DRIVERS\parport.sys
80128 bytes
Created:  21.06.2008 11:28
Modified: 21.06.2008 7:35
Company:   
----------
Key:       PCI
ImagePath: system32\DRIVERS\pci.sys
C:\WINDOWS\system32\DRIVERS\pci.sys
68480 bytes
Created:  15.04.2008 15:00
Modified: 15.04.2008 15:00
Company:   
----------
Key:       pfc
ImagePath: system32\drivers\pfc.sys
C:\WINDOWS\system32\drivers\pfc.sys
10368 bytes
Created:  17.07.2008 13:43
Modified: 17.07.2008 13:43
Company:  Padus, Inc.
----------
Key:       PlugPlay
ImagePath: %SystemRoot%\system32\services.exe
C:\WINDOWS\system32\services.exe
109056 bytes
Created:  15.04.2008 15:00
Modified: 15.04.2008 15:00
Company:   
----------
Key:       RDSessMgr
ImagePath: C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\system32\sessmgr.exe
141824 bytes
Created:  17.07.2008 12:19
Modified: 15.04.2008 15:00
Company:   
----------
Key:       redbook
ImagePath: system32\DRIVERS\redbook.sys
C:\WINDOWS\system32\DRIVERS\redbook.sys
58368 bytes
Created:  17.07.2008 16:18
Modified: 21.06.2008 11:28
Company:   
----------
Key:       RFCOMM
ImagePath: system32\DRIVERS\rfcomm.sys
C:\WINDOWS\system32\DRIVERS\rfcomm.sys
59136 bytes
Created:  23.07.2008 20:30
Modified: 21.06.2008 7:28
Company:  Microsoft Corporation
----------
Key:       SCardSvr
ImagePath: %SystemRoot%\System32\SCardSvr.exe
C:\WINDOWS\System32\SCardSvr.exe
96768 bytes
Created:  15.04.2008 15:00
Modified: 15.04.2008 15:00
Company:   
----------
Key:       Serial
ImagePath: system32\DRIVERS\serial.sys
C:\WINDOWS\system32\DRIVERS\serial.sys
65024 bytes
Created:  15.04.2008 15:00
Modified: 15.04.2008 15:00
Company:   
----------
Key:       siusbmod
ImagePath: system32\DRIVERS\siusbmod.sys
C:\WINDOWS\system32\DRIVERS\siusbmod.sys - [file not found to scan]
----------
Key:       sptd
ImagePath: System32\Drivers\sptd.sys - this file is globally excluded
----------
Key:       sr
ImagePath: system32\DRIVERS\sr.sys
C:\WINDOWS\system32\DRIVERS\sr.sys
73472 bytes
Created:  17.07.2008 12:21
Modified: 15.04.2008 15:00
Company:   
----------
Key:       ss_bus
ImagePath: system32\DRIVERS\ss_bus.sys
C:\WINDOWS\system32\DRIVERS\ss_bus.sys
52384 bytes
Created:  22.08.2008 17:46
Modified: 24.01.2005 14:38
Company:  MCCI
----------
Key:       ss_mdfl
ImagePath: system32\DRIVERS\ss_mdfl.sys
C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys
6064 bytes
Created:  22.08.2008 17:46
Modified: 24.01.2005 14:38
Company:  MCCI
----------
Key:       ss_mdm
ImagePath: system32\DRIVERS\ss_mdm.sys
C:\WINDOWS\system32\DRIVERS\ss_mdm.sys
84512 bytes
Created:  22.08.2008 17:46
Modified: 24.01.2005 14:38
Company:  MCCI
----------
Key:       StarWindService
ImagePath: C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
217600 bytes
Created:  02.04.2005 0:51
Modified: 02.04.2005 0:51
Company:  Rocket Division Software
----------
Key:       StMmcs
ImagePath: system32\DRIVERS\StMmcs.sys
C:\WINDOWS\system32\DRIVERS\StMmcs.sys
50365 bytes
Created:  14.01.2009 15:16
Modified: 03.01.2003 20:27
Company:  SigmaTel, Inc.
----------
Key:       StMmcu
ImagePath: System32\Drivers\StMmcu.sys
C:\WINDOWS\System32\Drivers\StMmcu.sys
35890 bytes
