You are on page 1of 114

***** NORMAL SCAN FOR ACTIVE MALWARE

*****
Trojan Remover Ver 6.8.2.2600. For information, email support@simplysup.com
Scan started at: 19:51:20 07 jan 2012
Using Database v7824
Operating System: Windows 7 Ultimate (SP1) [Build: 6.1.7601]
File System:
NTFS
UAC is ENABLED [default level]
UserData directory: C:\Users\Igor777\AppData\Roaming\Simply Super Software\Troja
n Remover\
Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\
Logfile directory: C:\Users\Igor777\Documents\Simply Super Software\Trojan Remo
ver Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges
************************************************************
************************************************************
19:51:20: ----- SCANNING FOR ROOTKIT SERVICES ----No hidden Services were detected.
************************************************************
19:51:24: Scanning -----WINDOWS REGISTRY-----------------------Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
-------------------Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [explorer.exe]
File: explorer.exe
C:\Windows\explorer.exe
2616320 bytes
Created: 25.10.2011 3:18
Modified: 25.2.2011 6:30
Company: Microsoft Corporation
---------This key's "Userinit" value calls the following program(s):
Key value: [C:\Windows\system32\userinit.exe,]
File: C:\Windows\system32\userinit.exe
C:\Windows\system32\userinit.exe
26624 bytes
Created: 20.11.2010 22:29
Modified: 20.11.2010 22:29
Company: Microsoft Corporation
----------------------------Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
-------------------Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
-------------------Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: TaskTray
Value Data:
Blank entry: []
-------------------Value Name: SynTPEnh
Value Data: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1045800 bytes

Created: 28.3.2008 2:05
Modified: 28.3.2008 2:05
Company: Synaptics, Inc.
-------------------Value Name: egui
Value Data: "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitserv
ice
C:\Program Files\ESET\ESET Smart Security\egui.exe
2054360 bytes
Created: 11.9.2009 7:23
Modified: 11.9.2009 7:23
Company: ESET
-------------------Value Name: WirelessAssistant
Value Data: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
498744 bytes
Created: 23.7.2009 11:04
Modified: 23.7.2009 11:04
Company: Hewlett-Packard
-------------------Value Name: SAOB Monitor
Value Data: C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueIm
ageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.e
xe
2536448 bytes
Created: 16.11.2010 3:52
Modified: 16.11.2010 3:52
Company: Acronis
-------------------Value Name: TrueImageMonitor.exe
Value Data: "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe"
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
5546376 bytes
Created: 1.2.2011 19:52
Modified: 1.2.2011 19:52
Company: Acronis
-------------------Value Name: Acronis Scheduler2 Service
Value Data: "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
390720 bytes
Created: 1.2.2011 19:53
Modified: 1.2.2011 19:53
Company: Acronis
-------------------Value Name: CPA
Value Data: C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe
C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe
182584 bytes
Created: 23.11.2011 11:27
Modified: 23.11.2011 11:27
Company: COMODO
-------------------Value Name: COMODO Internet Security
Value Data: "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
6676808 bytes
Created: 21.12.2011 0:41

Modified: 21.12.2011 0:41
Company: COMODO
-------------------Value Name: StartCCC
Value Data: "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
MSRun
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
343168 bytes
Created: 9.11.2011 22:45
Modified: 9.11.2011 22:45
Company: Advanced Micro Devices, Inc.
-------------------Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
-------------------Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: Sidebar
Value Data: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
C:\Program Files\Windows Sidebar\sidebar.exe
1174016 bytes
Created: 20.11.2010 22:29
Modified: 20.11.2010 22:29
Company: Microsoft Corporation
-------------------Value Name: IDMan
Value Data: C:\Program Files\Internet Download Manager\IDMan.exe /onboot
C:\Program Files\Internet Download Manager\IDMan.exe
3270040 bytes
Created: 26.10.2011 2:31
Modified: 26.10.2011 2:32
Company: Tonec Inc.
-------------------Value Name: KiesPDLR
Value Data: C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
21392 bytes
Created: 29.9.2011 15:19
Modified: 27.12.2011 15:21
Company:
-------------------Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
************************************************************
19:51:27: Scanning -----SHELLEXECUTEHOOKS----ShellExecuteHooks key is empty
************************************************************
19:51:27: Scanning -----HIDDEN REGISTRY ENTRIES----Taskdir check completed
---------No Hidden File-loading Registry Entries found
---------************************************************************
19:51:27: Scanning -----ACTIVE SCREENSAVER----ScreenSaver: C:\Windows\system32\scrnsave.scr
C:\Windows\system32\scrnsave.scr
10240 bytes
Created: 14.7.2009 0:41

2011 4:11 Company: AMD ---------Key: AMD FUEL Service ImagePath: C:\Program Files\ATI Technologies\ATI.6.11.2011 22:07 Modified: 9.SERVICEDLL REGISTRY KEYS ----************************************************************ 19:51:29: Scanning ----.2011 11:55 Company: Adobe Systems Incorporated ---------Key: afcdp ImagePath: system32\DRIVERS\afcdp.exe 176128 bytes Created: 10.2011 13:00 Company: Acronis ---------Key: AgereSoftModem ImagePath: system32\DRIVERS\AGRSM. Inc.2009 22:40 Modified: 13.11.SERVICES REGISTRY KEYS ----Key: AdobeARMservice ImagePath: "C:\Program Files\Common Files\Adobe\ARM\1.exe 291840 bytes Created: 9.2011 13:00 Modified: 11.11.11.6.sys C:\Windows\system32\DRIVERS\afcdp.ACE\Fuel\Fuel.2009 2:14 Company: Microsoft Corporation -------------------************************************************************ 19:51:27: Scanning ----.11.exe C:\Windows\system32\atiesrxx.exe /laun chService C:\Program Files\ATI Technologies\ATI.0\armsvc.Service.Service.exe C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe 3246040 bytes Created: 11.2011 11:55 Modified: 6.7.Modified: 14.2011 4:11 Modified: 10.11.exe" C:\Program Files\Common Files\Adobe\ARM\1.exe 64952 bytes Created: 6.6.2009 23:13 Company: LSI Corp ---------Key: AMD External Events Utility ImagePath: %SystemRoot%\system32\atiesrxx.2011 13:00 Company: Acronis ---------Key: afcdpsrv ImagePath: C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.2011 13:00 Modified: 11.11.2011 22:07 Company: Advanced Micro Devices.REGISTRY ACTIVE SETUP KEYS ----************************************************************ 19:51:28: Scanning ----. .0\armsvc.sys C:\Windows\system32\DRIVERS\AGRSM.ACE\Fuel\Fuel.sys 167968 bytes Created: 11.sys 1035776 bytes Created: 10.7.11.

2011 22:29 Company: Advanced Micro Devices ---------Key: amd_xata ImagePath: system32\DRIVERS\amd_xata.2011 2:23 Modified: 11.sys C:\Windows\system32\DRIVERS\amd_xata.11.sys 8913920 bytes Created: 10.sys C:\Windows\system32\drivers\amdxata. Inc.2011 22:10 Modified: 18. Inc.2011 3:12 Company: Advanced Micro Devices.sys C:\Windows\system32\DRIVERS\amdiox86.7.2011 22:29 Modified: 4.sys C:\Windows\system32\DRIVERS\amdppm.2011 3:12 Modified: 10.3.2.sys C:\Windows\system32\drivers\amdsata.2011 2:23 Modified: 11.7. ---------Key: amdkmdap ImagePath: system32\DRIVERS\atikmpag.---------Key: amdiox86 ImagePath: system32\DRIVERS\amdiox86.2011 6:38 Company: Advanced Micro Devices ---------Key: amdxata ImagePath: system32\drivers\amdxata.2011 6:38 Company: Advanced Micro Devices ---------Key: amd_sata ImagePath: system32\DRIVERS\amd_sata.10.2009 0:11 Company: Microsoft Corporation ---------Key: amdsata ImagePath: \SystemRoot\system32\drivers\amdsata.sys C:\Windows\system32\DRIVERS\atikmdag.sys 37944 bytes Created: 30.sys C:\Windows\system32\DRIVERS\atikmpag.10.sys .2011 4:44 Company: Advanced Micro Devices.sys 52736 bytes Created: 14.3.10.sys C:\Windows\system32\DRIVERS\amd_sata.11. ---------Key: AmdPPM ImagePath: system32\DRIVERS\amdppm.2009 0:11 Modified: 14.11.sys 22400 bytes Created: 26.sys 80256 bytes Created: 26.10.sys 263680 bytes Created: 10.10.2010 9:18 Company: Advanced Micro Devices ---------Key: amdkmdag ImagePath: system32\DRIVERS\atikmdag.2011 4:44 Modified: 10.sys 67200 bytes Created: 4.11.

sys 34816 bytes Created: 14. .7.sys C:\Windows\system32\drivers\atapi.6.2010 10:15 Modified: 17.2011 4:44 Company: Advanced Micro Devices.2009 2:26 Company: Microsoft Corporation ---------Key: atikmdag ImagePath: system32\DRIVERS\atikmdag.sys C:\Windows\system32\drivers\BthEnum.1.2012 13:54 Modified: 25.10.2010 10:15 Company: Advanced Micro Devices Inc.2012 13:52 Modified: 25. ---------Key: BCM43XX ImagePath: system32\DRIVERS\bcmwl6.2011 22:29 Modified: 4. ---------Key: btwaudio ImagePath: system32\drivers\btwaudio.2011 2:33 Company: Broadcom Corporation.sys 4267072 bytes Created: 1.9.sys 8913920 bytes Created: 10.sys 14392 bytes Created: 17.sys C:\Windows\system32\drivers\btwaudio.sys 21584 bytes Created: 14.11. Inc.7.2009 0:11 Modified: 14.sys C:\Windows\system32\DRIVERS\AtiPcie.1.9.8.2011 22:29 Company: Advanced Micro Devices ---------Key: atapi ImagePath: system32\drivers\atapi.8.11.2011 4:44 Modified: 10.2009 0:51 Company: Microsoft Corporation ---------Key: btwampfl ImagePath: \??\C:\Windows\system32\drivers\btwampfl.sys 525352 bytes Created: 6.2011 17:53 Modified: 1.33920 bytes Created: 4.sys 140328 bytes Created: 6.sys C:\Windows\system32\DRIVERS\atikmdag.2009 0:51 Modified: 14.6.2011 2:33 Company: Broadcom Corporation.7. ---------Key: AtiPcie ImagePath: system32\DRIVERS\AtiPcie.2011 17:53 Company: Broadcom Corporation ---------Key: BthEnum ImagePath: \SystemRoot\system32\drivers\BthEnum.sys C:\Windows\system32\drivers\btwampfl.10.sys C:\Windows\system32\DRIVERS\bcmwl6.7.

2012 13:52 Modified: 25.2011 2:33 Company: Broadcom Corporation.2011 11:27 Modified: 23. ---------Key: CLPSLS ImagePath: C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe 1052472 bytes Created: 23.1.8.0.2012 13:52 Modified: 25.2012 13:52 Modified: 25.sys 33832 bytes Created: 6.8.2011 2:33 Company: Broadcom Corporation.30319_32 ImagePath: C:\Windows\Microsoft.2012 13:52 Modified: 25. ---------Key: btwrchid ImagePath: system32\DRIVERS\btwrchid.2010 12:16 Company: Microsoft Corporation ---------Key: cmdAgent ImagePath: "C:\Program Files\COMODO\COMODO Internet Security\cmdagent.NET\Framework\v4.11.sys 76328 bytes Created: 6.30319\mscorsvw.sys C:\Windows\system32\DRIVERS\btwl2cap.8.NET\Framework\v4.0.sys C:\Windows\system32\drivers\btwavdt.exe 742688 bytes Created: 24.exe" C:\Program Files\COMODO\COMODO Internet Security\cmdagent.3.exe .sys C:\Windows\system32\DRIVERS\btwdpan.2011 19:12 Company: Broadcom Corporation.3.1.8.sys C:\Windows\system32\DRIVERS\btwrchid. ---------Key: btwdins ImagePath: C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.1.2011 11:27 Company: COMODO ---------Key: clr_optimization_v4.exe 130384 bytes Created: 18.exe C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.30319\mscorsvw.8.2011 2:33 Company: Broadcom Corporation.0.2011 19:12 Modified: 24.sys 18728 bytes Created: 6.---------Key: btwavdt ImagePath: system32\drivers\btwavdt. ---------Key: btwl2cap ImagePath: system32\DRIVERS\btwl2cap.2010 12:16 Modified: 18.8.exe C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.sys 148520 bytes Created: 6.1.2011 2:33 Company: Broadcom Corporation.11.exe C:\Windows\Microsoft. ---------Key: BTWDPAN ImagePath: system32\DRIVERS\btwdpan.

sys 62464 bytes Created: 21.exe" C:\Program Files\ESET\ESET Smart Security\EHttpSrv.2009 7:17 Company: ESET ---------Key: ehdrv ImagePath: system32\DRIVERS\ehdrv.2009 7:17 Modified: 11.12.sys C:\Windows\system32\drivers\dmvsc.12.9.2009 7:33 Modified: 11.2011 18:59 Company: COMODO ---------Key: cmdGuard ImagePath: System32\DRIVERS\cmdguard.12.12.2009 7:23 Modified: 11.2009 7:24 Company: ESET .9.9.2009 7:24 Modified: 11.12.2011 18:59 Modified: 19.sys C:\Windows\System32\DRIVERS\cmdhlp.1960584 bytes Created: 19.11.sys C:\Windows\system32\DRIVERS\ehdrv.exe 20680 bytes Created: 11.exe" C:\Program Files\ESET\ESET Smart Security\ekrn.2009 7:33 Company: ESET ---------Key: ekrn ImagePath: "C:\Program Files\ESET\ESET Smart Security\ekrn.2011 18:59 Modified: 19.sys 491816 bytes Created: 19.9.9.exe 735960 bytes Created: 11.9.9.12.11.9.sys 39640 bytes Created: 19.sys C:\Windows\System32\DRIVERS\cmdguard.2010 22:29 Company: Microsoft Corporation ---------Key: eamon ImagePath: system32\DRIVERS\eamon.2010 1:46 Modified: 20.2011 18:59 Company: COMODO ---------Key: dmvsc ImagePath: \SystemRoot\system32\drivers\dmvsc.sys 116008 bytes Created: 11.2011 18:59 Modified: 19.2011 18:59 Company: COMODO ---------Key: cmdHlp ImagePath: System32\DRIVERS\cmdhlp.2009 7:23 Company: ESET ---------Key: EhttpSrv ImagePath: "C:\Program Files\ESET\ESET Smart Security\EHttpSrv.sys C:\Windows\system32\DRIVERS\eamon.sys 108792 bytes Created: 11.

sys C:\Windows\system32\DRIVERS\Epfwndis.6.sys C:\Windows\system32\DRIVERS\inspect.2009 7:26 Company: ESET ---------Key: Epfwndis ImagePath: system32\DRIVERS\Epfwndis.9.sys C:\Windows\system32\DRIVERS\epfw.2011 18:59 Modified: 19.sys C:\Windows\system32\DRIVERS\idmwfp.6.exe 229944 bytes Created: 30. L.9.sys .2011 18:59 Company: COMODO ---------Key: ISODrive ImagePath: \??\C:\Program Files\UltraISO\drivers\ISODrive.9.2009 7:26 Modified: 11.2009 15:58 Company: Hewlett-Packard Development Company.2009 7:26 Company: ESET ---------Key: hpqwmiex ImagePath: "C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.12.12.2011 6:38 Company: Intel Corporation ---------Key: IDMWFP ImagePath: system32\DRIVERS\idmwfp.4.P.sys C:\Program Files\UltraISO\drivers\ISODrive.2011 2:23 Modified: 11.2009 9:10 Company: ESET ---------Key: epfwwfp ImagePath: system32\DRIVERS\epfwwfp. ---------Key: inspect ImagePath: system32\DRIVERS\inspect.2010 21:13 Modified: 21.12.sys C:\Windows\system32\drivers\iaStorV.2010 17:29 Company: Tonec Inc.---------Key: epfw ImagePath: system32\DRIVERS\epfw.sys 332160 bytes Created: 26.3.2009 9:10 Modified: 19. ---------Key: iaStorV ImagePath: \SystemRoot\system32\drivers\iaStorV.sys C:\Windows\system32\DRIVERS\epfwwfp.4.sys 38240 bytes Created: 11.2009 7:26 Modified: 11.9.exe" C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.sys 85232 bytes Created: 21.2009 15:58 Modified: 30.10.sys 135048 bytes Created: 11.sys 33096 bytes Created: 19.12.sys 82400 bytes Created: 19.

11.2011 15:24 Company: Malwarebytes Corporation ---------Key: MBAMService ImagePath: "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.2010 22:29 Company: Microsoft Corporation ---------Key: Revoflt ImagePath: system32\DRIVERS\revoflt.11.sys 28032 bytes Created: 20.11.sys 15872 bytes Created: 20.sys 27192 bytes Created: 28.sys 20464 bytes Created: 25.sys C:\Windows\system32\DRIVERS\revoflt.sys 28160 bytes Created: 20.2009 10:21 Company: VS Revo Group .2010 3:53 Modified: 26.5.2012 22:54 Modified: 26.2011 20:03 Modified: 10.11. Inc.10.sys C:\Windows\system32\drivers\msahci.exe" C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.2010 22:29 Modified: 20.11.12.exe 2139400 bytes Created: 26.exe" C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.5.2010 22:29 Modified: 20.10. ---------Key: kbdhid ImagePath: \SystemRoot\system32\drivers\kbdhid.sys C:\Windows\System32\drivers\rdpvideominiport.2010 22:29 Company: Microsoft Corporation ---------Key: OS Selector ImagePath: "C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.2011 12:12 Modified: 30.1.1.12.2011 17:50 Company: Malwarebytes Corporation ---------Key: msahci ImagePath: system32\drivers\msahci.2008 14:07 Company: EZB Systems.2012 22:36 Modified: 24.2010 22:29 Modified: 20.sys C:\Windows\system32\drivers\mbam.sys C:\Windows\system32\drivers\kbdhid.2.2010 22:29 Company: Microsoft Corporation ---------Key: MBAMProtector ImagePath: \??\C:\Windows\system32\drivers\mbam.73728 bytes Created: 4.exe 652872 bytes Created: 1.2010 3:53 Company: [no info] ---------Key: RdpVideoMiniport ImagePath: System32\drivers\rdpvideominiport.11.12.

2009 0:45 Modified: 14.sys .2010 6:55 Company: MCCI Corporation ---------Key: sscemdfl ImagePath: system32\DRIVERS\sscemdfl.11.7.---------Key: Serenum ImagePath: \SystemRoot\system32\drivers\serenum.12.12.2009 0:45 Company: Microsoft Corporation ---------Key: Serial ImagePath: \SystemRoot\system32\drivers\serial.sys C:\Windows\system32\DRIVERS\sscemdm.sys C:\Windows\system32\DRIVERS\ssceserd.sys 17920 bytes Created: 14.sys C:\Windows\system32\DRIVERS\sscebus.sys 123648 bytes Created: 27.10.2011 21:48 Modified: 21.7.2010 6:55 Company: MCCI Corporation ---------Key: ssceserd ImagePath: system32\DRIVERS\ssceserd.sys 98560 bytes Created: 27.10.2010 6:55 Company: MCCI Corporation ---------Key: sscemdm ImagePath: system32\DRIVERS\sscemdm.sys C:\Windows\system32\DRIVERS\sscemdfl.2011 21:48 Modified: 21.10.2010 6:55 Company: MCCI Corporation ---------Key: Synth3dVsc ImagePath: System32\drivers\synth3dvsc.sys C:\Windows\system32\drivers\serial.sys C:\Windows\System32\drivers\synth3dvsc.7.12.sys C:\Windows\system32\DRIVERS\SynTP.sys 77184 bytes Created: 21.sys 100352 bytes Created: 27.12.sys 83456 bytes Created: 14.7.sys 14848 bytes Created: 27.2009 0:45 Company: Microsoft Corporation ---------Key: sscebus ImagePath: system32\DRIVERS\sscebus.2011 21:48 Modified: 21.2010 22:29 Company: Microsoft Corporation ---------Key: SynTP ImagePath: system32\DRIVERS\SynTP.sys C:\Windows\system32\drivers\serenum.10.11.2011 21:48 Modified: 21.2009 0:45 Modified: 14.2010 1:46 Modified: 20.

11.2010 22:29 Modified: 20.sys C:\Windows\system32\drivers\tsusbhub.11.11.2008 2:06 Company: Synaptics.2010 1:46 Modified: 20.2008 2:06 Modified: 28. Inc.2011 13:00 Company: Acronis ---------Key: terminpt ImagePath: \SystemRoot\system32\drivers\terminpt.2010 22:29 Company: Microsoft Corporation ---------Key: usbfilter ImagePath: system32\DRIVERS\usbfilter. ---------Key: tdrpman273 ImagePath: system32\DRIVERS\tdrpm273.sys C:\Windows\System32\drivers\tsusbflt.11.sys 112640 bytes Created: 21.11.2011 16:44 Company: Advanced Micro Devices ---------Key: usbvideo ImagePath: System32\Drivers\usbvideo.2010 22:29 Modified: 20.sys 146432 bytes Created: 20.11.2010 22:29 Modified: 20.sys 25600 bytes Created: 21.sys 41600 bytes Created: 30.2010 1:46 Modified: 20.2010 22:29 Company: Microsoft Corporation ---------Key: TsUsbGD ImagePath: \SystemRoot\system32\drivers\TsUsbGD.2010 22:29 Company: Microsoft Corporation ---------Key: tsusbhub ImagePath: system32\drivers\tsusbhub.sys C:\Windows\system32\drivers\terminpt.3.sys C:\Windows\System32\Drivers\usbvideo.11.8.sys C:\Windows\system32\DRIVERS\usbfilter.11.sys C:\Windows\system32\drivers\TsUsbGD.sys 52224 bytes Created: 20.3.11.sys 27264 bytes Created: 20.11.sys C:\Windows\system32\DRIVERS\tdrpm273.10.11.2010 22:29 Company: Microsoft Corporation .2011 13:00 Modified: 11.11.199472 bytes Created: 28.2010 22:29 Company: Microsoft Corporation ---------Key: TsUsbFlt ImagePath: System32\drivers\tsusbflt.2011 22:11 Modified: 17.sys 752128 bytes Created: 11.

sys .2009 0:52 Modified: 14.WINLOGON\NOTIFY DLLS ----No WINLOGON\NOTIFY DLLs found to scan Rootkit scan of Winlogon\Notify key not possible [key may not exist] ************************************************************ 19:51:50: Scanning ----.dll C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll .exe 1343400 bytes Created: 28.---------Key: VGPU ImagePath: System32\drivers\rdvgkmd.sys C:\Windows\system32\DRIVERS\vwifibus.2009 0:52 Company: Microsoft Corporation ---------Key: vwififlt ImagePath: system32\DRIVERS\vwififlt.[file not found to scan] ---------Key: vwifibus ImagePath: system32\DRIVERS\vwifibus.sys 35968 bytes Created: 20.2009 0:52 Company: Microsoft Corporation ---------Key: WatAdminSvc ImagePath: %SystemRoot%\system32\Wat\WatAdminSvc.2010 22:29 Company: Microsoft Corporation ---------Key: yukonw7 ImagePath: system32\DRIVERS\yk62x86.2011 23:18 Modified: 28.sys 319264 bytes Created: 14.11.sys C:\Windows\System32\drivers\rdvgkmd.2009 0:52 Modified: 14.CONTEXTMENUHANDLERS ----Key: Comodo Antivirus CLSID: {4255A182-CAD9-4214-A19B-7BA7FB633BBD} Path: C:\Program Files\COMODO\COMODO Internet Security\cavshell.sys C:\Windows\system32\DRIVERS\vwififlt.2011 23:18 Company: Microsoft Corporation ---------Key: WinUsb ImagePath: system32\DRIVERS\WinUsb.sys C:\Windows\system32\DRIVERS\yk62x86.2010 22:29 Modified: 20.sys C:\Windows\system32\DRIVERS\WinUsb.exe C:\Windows\system32\Wat\WatAdminSvc.7.7.7.10.11.sys 48128 bytes Created: 14.9.sys 19968 bytes Created: 14.2011 14:58 Modified: 14.7.10.2011 14:58 Company: Marvell ---------************************************************************ 19:51:50: Scanning -----VXD ENTRIES----************************************************************ 19:51:50: Scanning ----.9.

2011 20:53 Modified: 22.2011 20:02 Modified: 1.2009 7:37 Modified: 11.SHAREDTASKSCHEDULER ENTRIES ----No SharedTaskScheduler entries found to scan ************************************************************ 19:51:51: Scanning ----.12.2010 16:28 Company: Internet Download Manager.2009 7:37 Company: ESET ---------Key: TeraCopy CLSID: {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} Path: C:\Program Files\TeraCopy\TeraCopyExt.dll C:\Program Files\Acronis\TrueImageHome\versions_page.570696 bytes Created: 19. ---------************************************************************ 19:51:51: Scanning ----.12.12.2011 20:02 Company: Acronis ---------************************************************************ 19:51:51: Scanning ----.dll 183880 bytes Created: 11.dll C:\Program Files\Internet Download Manager\IDMIECC.BROWSER HELPER OBJECTS ----Key: {0055C089-8582-441B-A0BF-17B458C2A3A8} BHO: C:\Program Files\Internet Download Manager\IDMIECC.SHELLSERVICEOBJECTS ----************************************************************ 19:51:51: Scanning ----.2011 18:58 Company: COMODO ---------Key: ESET Smart Security . ************************************************************ 19:51:51: Scanning ----.2.2.Context Menu Shell Extension CLSID: {B089FE88-FB52-11D3-BDF1-0050DA34150D} Path: C:\Program Files\ESET\ESET Smart Security\shellExt.IMAGEFILE DEBUGGERS ----No "Debugger" entries found.9.10.dll 202160 bytes Created: 21.6.dll 305664 bytes Created: 25.dll C:\Program Files\TeraCopy\TeraCopyExt. Tonec Inc.2010 21:13 Modified: 23.FOLDER\COLUMNHANDLERS ----************************************************************ 19:51:51: Scanning ----.APPINIT_DLLS ----- .2011 18:58 Modified: 19.12.2009 7:26 Company: [no info] ---------Key: VersionsPageShellExt CLSID: {9E42900A-85F9-4E67-9778-575FBBA0A81C} Path: C:\Program Files\Acronis\TrueImageHome\versions_page.dll 124256 bytes Created: 1.9.dll C:\Program Files\ESET\ESET Smart Security\shellExt.

10.174 bytes Created: 14.AppInitDLLs entry = [C:\Windows\system32\guard32.2011 22:52 Modified: 31.10. Parameters: /c Schedule: At 22:57:00 every day Next Run Time: 7. ??? ????? ?? ?????????? .8.12.8.10. Google ??????? ?? ???? ??????? ?????????.USER STARTUP GROUPS ----Checking Startup Group for: Igor777 [C:\Users\Igor777\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup] C:\Users\Igor777\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\d esktop.12.2011 18:58 Company: COMODO ---------************************************************************ 19:51:51: Scanning ----.exe C:\Users\Igor777\AppData\Local\Google\Update\GoogleUpdate.ini -HS.links to C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.dll] File: C:\Windows\system32\guard32.dll C:\Windows\system32\guard32.exe 136176 bytes Created: 31.2011 19:12 Modified: 24.2011 18:58 Modified: 19.174 bytes Created: 30.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.10.2011 19:12 Company: Broadcom Corporation.ini -HS.7. -------------------C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.1.SECURITY PROVIDER DLLS ----************************************************************ 19:51:51: Scanning -----.2011 22:52 Company: Google Inc.2009 5:41 Modified: 14.dll 301224 bytes Created: 19.COMMON STARTUP GROUP -----[C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup] The Common Startup Group attempts to load the following file(s) at boot time: Bluetooth.2011 22:12 Modified: 30.exe 1008928 bytes Created: 24.7.lnk .2011 22:12 Company: [no info] ----------------------------************************************************************ 19:51:52: Scanning ----.SCHEDULED TASKS ----Taskname: GoogleUpdateTaskUserS-1-5-21-1871904078-2232636328-3387153480-100 0Core File: C:\Users\Igor777\AppData\Local\Google\Update\GoogleUpdate.2012 22:57:00 Status: Ready Creator: Igor777 Comments: ??????? ??????? Google ???????.2009 5:41 Company: [no info] -------------------************************************************************ 19:51:52: Scanning ----. ??????? ?? ???? ??????? ????????? ??? ???????.

1.10. ??????? ?? ???? ??????? ????????? ??? ???????.dll 442880 bytes Created: 20.2010 17:29 Company: Tonec Inc.2010 21:13 Modified: 21.exe C:\Users\Igor777\AppData\Local\Google\Update\GoogleUpdate.jpg .ADDITIONAL CHECKS ----Winlogon registry rootkit checks completed ---------Heuristic checks for hidden files/drivers completed ---------Layered Service Provider entries checks completed ---------Windows Explorer Policies checks completed ---------Desktop Wallpaper: C:\Users\Igor777\AppData\Roaming\Microsoft\Windows\Themes\Tra nscodedWallpaper.10.??????????? ????????? ???? ???? ?? ?? ???????. ---------************************************************************ 19:51:52: Scanning ----.2010 22:29 Company: Microsoft Corporation ---------************************************************************ 19:51:53: Scanning ----. ---------Key: SharingPrivate CLSID: {08244EE6-92F0-47f2-9FC9-929BAA2E7235} File: %SystemRoot%\system32\ntshrui. Google ??????? ?? ???? ??????? ?????????.dll C:\Windows\system32\ntshrui.DEVICE DRIVER ENTRIES ----************************************************************ 19:51:53: ----. ---------Taskname: GoogleUpdateTaskUserS-1-5-21-1871904078-2232636328-3387153480-100 0UA File: C:\Users\Igor777\AppData\Local\Google\Update\GoogleUpdate.SHELLICONOVERLAYIDENTIFIERS ----Key: IDM Shell Extension CLSID: {CDC95B92-E27C-4745-A8C5-64A52A78855D} File: C:\Program Files\Internet Download Manager\IDMShellExt.12. ? ???????? ????? ???? ??????. ? ???????? ????? ???? ??????. Parameters: /ua /installsource scheduler Schedule: At 22:57:00 every day Next Run Time: 7.dll 66656 bytes Created: 21.2012 19:57:00 Status: Ready Creator: Igor777 Comments: ??????? ??????? Google ???????.exe 136176 bytes Created: 31. ??? ? ??????? ?? ??? ??????????? ??????? ?? ??????? Google ??????? ???? ?? ?? ?????? ??.2011 22:52 Modified: 31.2011 22:52 Company: Google Inc.11.11.2010 22:29 Modified: 20. ??? ? ??????? ?? ??? ??????????? ??????? ?? ??????? Google ??????? ???? ?? ?? ?????? ??. ??? ????? ?? ?????????? ??????????? ????????? ???? ???? ?? ?? ???????.12.dll C:\Program Files\Internet Download Manager\IDMShellExt.

22 Checks for rogue DNS NameServers completed ---------Additional checks completed ************************************************************ 19:51:54: Scanning ----.1.2009 2:14 Company: Microsoft Corporation -------------------C:\Windows\system32\csrss.11b/g WLAN NameServers: 8.10.7.26.2009 2:14 Company: Microsoft Corporation -------------------C:\Windows\system32\lsm.26.2009 0:11 Modified: 14.2009 0:11 Modified: 14.2009 2:14 Company: Microsoft Corporation -------------------C:\Windows\system32\services.11.2012 13:16 Company: [no info] ---------Web Desktop Wallpaper entry is blank ---------DNS Server information: Interface: Marvell Yukon 88E8042 PCI-E Fast Ethernet Controller NameServers: 8.2009 0:19 .7.7.exe 267776 bytes Created: 20.26.154.C:\Users\Igor777\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.exe 22528 bytes Created: 14.156.jp g 263877 bytes Created: 24.7.7.156.22 Interface: Broadcom 802.7.26.2009 2:14 Company: Microsoft Corporation -------------------C:\Windows\system32\lsass.154.2009 0:11 Modified: 14.2009 0:11 Modified: 14.exe 6144 bytes Created: 14.RUNNING PROCESSES ----C:\Windows\System32\smss.7.2010 22:29 Modified: 20.11.2009 0:36 Modified: 14.7.exe 96256 bytes Created: 14.exe 259072 bytes Created: 14.7.exe 69632 bytes Created: 14.2011 23:30 Modified: 6.56.56.2009 2:14 Company: Microsoft Corporation -------------------C:\Windows\system32\wininit.70.2010 22:29 Company: Microsoft Corporation -------------------C:\Windows\system32\svchost.7.70.7.exe 20992 bytes Created: 14.

2011 19:53 Modified: 1.exe 417792 bytes Created: 10.2011 22:07 Modified: 9.2011 5:22 Company: Microsoft Corporation -------------------C:\Windows\System32\spoolsv.7.11.2009 2:14 Company: Microsoft Corporation -------------------C:\Windows\system32\conhost.Modified: 14.2010 22:29 Company: Microsoft Corporation --------------------------------------C:\Windows\system32\Dwm.2009 2:14 Company: Microsoft Corporation -------------------C:\Windows\system32\winlogon.exe 271360 bytes Created: 25.2011 4:11 Company: AMD -------------------C:\Windows\system32\WLANExt.2011 4:11 Modified: 10.2010 22:29 Company: Microsoft Corporation -------------------C:\Windows\system32\atieclxx. -------------------C:\Program Files\ATI Technologies\ATI.2009 0:51 Modified: 14.2010 22:29 Modified: 20.11.11.exe 291840 bytes Created: 9.ACE\Fuel\Fuel.2011 22:07 Company: Advanced Micro Devices.11.2011 6:45 Modified: 24.exe 299008 bytes .exe 804528 bytes Created: 1.exe 92672 bytes Created: 14.11.7.exe 49152 bytes Created: 20.2010 22:29 Modified: 20.11.2009 2:14 Company: Microsoft Corporation -------------------C:\Windows\system32\taskhost.7.exe 286720 bytes Created: 20.11.7.11.Service.2.exe 317440 bytes Created: 20.11.exe 77312 bytes Created: 14.2010 22:29 Modified: 20.6.11.7.2009 0:24 Modified: 14.2.2010 22:29 Company: Microsoft Corporation -------------------C:\Program Files\Common Files\Acronis\Schedule2\schedul2.2011 19:53 Company: Acronis -------------------C:\Program Files\ATI Technologies\ATI. Inc.10.ACE\Core-Static\MOM.

12.7.exe 263600 bytes Created: 21.2009 22:14 Company: Microsoft Corporation -------------------- .3. --------------------------------------C:\Windows\system32\SearchIndexer.2010 22:29 Company: Microsoft Corporation -------------------C:\Program Files\Internet Download Manager\IEMonitor. -------------------C:\Windows\system32\wbem\wmiprvse.2010 15:33 Modified: 28.exe 1121792 bytes Created: 20.2010 22:29 Modified: 20.2009 1:35 Modified: 10.exe 257536 bytes Created: 20.11.2010 21:13 Modified: 25.exe 632888 bytes Created: 1.8.exe 299008 bytes Created: 28.exe 1008928 bytes Created: 24. -------------------C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.2010 16:11 Modified: 23. -------------------C:\Program Files\Hewlett-Packard\Shared\hpqToaster.11.Created: 23. -------------------C:\Program Files\Synaptics\SynTP\SynTPHelper.5.7.2011 5:28 Company: Microsoft Corporation --------------------------------------C:\Program Files\Windows Media Player\wmpnetwk.6.2011 19:12 Company: Broadcom Corporation. Inc.0\WPF\PresentationFontCache.11.exe 95528 bytes Created: 28.2010 15:33 Company: ATI Technologies Inc.2011 3:18 Modified: 4.8.2010 22:29 Modified: 20.2009 15:44 Modified: 1.11.9.7.8.2008 2:06 Modified: 28.8.exe 427520 bytes Created: 25.Net\Framework\v3.5.2010 16:28 Company: Tonec Inc.2011 19:12 Modified: 24.2010 16:11 Company: Advanced Micro Devices Inc.3.2010 22:29 Company: Microsoft Corporation -------------------C:\Program Files\ATI Technologies\ATI.exe 42856 bytes Created: 14.ACE\Core-Static\CCC.9.10.2009 15:44 Company: -------------------C:\Windows\Microsoft.2008 2:06 Company: Synaptics.

7601] File System: NTFS UAC is ENABLED [default level] UserData directory: C:\Users\Igor777\AppData\Roaming\Simply Super Software\Troja n Remover\ Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\ Logfile directory: C:\Users\Igor777\Documents\Simply Super Software\Trojan Remo ver Logfiles\ .C:\Windows\system32\SearchProtocolHost. For information.microsoft.com/fwlink/?LinkId=69157 HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page": C:\Windows\System32\blank.microsoft.10.com/fwlink/?LinkId=54896 ************************************************************ === NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES === Scan completed at: 19:51:59 07 jan 2012 Total Scan time: 00:00:39 ************************************************************ ***** NORMAL SCAN FOR ACTIVE MALWARE ***** Trojan Remover Ver 6.com/fwlink/?LinkId=54896 HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page": http://go.htm HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page": http://go.2011 5:28 Company: Microsoft Corporation -------------------C:\Program Files\Trojan Remover\Rmvtrjan.htm HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page": http://go.com Scan started at: 20:02:49 04 jan 2012 Using Database v7822 Operating System: Windows 7 Ultimate (SP1) [Build: 6.2600.2011 5:28 Company: Microsoft Corporation -------------------C:\Windows\system32\SearchFilterHost.exe 86528 bytes Created: 25.microsoft.com/fwlink/?LinkId=69157 HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page": C:\Windows\system32\blank.microsoft.1.5.INTERNET EXPLORER HOME/START/SEARCH SETTINGS -----HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page": http://go.5.2011 3:18 Modified: 4.exe 164352 bytes Created: 25.microsoft.2.microsoft.com/fwlink/?LinkId=69157 HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL": http://go.exe FileSize: 4740016 [This is a Trojan Remover component] --------------------------------------************************************************************ 19:51:59: Checking HOSTS file No malicious entries were found in the HOSTS file ************************************************************ -----. email support@simplysup.10.com/fwlink/?LinkId=54896 HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL": http://go.8.2011 3:18 Modified: 4.

Inc.9.Program directory: C:\Program Files\Trojan Remover\ Running with Administrator privileges ************************************************************ ************************************************************ 20:02:49: ----.2008 2:05 Company: Synaptics.] File: C:\Windows\system32\userinit.exe] File: explorer.SCANNING FOR ROOTKIT SERVICES ----No hidden Services were detected.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.9.exe.exe 2054360 bytes Created: 11.2011 3:18 Modified: 25.2009 7:23 Company: ESET .exe 1045800 bytes Created: 28.2010 22:29 Company: Microsoft Corporation ----------------------------Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows -------------------Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Value Name: load -------------------Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Value Name: TaskTray Value Data: Blank entry: [] -------------------Value Name: SynTPEnh Value Data: C:\Program Files\Synaptics\SynTP\SynTPEnh.11.2011 6:30 Company: Microsoft Corporation ---------This key's "Userinit" value calls the following program(s): Key value: [C:\Windows\system32\userinit.10.exe 26624 bytes Created: 20.2010 22:29 Modified: 20.exe C:\Windows\system32\userinit.exe C:\Windows\explorer.exe" /hide /waitserv ice C:\Program Files\ESET\ESET Smart Security\egui. ************************************************************ 20:02:49: Scanning -----WINDOWS REGISTRY-----------------------Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon -------------------Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon This key's "Shell" value calls the following program(s): Key value: [explorer.exe 2616320 bytes Created: 25.11.2008 2:05 Modified: 28. -------------------Value Name: egui Value Data: "C:\Program Files\ESET\ESET Smart Security\egui.2.3.3.2009 7:23 Modified: 11.