Created:  14.01.2009 15:16
Modified: 03.01.2003 20:28
Company:  SigmaTel, Inc.
----------
Key:       StMp3Rec
ImagePath: System32\Drivers\StMp3Rec.sys
C:\WINDOWS\System32\Drivers\StMp3Rec.sys
34318 bytes
Created:  14.01.2009 15:16
Modified: 07.08.2003 22:39
Company:  Generic
----------
Key:       SwPrv
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{2CD82076-EC3F-4120-A451-70B7C466985F}
C:\WINDOWS\system32\dllhost.exe 
5120 bytes
Created:  15.04.2008 15:00
Modified: 15.04.2008 15:00
Company:  Microsoft Corporation
----------
Key:       SysmonLog
ImagePath: %SystemRoot%\system32\smlogsvc.exe
C:\WINDOWS\system32\smlogsvc.exe
91648 bytes
Created:  15.04.2008 15:00
Modified: 15.04.2008 15:00
Company:   
----------
Key:       TlntSvr
ImagePath: C:\WINDOWS\system32\tlntsvr.exe
C:\WINDOWS\system32\tlntsvr.exe
73216 bytes
Created:  15.04.2008 15:00
Modified: 15.04.2008 15:00
Company:   
----------
Key:       ttBudget2
ImagePath: system32\drivers\ttBudget2.sys
C:\WINDOWS\system32\drivers\ttBudget2.sys
365184 bytes
Created:  04.03.2008 23:55
Modified: 12.11.2007 12:53
Company:  TechnoTrend AG
----------
Key:       TTDVBLCD
ImagePath: system32\DRIVERS\ttdvblcd.sys
C:\WINDOWS\system32\DRIVERS\ttdvblcd.sys
66176 bytes
Created:  28.08.2007 19:51
Modified: 03.02.2006 11:54
Company:  TechnoTrend AG
----------
Key:       uji5ndu0
ImagePath: \??\C:\WINDOWS\system32\Drivers\uji5ndu0.sys
C:\WINDOWS\system32\Drivers\uji5ndu0.sys
9728 bytes
Created:  06.04.2009 17:29
Modified: 06.04.2009 17:29
Company:  Zaitsev Oleg, 2006
----------
Key:       uti5ndu0
ImagePath: \??\C:\WINDOWS\system32\Drivers\uti5ndu0.sys
C:\WINDOWS\system32\Drivers\uti5ndu0.sys
7168 bytes
Created:  06.04.2009 17:35
Modified: 06.04.2009 17:36
Company:  
C:\WINDOWS\system32\Drivers\uti5ndu0.sys appears to contain: ROOTKIT.AGENT
C:\WINDOWS\system32\Drivers\uti5ndu0.sys - this registry value has been removed
C:\WINDOWS\system32\Drivers\uti5ndu0.sys - file renamed to: C:\WINDOWS\system32\Drivers\uti5ndu0.sys.vir
----------
Key:       Vax347b
ImagePath: system32\DRIVERS\Vax347b.sys
C:\WINDOWS\system32\DRIVERS\Vax347b.sys
159616 bytes
Created:  17.07.2008 13:16
Modified: 25.04.2005 9:43
Company:   
----------
Key:       Vax347s
ImagePath: System32\Drivers\Vax347s.sys
C:\WINDOWS\System32\Drivers\Vax347s.sys
5248 bytes
Created:  17.07.2008 13:16
Modified: 30.04.2004 8:33
Company:   
----------
Key:       VComm
ImagePath: system32\DRIVERS\VComm.sys
C:\WINDOWS\system32\DRIVERS\VComm.sys
61048 bytes
Created:  25.07.2008 16:32
Modified: 21.09.2004 17:18
Company:  IVT Corporation
----------
Key:       VcommMgr
ImagePath: System32\Drivers\VcommMgr.sys
C:\WINDOWS\System32\Drivers\VcommMgr.sys
81548 bytes
Created:  25.07.2008 16:32
Modified: 22.09.2004 17:08
Company:  IVT Corporation
----------
Key:       VSS
ImagePath: %SystemRoot%\System32\vssvc.exe
C:\WINDOWS\System32\vssvc.exe
290304 bytes
Created:  15.04.2008 15:00
Modified: 15.04.2008 15:00
Company:   
----------
Key:       WmiApSrv
ImagePath: C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
126464 bytes
Created:  17.07.2008 12:19
Modified: 15.04.2008 15:00
Company:   
----------