2011 19:52 Company: Acronis -------------------Value Name: Acronis Scheduler2 Service Value Data: "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.2010 3:52 Modified: 16.2009 11:04 Company: Hewlett-Packard -------------------Value Name: SAOB Monitor Value Data: C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueIm ageMonitor.exe 498744 bytes Created: 23.12.exe 1174016 bytes Created: 20.7.exe 390720 bytes Created: 1.2.10.2010 3:52 Company: Acronis -------------------Value Name: TrueImageMonitor.11.2009 11:04 Modified: 23.exe" C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.2.-------------------Value Name: WirelessAssistant Value Data: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.2011 20:03 Modified: 24.2011 2:31 .exe" C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe /autoRun C:\Program Files\Windows Sidebar\sidebar.2.exe C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.2.2011 19:53 Company: Acronis -------------------Value Name: Malwarebytes' Anti-Malware Value Data: "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.11.2011 19:52 Modified: 1.7.2011 17:50 Company: Malwarebytes Corporation -------------------Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce This Registry Key appears to be empty -------------------Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Value Name: Sidebar Value Data: C:\Program Files\Windows Sidebar\sidebar.exe" /starttray C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe 5546376 bytes Created: 1.e xe 2536448 bytes Created: 16.2010 22:29 Company: Microsoft Corporation -------------------Value Name: IDMan Value Data: C:\Program Files\Internet Download Manager\IDMan.11.exe /onboot C:\Program Files\Internet Download Manager\IDMan.exe 460872 bytes Created: 25.2010 22:29 Modified: 20.10.2011 19:53 Modified: 1.11.exe Value Data: "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe 3270040 bytes Created: 26.

Modified: 26.10.2011 2:32
Company: Tonec Inc.
-------------------Value Name: uTorrent
Value Data: "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
C:\Program Files\uTorrent\uTorrent.exe
641400 bytes
Created: 25.10.2011 6:28
Modified: 25.10.2011 6:29
Company: BitTorrent, Inc.
-------------------Value Name: KiesPDLR
Value Data: C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
21392 bytes
Created: 29.9.2011 15:19
Modified: 27.12.2011 15:21
Company:
-------------------Value Name: KiesHelper
Value Data: C:\Program Files\Samsung\Kies\KiesHelper.exe /s
C:\Program Files\Samsung\Kies\KiesHelper.exe
937360 bytes
Created: 27.10.2011 21:47
Modified: 27.12.2011 15:21
Company: Samsung
-------------------Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
************************************************************
20:02:52: Scanning -----SHELLEXECUTEHOOKS----ShellExecuteHooks key is empty
************************************************************
20:02:52: Scanning -----HIDDEN REGISTRY ENTRIES----Taskdir check completed
---------No Hidden File-loading Registry Entries found
---------************************************************************
20:02:52: Scanning -----ACTIVE SCREENSAVER----ScreenSaver: C:\Windows\system32\scrnsave.scr
C:\Windows\system32\scrnsave.scr
10240 bytes
Created: 14.7.2009 0:41
Modified: 14.7.2009 2:14
Company: Microsoft Corporation
-------------------************************************************************
20:02:53: Scanning ----- REGISTRY ACTIVE SETUP KEYS ----************************************************************
20:02:53: Scanning ----- SERVICEDLL REGISTRY KEYS ----************************************************************
20:02:55: Scanning ----- SERVICES REGISTRY KEYS ----Key:
AdobeARMservice

ImagePath: "C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
64952 bytes
Created: 6.6.2011 11:55
Modified: 6.6.2011 11:55
Company: Adobe Systems Incorporated
---------Key:
afcdp
ImagePath: system32\DRIVERS\afcdp.sys
C:\Windows\system32\DRIVERS\afcdp.sys
167968 bytes
Created: 11.11.2011 13:00
Modified: 11.11.2011 13:00
Company: Acronis
---------Key:
afcdpsrv
ImagePath: C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
3246040 bytes
Created: 11.11.2011 13:00
Modified: 11.11.2011 13:00
Company: Acronis
---------Key:
AgereSoftModem
ImagePath: system32\DRIVERS\AGRSM.sys
C:\Windows\system32\DRIVERS\AGRSM.sys
1035776 bytes
Created: 10.6.2009 22:40
Modified: 13.7.2009 23:13
Company: LSI Corp
---------Key:
AMD External Events Utility
ImagePath: %SystemRoot%\system32\atiesrxx.exe
C:\Windows\system32\atiesrxx.exe
176128 bytes
Created: 30.10.2011 22:09
Modified: 15.9.2011 13:30
Company: AMD
---------Key:
AMD FUEL Service
ImagePath: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe /laun
chService
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
291840 bytes
Created: 15.9.2011 13:42
Modified: 15.9.2011 13:42
Company: Advanced Micro Devices, Inc.
---------Key:
amdiox86
ImagePath: system32\DRIVERS\amdiox86.sys
C:\Windows\system32\DRIVERS\amdiox86.sys
37944 bytes
Created: 30.10.2011 22:10
Modified: 18.2.2010 9:18
Company: Advanced Micro Devices
---------Key:
amdkmdap
ImagePath: system32\DRIVERS\atikmpag.sys
C:\Windows\system32\DRIVERS\atikmpag.sys
257024 bytes

Created: 30.10.2011 22:09
Modified: 15.9.2011 12:52
Company: Advanced Micro Devices, Inc.
---------Key:
AmdPPM
ImagePath: system32\DRIVERS\amdppm.sys
C:\Windows\system32\DRIVERS\amdppm.sys
52736 bytes
Created: 14.7.2009 0:11
Modified: 14.7.2009 0:11
Company: Microsoft Corporation
---------Key:
amdsata
ImagePath: \SystemRoot\system32\drivers\amdsata.sys
C:\Windows\system32\drivers\amdsata.sys
80256 bytes
Created: 26.10.2011 2:23
Modified: 11.3.2011 6:38
Company: Advanced Micro Devices
---------Key:
amdxata
ImagePath: system32\drivers\amdxata.sys
C:\Windows\system32\drivers\amdxata.sys
22400 bytes
Created: 26.10.2011 2:23
Modified: 11.3.2011 6:38
Company: Advanced Micro Devices
---------Key:
amd_sata
ImagePath: system32\DRIVERS\amd_sata.sys
C:\Windows\system32\DRIVERS\amd_sata.sys
67712 bytes
Created: 16.6.2011 20:08
Modified: 16.6.2011 20:08
Company: Advanced Micro Devices
---------Key:
amd_xata
ImagePath: system32\DRIVERS\amd_xata.sys
C:\Windows\system32\DRIVERS\amd_xata.sys
33920 bytes
Created: 16.6.2011 20:08
Modified: 16.6.2011 20:08
Company: Advanced Micro Devices
---------Key:
atapi
ImagePath: system32\drivers\atapi.sys
C:\Windows\system32\drivers\atapi.sys
21584 bytes
Created: 14.7.2009 0:11
Modified: 14.7.2009 2:26
Company: Microsoft Corporation
---------Key:
AtiPcie
ImagePath: system32\DRIVERS\AtiPcie.sys
C:\Windows\system32\DRIVERS\AtiPcie.sys
14392 bytes
Created: 17.6.2010 10:15
Modified: 17.6.2010 10:15
Company: Advanced Micro Devices Inc.
----------

2011 2:23 Modified: 28.10.30319\mscorsvw.2009 7:17 Company: ESET ---------Key: ehdrv ImagePath: system32\DRIVERS\ehdrv.sys C:\Windows\system32\DRIVERS\bcmwl6.10.sys 393728 bytes Created: 26.0.sys C:\Windows\System32\Drivers\BTHUSB.30319_32 ImagePath: C:\Windows\Microsoft.2010 12:16 Company: Microsoft Corporation ---------Key: dmvsc ImagePath: \SystemRoot\system32\drivers\dmvsc.0.4.0.exe C:\Windows\Microsoft.sys 116008 bytes Created: 11.Key: BCM43XX ImagePath: system32\DRIVERS\bcmwl6.sys C:\Windows\system32\drivers\dmvsc.7.sys C:\Windows\System32\Drivers\BTHport.2011 4:15 Company: Microsoft Corporation ---------Key: BTHUSB ImagePath: \SystemRoot\System32\Drivers\BTHUSB.exe 130384 bytes Created: 18.sys 60416 bytes Created: 26.10.2009 0:51 Company: Microsoft Corporation ---------Key: BTHPORT ImagePath: \SystemRoot\System32\Drivers\BTHport.2010 1:46 Modified: 20.2009 7:17 Modified: 11.11.3.sys 34816 bytes Created: 14.7.2011 4:15 Company: Microsoft Corporation ---------Key: clr_optimization_v4.NET\Framework\v4.2009 0:51 Modified: 14.NET\Framework\v4.4.sys C:\Windows\system32\DRIVERS\ehdrv.11.10.9.sys 108792 bytes .sys 62464 bytes Created: 21.2011 22:25 Modified: 30.2011 22:18 Company: Broadcom Corporation ---------Key: BthEnum ImagePath: \SystemRoot\system32\drivers\BthEnum.9.2011 2:23 Modified: 28.sys C:\Windows\system32\DRIVERS\eamon.3.2010 12:16 Modified: 18.sys 4256320 bytes Created: 30.sys C:\Windows\system32\drivers\BthEnum.2010 22:29 Company: Microsoft Corporation ---------Key: eamon ImagePath: system32\DRIVERS\eamon.30319\mscorsvw.

sys 33096 bytes Created: 19.9.sys 38240 bytes Created: 11.2009 15:58 Modified: 30.sys C:\Windows\system32\drivers\iaStorV.exe 735960 bytes Created: 11.6.exe" C:\Program Files\ESET\ESET Smart Security\ekrn.2011 2:23 Modified: 11.P.2009 7:26 Modified: 11.9.6.sys C:\Windows\system32\DRIVERS\Epfwndis.9.4. ---------Key: iaStorV ImagePath: \SystemRoot\system32\drivers\iaStorV.10.9.sys 135048 bytes Created: 11.2009 9:10 Company: ESET ---------Key: epfwwfp ImagePath: system32\DRIVERS\epfwwfp.exe 229944 bytes Created: 30.sys C:\Windows\system32\DRIVERS\epfw.2009 7:23 Modified: 11.exe" C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.2009 7:23 Company: ESET ---------Key: EhttpSrv ImagePath: "C:\Program Files\ESET\ESET Smart Security\EHttpSrv. L.9.9.exe 20680 bytes Created: 11.2009 7:24 Company: ESET ---------Key: epfw ImagePath: system32\DRIVERS\epfw.sys C:\Windows\system32\DRIVERS\epfwwfp.2009 7:26 Modified: 11.9.3.2009 9:10 Modified: 19.9.2009 7:26 Company: ESET ---------Key: hpqwmiex ImagePath: "C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe" C:\Program Files\ESET\ESET Smart Security\EHttpSrv.2011 6:38 Company: Intel Corporation ---------- .2009 7:24 Modified: 11.2009 15:58 Company: Hewlett-Packard Development Company.2009 7:33 Modified: 11.sys 332160 bytes Created: 26.9.Created: 11.2009 7:26 Company: ESET ---------Key: Epfwndis ImagePath: system32\DRIVERS\Epfwndis.4.2009 7:33 Company: ESET ---------Key: ekrn ImagePath: "C:\Program Files\ESET\ESET Smart Security\ekrn.9.

2012 22:36 Modified: 24. ---------Key: kbdhid ImagePath: \SystemRoot\system32\drivers\kbdhid.5.sys C:\Windows\system32\DRIVERS\revoflt.exe" C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.12.2010 3:53 Company: [no info] ---------Key: RdpVideoMiniport ImagePath: System32\drivers\rdpvideominiport.2011 17:50 Company: Malwarebytes Corporation ---------Key: msahci ImagePath: system32\drivers\msahci.sys 85232 bytes Created: 21.2010 3:53 Modified: 26.11.2010 22:29 Modified: 20.2010 22:29 Company: Microsoft Corporation ---------Key: MBAMProtector ImagePath: \??\C:\Windows\system32\drivers\mbam.sys C:\Windows\System32\drivers\rdpvideominiport.12.exe" C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.sys 28160 bytes Created: 20.2010 22:29 Modified: 20.12.exe 652872 bytes Created: 1.2011 20:03 Modified: 10.12.11.11.2010 22:29 Company: Microsoft Corporation ---------Key: OS Selector ImagePath: "C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.11.1.sys 27192 bytes .5.2010 22:29 Modified: 20.10.11.sys 20464 bytes Created: 25.Key: IDMWFP ImagePath: system32\DRIVERS\idmwfp.2010 22:29 Company: Microsoft Corporation ---------Key: Revoflt ImagePath: system32\DRIVERS\revoflt.11.sys C:\Windows\system32\drivers\mbam.sys C:\Windows\system32\DRIVERS\idmwfp.2010 17:29 Company: Tonec Inc.sys C:\Windows\system32\drivers\kbdhid.sys C:\Windows\system32\drivers\msahci.sys 15872 bytes Created: 20.2011 15:24 Company: Malwarebytes Corporation ---------Key: MBAMService ImagePath: "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.sys 28032 bytes Created: 20.exe 2139400 bytes Created: 26.2010 21:13 Modified: 21.

2011 12:12 Modified: 30.11.2009 0:45 Modified: 14.12.sys C:\Windows\system32\DRIVERS\ssceserd.7.Created: 28.2010 6:55 Company: MCCI Corporation ---------Key: ssceserd ImagePath: system32\DRIVERS\ssceserd.sys C:\Windows\System32\drivers\synth3dvsc.2011 21:48 Modified: 21.2009 0:45 Company: Microsoft Corporation ---------Key: sscebus ImagePath: system32\DRIVERS\sscebus.sys C:\Windows\system32\drivers\serenum.10.sys 123648 bytes Created: 27.2011 21:48 Modified: 21.sys 14848 bytes Created: 27.sys 98560 bytes Created: 27.2010 6:55 Company: MCCI Corporation ---------Key: sscemdfl ImagePath: system32\DRIVERS\sscemdfl.sys 17920 bytes Created: 14.2009 0:45 Modified: 14.sys C:\Windows\system32\DRIVERS\sscemdfl.10.7.10.10.7.2010 1:46 Modified: 20.2009 10:21 Company: VS Revo Group ---------Key: Serenum ImagePath: \SystemRoot\system32\drivers\serenum.sys C:\Windows\system32\drivers\serial.10.2010 6:55 Company: MCCI Corporation ---------Key: Synth3dVsc ImagePath: System32\drivers\synth3dvsc.sys C:\Windows\system32\DRIVERS\sscebus.11.2011 21:48 Modified: 21.sys 77184 bytes Created: 21.12.2009 0:45 Company: Microsoft Corporation ---------Key: Serial ImagePath: \SystemRoot\system32\drivers\serial.12.12.7.2010 6:55 Company: MCCI Corporation ---------Key: sscemdm ImagePath: system32\DRIVERS\sscemdm.sys 100352 bytes Created: 27.12.2011 21:48 Modified: 21.sys C:\Windows\system32\DRIVERS\sscemdm.sys 83456 bytes Created: 14.2010 22:29 Company: Microsoft Corporation ---------- .

sys 112640 bytes Created: 21.11.11.2010 22:29 Company: Microsoft Corporation ---------Key: TsUsbFlt ImagePath: System32\drivers\tsusbflt.8.11.2011 13:00 Company: Acronis ---------Key: terminpt ImagePath: \SystemRoot\system32\drivers\terminpt.11.2010 1:46 Modified: 20.2010 22:29 Company: Microsoft Corporation ---------Key: tsusbhub ImagePath: system32\drivers\tsusbhub.11.sys C:\Windows\system32\drivers\terminpt.sys C:\Windows\system32\drivers\tsusbhub.sys C:\Windows\System32\Drivers\usbvideo.sys 41600 bytes Created: 30. ---------Key: tdrpman273 ImagePath: system32\DRIVERS\tdrpm273.sys 25600 bytes Created: 21.11.3.sys 27264 bytes Created: 20.10.sys C:\Windows\system32\DRIVERS\SynTP.2011 13:00 Modified: 11.11.2008 2:06 Company: Synaptics. Inc.11.sys 199472 bytes Created: 28.sys C:\Windows\system32\DRIVERS\tdrpm273.3.sys 146432 bytes .2011 16:44 Company: Advanced Micro Devices ---------Key: usbvideo ImagePath: System32\Drivers\usbvideo.Key: SynTP ImagePath: system32\DRIVERS\SynTP.2010 22:29 Modified: 20.2010 22:29 Modified: 20.11.11.2011 22:11 Modified: 17.sys 752128 bytes Created: 11.sys C:\Windows\system32\DRIVERS\usbfilter.2010 22:29 Company: Microsoft Corporation ---------Key: TsUsbGD ImagePath: \SystemRoot\system32\drivers\TsUsbGD.2010 22:29 Company: Microsoft Corporation ---------Key: usbfilter ImagePath: system32\DRIVERS\usbfilter.sys C:\Windows\system32\drivers\TsUsbGD.sys 52224 bytes Created: 20.sys C:\Windows\System32\drivers\tsusbflt.2010 1:46 Modified: 20.2008 2:06 Modified: 28.

[file not found to scan] ---------Key: vwifibus ImagePath: system32\DRIVERS\vwifibus.sys C:\Windows\system32\DRIVERS\vwififlt.sys 311296 bytes Created: 13.2009 0:52 Modified: 14.7.sys C:\Windows\system32\DRIVERS\WinUsb.2009 0:52 Company: Microsoft Corporation ---------Key: vwififlt ImagePath: system32\DRIVERS\vwififlt.2010 22:29 Modified: 20.exe C:\Windows\system32\Wat\WatAdminSvc.CONTEXTMENUHANDLERS ----Key: ESET Smart Security .11.2009 0:52 Modified: 14.11.7.sys 48128 bytes Created: 14.sys 35968 bytes Created: 20.7.2010 22:29 Company: Microsoft Corporation ---------Key: yukonw7 ImagePath: system32\DRIVERS\yk62x86.2009 0:52 Company: Microsoft Corporation ---------Key: WatAdminSvc ImagePath: %SystemRoot%\system32\Wat\WatAdminSvc.2010 22:29 Company: Microsoft Corporation ---------Key: VGPU ImagePath: System32\drivers\rdvgkmd.2009 23:02 Company: Marvell ---------************************************************************ 20:03:15: Scanning -----VXD ENTRIES----************************************************************ 20:03:15: Scanning ----.WINLOGON\NOTIFY DLLS ----No WINLOGON\NOTIFY DLLs found to scan Rootkit scan of Winlogon\Notify key not possible [key may not exist] ************************************************************ 20:03:15: Scanning ----.7.sys C:\Windows\System32\drivers\rdvgkmd.10.sys C:\Windows\system32\DRIVERS\yk62x86.2009 23:02 Modified: 13.10.Created: 20.exe 1343400 bytes Created: 28.11.7.sys C:\Windows\system32\DRIVERS\vwifibus.sys .sys 19968 bytes Created: 14.Context Menu Shell Extension .2011 23:18 Company: Microsoft Corporation ---------Key: WinUsb ImagePath: system32\DRIVERS\WinUsb.7.2010 22:29 Modified: 20.2011 23:18 Modified: 28.11.