************************************************************
18:17:05: Scanning -----VXD ENTRIES-----

************************************************************
18:17:05: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key    : crypt32chain
DLLName: crypt32.dll
C:\WINDOWS\system32\crypt32.dll
602112 bytes
Created:  15.04.2008 15:00
Modified: 15.04.2008 15:00
Company:   
----------
Key    : cscdll
DLLName: cscdll.dll
C:\WINDOWS\system32\cscdll.dll
102400 bytes
Created:  21.06.2008 7:26
Modified: 21.06.2008 7:26
Company:   
----------
Key    : ScCertProp
DLLName: wlnotify.dll
C:\WINDOWS\system32\wlnotify.dll
93184 bytes
Created:  15.04.2008 15:00
Modified: 15.04.2008 15:00
Company:   
----------
Key    : Schedule
DLLName: wlnotify.dll
C:\WINDOWS\system32\wlnotify.dll - file already scanned
----------

************************************************************
18:17:05: Scanning ----- CONTEXTMENUHANDLERS -----
Key:   AIMPClassic
CLSID: {1F77B17B-F531-44DB-ACA4-76ABB5010A28}
Path:  C:\PROGRA~1\AIMP2\System\AIMP_S~1.DLL
C:\PROGRA~1\AIMP2\System\AIMP_S~1.DLL
60416 bytes
Created:  28.11.2007 10:32
Modified: 28.11.2007 10:32
Company:  AIMP DevTeam
----------
Key:   BriefcaseMenu
CLSID: {85BBD920-42A0-1069-A2E4-08002B30309D}
Path:  syncui.dll
C:\WINDOWS\system32\syncui.dll
330240 bytes
Created:  21.06.2008 7:49
Modified: 21.06.2008 7:49
Company:   
----------
Key:   Eset Smart Security - Context Menu Shell Extension
CLSID: {B089FE88-FB52-11D3-BDF1-0050DA34150D}
Path:  C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll
169216 bytes
Created:  13.03.2008 17:58
Modified: 13.03.2008 17:58
Company:  ESET
----------
Key:   KillCopy
CLSID: {A5C2457A-87BC-324E-8124-0025DC10AA03}
Path:  C:\Program Files\KillSoft\KillCopy\killcopy.dll
C:\Program Files\KillSoft\KillCopy\killcopy.dll
22528 bytes
Created:  11.06.2006 3:42
Modified: 11.06.2006 3:42
Company:  Killer{R}
----------
Key:   Offline Files
CLSID: {750fdf0e-2a26-11d1-a3ea-080036587f03}
Path:  %SystemRoot%\System32\cscui.dll
C:\WINDOWS\System32\cscui.dll
674816 bytes
Created:  21.06.2008 7:47
Modified: 21.06.2008 7:47
Company:   
----------
Key:   Open With
CLSID: {09799AFB-AD67-11d1-ABCD-00C04FC30936}
Path:  %SystemRoot%\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll
26688512 bytes
Created:  21.06.2008 7:49
Modified: 21.06.2008 7:49
Company:   
----------
Key:   Open With EncryptionMenu
CLSID: {A470F8CF-A1E8-4f65-8335-227475AA5C46}
Path:  %SystemRoot%\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll
26688512 bytes
Created:  21.06.2008 7:49
Modified: 21.06.2008 7:49
Company:   
----------
Key:   Password Depot 3
CLSID: {404FAB0A-9C2E-4638-BB2E-89792E95FBA3}
Path:  C:\WINDOWS\system32\pwd_shell.dll
C:\WINDOWS\system32\pwd_shell.dll
185344 bytes
Created:  17.07.2008 13:20
Modified: 30.10.2007 14:20
Company:  AceBIT GmbH
----------
Key:   SnagItMainShellExt
CLSID: {CF74B903-3389-469c-B3B6-0204D204FCBD}
Path:  C:\Program Files\TechSmith\SnagIt 8\SnagItShellExt.dll
C:\Program Files\TechSmith\SnagIt 8\SnagItShellExt.dll
136776 bytes
Created:  01.05.2007 10:12
Modified: 01.05.2007 10:12
Company:  TechSmith Corporation
----------
Key:   {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Path:  %SystemRoot%\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll
26688512 bytes
Created:  21.06.2008 7:49
Modified: 21.06.2008 7:49
Company:   
----------