---------************************************************************ 20:03:16: Scanning ----.2009 7:26 Company: [no info] ---------Key: VersionsPageShellExt CLSID: {9E42900A-85F9-4E67-9778-575FBBA0A81C} Path: C:\Program Files\Acronis\TrueImageHome\versions_page.2011 20:02 Modified: 1.CLSID: {B089FE88-FB52-11D3-BDF1-0050DA34150D} Path: C:\Program Files\ESET\ESET Smart Security\shellExt.2.BROWSER HELPER OBJECTS ----Key: {0055C089-8582-441B-A0BF-17B458C2A3A8} BHO: C:\Program Files\Internet Download Manager\IDMIECC.SHAREDTASKSCHEDULER ENTRIES ----No SharedTaskScheduler entries found to scan ************************************************************ 20:03:16: Scanning ----.dll C:\Program Files\TeraCopy\TeraCopyExt.IMAGEFILE DEBUGGERS ----No "Debugger" entries found.FOLDER\COLUMNHANDLERS ----************************************************************ 20:03:15: Scanning ----.2.2011 20:53 Modified: 22. ************************************************************ 20:03:16: Scanning ----.2010 16:28 Company: Internet Download Manager.6.9.9.2011 20:02 Company: Acronis ---------************************************************************ 20:03:15: Scanning ----.dll C:\Program Files\Internet Download Manager\IDMIECC.dll 202160 bytes Created: 21.2009 7:37 Modified: 11.dll C:\Program Files\ESET\ESET Smart Security\shellExt.SECURITY PROVIDER DLLS ----************************************************************ .2010 21:13 Modified: 23.12. Tonec Inc.dll C:\Program Files\Acronis\TrueImageHome\versions_page.12.dll 183880 bytes Created: 11.APPINIT_DLLS ----The AppInit_DLLs value is blank or does not exist ************************************************************ 20:03:16: Scanning ----.dll 305664 bytes Created: 25.SHELLSERVICEOBJECTS ----************************************************************ 20:03:16: Scanning ----.2009 7:37 Company: ESET ---------Key: TeraCopy CLSID: {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} Path: C:\Program Files\TeraCopy\TeraCopyExt.10.dll 124256 bytes Created: 1.

7. Parameters: /ua /installsource scheduler Schedule: At 22:57:00 every day Next Run Time: 4.exe 136176 bytes Created: 31. ? ???????? ????? ???? ??????. ---------Taskname: GoogleUpdateTaskUserS-1-5-21-1871904078-2232636328-3387153480-100 0UA File: C:\Users\Igor777\AppData\Local\Google\Update\GoogleUpdate.2011 22:52 Modified: 31. ??? ????? ?? ?????????? ??????????? ????????? ???? ???? ?? ?? ???????.2012 22:57:00 Status: Ready Creator: Igor777 Comments: ??????? ??????? Google ???????.10.ini -HS.exe C:\Users\Igor777\AppData\Local\Google\Update\GoogleUpdate.2011 22:12 Modified: 30. ??????? ?? ???? ??????? ????????? ??? ???????.2011 22:52 Company: Google Inc.1.2012 20:57:00 Status: Ready Creator: Igor777 Comments: ??????? ??????? Google ???????.2011 22:52 Modified: 31.2009 5:41 Company: [no info] -------------------************************************************************ 20:03:16: Scanning ----.exe C:\Users\Igor777\AppData\Local\Google\Update\GoogleUpdate. ??? . ??????? ?? ???? ??????? ????????? ??? ???????. ? ???????? ????? ???? ??????.SCHEDULED TASKS ----Taskname: GoogleUpdateTaskUserS-1-5-21-1871904078-2232636328-3387153480-100 0Core File: C:\Users\Igor777\AppData\Local\Google\Update\GoogleUpdate.USER STARTUP GROUPS ----Checking Startup Group for: Igor777 [C:\Users\Igor777\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup] C:\Users\Igor777\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\d esktop.2009 5:41 Modified: 14. Google ??????? ?? ???? ??????? ?????????.2011 22:52 Company: Google Inc.174 bytes Created: 14. Parameters: /c Schedule: At 22:57:00 every day Next Run Time: 4.exe 136176 bytes Created: 31.ini -HS.10.1.7.10. ??? ????? ?? ?????????? ??????????? ????????? ???? ???? ?? ?? ???????.20:03:16: Scanning -----.10.174 bytes Created: 30.2011 22:12 Company: [no info] ----------------------------************************************************************ 20:03:17: Scanning ----.COMMON STARTUP GROUP -----[C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup] The Common Startup Group attempts to load the following file(s) at boot time: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.10. ??? ? ??????? ?? ??? ??????????? ??????? ?? ??????? Google ??????? ???? ?? ?? ?????? ??. Google ??????? ?? ???? ??????? ?????????.10.

jpg C:\Users\Igor777\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.2009 0:11 Modified: 14.2010 22:29 Company: Microsoft Corporation ---------************************************************************ 20:03:17: Scanning ----.RUNNING PROCESSES ----C:\Windows\System32\smss.10.2009 2:14 Company: Microsoft Corporation .2011 23:30 Modified: 4.2012 20:00 Company: [no info] ---------Web Desktop Wallpaper entry is blank ---------Checks for rogue DNS NameServers completed ---------Additional checks completed ************************************************************ 20:03:18: Scanning ----.11.12.dll 66656 bytes Modified: 21.exe 69632 bytes Created: 14. ---------************************************************************ 20:03:17: Scanning ----.dll C:\Program Files\Internet Download Manager\IDMShellExt.? ??????? ?? ??? ??????????? ??????? ?? ??????? Google ??????? ???? ?? ?? ?????? ??.11.DEVICE DRIVER ENTRIES ----************************************************************ 20:03:18: ----.7.7.2010 17:29 Company: Tonec Inc.SHELLICONOVERLAYIDENTIFIERS ----Key: IDM Shell Extension CLSID: {CDC95B92-E27C-4745-A8C5-64A52A78855D} File: C:\Program Files\Internet Download Manager\IDMShellExt.dll C:\Windows\system32\ntshrui.1.jp g 1026862 bytes Created: 24.dll 442880 bytes Created: 20. ---------Key: SharingPrivate CLSID: {08244EE6-92F0-47f2-9FC9-929BAA2E7235} File: %SystemRoot%\system32\ntshrui.ADDITIONAL CHECKS ----Winlogon registry rootkit checks completed ---------Heuristic checks for hidden files/drivers completed ---------Layered Service Provider entries checks completed ---------Windows Explorer Policies checks completed ---------Desktop Wallpaper: C:\Users\Igor777\AppData\Roaming\Microsoft\Windows\Themes\Tra nscodedWallpaper.2010 22:29 Modified: 20.

7.7.exe 6144 bytes Created: 14.11.exe 271360 bytes Created: 25.2011 22:09 Modified: 15.2009 2:14 Company: Microsoft Corporation -------------------C:\Windows\system32\lsm.7.2009 0:11 Modified: 14.2009 2:14 Company: Microsoft Corporation -------------------C:\Windows\system32\services.2009 2:14 Company: Microsoft Corporation -------------------C:\Windows\system32\conhost.11.10.exe 267776 bytes Created: 20.2010 22:29 Company: Microsoft Corporation -------------------C:\Windows\system32\svchost.exe 397312 bytes Created: 30.2010 22:29 Modified: 20.7.10.7.2011 13:30 Company: AMD --------------------------------------C:\Windows\system32\WLANExt.exe 22528 bytes Created: 14.2009 2:14 Company: Microsoft Corporation -------------------C:\Windows\system32\winlogon.exe 96256 bytes Created: 14.7.2010 22:29 Company: Microsoft Corporation --------------------------------------C:\Windows\system32\atieclxx.9.7.2009 2:14 Company: Microsoft Corporation -------------------C:\Windows\system32\wininit.2009 2:14 Company: Microsoft Corporation -------------------C:\Windows\system32\lsass.exe 20992 bytes Created: 14.2009 0:51 Modified: 14.exe 259072 bytes Created: 14.2009 0:11 Modified: 14.7.2009 0:11 Modified: 14.2010 22:29 Modified: 20.-------------------C:\Windows\system32\csrss.11.2011 6:45 .11.exe 77312 bytes Created: 14.7.7.7.7.exe 286720 bytes Created: 20.2009 0:36 Modified: 14.2009 0:19 Modified: 14.

exe 804528 bytes Created: 1.2010 22:29 Company: Microsoft Corporation -------------------C:\Windows\system32\Dwm.3. Inc.2010 22:29 Company: Microsoft Corporation --------------------------------------C:\Windows\system32\taskhost.7.2010 22:29 Company: Microsoft Corporation -------------------C:\Program Files\Synaptics\SynTP\SynTPHelper.11.11.11.exe 1121792 bytes Created: 20.2010 22:29 Modified: 20.exe 317440 bytes Created: 20.Modified: 24.2008 2:06 Modified: 28.11.exe 49152 bytes Created: 20.2010 22:29 Company: Microsoft Corporation -------------------C:\Program Files\Internet Download Manager\IEMonitor.2.7.exe 427520 bytes Created: 25.3.2008 2:06 Company: Synaptics.2009 0:24 Modified: 14.2009 2:14 Company: Microsoft Corporation -------------------C:\Program Files\Common Files\Acronis\Schedule2\schedul2.9.2011 13:42 Company: Advanced Micro Devices.exe 92672 bytes Created: 14. -------------------C:\Program Files\Windows Media Player\wmpnetwk.2011 3:18 Modified: 4.2011 5:22 Company: Microsoft Corporation -------------------C:\Windows\System32\spoolsv. -------------------C:\Windows\system32\SearchIndexer.11.2011 19:53 Modified: 1.2.exe 95528 bytes Created: 28.2010 22:29 Modified: 20.2011 5:28 Company: Microsoft Corporation --------------------------------------C:\Windows\system32\wbem\wmiprvse.9.exe 291840 bytes Created: 15.Service.11.11.2010 22:29 Modified: 20.2011 13:42 Modified: 15.11.5.2011 19:53 Company: Acronis -------------------C:\Program Files\ATI Technologies\ATI. Inc.2010 22:29 Modified: 20.exe .ACE\Fuel\Fuel.exe 257536 bytes Created: 20.6.10.

2010 21:13 Modified: 25.2011 3:18 Modified: 4.2011 5:28 Company: Microsoft Corporation -------------------C:\Windows\system32\SearchFilterHost.7.10.exe 924632 bytes Created: 28.2010 22:29 Company: Microsoft Corporation --------------------------------------C:\Windows\system32\SearchProtocolHost.com/fwlink/?LinkId=54896 HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page": http://go.com/fwlink/?LinkId=69157 HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL": http://go.com/fwlink/?LinkId=69157 HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page": C:\Windows\System32\blank.exe 632888 bytes Created: 1.microsoft.11.263600 bytes Created: 21.microsoft.microsoft.INTERNET EXPLORER HOME/START/SEARCH SETTINGS -----HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page": http://go.5.10.2012 19:51 Company: Mozilla Corporation -------------------C:\Windows\servicing\TrustedInstaller.microsoft. -------------------C:\Program Files\Hewlett-Packard\Shared\hpqToaster.2010 16:28 Company: Tonec Inc.5.exe 86528 bytes Created: 25.com/fwlink/?LinkId=54896 HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL": http://go.2011 3:18 Modified: 4.10.12.11.1.exe FileSize: 4740016 [This is a Trojan Remover component] --------------------------------------************************************************************ 20:03:24: Checking HOSTS file No malicious entries were found in the HOSTS file ************************************************************ -----.exe 204800 bytes Created: 20.2009 15:44 Company: -------------------C:\Program Files\Mozilla Firefox\firefox.7.com/fwlink/?LinkId=69157 .2011 5:28 Company: Microsoft Corporation -------------------C:\Program Files\Trojan Remover\Rmvtrjan.2010 22:29 Modified: 20.microsoft.htm HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page": http://go.exe 164352 bytes Created: 25.5.2009 15:44 Modified: 1.2011 21:50 Modified: 4.

exe 26624 bytes Created: 20.2010 22:29 Modified: 20.10.HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page": C:\Windows\system32\blank.11. For information.11.7601] File System: NTFS UAC is ENABLED [default level] UserData directory: C:\Users\Igor777\AppData\Roaming\Simply Super Software\Troja n Remover\ Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\ Logfile directory: C:\Users\Igor777\Documents\Simply Super Software\Trojan Remo ver Logfiles\ Program directory: C:\Program Files\Trojan Remover\ Running with Administrator privileges ************************************************************ ************************************************************ 13:06:20: ----.SCANNING FOR ROOTKIT SERVICES ----No hidden Services were detected.exe C:\Windows\explorer.2011 6:30 Company: Microsoft Corporation ---------This key's "Userinit" value calls the following program(s): Key value: [C:\Windows\system32\userinit.exe C:\Windows\system32\userinit.2.] File: C:\Windows\system32\userinit.1.2011 3:18 Modified: 25. ************************************************************ 13:06:20: Scanning -----WINDOWS REGISTRY-----------------------Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon -------------------Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon This key's "Shell" value calls the following program(s): Key value: [explorer.htm HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page": http://go.com/fwlink/?LinkId=54896 ************************************************************ === NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES === Scan completed at: 20:03:24 04 jan 2012 Total Scan time: 00:00:34 ************************************************************ ***** NORMAL SCAN FOR ACTIVE MALWARE ***** Trojan Remover Ver 6.microsoft.2.exe] File: explorer.exe.exe 2616320 bytes Created: 25. email support@simplysup.2600.8.com [Unregistered version] Scan started at: 13:06:20 11 nov 2011 Using Database v7791 Operating System: Windows 7 Ultimate (SP1) [Build: 6.2010 22:29 Company: Microsoft Corporation ----------------------------Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows .

2.2010 3:52 Modified: 16. Inc.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.3.2.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.2.7.7.exe 5546376 bytes Created: 1.2011 19:52 Modified: 1.2008 2:05 Company: Synaptics.2009 11:04 Modified: 23.e xe 2536448 bytes Created: 16.exe 1045800 bytes Created: 28.3.exe" C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe 498744 bytes Created: 23.2011 19:53 Company: Acronis -------------------- .9.11.11.exe 2054360 bytes Created: 11.exe 390720 bytes Created: 1.exe C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor. -------------------Value Name: egui Value Data: "C:\Program Files\ESET\ESET Smart Security\egui.exe Value Data: "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.-------------------Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Value Name: load -------------------Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Value Name: TaskTray Value Data: Blank entry: [] -------------------Value Name: SynTPEnh Value Data: C:\Program Files\Synaptics\SynTP\SynTPEnh.2009 7:23 Company: ESET -------------------Value Name: WirelessAssistant Value Data: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.2008 2:05 Modified: 28.2.9.2009 7:23 Modified: 11.2011 19:53 Modified: 1.2009 11:04 Company: Hewlett-Packard -------------------Value Name: SAOB Monitor Value Data: C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueIm ageMonitor.2010 3:52 Company: Acronis -------------------Value Name: TrueImageMonitor.exe" /hide /waitserv ice C:\Program Files\ESET\ESET Smart Security\egui.exe" C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.2011 19:52 Company: Acronis -------------------Value Name: Acronis Scheduler2 Service Value Data: "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.

11.SERVICEDLL REGISTRY KEYS ----************************************************************ 13:06:25: Scanning ----.REGISTRY ACTIVE SETUP KEYS ----************************************************************ 13:06:23: Scanning ----. -------------------Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce This Registry Key appears to be empty ************************************************************ 13:06:22: Scanning -----SHELLEXECUTEHOOKS----ShellExecuteHooks key is empty ************************************************************ 13:06:22: Scanning -----HIDDEN REGISTRY ENTRIES----Taskdir check completed ---------No Hidden File-loading Registry Entries found ---------************************************************************ 13:06:22: Scanning -----ACTIVE SCREENSAVER----ScreenSaver: C:\Windows\system32\scrnsave. Inc.2010 22:29 Company: Microsoft Corporation -------------------Value Name: IDMan Value Data: C:\Program Files\Internet Download Manager\IDMan.7.10.2011 6:28 Modified: 25.2011 6:29 Company: BitTorrent.scr C:\Windows\system32\scrnsave.exe 3270040 bytes Created: 26.scr 10240 bytes Created: 14.exe 641400 bytes Created: 25.10.exe /autoRun C:\Program Files\Windows Sidebar\sidebar.exe 1174016 bytes Created: 20.2011 2:31 Modified: 26.Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce This Registry Key appears to be empty -------------------Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Value Name: Sidebar Value Data: C:\Program Files\Windows Sidebar\sidebar.exe /onboot C:\Program Files\Internet Download Manager\IDMan. -------------------Value Name: uTorrent Value Data: "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED C:\Program Files\uTorrent\uTorrent.2009 0:41 Modified: 14.SERVICES REGISTRY KEYS ----- .2011 2:32 Company: Tonec Inc.2010 22:29 Modified: 20.10.10.2009 2:14 Company: Microsoft Corporation -------------------************************************************************ 13:06:23: Scanning ----.11.7.

2011 22:10 Modified: 18.2.2011 13:30 Company: AMD ---------Key: AMD FUEL Service ImagePath: C:\Program Files\ATI Technologies\ATI.exe 176128 bytes Created: 30.2011 11:55 Company: Adobe Systems Incorporated ---------Key: afcdp ImagePath: system32\DRIVERS\afcdp.exe 291840 bytes Created: 15.2011 22:09 Modified: 15.2011 13:00 Company: Acronis ---------Key: AgereSoftModem ImagePath: system32\DRIVERS\AGRSM.Service.sys 167968 bytes Created: 11.11.0\armsvc.exe" C:\Program Files\Common Files\Adobe\ARM\1.2011 13:42 Modified: 15.sys C:\Windows\system32\DRIVERS\AGRSM.10.2009 23:13 Company: LSI Corp ---------Key: AMD External Events Utility ImagePath: %SystemRoot%\system32\atiesrxx.11.Key: AdobeARMservice ImagePath: "C:\Program Files\Common Files\Adobe\ARM\1. Inc.10.sys .Service.sys 1035776 bytes Created: 10.exe /laun chService C:\Program Files\ATI Technologies\ATI.2011 13:00 Company: Acronis ---------Key: afcdpsrv ImagePath: C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.sys C:\Windows\system32\DRIVERS\afcdp. ---------Key: amdiox86 ImagePath: system32\DRIVERS\amdiox86.2011 13:00 Modified: 11.7.0\armsvc.exe 64952 bytes Created: 6.2009 22:40 Modified: 13.sys 37944 bytes Created: 30.6.9.9.2011 11:55 Modified: 6.11.2010 9:18 Company: Advanced Micro Devices ---------Key: amdkmdap ImagePath: system32\DRIVERS\atikmpag.2011 13:42 Company: Advanced Micro Devices.sys C:\Windows\system32\DRIVERS\amdiox86.exe C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.6.9.6.ACE\Fuel\Fuel.exe 3246040 bytes Created: 11.2011 13:00 Modified: 11.11.ACE\Fuel\Fuel.sys C:\Windows\system32\DRIVERS\atikmpag.exe C:\Windows\system32\atiesrxx.

6. ---------Key: AmdPPM ImagePath: system32\DRIVERS\amdppm.2009 0:11 Modified: 14.7.10.7.sys 21584 bytes Created: 14.sys C:\Windows\system32\DRIVERS\amd_sata.6.7.6.sys C:\Windows\system32\drivers\amdxata.sys C:\Windows\system32\DRIVERS\amd_xata.2010 10:15 Modified: 17.2011 20:08 Modified: 16.2011 12:52 Company: Advanced Micro Devices.6.2011 20:08 Company: Advanced Micro Devices ---------Key: amd_xata ImagePath: system32\DRIVERS\amd_xata.2011 20:08 Company: Advanced Micro Devices ---------Key: atapi ImagePath: system32\drivers\atapi. Inc.2011 20:08 Modified: 16.257024 bytes Created: 30.10.2011 6:38 Company: Advanced Micro Devices ---------Key: amdxata ImagePath: system32\drivers\amdxata.sys C:\Windows\system32\drivers\atapi.2010 10:15 Company: Advanced Micro Devices Inc.3.sys 22400 bytes Created: 26.2009 2:26 Company: Microsoft Corporation ---------Key: AtiPcie ImagePath: system32\DRIVERS\AtiPcie.10.2009 0:11 Company: Microsoft Corporation ---------Key: amdsata ImagePath: \SystemRoot\system32\drivers\amdsata.2011 2:23 Modified: 11.6.3.7.9.2011 6:38 Company: Advanced Micro Devices ---------Key: amd_sata ImagePath: system32\DRIVERS\amd_sata.6.sys 80256 bytes Created: 26.sys C:\Windows\system32\DRIVERS\AtiPcie.2009 0:11 Modified: 14.sys 67712 bytes Created: 16.2011 2:23 Modified: 11.sys C:\Windows\system32\drivers\amdsata. .sys C:\Windows\system32\DRIVERS\amdppm.sys 52736 bytes Created: 14.sys 33920 bytes Created: 16.sys 14392 bytes Created: 17.2011 22:09 Modified: 15.

sys 62464 bytes Created: 21.10.4.2009 0:51 Modified: 14.11.9.2011 2:23 Modified: 28.10.sys C:\Windows\system32\DRIVERS\eamon.2011 22:18 Company: Broadcom Corporation ---------Key: BthEnum ImagePath: \SystemRoot\system32\drivers\BthEnum.sys 34816 bytes Created: 14.10.sys 4256320 bytes Created: 30.10.2010 12:16 Modified: 18.30319_32 ImagePath: C:\Windows\Microsoft.sys C:\Windows\System32\Drivers\BTHUSB.sys C:\Windows\system32\DRIVERS\ehdrv.---------Key: BCM43XX ImagePath: system32\DRIVERS\bcmwl6.2009 7:17 Company: ESET ---------Key: ehdrv ImagePath: system32\DRIVERS\ehdrv.sys C:\Windows\System32\Drivers\BTHport.2011 4:15 Company: Microsoft Corporation ---------Key: BTHUSB ImagePath: \SystemRoot\System32\Drivers\BTHUSB.2010 1:46 Modified: 20.2011 22:25 Modified: 30.exe 130384 bytes Created: 18.sys 393728 bytes Created: 26.sys 116008 bytes Created: 11.7.9.11.2010 12:16 Company: Microsoft Corporation ---------Key: dmvsc ImagePath: \SystemRoot\system32\drivers\dmvsc.0.7.2009 0:51 Company: Microsoft Corporation ---------Key: BTHPORT ImagePath: \SystemRoot\System32\Drivers\BTHport.2011 4:15 Company: Microsoft Corporation ---------Key: clr_optimization_v4.exe C:\Windows\Microsoft.3.2009 7:17 Modified: 11.sys .30319\mscorsvw.0.sys C:\Windows\system32\drivers\dmvsc.4.3.sys C:\Windows\system32\drivers\BthEnum.sys C:\Windows\system32\DRIVERS\bcmwl6.0.2010 22:29 Company: Microsoft Corporation ---------Key: eamon ImagePath: system32\DRIVERS\eamon.NET\Framework\v4.2011 2:23 Modified: 28.sys 60416 bytes Created: 26.30319\mscorsvw.NET\Framework\v4.

exe 20680 bytes Created: 11.sys C:\Windows\system32\DRIVERS\Epfwndis.2011 6:38 Company: Intel Corporation .4.2009 7:26 Company: ESET ---------Key: Epfwndis ImagePath: system32\DRIVERS\Epfwndis.2011 2:23 Modified: 11.3.sys 33096 bytes Created: 19.2009 9:10 Modified: 19.9.9.sys C:\Windows\system32\DRIVERS\epfw.sys 38240 bytes Created: 11.6.9.108792 bytes Created: 11.9.6.9.9.P. ---------Key: iaStorV ImagePath: \SystemRoot\system32\drivers\iaStorV.2009 7:33 Company: ESET ---------Key: ekrn ImagePath: "C:\Program Files\ESET\ESET Smart Security\ekrn.2009 7:24 Modified: 11.9.sys C:\Windows\system32\drivers\iaStorV.exe" C:\Program Files\ESET\ESET Smart Security\EHttpSrv.2009 15:58 Company: Hewlett-Packard Development Company.10.9.2009 7:23 Modified: 11.sys 332160 bytes Created: 26.2009 9:10 Company: ESET ---------Key: epfwwfp ImagePath: system32\DRIVERS\epfwwfp.9.sys C:\Windows\system32\DRIVERS\epfwwfp.exe 735960 bytes Created: 11. L.2009 7:26 Modified: 11.4.sys 135048 bytes Created: 11.2009 7:26 Company: ESET ---------Key: hpqwmiex ImagePath: "C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.2009 7:23 Company: ESET ---------Key: EhttpSrv ImagePath: "C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe" C:\Program Files\ESET\ESET Smart Security\ekrn.9.2009 7:24 Company: ESET ---------Key: epfw ImagePath: system32\DRIVERS\epfw.2009 7:26 Modified: 11.exe" C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.2009 7:33 Modified: 11.exe 229944 bytes Created: 30.2009 15:58 Modified: 30.

exe 366152 bytes Created: 25.sys 15872 bytes Created: 20.sys 28160 bytes Created: 20.12.2010 22:29 Modified: 20.2011 16:00 Company: Malwarebytes Corporation ---------Key: msahci ImagePath: system32\drivers\msahci.10.exe" C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.2010 21:13 Modified: 21.2010 22:29 Modified: 20.sys 85232 bytes Created: 21.2010 22:29 Company: Microsoft Corporation ---------Key: MBAMProtector ImagePath: \??\C:\Windows\system32\drivers\mbam.10.sys C:\Windows\system32\drivers\mbam.11.11.exe" C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.2011 16:00 Company: Malwarebytes Corporation ---------Key: MBAMService ImagePath: "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.sys C:\Windows\system32\DRIVERS\idmwfp.11.2010 22:29 Modified: 20.exe 2139400 bytes Created: 26.sys C:\Windows\System32\drivers\rdpvideominiport.sys .---------Key: IDMWFP ImagePath: system32\DRIVERS\idmwfp.12. ---------Key: kbdhid ImagePath: \SystemRoot\system32\drivers\kbdhid.5.2010 22:29 Company: Microsoft Corporation ---------Key: Revoflt ImagePath: system32\DRIVERS\revoflt.sys C:\Windows\system32\DRIVERS\revoflt.2010 3:53 Company: [no info] ---------Key: RdpVideoMiniport ImagePath: System32\drivers\rdpvideominiport.11.2010 3:53 Modified: 26.sys 22216 bytes Created: 25.8.2010 17:29 Company: Tonec Inc.2010 22:29 Company: Microsoft Corporation ---------Key: OS Selector ImagePath: "C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.2011 20:03 Modified: 31.5.sys 28032 bytes Created: 20.11.sys C:\Windows\system32\drivers\kbdhid.11.sys C:\Windows\system32\drivers\msahci.8.2011 20:03 Modified: 31.

sys 170528 bytes Created: 11.2011 13:00 Company: Acronis ---------Key: sscebus ImagePath: system32\DRIVERS\sscebus.2009 0:45 Company: Brother Industries Ltd.7.2009 0:45 Modified: 14.2010 6:55 Company: MCCI Corporation ---------Key: sscemdm ImagePath: system32\DRIVERS\sscemdm.2011 21:48 Modified: 21.sys C:\Windows\system32\DRIVERS\sscemdfl.2011 21:48 Modified: 21.7.sys C:\Windows\system32\DRIVERS\sscebus.2010 6:55 Company: MCCI Corporation ---------Key: ssceserd ImagePath: system32\DRIVERS\ssceserd.2009 0:45 Modified: 14.sys C:\Windows\system32\drivers\serial. ---------Key: snapman550 ImagePath: system32\DRIVERS\snman550.12.10.10.12.7.2011 21:48 Modified: 21.12.sys 98560 bytes Created: 27.sys C:\Windows\system32\DRIVERS\snman550.11.11.2011 13:00 Modified: 11.2010 6:55 Company: MCCI Corporation .10.27192 bytes Created: 28.sys 17920 bytes Created: 14.sys 14848 bytes Created: 27.sys C:\Windows\system32\drivers\serenum.sys C:\Windows\system32\DRIVERS\sscemdm.2011 12:12 Modified: 30.2011 21:48 Modified: 21.10.sys 83456 bytes Created: 14.sys 100352 bytes Created: 27.7.12.12.sys 123648 bytes Created: 27.sys C:\Windows\system32\DRIVERS\ssceserd.2009 10:21 Company: VS Revo Group ---------Key: Serenum ImagePath: \SystemRoot\system32\drivers\serenum.2009 0:45 Company: Microsoft Corporation ---------Key: Serial ImagePath: \SystemRoot\system32\drivers\serial.10.2010 6:55 Company: MCCI Corporation ---------Key: sscemdfl ImagePath: system32\DRIVERS\sscemdfl.

sys 25600 bytes Created: 21.11.3.2008 2:06 Company: Synaptics.sys C:\Windows\system32\DRIVERS\tdrpm273.11.2010 22:29 Company: Microsoft Corporation ---------Key: tsusbhub ImagePath: system32\drivers\tsusbhub.11.sys C:\Windows\system32\drivers\TsUsbGD. Inc.2010 22:29 Modified: 20.11.11.sys C:\Windows\system32\drivers\tsusbhub.11.sys C:\Windows\System32\drivers\synth3dvsc.11.sys 27264 bytes Created: 20.sys C:\Windows\system32\DRIVERS\usbfilter.2010 22:29 Company: Microsoft Corporation ---------Key: TsUsbGD ImagePath: \SystemRoot\system32\drivers\TsUsbGD.sys 199472 bytes Created: 28.sys 52224 bytes Created: 20.2008 2:06 Modified: 28. ---------Key: tdrpman273 ImagePath: system32\DRIVERS\tdrpm273.2011 13:00 Company: Acronis ---------Key: terminpt ImagePath: \SystemRoot\system32\drivers\terminpt.---------Key: Synth3dVsc ImagePath: System32\drivers\synth3dvsc.2010 1:46 Modified: 20.3.sys C:\Windows\System32\drivers\tsusbflt.sys 77184 bytes Created: 21.sys .sys 112640 bytes Created: 21.2011 13:00 Modified: 11.sys C:\Windows\system32\DRIVERS\SynTP.11.2010 22:29 Modified: 20.sys C:\Windows\system32\drivers\terminpt.2010 1:46 Modified: 20.2010 22:29 Company: Microsoft Corporation ---------Key: usbfilter ImagePath: system32\DRIVERS\usbfilter.2010 1:46 Modified: 20.11.11.sys 752128 bytes Created: 11.11.2010 22:29 Company: Microsoft Corporation ---------Key: SynTP ImagePath: system32\DRIVERS\SynTP.2010 22:29 Company: Microsoft Corporation ---------Key: TsUsbFlt ImagePath: System32\drivers\tsusbflt.11.

2009 23:02 Company: Marvell ---------************************************************************ 13:06:44: Scanning -----VXD ENTRIES----- .2009 23:02 Modified: 13.sys 146432 bytes Created: 20.2011 16:44 Company: Advanced Micro Devices ---------Key: usbvideo ImagePath: System32\Drivers\usbvideo.2010 22:29 Company: Microsoft Corporation ---------Key: VGPU ImagePath: System32\drivers\rdvgkmd.2010 22:29 Modified: 20.sys 35968 bytes Created: 20.7.7.2010 22:29 Modified: 20.sys C:\Windows\System32\Drivers\usbvideo.sys .2009 0:52 Modified: 14.11.10.7.sys 19968 bytes Created: 14.exe 1343400 bytes Created: 28.2009 0:52 Modified: 14.7.11.10.2011 22:11 Modified: 17.2010 22:29 Company: Microsoft Corporation ---------Key: yukonw7 ImagePath: system32\DRIVERS\yk62x86.41600 bytes Created: 30.sys C:\Windows\system32\DRIVERS\yk62x86.7.8.sys C:\Windows\system32\DRIVERS\WinUsb.7.2009 0:52 Company: Microsoft Corporation ---------Key: vwififlt ImagePath: system32\DRIVERS\vwififlt.[file not found to scan] ---------Key: vwifibus ImagePath: system32\DRIVERS\vwifibus.11.2011 23:18 Modified: 28.11.exe C:\Windows\system32\Wat\WatAdminSvc.sys C:\Windows\system32\DRIVERS\vwififlt.sys C:\Windows\System32\drivers\rdvgkmd.sys 48128 bytes Created: 14.2009 0:52 Company: Microsoft Corporation ---------Key: WatAdminSvc ImagePath: %SystemRoot%\system32\Wat\WatAdminSvc.2011 23:18 Company: Microsoft Corporation ---------Key: WinUsb ImagePath: system32\DRIVERS\WinUsb.10.sys 311296 bytes Created: 13.sys C:\Windows\system32\DRIVERS\vwifibus.

CONTEXTMENUHANDLERS ----Key: ESET Smart Security .dll 183880 bytes Created: 11.2010 16:28 Company: Internet Download Manager.12. .9.12.BROWSER HELPER OBJECTS ----Key: {0055C089-8582-441B-A0BF-17B458C2A3A8} BHO: C:\Program Files\Internet Download Manager\IDMIECC.dll C:\Program Files\TeraCopy\TeraCopyExt.2.2. Tonec Inc.dll 202160 bytes Created: 21.2009 7:37 Company: ESET ---------Key: TeraCopy CLSID: {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} Path: C:\Program Files\TeraCopy\TeraCopyExt.dll 305664 bytes Created: 25.SHELLSERVICEOBJECTS ----************************************************************ 13:06:45: Scanning ----.2011 20:02 Company: Acronis ---------************************************************************ 13:06:44: Scanning ----. ---------************************************************************ 13:06:45: Scanning ----.dll 124256 bytes Created: 1.Context Menu Shell Extension CLSID: {B089FE88-FB52-11D3-BDF1-0050DA34150D} Path: C:\Program Files\ESET\ESET Smart Security\shellExt.2011 20:02 Modified: 1.10.FOLDER\COLUMNHANDLERS ----************************************************************ 13:06:44: Scanning ----.2010 21:13 Modified: 23.IMAGEFILE DEBUGGERS ----No "Debugger" entries found.WINLOGON\NOTIFY DLLS ----No WINLOGON\NOTIFY DLLs found to scan Rootkit scan of Winlogon\Notify key not possible [key may not exist] ************************************************************ 13:06:44: Scanning ----.2011 20:53 Modified: 22.2009 7:26 Company: [no info] ---------Key: VersionsPageShellExt CLSID: {9E42900A-85F9-4E67-9778-575FBBA0A81C} Path: C:\Program Files\Acronis\TrueImageHome\versions_page.dll C:\Program Files\Acronis\TrueImageHome\versions_page.dll C:\Program Files\ESET\ESET Smart Security\shellExt.6.2009 7:37 Modified: 11.dll C:\Program Files\Internet Download Manager\IDMIECC.9.SHAREDTASKSCHEDULER ENTRIES ----No SharedTaskScheduler entries found to scan ************************************************************ 13:06:45: Scanning ----.************************************************************ 13:06:44: Scanning ----.

2009 5:41 Modified: 14.exe 136176 bytes Created: 31. ??? ? ??????? ?? ??? ??????????? ??????? ?? ??????? Google ??????? ???? ?? ?? ?????? ??.exe C:\Users\Igor777\AppData\Local\Google\Update\GoogleUpdate.10.10.10. ??? ????? ?? ?????????? ??????????? ????????? ???? ???? ?? ?? ???????.2009 5:41 Company: [no info] -------------------************************************************************ 13:06:46: Scanning ----.COMMON STARTUP GROUP -----[C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup] The Common Startup Group attempts to load the following file(s) at boot time: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.exe 136176 bytes Created: 31.SECURITY PROVIDER DLLS ----************************************************************ 13:06:45: Scanning -----.ini -HS.7.************************************************************ 13:06:45: Scanning ----.APPINIT_DLLS ----The AppInit_DLLs value is blank or does not exist ************************************************************ 13:06:45: Scanning ----.exe C:\Users\Igor777\AppData\Local\Google\Update\GoogleUpdate.11.2011 22:52 Modified: 31.USER STARTUP GROUPS ----Checking Startup Group for: Igor777 [C:\Users\Igor777\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup] C:\Users\Igor777\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\d esktop. Google ??????? ?? ???? ??????? ?????????.SCHEDULED TASKS ----Taskname: GoogleUpdateTaskUserS-1-5-21-1871904078-2232636328-3387153480-100 0Core File: C:\Users\Igor777\AppData\Local\Google\Update\GoogleUpdate.2011 22:57:00 Status: Ready Creator: Igor777 Comments: ??????? ??????? Google ???????. ? ???????? ????? ???? ??????.174 bytes Created: 30.2011 22:52 Company: Google Inc.ini -HS. ??????? ?? ???? ??????? ????????? ??? ???????.2011 22:52 Modified: 31.10. ---------Taskname: GoogleUpdateTaskUserS-1-5-21-1871904078-2232636328-3387153480-100 0UA File: C:\Users\Igor777\AppData\Local\Google\Update\GoogleUpdate.10.10.2011 22:12 Company: [no info] ----------------------------************************************************************ 13:06:46: Scanning ----.174 bytes Created: 14.2011 22:52 . Parameters: /c Schedule: At 22:57:00 every day Next Run Time: 11.2011 22:12 Modified: 30.7.

---------************************************************************ 13:06:47: Scanning ----.jpg C:\Users\Igor777\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.SHELLICONOVERLAYIDENTIFIERS ----Key: IDM Shell Extension CLSID: {CDC95B92-E27C-4745-A8C5-64A52A78855D} File: C:\Program Files\Internet Download Manager\IDMShellExt.dll 66656 bytes Created: 21.Company: Google Inc. Google ??????? ?? ???? ??????? ?????????. ---------Key: SharingPrivate CLSID: {08244EE6-92F0-47f2-9FC9-929BAA2E7235} File: %SystemRoot%\system32\ntshrui.DEVICE DRIVER ENTRIES ----************************************************************ 13:06:47: ----.2011 23:30 Modified: 11. Parameters: /ua /installsource scheduler Schedule: At 22:57:00 every day Next Run Time: 11.11.11.2010 22:29 Modified: 20.ADDITIONAL CHECKS ----Winlogon registry rootkit checks completed ---------Heuristic checks for hidden files/drivers completed ---------Layered Service Provider entries checks completed ---------Windows Explorer Policies checks completed ---------Desktop Wallpaper: C:\Users\Igor777\AppData\Roaming\Microsoft\Windows\Themes\Tra nscodedWallpaper.2010 21:13 Modified: 21.2011 13:00 Company: [no info] ---------Web Desktop Wallpaper entry is blank ---------Checks for rogue DNS NameServers completed ---------- .dll C:\Windows\system32\ntshrui.10.11. ??? ????? ?? ?????????? ??????????? ????????? ???? ???? ?? ?? ???????. ??????? ?? ???? ??????? ????????? ??? ???????.12. ? ???????? ????? ???? ??????.11. ??? ? ??????? ?? ??? ??????????? ??????? ?? ??????? Google ??????? ???? ?? ?? ?????? ??.dll 442880 bytes Created: 20.dll C:\Program Files\Internet Download Manager\IDMShellExt.2010 17:29 Company: Tonec Inc.jp g 1355363 bytes Created: 24.2011 13:57:00 Status: Ready Creator: Igor777 Comments: ??????? ??????? Google ???????.12.2010 22:29 Company: Microsoft Corporation ---------************************************************************ 13:06:47: Scanning ----.