************************************************************
18:17:06: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key:  {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
File: %SystemRoot%\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll
26688512 bytes
Created:  21.06.2008 7:49
Modified: 21.06.2008 7:49
Company:   
----------
Key:  {24F14F01-7B1C-11d1-838f-0000F80461CF}
File: %SystemRoot%\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll
26688512 bytes
Created:  21.06.2008 7:49
Modified: 21.06.2008 7:49
Company:   
----------
Key:  {24F14F02-7B1C-11d1-838f-0000F80461CF}
File: %SystemRoot%\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll
26688512 bytes
Created:  21.06.2008 7:49
Modified: 21.06.2008 7:49
Company:   
----------
Key:  {66742402-F9B9-11D1-A202-0000F81FEDEE}
File: %SystemRoot%\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll
26688512 bytes
Created:  21.06.2008 7:49
Modified: 21.06.2008 7:49
Company:   
----------

************************************************************
18:17:07: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {00C6482D-C502-44C8-8409-FCE54AD9C208}
BHO: C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
63048 bytes
Created:  01.05.2007 10:11
Modified: 01.05.2007 10:11
Company:  TechSmith Corporation
----------
Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
BHO: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
63136 bytes
Created:  14.12.2004 1:56
Modified: 14.12.2004 1:56
Company:  Adobe Systems Incorporated
----------
Key: {22BF413B-C6D2-4d91-82A9-A0F997BA588C}
BHO: C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
1410344 bytes
Created:  30.05.2008 14:54
Modified: 30.05.2008 14:54
Company:  Skype Technologies S.A.
----------
Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
BHO: C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
509328 bytes
Created:  17.07.2008 12:24
Modified: 25.03.2008 3:28
Company:  Sun Microsystems, Inc.
----------
Key: {9961627E-4059-41B4-8E0E-A7D6B3854ADF}
BHO: C:\PROGRA~1\DOWNLO~1\dmiehlp.dll
C:\PROGRA~1\DOWNLO~1\dmiehlp.dll
152064 bytes
Created:  17.07.2008 13:10
Modified: 20.07.2007 16:29
Company:  WestByte
----------

************************************************************
18:17:07: Scanning ----- SHELLSERVICEOBJECTS -----
Key:   WPDShServiceObj
CLSID: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
Path:  C:\WINDOWS\system32\wpdshserviceobj.dll
C:\WINDOWS\system32\wpdshserviceobj.dll
133632 bytes
Created:  02.03.2008 14:45
Modified: 02.03.2008 14:45
Company:  Microsoft Corporation
----------
Key:   PostBootReminder
CLSID: {7849596a-48ea-486e-8937-a2a3009f31a9}
Path:  %SystemRoot%\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll - file already scanned
----------
Key:   CDBurn
CLSID: {fbeb8a05-beee-4442-804e-409d6c4515e9}
Path:  %SystemRoot%\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll - file already scanned
----------
Key:   SysTray
CLSID: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Path:  C:\WINDOWS\system32\stobject.dll
C:\WINDOWS\system32\stobject.dll
139776 bytes
Created:  21.06.2008 7:49
Modified: 21.06.2008 7:49
Company:   
----------

************************************************************
18:17:08: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
Value:   {438755C2-A8BA-11D1-B96B-00A0C90312E1}
Comment:  Browseui
File:    %SystemRoot%\system32\browseui.dll
C:\WINDOWS\system32\browseui.dll
1028096 bytes
Created:  21.06.2008 7:47
Modified: 21.06.2008 7:47
Company:   
----------
Value:   {8C7461EF-2B13-11d2-BE35-3078302C2030}
Comment:    
File:    %SystemRoot%\system32\browseui.dll
C:\WINDOWS\system32\browseui.dll
1028096 bytes
Created:  21.06.2008 7:47
Modified: 21.06.2008 7:47
Company:   
----------