7.7.7.2009 2:14 Company: Microsoft Corporation -------------------C:\Windows\system32\lsass.2009 2:14 Company: Microsoft Corporation -------------------C:\Windows\system32\wininit.2009 0:11 Modified: 14.7.7.11.2009 2:14 Company: Microsoft Corporation -------------------C:\Windows\system32\csrss.2009 0:11 Modified: 14.11.2010 22:29 Modified: 20.7.11.exe 69632 bytes Created: 14.7.9.exe 6144 bytes Created: 14.7.2009 0:36 Modified: 14.10.2011 13:30 Company: AMD --------------------------------------- .exe 259072 bytes Created: 14.2009 2:14 Company: Microsoft Corporation --------------------------------------C:\Windows\system32\winlogon.Additional checks completed ************************************************************ 13:06:48: Scanning ----.RUNNING PROCESSES ----C:\Windows\System32\smss.exe 267776 bytes Created: 20.2011 22:09 Modified: 15.2009 2:14 Company: Microsoft Corporation -------------------C:\Windows\system32\lsm.7.exe 96256 bytes Created: 14.exe 286720 bytes Created: 20.2009 2:14 Company: Microsoft Corporation -------------------C:\Windows\system32\services.7.2010 22:29 Company: Microsoft Corporation -------------------C:\Windows\system32\svchost.exe 22528 bytes Created: 14.2010 22:29 Company: Microsoft Corporation -------------------C:\Windows\system32\atieclxx.2009 0:19 Modified: 14.7.7.2009 0:11 Modified: 14.2009 0:11 Modified: 14.exe 20992 bytes Created: 14.exe 397312 bytes Created: 30.

2009 0:51 Modified: 14.exe 317440 bytes Created: 20.exe 257536 bytes Created: 20.Service.2011 13:42 Company: Advanced Micro Devices.2010 22:29 Modified: 20.12.exe 92672 bytes Created: 14.11.11.2008 2:06 Company: Synaptics.11.exe 632888 bytes Created: 1.2011 5:22 Company: Microsoft Corporation -------------------C:\Windows\System32\spoolsv.2010 22:29 Company: Microsoft Corporation -------------------C:\Program Files\ATI Technologies\ATI. -------------------C:\Windows\system32\wbem\wmiprvse. -------------------C:\Program Files\Hewlett-Packard\Shared\hpqToaster.2010 22:29 Company: Microsoft Corporation --------------------------------------C:\Windows\system32\Dwm.2010 16:28 Company: Tonec Inc.2008 2:06 Modified: 28.2009 15:44 .2010 22:29 Company: Microsoft Corporation --------------------------------------C:\Program Files\Synaptics\SynTP\SynTPHelper.C:\Windows\system32\WLANExt.2010 22:29 Modified: 20. -------------------C:\Program Files\Internet Download Manager\IEMonitor.exe 291840 bytes Created: 15.3.11.9.exe 49152 bytes Created: 20.11.5.7.exe 271360 bytes Created: 25.2010 21:13 Modified: 25.2010 22:29 Modified: 20.7.10.7.2011 13:42 Modified: 15.exe 95528 bytes Created: 28. Inc.2009 2:14 Company: Microsoft Corporation -------------------C:\Windows\system32\conhost.7.3.2009 0:24 Modified: 14.9.2011 6:45 Modified: 24.2009 2:14 Company: Microsoft Corporation -------------------C:\Windows\system32\taskhost. Inc.2009 15:44 Modified: 1.11.ACE\Fuel\Fuel.6.exe 263600 bytes Created: 21.exe 77312 bytes Created: 14.7.7.

11.2011 5:28 Company: Microsoft Corporation -------------------C:\Program Files\Winamp\winamp.exe 86528 bytes Created: 25.exe 427520 bytes Created: 25.2010 22:29 Modified: 20.6.2011 3:18 Modified: 4.Company: -------------------C:\Windows\system32\SearchIndexer.htm .2011 19:53 Modified: 1.5.5.6.2.exe 1592672 bytes Created: 29.exe FileSize: 4740016 [This is a Trojan Remover component] --------------------------------------C:\Windows\system32\SearchProtocolHost.microsoft.2011 5:28 Company: Microsoft Corporation -------------------C:\Windows\system32\SearchFilterHost.2010 22:29 Company: Microsoft Corporation -------------------C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe 804528 bytes Created: 1.2010 22:29 Modified: 20. -------------------C:\Windows\servicing\TrustedInstaller.2011 3:18 Modified: 4.2010 22:29 Company: Microsoft Corporation -------------------C:\Windows\system32\msiexec.exe 164352 bytes Created: 25.11.10.2011 19:53 Company: Acronis -------------------C:\Program Files\Trojan Remover\Rmvtrjan.2011 5:28 Company: Microsoft Corporation -------------------************************************************************ 13:06:53: Checking HOSTS file No malicious entries were found in the HOSTS file ************************************************************ -----.INTERNET EXPLORER HOME/START/SEARCH SETTINGS -----HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page": http://go. Inc.11.5.2011 3:18 Modified: 4.11.2.2010 5:01 Modified: 29.exe 204800 bytes Created: 20.com/fwlink/?LinkId=69157 HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page": C:\Windows\System32\blank.exe 73216 bytes Created: 20.10.10.2010 5:01 Company: Nullsoft.

com/fwlink/?LinkId=69157 HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL": http://go. For information.com/fwlink/?LinkId=54896 HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page": http://go.microsoft.exe 2616320 bytes Created: 25.2.exe C:\Windows\explorer.htm HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page": http://go.SCANNING FOR ROOTKIT SERVICES ----No hidden Services were detected.1.com/fwlink/?LinkId=69157 HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page": C:\Windows\system32\blank.microsoft.microsoft. email support@simplysup.2600.com/fwlink/?LinkId=54896 HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL": http://go.exe .2.microsoft. ************************************************************ 19:10:55: Scanning -----WINDOWS REGISTRY-----------------------Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon -------------------Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon This key's "Shell" value calls the following program(s): Key value: [explorer.microsoft.exe] File: explorer.8.exe.] File: C:\Windows\system32\userinit.com [Unregistered version] Scan started at: 19:10:54 06 nov 2011 Using Database v7788 Operating System: Windows 7 Ultimate (SP1) [Build: 6.2011 3:18 Modified: 25.2011 6:30 Company: Microsoft Corporation ---------This key's "Userinit" value calls the following program(s): Key value: [C:\Windows\system32\userinit.HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page": http://go.com/fwlink/?LinkId=54896 ************************************************************ === NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES === Scan completed at: 13:06:53 11 nov 2011 Total Scan time: 00:00:33 ************************************************************ ***** NORMAL SCAN FOR ACTIVE MALWARE ***** Trojan Remover Ver 6.10.7601] File System: NTFS UAC is ENABLED [default level] UserData directory: C:\Users\Igor777\AppData\Roaming\Simply Super Software\Troja n Remover\ Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\ Logfile directory: C:\Users\Igor777\Documents\Simply Super Software\Trojan Remo ver Logfiles\ Program directory: C:\Program Files\Trojan Remover\ Running with Administrator privileges ************************************************************ ************************************************************ 19:10:54: ----.

exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain. Inc.9.2010 22:29 Modified: 20.9.2008 2:05 Company: Synaptics.3.exe 498744 bytes Created: 23.11.2008 2:05 Modified: 28.exe /autoRun C:\Program Files\Windows Sidebar\sidebar.7.2011 2:31 Modified: 26.2010 22:29 Company: Microsoft Corporation -------------------Value Name: IDMan Value Data: C:\Program Files\Internet Download Manager\IDMan.3.11.exe 2054360 bytes Created: 11.10.exe 1045800 bytes Created: 28.2011 2:32 .10.exe 3270040 bytes Created: 26.2009 7:23 Modified: 11.exe 1174016 bytes Created: 20.2010 22:29 Company: Microsoft Corporation ----------------------------Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows -------------------Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Value Name: load -------------------Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Value Name: TaskTray Value Data: Blank entry: [] -------------------Value Name: SynTPEnh Value Data: C:\Program Files\Synaptics\SynTP\SynTPEnh.7.11.exe" /hide /waitserv ice C:\Program Files\ESET\ESET Smart Security\egui. -------------------Value Name: egui Value Data: "C:\Program Files\ESET\ESET Smart Security\egui.C:\Windows\system32\userinit.11.2009 11:04 Modified: 23.2010 22:29 Modified: 20.2009 11:04 Company: Hewlett-Packard -------------------Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce This Registry Key appears to be empty -------------------Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Value Name: Sidebar Value Data: C:\Program Files\Windows Sidebar\sidebar.exe /onboot C:\Program Files\Internet Download Manager\IDMan.exe 26624 bytes Created: 20.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.2009 7:23 Company: ESET -------------------Value Name: WirelessAssistant Value Data: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.

exe C:\Windows\system32\atiesrxx.6.exe" C:\Program Files\Common Files\Adobe\ARM\1.2011 13:30 Company: AMD ---------Key: AMD FUEL Service ImagePath: C:\Program Files\ATI Technologies\ATI.Service.7.REGISTRY ACTIVE SETUP KEYS ----************************************************************ 19:10:56: Scanning ----.2011 22:09 Modified: 15.exe 64952 bytes Created: 6.exe /laun chService C:\Program Files\ATI Technologies\ATI.0\armsvc.ACE\Fuel\Fuel.exe 291840 bytes Created: 15.ACE\Fuel\Fuel. Inc.SERVICES REGISTRY KEYS ----Key: AdobeARMservice ImagePath: "C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.2011 11:55 Company: Adobe Systems Incorporated ---------Key: AgereSoftModem ImagePath: system32\DRIVERS\AGRSM.exe 176128 bytes Created: 30.9.Service.sys 1035776 bytes Created: 10. ************************************************************ 19:10:56: Scanning ----.SERVICEDLL REGISTRY KEYS ----************************************************************ 19:10:57: Scanning ----.2011 11:55 Modified: 6.6.2011 13:42 Modified: 15.10.9. .9.2011 13:42 Company: Advanced Micro Devices.6. -------------------Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce This Registry Key appears to be empty ************************************************************ 19:10:56: Scanning -----SHELLEXECUTEHOOKS----ShellExecuteHooks key is empty ************************************************************ 19:10:56: Scanning -----HIDDEN REGISTRY ENTRIES----Taskdir check completed ---------No Hidden File-loading Registry Entries found ---------************************************************************ 19:10:56: Scanning -----ACTIVE SCREENSAVER----No active ScreenSaver found to scan.sys C:\Windows\system32\DRIVERS\AGRSM.2009 23:13 Company: LSI Corp ---------Key: AMD External Events Utility ImagePath: %SystemRoot%\system32\atiesrxx.2009 22:40 Modified: 13.Company: Tonec Inc.

2011 20:08 Company: Advanced Micro Devices ---------Key: amd_xata ImagePath: system32\DRIVERS\amd_xata.sys .2011 22:09 Modified: 15.7.2011 6:38 Company: Advanced Micro Devices ---------Key: amdxata ImagePath: system32\drivers\amdxata.sys 52736 bytes Created: 14.10.2011 20:08 Modified: 16.10.6.2011 22:10 Modified: 18. ---------Key: AmdPPM ImagePath: system32\DRIVERS\amdppm.2.3.2011 20:08 Company: Advanced Micro Devices ---------Key: atapi ImagePath: system32\drivers\atapi.2009 0:11 Modified: 14.2011 2:23 Modified: 11.sys 67712 bytes Created: 16.2011 2:23 Modified: 11.sys 22400 bytes Created: 26.2010 9:18 Company: Advanced Micro Devices ---------Key: amdkmdap ImagePath: system32\DRIVERS\atikmpag.2011 12:52 Company: Advanced Micro Devices.6.3.6.sys 80256 bytes Created: 26.sys C:\Windows\system32\DRIVERS\amdiox86.9.sys 257024 bytes Created: 30.sys C:\Windows\system32\drivers\atapi.---------Key: amdiox86 ImagePath: system32\DRIVERS\amdiox86.sys C:\Windows\system32\DRIVERS\amd_xata.sys 37944 bytes Created: 30. Inc.10.sys C:\Windows\system32\DRIVERS\atikmpag.sys C:\Windows\system32\DRIVERS\amd_sata.2011 6:38 Company: Advanced Micro Devices ---------Key: amd_sata ImagePath: system32\DRIVERS\amd_sata.sys C:\Windows\system32\drivers\amdsata.10.7.2009 0:11 Company: Microsoft Corporation ---------Key: amdsata ImagePath: \SystemRoot\system32\drivers\amdsata.sys 33920 bytes Created: 16.sys C:\Windows\system32\DRIVERS\amdppm.sys C:\Windows\system32\drivers\amdxata.2011 20:08 Modified: 16.6.

2010 12:16 Modified: 18.10.7.4.2011 22:25 Modified: 30.2011 4:15 Company: Microsoft Corporation ---------Key: BTHUSB ImagePath: \SystemRoot\System32\Drivers\BTHUSB.10.3.30319\mscorsvw.0.11.2009 0:51 Modified: 14.sys C:\Windows\system32\drivers\BthEnum.7.2010 1:46 Modified: 20.2010 12:16 Company: Microsoft Corporation ---------Key: dmvsc ImagePath: \SystemRoot\system32\drivers\dmvsc.2009 0:11 Modified: 14.2010 22:29 Company: Microsoft Corporation .7.30319\mscorsvw.30319_32 ImagePath: C:\Windows\Microsoft.sys C:\Windows\System32\Drivers\BTHUSB.sys 4256320 bytes Created: 30.2011 2:23 Modified: 28.2009 0:51 Company: Microsoft Corporation ---------Key: BTHPORT ImagePath: \SystemRoot\System32\Drivers\BTHport.6.sys 14392 bytes Created: 17.sys C:\Windows\system32\DRIVERS\AtiPcie.sys C:\Windows\system32\drivers\dmvsc.sys 60416 bytes Created: 26.6.10.2011 22:18 Company: Broadcom Corporation ---------Key: BthEnum ImagePath: \SystemRoot\system32\drivers\BthEnum.NET\Framework\v4.11.4.10.NET\Framework\v4.sys 393728 bytes Created: 26. ---------Key: BCM43XX ImagePath: system32\DRIVERS\bcmwl6.2010 10:15 Company: Advanced Micro Devices Inc.sys 34816 bytes Created: 14.2009 2:26 Company: Microsoft Corporation ---------Key: AtiPcie ImagePath: system32\DRIVERS\AtiPcie.21584 bytes Created: 14.3.0.sys 62464 bytes Created: 21.sys C:\Windows\system32\DRIVERS\bcmwl6.sys C:\Windows\System32\Drivers\BTHport.0.2011 4:15 Company: Microsoft Corporation ---------Key: clr_optimization_v4.2011 2:23 Modified: 28.exe 130384 bytes Created: 18.2010 10:15 Modified: 17.exe C:\Windows\Microsoft.7.

2009 7:26 Company: ESET ---------Key: hpqwmiex ImagePath: "C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.sys 135048 bytes Created: 11.9.sys 108792 bytes Created: 11.9.2009 7:26 Modified: 11.sys C:\Windows\system32\DRIVERS\eamon.exe" C:\Program Files\ESET\ESET Smart Security\ekrn.exe" C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.2009 7:33 Company: ESET ---------Key: ekrn ImagePath: "C:\Program Files\ESET\ESET Smart Security\ekrn.sys C:\Windows\system32\DRIVERS\ehdrv.9.---------Key: eamon ImagePath: system32\DRIVERS\eamon.2009 7:17 Company: ESET ---------Key: ehdrv ImagePath: system32\DRIVERS\ehdrv.exe 735960 bytes Created: 11.sys 33096 bytes Created: 19.9.sys C:\Windows\system32\DRIVERS\Epfwndis.9.9.2009 9:10 Modified: 19.sys C:\Windows\system32\DRIVERS\epfw.2009 7:23 Modified: 11.2009 7:24 Company: ESET ---------Key: epfw ImagePath: system32\DRIVERS\epfw.9.2009 7:26 Company: ESET ---------Key: Epfwndis ImagePath: system32\DRIVERS\Epfwndis.9.9.2009 7:26 Modified: 11.2009 7:24 Modified: 11.exe" C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe 20680 bytes Created: 11.9.sys 116008 bytes Created: 11.exe .sys C:\Windows\system32\DRIVERS\epfwwfp.sys 38240 bytes Created: 11.2009 7:17 Modified: 11.2009 7:33 Modified: 11.6.2009 9:10 Company: ESET ---------Key: epfwwfp ImagePath: system32\DRIVERS\epfwwfp.2009 7:23 Company: ESET ---------Key: EhttpSrv ImagePath: "C:\Program Files\ESET\ESET Smart Security\EHttpSrv.9.9.6.

4.5.229944 bytes Created: 30.2009 15:58 Company: Hewlett-Packard Development Company.2010 17:29 Company: Tonec Inc.exe" C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.11.sys C:\Windows\system32\drivers\msahci.2010 21:13 Modified: 21.2010 22:29 Company: Microsoft Corporation ---------Key: OS Selector ImagePath: "C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.sys C:\Windows\system32\drivers\kbdhid.4. ---------Key: iaStorV ImagePath: \SystemRoot\system32\drivers\iaStorV.sys 28160 bytes Created: 20.sys 22216 bytes Created: 25.8.exe 366152 bytes Created: 25.2011 16:00 Company: Malwarebytes Corporation ---------Key: MBAMService ImagePath: "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.12.2011 16:00 Company: Malwarebytes Corporation ---------Key: msahci ImagePath: system32\drivers\msahci.exe 2139400 bytes Created: 26.11.2010 22:29 Company: Microsoft Corporation ---------Key: MBAMProtector ImagePath: \??\C:\Windows\system32\drivers\mbam.2010 22:29 Modified: 20.2010 3:53 Company: [no info] .2011 20:03 Modified: 31.2011 6:38 Company: Intel Corporation ---------Key: IDMWFP ImagePath: system32\DRIVERS\idmwfp.12.11.exe" C:\Program Files\Malwarebytes' Anti-Malware\mbamservice. ---------Key: kbdhid ImagePath: \SystemRoot\system32\drivers\kbdhid.10.sys 332160 bytes Created: 26. L.11.10.3.sys 28032 bytes Created: 20.2009 15:58 Modified: 30.sys C:\Windows\system32\DRIVERS\idmwfp.sys C:\Windows\system32\drivers\mbam.2010 3:53 Modified: 26.sys 85232 bytes Created: 21.2011 20:03 Modified: 31.5.sys C:\Windows\system32\drivers\iaStorV.8.P.10.2011 2:23 Modified: 11.2010 22:29 Modified: 20.

sys C:\Windows\system32\DRIVERS\revoflt.2009 0:45 Company: Brother Industries Ltd.2011 21:48 Modified: 21.sys C:\Windows\system32\drivers\serial. ---------Key: sscebus ImagePath: system32\DRIVERS\sscebus.11.sys 17920 bytes Created: 14.2009 0:45 Company: Microsoft Corporation ---------Key: Serial ImagePath: \SystemRoot\system32\drivers\serial.2009 10:21 Company: VS Revo Group ---------Key: Serenum ImagePath: \SystemRoot\system32\drivers\serenum.sys C:\Windows\system32\DRIVERS\ssceserd.sys .7.2010 22:29 Company: Microsoft Corporation ---------Key: Revoflt ImagePath: system32\DRIVERS\revoflt.sys 123648 bytes Created: 27.12.2010 22:29 Modified: 20.2011 12:12 Modified: 30.12.2010 6:55 Company: MCCI Corporation ---------Key: sscemdfl ImagePath: system32\DRIVERS\sscemdfl.2011 21:48 Modified: 21.11.2009 0:45 Modified: 14.---------Key: RdpVideoMiniport ImagePath: System32\drivers\rdpvideominiport.sys 27192 bytes Created: 28.7.7.12.12.sys 83456 bytes Created: 14.sys 14848 bytes Created: 27.sys C:\Windows\System32\drivers\rdpvideominiport.sys 98560 bytes Created: 27.2010 6:55 Company: MCCI Corporation ---------Key: sscemdm ImagePath: system32\DRIVERS\sscemdm.7.2011 21:48 Modified: 21.sys C:\Windows\system32\DRIVERS\sscemdfl.10.2009 0:45 Modified: 14.10.sys C:\Windows\system32\DRIVERS\sscebus.2010 6:55 Company: MCCI Corporation ---------Key: ssceserd ImagePath: system32\DRIVERS\ssceserd.sys 15872 bytes Created: 20.sys C:\Windows\system32\DRIVERS\sscemdm.sys C:\Windows\system32\drivers\serenum.10.10.

sys 41600 bytes Created: 30.sys 25600 bytes Created: 21.11.11.2010 22:29 Company: Microsoft Corporation ---------Key: usbfilter ImagePath: system32\DRIVERS\usbfilter.sys 52224 bytes Created: 20.2010 1:46 Modified: 20.2008 2:06 Modified: 28.10.11.3.2010 6:55 Company: MCCI Corporation ---------Key: Synth3dVsc ImagePath: System32\drivers\synth3dvsc.sys C:\Windows\System32\drivers\synth3dvsc.sys 112640 bytes Created: 21.8.2011 16:44 Company: Advanced Micro Devices .11.12. Inc.10.11.2008 2:06 Company: Synaptics.11.2010 1:46 Modified: 20.11.sys C:\Windows\system32\DRIVERS\SynTP.sys C:\Windows\System32\drivers\tsusbflt.3.11.2010 1:46 Modified: 20.2010 22:29 Modified: 20.2011 21:48 Modified: 21.11.2010 22:29 Company: Microsoft Corporation ---------Key: SynTP ImagePath: system32\DRIVERS\SynTP.2010 22:29 Company: Microsoft Corporation ---------Key: tsusbhub ImagePath: system32\drivers\tsusbhub.sys C:\Windows\system32\drivers\tsusbhub.sys 199472 bytes Created: 28.sys 77184 bytes Created: 21.sys C:\Windows\system32\DRIVERS\usbfilter. ---------Key: terminpt ImagePath: \SystemRoot\system32\drivers\terminpt.100352 bytes Created: 27.sys C:\Windows\system32\drivers\TsUsbGD.2011 22:11 Modified: 17.2010 22:29 Company: Microsoft Corporation ---------Key: TsUsbFlt ImagePath: System32\drivers\tsusbflt.2010 22:29 Modified: 20.2010 22:29 Company: Microsoft Corporation ---------Key: TsUsbGD ImagePath: \SystemRoot\system32\drivers\TsUsbGD.sys C:\Windows\system32\drivers\terminpt.sys 27264 bytes Created: 20.11.

sys C:\Windows\system32\DRIVERS\vwifibus.7.sys C:\Windows\system32\DRIVERS\WinUsb.2009 0:52 Modified: 14.2009 0:52 Modified: 14.10.2009 0:52 Company: Microsoft Corporation ---------Key: WatAdminSvc ImagePath: %SystemRoot%\system32\Wat\WatAdminSvc.WINLOGON\NOTIFY DLLS ----No WINLOGON\NOTIFY DLLs found to scan .11.sys 19968 bytes Created: 14.2009 23:02 Company: Marvell ---------************************************************************ 19:11:13: Scanning -----VXD ENTRIES----************************************************************ 19:11:13: Scanning ----.7.11.2011 23:18 Modified: 28.exe C:\Windows\system32\Wat\WatAdminSvc.sys 311296 bytes Created: 13.2010 22:29 Company: Microsoft Corporation ---------Key: VGPU ImagePath: System32\drivers\rdvgkmd.7.sys C:\Windows\system32\DRIVERS\yk62x86.sys C:\Windows\System32\drivers\rdvgkmd.11.exe 1343400 bytes Created: 28.7.7.2010 22:29 Modified: 20.2010 22:29 Company: Microsoft Corporation ---------Key: yukonw7 ImagePath: system32\DRIVERS\yk62x86.sys 48128 bytes Created: 14.7.---------Key: usbvideo ImagePath: System32\Drivers\usbvideo.11.2011 23:18 Company: Microsoft Corporation ---------Key: WinUsb ImagePath: system32\DRIVERS\WinUsb.[file not found to scan] ---------Key: vwifibus ImagePath: system32\DRIVERS\vwifibus.sys .sys C:\Windows\System32\Drivers\usbvideo.2009 23:02 Modified: 13.sys 35968 bytes Created: 20.sys C:\Windows\system32\DRIVERS\vwififlt.sys 146432 bytes Created: 20.2010 22:29 Modified: 20.10.2009 0:52 Company: Microsoft Corporation ---------Key: vwififlt ImagePath: system32\DRIVERS\vwififlt.

12.Context Menu Shell Extension CLSID: {B089FE88-FB52-11D3-BDF1-0050DA34150D} Path: C:\Program Files\ESET\ESET Smart Security\shellExt.2009 7:37 Modified: 11.2010 16:28 Company: Internet Download Manager. ---------************************************************************ 19:11:14: Scanning ----.9.dll 202160 bytes Created: 21.FOLDER\COLUMNHANDLERS ----************************************************************ 19:11:14: Scanning ----.dll C:\Program Files\ESET\ESET Smart Security\shellExt.Rootkit scan of Winlogon\Notify key not possible [key may not exist] ************************************************************ 19:11:13: Scanning ----.IMAGEFILE DEBUGGERS ----No "Debugger" entries found.2011 20:53 Modified: 22.SHAREDTASKSCHEDULER ENTRIES ----No SharedTaskScheduler entries found to scan ************************************************************ 19:11:14: Scanning ----.BROWSER HELPER OBJECTS ----Key: {0055C089-8582-441B-A0BF-17B458C2A3A8} BHO: C:\Program Files\Internet Download Manager\IDMIECC.dll 183880 bytes Created: 11.ini .COMMON STARTUP GROUP -----[C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup] The Common Startup Group attempts to load the following file(s) at boot time: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.2010 21:13 Modified: 23.12.SECURITY PROVIDER DLLS ----************************************************************ 19:11:15: Scanning -----.APPINIT_DLLS ----The AppInit_DLLs value is blank or does not exist ************************************************************ 19:11:15: Scanning ----.6.CONTEXTMENUHANDLERS ----Key: ESET Smart Security .10.dll C:\Program Files\Internet Download Manager\IDMIECC.dll C:\Program Files\TeraCopy\TeraCopyExt.dll 305664 bytes Created: 25.2009 7:37 Company: ESET ---------Key: TeraCopy CLSID: {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} Path: C:\Program Files\TeraCopy\TeraCopyExt. ************************************************************ 19:11:14: Scanning ----.SHELLSERVICEOBJECTS ----************************************************************ 19:11:14: Scanning ----.9. Tonec Inc.2009 7:26 Company: [no info] ---------************************************************************ 19:11:14: Scanning ----.

2011 22:12 Company: [no info] ----------------------------************************************************************ 19:11:16: Scanning ----.11. ??? ????? ?? ?????????? ??????????? ????????? ???? ???? ?? ?? ???????. ??? ????? ?? ?????????? ??????????? ????????? ???? ???? ?? ?? ???????.-HS. ??????? ?? ???? ??????? ????????? ??? ???????. Parameters: /c Schedule: At 22:57:00 every day Next Run Time: 6. Google ??????? ?? ???? ??????? ?????????.2011 22:52 Company: Google Inc.2009 5:41 Company: [no info] -------------------************************************************************ 19:11:15: Scanning ----.174 bytes Created: 30. ??? ? ??????? ?? ??? ??????????? ??????? ?? ??????? Google ??????? ???? ?? ?? ?????? ??.exe C:\Users\Igor777\AppData\Local\Google\Update\GoogleUpdate.2011 22:52 Modified: 31.2009 5:41 Modified: 14. ---------Taskname: GoogleUpdateTaskUserS-1-5-21-1871904078-2232636328-3387153480-100 0UA File: C:\Users\Igor777\AppData\Local\Google\Update\GoogleUpdate.exe 136176 bytes Created: 31.2011 22:57:00 Status: Ready Creator: Igor777 Comments: ??????? ??????? Google ???????.10.11.2011 22:52 Company: Google Inc.exe C:\Users\Igor777\AppData\Local\Google\Update\GoogleUpdate.10.SCHEDULED TASKS ----Taskname: GoogleUpdateTaskUserS-1-5-21-1871904078-2232636328-3387153480-100 0Core File: C:\Users\Igor777\AppData\Local\Google\Update\GoogleUpdate. ? ???????? ????? ???? ??????. ? ???????? ????? ???? ??????. Parameters: /ua /installsource scheduler Schedule: At 22:57:00 every day Next Run Time: 6.USER STARTUP GROUPS ----Checking Startup Group for: Igor777 [C:\Users\Igor777\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup] C:\Users\Igor777\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\d esktop.2011 19:57:00 Status: Ready Creator: Igor777 Comments: ??????? ??????? Google ???????.10.10. Google ??????? ?? ???? ??????? ?????????.ini -HS.exe 136176 bytes Created: 31.10.174 bytes Created: 14.2011 22:12 Modified: 30. ??????? ?? ???? ??????? ????????? ??? ???????.7.2011 22:52 Modified: 31.10.7. ??? ? ??????? ?? ??? ??????????? ??????? ?? ??????? Google ??????? ???? ?? ?? ?????? ??. ---------- .

11.dll C:\Windows\system32\ntshrui.2011 23:30 Modified: 6.11.10.exe 69632 bytes Created: 14.jpg C:\Users\Igor777\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.7.dll 66656 bytes Created: 21.2010 21:13 Modified: 21.12.exe 6144 bytes .2010 22:29 Modified: 20.2009 0:11 Modified: 14.11.7.2011 19:00 Company: [no info] ---------Web Desktop Wallpaper entry is blank ---------Checks for rogue DNS NameServers completed ---------Additional checks completed ************************************************************ 19:11:18: Scanning ----.DEVICE DRIVER ENTRIES ----************************************************************ 19:11:17: ----. ---------Key: SharingPrivate CLSID: {08244EE6-92F0-47f2-9FC9-929BAA2E7235} File: %SystemRoot%\system32\ntshrui.dll 442880 bytes Created: 20.2010 22:29 Company: Microsoft Corporation ---------************************************************************ 19:11:17: Scanning ----.dll C:\Program Files\Internet Download Manager\IDMShellExt.12.SHELLICONOVERLAYIDENTIFIERS ----Key: IDM Shell Extension CLSID: {CDC95B92-E27C-4745-A8C5-64A52A78855D} File: C:\Program Files\Internet Download Manager\IDMShellExt.RUNNING PROCESSES ----C:\Windows\System32\smss.************************************************************ 19:11:17: Scanning ----.jp g 431587 bytes Created: 24.2009 2:14 Company: Microsoft Corporation -------------------C:\Windows\system32\csrss.ADDITIONAL CHECKS ----Winlogon registry rootkit checks completed ---------Heuristic checks for hidden files/drivers completed ---------Layered Service Provider entries checks completed ---------Windows Explorer Policies checks completed ---------Desktop Wallpaper: C:\Users\Igor777\AppData\Roaming\Microsoft\Windows\Themes\Tra nscodedWallpaper.2010 17:29 Company: Tonec Inc.

Created: 14.2011 5:22 Company: Microsoft Corporation -------------------- .9.2009 2:14 Company: Microsoft Corporation -------------------C:\Windows\system32\winlogon.2009 0:36 Modified: 14.exe 397312 bytes Created: 30.2009 2:14 Company: Microsoft Corporation --------------------------------------C:\Windows\system32\atieclxx.exe 96256 bytes Created: 14.2010 22:29 Company: Microsoft Corporation -------------------C:\Windows\system32\services.2009 2:14 Company: Microsoft Corporation -------------------C:\Windows\system32\lsm.7.7.7.2009 0:11 Modified: 14.2009 0:51 Modified: 14.7.7.exe 20992 bytes Created: 14.11.6.exe 267776 bytes Created: 20.10.2011 13:30 Company: AMD --------------------------------------C:\Windows\system32\WLANExt.7.2010 22:29 Modified: 20.2009 0:11 Modified: 14.11.2009 2:14 Company: Microsoft Corporation -------------------C:\Windows\system32\conhost.exe 22528 bytes Created: 14.7.2009 2:14 Company: Microsoft Corporation -------------------C:\Windows\system32\wininit.2011 6:45 Modified: 24.11.7.2010 22:29 Modified: 20.10.exe 271360 bytes Created: 25.2009 2:14 Company: Microsoft Corporation -------------------C:\Windows\system32\lsass.exe 77312 bytes Created: 14.2010 22:29 Company: Microsoft Corporation -------------------C:\Windows\system32\svchost.exe 259072 bytes Created: 14.7.exe 286720 bytes Created: 20.7.2011 22:09 Modified: 15.2009 0:19 Modified: 14.11.2009 0:11 Modified: 14.7.7.

-------------------C:\Windows\system32\SearchIndexer.C:\Windows\System32\spoolsv.3.exe 49152 bytes Created: 20.2010 22:29 Modified: 20.2010 22:29 Company: Microsoft Corporation --------------------------------------C:\Program Files\Windows Media Player\wmpnetwk. -------------------C:\Program Files\Hewlett-Packard\Shared\hpqToaster.12.2011 13:42 Company: Advanced Micro Devices. Inc.2010 22:29 Modified: 20.exe 427520 bytes Created: 25.2010 16:28 Company: Tonec Inc.9.2011 3:18 Modified: 4.7.exe 95528 bytes Created: 28.2008 2:06 Company: Synaptics.2010 22:29 Modified: 20.exe 1121792 bytes Created: 20.exe 92672 bytes Created: 14.2011 5:28 Company: Microsoft Corporation -------------------C:\Windows\system32\wbem\wmiprvse.exe 291840 bytes Created: 15.exe 263600 bytes Created: 21.7.exe 257536 bytes Created: 20.exe 632888 bytes Created: 1. Inc.11.2010 22:29 Company: Microsoft Corporation -------------------C:\Windows\system32\Dwm.11.11.Service.2010 22:29 Modified: 20.2009 15:44 .exe 317440 bytes Created: 20.ACE\Fuel\Fuel.7.5.2008 2:06 Modified: 28.9.3. -------------------C:\Program Files\Internet Download Manager\IEMonitor.11.2009 2:14 Company: Microsoft Corporation -------------------C:\Program Files\ATI Technologies\ATI.11.2011 13:42 Modified: 15.2009 0:24 Modified: 14.2010 22:29 Company: Microsoft Corporation --------------------------------------C:\Windows\system32\taskhost.5.2010 21:13 Modified: 25.7.2009 15:44 Modified: 1.2010 22:29 Company: Microsoft Corporation -------------------C:\Program Files\Synaptics\SynTP\SynTPHelper.10.11.11.11.

2011 3:18 Modified: 4.2600.com/fwlink/?LinkId=69157 HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page": C:\Windows\system32\blank. For information.exe 164352 bytes Created: 25.microsoft.Company: -------------------C:\Program Files\Trojan Remover\Rmvtrjan.10.com [Unregistered version] Scan started at: 13:29:13 02 nov 2011 .2011 5:28 Company: Microsoft Corporation -------------------C:\Program Files\Malwarebytes' Anti-Malware\mbam.htm HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page": http://go.com/fwlink/?LinkId=69157 HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL": http://go.exe 86528 bytes Created: 25.com/fwlink/?LinkId=54896 ************************************************************ === NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES === Scan completed at: 19:11:22 06 nov 2011 Total Scan time: 00:00:27 ************************************************************ ***** NORMAL SCAN FOR ACTIVE MALWARE ***** Trojan Remover Ver 6.exe FileSize: 4740016 [This is a Trojan Remover component] --------------------------------------C:\Windows\system32\SearchProtocolHost.exe 1047208 bytes Created: 25.INTERNET EXPLORER HOME/START/SEARCH SETTINGS -----HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page": http://go.10.8.5.microsoft.10.microsoft.microsoft.2011 5:28 Company: Microsoft Corporation -------------------C:\Windows\system32\SearchFilterHost.2011 16:00 Company: Malwarebytes Corporation -------------------************************************************************ 19:11:22: Checking HOSTS file No malicious entries were found in the HOSTS file ************************************************************ -----.com/fwlink/?LinkId=54896 HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL": http://go.5.com/fwlink/?LinkId=69157 HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page": C:\Windows\System32\blank.2011 20:03 Modified: 31.8.2011 3:18 Modified: 4.microsoft.com/fwlink/?LinkId=54896 HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page": http://go. email support@simplysup.htm HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page": http://go.2.microsoft.

2011 3:18 Modified: 25.2008 2:05 Company: Synaptics.2011 6:30 Company: Microsoft Corporation ---------This key's "Userinit" value calls the following program(s): Key value: [C:\Windows\system32\userinit.exe 26624 bytes Created: 20.] File: C:\Windows\system32\userinit.2.1.exe 2616320 bytes Created: 25. .exe C:\Windows\system32\userinit.11. Inc.exe 1045800 bytes Created: 28.11.exe C:\Windows\explorer.Using Database v7786 Operating System: Windows 7 Ultimate (SP1) [Build: 6.2010 22:29 Modified: 20.SCANNING FOR ROOTKIT SERVICES ----No hidden Services were detected.exe] File: explorer.2008 2:05 Modified: 28.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.2010 22:29 Company: Microsoft Corporation ----------------------------Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows -------------------Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Value Name: load -------------------Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Value Name: TaskTray Value Data: Blank entry: [] -------------------Value Name: SynTPEnh Value Data: C:\Program Files\Synaptics\SynTP\SynTPEnh.10.7601] File System: NTFS UAC is ENABLED [default level] UserData directory: C:\Users\Igor777\AppData\Roaming\Simply Super Software\Troja n Remover\ Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\ Logfile directory: C:\Users\Igor777\Documents\Simply Super Software\Trojan Remo ver Logfiles\ Program directory: C:\Program Files\Trojan Remover\ Running with Administrator privileges ************************************************************ ************************************************************ 13:29:13: ----.3.3.exe. ************************************************************ 13:29:14: Scanning -----WINDOWS REGISTRY-----------------------Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon -------------------Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon This key's "Shell" value calls the following program(s): Key value: [explorer.

exe /onboot C:\Program Files\Internet Download Manager\IDMan.11.REGISTRY ACTIVE SETUP KEYS ----- . ************************************************************ 13:29:16: Scanning ----. Inc.2010 22:29 Modified: 20.exe 343168 bytes Created: 15.exe 1174016 bytes Created: 20.9.2011 2:32 Company: Tonec Inc.10.2011 2:31 Modified: 26.exe" MSRun C:\Program Files\ATI Technologies\ATI.2011 14:38 Company: Advanced Micro Devices.9.exe 3270040 bytes Created: 26.9. -------------------Value Name: egui Value Data: "C:\Program Files\ESET\ESET Smart Security\egui.10.2010 22:29 Company: Microsoft Corporation -------------------Value Name: IDMan Value Data: C:\Program Files\Internet Download Manager\IDMan.-------------------Value Name: StartCCC Value Data: "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.11.exe 2054360 bytes Created: 11.9.2009 7:23 Company: ESET -------------------Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce This Registry Key appears to be empty -------------------Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Value Name: Sidebar Value Data: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun C:\Program Files\Windows Sidebar\sidebar.ACE\Core-Static\CLIStart. -------------------Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce This Registry Key appears to be empty ************************************************************ 13:29:15: Scanning -----SHELLEXECUTEHOOKS----ShellExecuteHooks key is empty ************************************************************ 13:29:15: Scanning -----HIDDEN REGISTRY ENTRIES----Taskdir check completed ---------No Hidden File-loading Registry Entries found ---------************************************************************ 13:29:16: Scanning -----ACTIVE SCREENSAVER----No active ScreenSaver found to scan.2011 14:38 Modified: 15.2009 7:23 Modified: 11.exe" /hide /waitserv ice C:\Program Files\ESET\ESET Smart Security\egui.