************************************************************
18:17:08: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************************
18:17:08: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank or does not exist

************************************************************
18:17:08: Scanning ----- SECURITY PROVIDER DLLS -----
DLL: msapsspc.dll
C:\WINDOWS\system32\msapsspc.dll
86016 bytes
Created:  15.04.2008 15:00
Modified: 15.04.2008 15:00
Company:    (Microsoft Corp.)
----------
DLL: digest.dll
C:\WINDOWS\system32\digest.dll
68608 bytes
Created:  15.04.2008 15:00
Modified: 15.04.2008 15:00
Company:   
----------
DLL: msnsspc.dll
C:\WINDOWS\system32\msnsspc.dll
290816 bytes
Created:  15.04.2008 15:00
Modified: 15.04.2008 15:00
Company:   
----------

************************************************************
18:17:08: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\ \\]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\ \\\desktop.ini
-HS- 84 bytes
Created:  17.07.2008 16:16
Modified: 17.07.2008 12:22
Company:  [no info]
C:\Documents and Settings\All Users\ \\\desktop.ini - no action taken on this file
--------------------

************************************************************
No User Startup Groups were located to check

************************************************************
18:17:09: Scanning ----- SCHEDULED TASKS -----
No Scheduled Tasks found to scan

************************************************************
18:17:09: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----
Key:   Offline Files
CLSID: {750fdf0e-2a26-11d1-a3ea-080036587f03}
File:  %SystemRoot%\System32\cscui.dll
C:\WINDOWS\System32\cscui.dll - file already scanned
----------

************************************************************
18:17:09: Scanning ----- DEVICE DRIVER ENTRIES -----
Value: midimapper
File:  midimap.dll
C:\WINDOWS\system32\midimap.dll
18944 bytes
Created:  15.04.2008 15:00
Modified: 15.04.2008 15:00
Company:   
----------
Value: msacm.imaadpcm
File:  imaadp32.acm
C:\WINDOWS\system32\imaadp32.acm
16384 bytes
Created:  15.04.2008 15:00
Modified: 15.04.2008 15:00
Company:   
----------
Value: msacm.msadpcm
File:  msadp32.acm
C:\WINDOWS\system32\msadp32.acm
14848 bytes
Created:  15.04.2008 15:00
Modified: 15.04.2008 15:00
Company:   
----------
Value: msacm.msg711
File:  msg711.acm
C:\WINDOWS\system32\msg711.acm
9216 bytes
Created:  15.04.2008 15:00
Modified: 15.04.2008 15:00
Company:   
----------
Value: msacm.msgsm610
File:  msgsm32.acm
C:\WINDOWS\system32\msgsm32.acm
19968 bytes
Created:  15.04.2008 15:00
Modified: 15.04.2008 15:00
Company:   
----------
Value: VIDC.I420
File:  msh263.drv
C:\WINDOWS\system32\msh263.drv
294912 bytes
Created:  21.06.2008 11:28
Modified: 21.06.2008 9:28
Company:   
----------
Value: VIDC.IYUV
File:  iyuv_32.dll
C:\WINDOWS\system32\iyuv_32.dll
47104 bytes
Created:  21.06.2008 11:28
Modified: 21.06.2008 9:28
Company:   
----------
Value: vidc.mrle
File:  msrle32.dll
C:\WINDOWS\system32\msrle32.dll
11264 bytes
Created:  15.04.2008 15:00
Modified: 15.04.2008 15:00
Company:   
----------
Value: vidc.msvc
File:  msvidc32.dll
C:\WINDOWS\system32\msvidc32.dll
25600 bytes
Created:  15.04.2008 15:00
Modified: 15.04.2008 15:00
Company:   
----------
Value: wavemapper
File:  msacm32.drv
C:\WINDOWS\system32\msacm32.drv
20992 bytes
Created:  15.04.2008 15:00
Modified: 15.04.2008 15:00
Company:   
----------
Value: msacm.l3acm
File:  l3codecp.acm
C:\WINDOWS\system32\l3codecp.acm
301568 bytes
Created:  02.03.2008 14:45
Modified: 29.05.1999 4:13
Company:  Fraunhofer Institut Integrierte Schaltungen IIS
----------
Value: MSVideo8
File:  VfWWDM32.dll
C:\WINDOWS\system32\VfWWDM32.dll
54272 bytes
Created:  17.07.2008 12:54
Modified: 21.06.2008 9:28
Company:   
----------
Value: VIDC.ACDV
File:  ACDV.dll
C:\WINDOWS\system32\ACDV.dll
462848 bytes
Created:  20.06.2005 12:56
Modified: 20.06.2005 12:56
Company:  ACD Systems
----------
Value: VIDC.DIVX
File:  divx.dll
C:\WINDOWS\system32\divx.dll
639066 bytes
Created:  11.02.2009 22:34
Modified: 01.02.2007 6:56
Company:  DivX, Inc.
----------
Value: vidc.yv12
File:  yv12vfw.dll
C:\WINDOWS\system32\yv12vfw.dll
217088 bytes
Created:  11.02.2009 22:34
Modified: 25.01.2004 19:18
Company:  www.helixcommunity.org
----------
Value: msacm.ac3acm
File:  ac3acm.acm
C:\WINDOWS\system32\ac3acm.acm
118784 bytes
Created:  11.02.2009 22:34
Modified: 14.05.2006 0:16
Company:  fccHandler
----------
Value: VIDC.wmv3
File:  wmv9vcm.dll
C:\WINDOWS\system32\wmv9vcm.dll
1565480 bytes
Created:  11.02.2009 22:34
Modified: 20.01.2007 22:26
Company:  Microsoft Corporation
----------
Value: VIDC.FFDS
File:  ff_vfw.dll
C:\WINDOWS\system32\ff_vfw.dll
10752 bytes
Created:  11.02.2009 22:34
Modified: 21.02.2007 22:00
Company:  [no info]
----------

************************************************************
18:17:14: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Hidden or inaccessible Services entry: [Remoteprov]
This entry was not alerted on (driver not found)
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
==============================
Restrictive Windows Explorer Policies found in force on this computer:
HKCU\Software\Microsoft\Internet Explorer\Download
  CheckExeSignatures - default policy reset
  RunInvalidSignatures - default policy reset
All Policy Values listed have been removed or reset
==============================
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\WINDOWS\ACD Wallpaper.bmp
C:\WINDOWS\ACD Wallpaper.bmp
2359350 bytes
Created:  18.07.2008 21:35
Modified: 04.04.2009 17:45
Company:  [no info]
----------
Web Desktop Wallpaper: %SystemRoot%\ACD Wallpaper.bmp
C:\WINDOWS\ACD Wallpaper.bmp
2359350 bytes
Created:  18.07.2008 21:35
Modified: 04.04.2009 17:45
Company:  [no info]
----------
DNS Server information:
Interface:   
NameServers: 192.168.0.1
Checks for rogue DNS NameServers completed
----------
----------
Additional checks completed

************************************************************
18:17:19: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
50688 bytes
Created:  15.04.2008 15:00
Modified: 15.04.2008 15:00
Company:   
[1 loaded module]
--------------------
C:\WINDOWS\system32\csrss.exe
6144 bytes
Created:  15.04.2008 15:00
Modified: 15.04.2008 15:00
Company:  Microsoft Corporation
[13 loaded modules in total]
--------------------
C:\WINDOWS\system32\winlogon.exe
509440 bytes
Created:  21.06.2008 7:27
Modified: 21.06.2008 7:27
Company:   
\\?\globalroot\systemroot\system32\senekadlqeecio.dll appears to contain: TROJAN.SENEKA
\\?\globalroot\systemroot\system32\senekadlqeecio.dll - file renamed to: \\?\globalroot\systemroot\system32\senekadlqeecio.dll.vir
[77 loaded modules in total]
--------------------
C:\WINDOWS\system32\services.exe - file already scanned
[24 loaded modules in total]
--------------------
C:\WINDOWS\system32\lsass.exe
13312 bytes
Created:  15.04.2008 15:00
Modified: 15.04.2008 15:00
Company:  Microsoft Corporation
[57 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
14336 bytes
Created:  15.04.2008 15:00
Modified: 15.04.2008 15:00
Company:  Microsoft Corporation
[64 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
[44 loaded modules in total]
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
[147 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
[37 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
[43 loaded modules in total]
--------------------
C:\WINDOWS\system32\spoolsv.exe
57856 bytes
Created:  15.04.2008 15:00
Modified: 15.04.2008 15:00
Company:  Microsoft Corporation
[51 loaded modules in total]
--------------------
C:\WINDOWS\Explorer.exe - file already scanned
[133 loaded modules in total]
--------------------
C:\WINDOWS\SOUNDMAN.EXE - file already scanned
[24 loaded modules in total]
--------------------
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe - file already scanned
[41 loaded modules in total]
--------------------
C:\WINDOWS\system32\rundll32.exe
33280 bytes
Created:  15.04.2008 15:00
Modified: 15.04.2008 15:00
Company:   
[28 loaded modules in total]
--------------------
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe - file already scanned
[32 loaded modules in total]
--------------------
C:\WINDOWS\system32\ctfmon.exe - file already scanned
[24 loaded modules in total]
--------------------
C:\Program Files\VistaDriveIcon\VistaDrv.exe - file already scanned
[23 loaded modules in total]
--------------------
C:\Program Files\Bestlink\Bestlink.exe - file already scanned
[42 loaded modules in total]
--------------------
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
94208 bytes
Created:  22.07.2008 8:35
Modified: 07.10.2003 4:58
Company:  [no info]
[19 loaded modules in total]
--------------------
C:\Program Files\Netropa\Onscreen Display\OSD.exe
90112 bytes
Created:  22.07.2008 8:35
Modified: 14.11.2001 4:03
Company:  Netropa Corp.
[22 loaded modules in total]
--------------------
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe - file already scanned
[8 loaded modules in total]
--------------------
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe - file already scanned
[19 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
[36 loaded modules in total]
--------------------
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe - file already scanned
[55 loaded modules in total]
--------------------
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe - file already scanned
[20 loaded modules in total]
--------------------
C:\Program Files\Opera 9.5 beta\opera.exe
98816 bytes
Created:  30.11.2007 15:47
Modified: 30.11.2007 15:47
Company:  Opera Software
[43 loaded modules in total]
--------------------
D:\Install\Antivirus\avz4\avz.exe
733696 bytes
Created:  05.11.2008 19:42
Modified: 06.04.2008 18:22
Company:   , 2007
[59 loaded modules in total]
--------------------
C:\Program Files\Download Master\dmaster.exe
3280896 bytes
Created:  17.07.2008 13:10
Modified: 25.01.2008 14:42
Company:  WestByte
[69 loaded modules in total]
--------------------
C:\Program Files\WinRAR\WinRAR.exe
889856 bytes
Created:  17.07.2008 13:41
Modified: 11.10.2005 2:51
Company:  Alexander Roshal
[65 loaded modules in total]
--------------------
C:\Documents and Settings\Admin\Application Data\Simply Super Software\Trojan Remover\dcj2583.exe
FileSize:          2929528
[This is a Trojan Remover component]
[68 loaded modules in total]
--------------------

************************************************************
18:18:42: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************************
18:18:42: Scanning ------ %TEMP% DIRECTORY ------
No files found to scan
************************************************************
18:18:42: Scanning ------ C:\WINDOWS\Temp DIRECTORY ------
C:\WINDOWS\Temp\HTT2D00.tmp - [file not found to scan]
************************************************************
18:18:43: Scanning ------ ROOT DIRECTORY ------

************************************************************
18:18:44: ------ Scan for other files to remove ------
C:\WINDOWS\Temp\10.tmp has been deleted
----------
1 malware-related files deleted (or marked for deletion)

************************************************************
=== CHANGES WERE MADE TO THE WINDOWS REGISTRY ===
=== ONE OR MORE FILES WERE RENAMED OR REMOVED ===
Scan completed at: 18:18:44 06  2009
Total Scan time: 00:02:56
-------------------------------------------------------------------------
One or more files could not be moved or renamed as requested.
They may be in use by Windows, so Trojan Remover needs
to restart the system in order to deal with these files.
06.04.2009 18:18:55: restart commenced
************************************************************