9.0\armsvc.6.6.2011 12:52 Company: Advanced Micro Devices.2011 13:42 Modified: 15.exe /laun chService C:\Program Files\ATI Technologies\ATI.sys 1035776 bytes Created: 10.10.ACE\Fuel\Fuel. Inc.sys 37944 bytes Created: 30.************************************************************ 13:29:16: Scanning ----.exe C:\Windows\system32\atiesrxx.2011 11:55 Company: Adobe Systems Incorporated ---------Key: AgereSoftModem ImagePath: system32\DRIVERS\AGRSM.2011 11:55 Modified: 6.2009 22:40 Modified: 13. ---------Key: AmdPPM ImagePath: system32\DRIVERS\amdppm.exe 64952 bytes Created: 6.2010 9:18 Company: Advanced Micro Devices ---------Key: amdkmdap ImagePath: system32\DRIVERS\atikmpag. Inc.SERVICES REGISTRY KEYS ----Key: AdobeARMservice ImagePath: "C:\Program Files\Common Files\Adobe\ARM\1.Service.10.7.exe" C:\Program Files\Common Files\Adobe\ARM\1.Service.2011 13:30 Company: AMD ---------Key: AMD FUEL Service ImagePath: C:\Program Files\ATI Technologies\ATI.7.sys C:\Windows\system32\DRIVERS\AGRSM.2011 22:09 Modified: 15. ---------Key: amdiox86 ImagePath: system32\DRIVERS\amdiox86.SERVICEDLL REGISTRY KEYS ----************************************************************ 13:29:18: Scanning ----.7.2.exe 176128 bytes Created: 30.6.9.2011 22:10 Modified: 18.exe 291840 bytes Created: 15.10.sys C:\Windows\system32\DRIVERS\amdppm.sys 257024 bytes Created: 30.sys C:\Windows\system32\DRIVERS\atikmpag.9.2011 13:42 Company: Advanced Micro Devices.2009 0:11 .2009 0:11 Modified: 14.2011 22:09 Modified: 15.0\armsvc.2009 23:13 Company: LSI Corp ---------Key: AMD External Events Utility ImagePath: %SystemRoot%\system32\atiesrxx.sys C:\Windows\system32\DRIVERS\amdiox86.ACE\Fuel\Fuel.9.sys 52736 bytes Created: 14.

10.2009 2:26 Company: Microsoft Corporation ---------Key: AtiPcie ImagePath: system32\DRIVERS\AtiPcie.sys C:\Windows\system32\DRIVERS\AtiPcie.sys 14392 bytes Created: 17.2011 20:08 Modified: 16.sys 33920 bytes Created: 16.sys 80256 bytes Created: 26.2011 2:23 Modified: 11.sys 4256320 bytes Created: 30.2011 20:08 Modified: 16.2011 2:23 Modified: 11.Company: Microsoft Corporation ---------Key: amdsata ImagePath: \SystemRoot\system32\drivers\amdsata.2010 10:15 Company: Advanced Micro Devices Inc.2011 6:38 Company: Advanced Micro Devices ---------Key: amdxata ImagePath: system32\drivers\amdxata.6.sys C:\Windows\system32\DRIVERS\bcmwl6.6.sys C:\Windows\system32\DRIVERS\amd_sata.sys C:\Windows\system32\DRIVERS\amd_xata.sys .6.3.2010 10:15 Modified: 17.7.2011 22:18 Company: Broadcom Corporation ---------Key: BthEnum ImagePath: \SystemRoot\system32\drivers\BthEnum. ---------Key: BCM43XX ImagePath: system32\DRIVERS\bcmwl6.2011 6:38 Company: Advanced Micro Devices ---------Key: amd_sata ImagePath: system32\DRIVERS\amd_sata.10.3.10.6.sys 22400 bytes Created: 26.2009 0:11 Modified: 14.sys C:\Windows\system32\drivers\atapi.sys C:\Windows\system32\drivers\amdsata.2011 22:25 Modified: 30.2011 20:08 Company: Advanced Micro Devices ---------Key: atapi ImagePath: system32\drivers\atapi.sys C:\Windows\system32\drivers\amdxata.2011 20:08 Company: Advanced Micro Devices ---------Key: amd_xata ImagePath: system32\DRIVERS\amd_xata.6.6.sys 21584 bytes Created: 14.7.sys 67712 bytes Created: 16.10.

2010 12:16 Company: Microsoft Corporation ---------Key: dmvsc ImagePath: \SystemRoot\system32\drivers\dmvsc.sys 116008 bytes Created: 11.exe C:\Windows\Microsoft.sys C:\Windows\system32\drivers\dmvsc.2011 2:23 Modified: 28.2011 4:15 Company: Microsoft Corporation ---------Key: clr_optimization_v4.sys 34816 bytes Created: 14.0.10.C:\Windows\system32\drivers\BthEnum.9.2009 7:17 Company: ESET ---------Key: ehdrv ImagePath: system32\DRIVERS\ehdrv.2009 7:33 Modified: 11.7.2011 2:23 Modified: 28.10.3.9.11.NET\Framework\v4.sys C:\Windows\System32\Drivers\BTHUSB.2009 0:51 Company: Microsoft Corporation ---------Key: BTHPORT ImagePath: \SystemRoot\System32\Drivers\BTHport.3.2009 7:17 Modified: 11.2010 1:46 Modified: 20.2009 7:23 Company: ESET ---------Key: EhttpSrv ImagePath: "C:\Program Files\ESET\ESET Smart Security\EHttpSrv.2009 7:23 Modified: 11.exe 130384 bytes Created: 18.2009 7:33 .sys 60416 bytes Created: 26.30319\mscorsvw.9.2011 4:15 Company: Microsoft Corporation ---------Key: BTHUSB ImagePath: \SystemRoot\System32\Drivers\BTHUSB.exe 20680 bytes Created: 11.9.30319_32 ImagePath: C:\Windows\Microsoft.2009 0:51 Modified: 14.NET\Framework\v4.4.exe" C:\Program Files\ESET\ESET Smart Security\EHttpSrv.9.0.9.30319\mscorsvw.2010 12:16 Modified: 18.11.2010 22:29 Company: Microsoft Corporation ---------Key: eamon ImagePath: system32\DRIVERS\eamon.sys 108792 bytes Created: 11.sys C:\Windows\system32\DRIVERS\eamon.4.sys C:\Windows\System32\Drivers\BTHport.sys 62464 bytes Created: 21.sys 393728 bytes Created: 26.0.7.sys C:\Windows\system32\DRIVERS\ehdrv.

exe 229944 bytes Created: 30.2009 9:10 Modified: 19.2009 7:26 Company: ESET ---------Key: Epfwndis ImagePath: system32\DRIVERS\Epfwndis.sys C:\Windows\system32\DRIVERS\epfw.2009 7:26 Company: ESET ---------Key: hpqwmiex ImagePath: "C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.12.Company: ESET ---------Key: ekrn ImagePath: "C:\Program Files\ESET\ESET Smart Security\ekrn.9.2009 15:58 Modified: 30.4.sys 135048 bytes Created: 11.exe" C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.sys 85232 bytes Created: 21.6. ---------Key: iaStorV ImagePath: \SystemRoot\system32\drivers\iaStorV.sys .2011 6:38 Company: Intel Corporation ---------Key: IDMWFP ImagePath: system32\DRIVERS\idmwfp.2011 2:23 Modified: 11.P.sys 33096 bytes Created: 19.9.2009 7:26 Modified: 11.10.2009 15:58 Company: Hewlett-Packard Development Company.sys C:\Windows\system32\DRIVERS\epfwwfp.exe" C:\Program Files\ESET\ESET Smart Security\ekrn.sys C:\Windows\system32\DRIVERS\Epfwndis.12.2009 9:10 Company: ESET ---------Key: epfwwfp ImagePath: system32\DRIVERS\epfwwfp.sys 38240 bytes Created: 11.2009 7:26 Modified: 11.2009 7:24 Company: ESET ---------Key: epfw ImagePath: system32\DRIVERS\epfw.9.sys 332160 bytes Created: 26.9.exe 735960 bytes Created: 11.9.sys C:\Windows\system32\DRIVERS\idmwfp.2010 17:29 Company: Tonec Inc.2009 7:24 Modified: 11.sys C:\Windows\system32\drivers\iaStorV.9. L.2010 21:13 Modified: 21.6. ---------Key: kbdhid ImagePath: \SystemRoot\system32\drivers\kbdhid.4.3.

exe" C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.11.2011 20:03 Modified: 31.2011 16:00 Company: Malwarebytes Corporation ---------Key: msahci ImagePath: system32\drivers\msahci.11.11.2010 3:53 Modified: 26.12.2009 0:45 Modified: 14.exe" C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.10.2009 10:21 Company: VS Revo Group ---------Key: Serenum ImagePath: \SystemRoot\system32\drivers\serenum.2011 16:00 Company: Malwarebytes Corporation ---------Key: MBAMService ImagePath: "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.2010 3:53 Company: [no info] ---------Key: RdpVideoMiniport ImagePath: System32\drivers\rdpvideominiport.exe 366152 bytes Created: 25.7.5.11.2009 0:45 .sys 28032 bytes Created: 20.C:\Windows\system32\drivers\kbdhid.sys C:\Windows\System32\drivers\rdpvideominiport.2011 20:03 Modified: 31.11.exe 2139400 bytes Created: 26.2010 22:29 Modified: 20.2010 22:29 Modified: 20.2010 22:29 Company: Microsoft Corporation ---------Key: Revoflt ImagePath: system32\DRIVERS\revoflt.2010 22:29 Company: Microsoft Corporation ---------Key: MBAMProtector ImagePath: \??\C:\Windows\system32\drivers\mbam.sys 17920 bytes Created: 14.10.sys 28160 bytes Created: 20.sys C:\Windows\system32\drivers\serenum.sys C:\Windows\system32\drivers\mbam.sys 15872 bytes Created: 20.11.sys 22216 bytes Created: 25.5.8.7.8.sys C:\Windows\system32\DRIVERS\revoflt.2011 12:12 Modified: 30.10.sys 27192 bytes Created: 28.2010 22:29 Modified: 20.2010 22:29 Company: Microsoft Corporation ---------Key: OS Selector ImagePath: "C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.sys C:\Windows\system32\drivers\msahci.

Company: Microsoft Corporation
---------Key:
Serial
ImagePath: \SystemRoot\system32\drivers\serial.sys
C:\Windows\system32\drivers\serial.sys
83456 bytes
Created: 14.7.2009 0:45
Modified: 14.7.2009 0:45
Company: Brother Industries Ltd.
---------Key:
sscebus
ImagePath: system32\DRIVERS\sscebus.sys
C:\Windows\system32\DRIVERS\sscebus.sys
98560 bytes
Created: 27.10.2011 21:48
Modified: 21.12.2010 6:55
Company: MCCI Corporation
---------Key:
sscemdfl
ImagePath: system32\DRIVERS\sscemdfl.sys
C:\Windows\system32\DRIVERS\sscemdfl.sys
14848 bytes
Created: 27.10.2011 21:48
Modified: 21.12.2010 6:55
Company: MCCI Corporation
---------Key:
sscemdm
ImagePath: system32\DRIVERS\sscemdm.sys
C:\Windows\system32\DRIVERS\sscemdm.sys
123648 bytes
Created: 27.10.2011 21:48
Modified: 21.12.2010 6:55
Company: MCCI Corporation
---------Key:
ssceserd
ImagePath: system32\DRIVERS\ssceserd.sys
C:\Windows\system32\DRIVERS\ssceserd.sys
100352 bytes
Created: 27.10.2011 21:48
Modified: 21.12.2010 6:55
Company: MCCI Corporation
---------Key:
Synth3dVsc
ImagePath: System32\drivers\synth3dvsc.sys
C:\Windows\System32\drivers\synth3dvsc.sys
77184 bytes
Created: 21.11.2010 1:46
Modified: 20.11.2010 22:29
Company: Microsoft Corporation
---------Key:
SynTP
ImagePath: system32\DRIVERS\SynTP.sys
C:\Windows\system32\DRIVERS\SynTP.sys
199472 bytes
Created: 28.3.2008 2:06
Modified: 28.3.2008 2:06
Company: Synaptics, Inc.
---------Key:
terminpt
ImagePath: \SystemRoot\system32\drivers\terminpt.sys

C:\Windows\system32\drivers\terminpt.sys
25600 bytes
Created: 21.11.2010 1:46
Modified: 20.11.2010 22:29
Company: Microsoft Corporation
---------Key:
TsUsbFlt
ImagePath: System32\drivers\tsusbflt.sys
C:\Windows\System32\drivers\tsusbflt.sys
52224 bytes
Created: 20.11.2010 22:29
Modified: 20.11.2010 22:29
Company: Microsoft Corporation
---------Key:
TsUsbGD
ImagePath: \SystemRoot\system32\drivers\TsUsbGD.sys
C:\Windows\system32\drivers\TsUsbGD.sys
27264 bytes
Created: 20.11.2010 22:29
Modified: 20.11.2010 22:29
Company: Microsoft Corporation
---------Key:
tsusbhub
ImagePath: system32\drivers\tsusbhub.sys
C:\Windows\system32\drivers\tsusbhub.sys
112640 bytes
Created: 21.11.2010 1:46
Modified: 20.11.2010 22:29
Company: Microsoft Corporation
---------Key:
usbfilter
ImagePath: system32\DRIVERS\usbfilter.sys
C:\Windows\system32\DRIVERS\usbfilter.sys
41600 bytes
Created: 30.10.2011 22:11
Modified: 17.8.2011 16:44
Company: Advanced Micro Devices
---------Key:
usbvideo
ImagePath: System32\Drivers\usbvideo.sys
C:\Windows\System32\Drivers\usbvideo.sys
146432 bytes
Created: 20.11.2010 22:29
Modified: 20.11.2010 22:29
Company: Microsoft Corporation
---------Key:
VGPU
ImagePath: System32\drivers\rdvgkmd.sys
C:\Windows\System32\drivers\rdvgkmd.sys - [file not found to scan]
---------Key:
vwifibus
ImagePath: system32\DRIVERS\vwifibus.sys
C:\Windows\system32\DRIVERS\vwifibus.sys
19968 bytes
Created: 14.7.2009 0:52
Modified: 14.7.2009 0:52
Company: Microsoft Corporation
---------Key:
vwififlt
ImagePath: system32\DRIVERS\vwififlt.sys

C:\Windows\system32\DRIVERS\vwififlt.sys
48128 bytes
Created: 14.7.2009 0:52
Modified: 14.7.2009 0:52
Company: Microsoft Corporation
---------Key:
WatAdminSvc
ImagePath: %SystemRoot%\system32\Wat\WatAdminSvc.exe
C:\Windows\system32\Wat\WatAdminSvc.exe
1343400 bytes
Created: 28.10.2011 23:18
Modified: 28.10.2011 23:18
Company: Microsoft Corporation
---------Key:
WinUsb
ImagePath: system32\DRIVERS\WinUsb.sys
C:\Windows\system32\DRIVERS\WinUsb.sys
35968 bytes
Created: 20.11.2010 22:29
Modified: 20.11.2010 22:29
Company: Microsoft Corporation
---------Key:
yukonw7
ImagePath: system32\DRIVERS\yk62x86.sys
C:\Windows\system32\DRIVERS\yk62x86.sys
311296 bytes
Created: 13.7.2009 23:02
Modified: 13.7.2009 23:02
Company: Marvell
---------************************************************************
13:29:44: Scanning -----VXD ENTRIES----************************************************************
13:29:44: Scanning ----- WINLOGON\NOTIFY DLLS ----No WINLOGON\NOTIFY DLLs found to scan
Rootkit scan of Winlogon\Notify key not possible [key may not exist]
************************************************************
13:29:44: Scanning ----- CONTEXTMENUHANDLERS ----Key: ESET Smart Security - Context Menu Shell Extension
CLSID: {B089FE88-FB52-11D3-BDF1-0050DA34150D}
Path: C:\Program Files\ESET\ESET Smart Security\shellExt.dll
C:\Program Files\ESET\ESET Smart Security\shellExt.dll
183880 bytes
Created: 11.9.2009 7:37
Modified: 11.9.2009 7:37
Company: ESET
---------Key: TeraCopy
CLSID: {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7}
Path: C:\Program Files\TeraCopy\TeraCopyExt.dll
C:\Program Files\TeraCopy\TeraCopyExt.dll
305664 bytes
Created: 25.10.2011 20:53
Modified: 22.6.2009 7:26
Company: [no info]
----------

************************************************************ 13:29:45: Scanning ----.USER STARTUP GROUPS ----Checking Startup Group for: Igor777 [C:\Users\Igor777\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup] C:\Users\Igor777\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\d esktop.ini -HS.BROWSER HELPER OBJECTS ----Key: {0055C089-8582-441B-A0BF-17B458C2A3A8} BHO: C:\Program Files\Internet Download Manager\IDMIECC.12.7.2011 22:12 Modified: 30.SHAREDTASKSCHEDULER ENTRIES ----No SharedTaskScheduler entries found to scan ************************************************************ 13:29:46: Scanning ----.10.dll C:\Program Files\Internet Download Manager\IDMIECC.APPINIT_DLLS ----The AppInit_DLLs value is blank or does not exist ************************************************************ 13:29:47: Scanning ----. ---------************************************************************ 13:29:46: Scanning ----.12.2010 21:13 Modified: 23.7.10. ************************************************************ 13:29:46: Scanning ----.2009 5:41 Company: [no info] -------------------************************************************************ 13:29:47: Scanning ----.SECURITY PROVIDER DLLS ----************************************************************ 13:29:47: Scanning -----.ini -HS.FOLDER\COLUMNHANDLERS ----************************************************************ 13:29:45: Scanning ----.COMMON STARTUP GROUP -----[C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup] The Common Startup Group attempts to load the following file(s) at boot time: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.IMAGEFILE DEBUGGERS ----No "Debugger" entries found.SCHEDULED TASKS ----Taskname: GoogleUpdateTaskUserS-1-5-21-1871904078-2232636328-3387153480-100 0Core .dll 202160 bytes Created: 21. Tonec Inc.2009 5:41 Modified: 14.2011 22:12 Company: [no info] ----------------------------************************************************************ 13:29:47: Scanning ----.SHELLSERVICEOBJECTS ----************************************************************ 13:29:46: Scanning ----.174 bytes Created: 30.174 bytes Created: 14.2010 16:28 Company: Internet Download Manager.

exe C:\Users\Igor777\AppData\Local\Google\Update\GoogleUpdate.dll 442880 bytes Created: 20.12.dll C:\Windows\system32\ntshrui. ??? ? ??????? ?? ??? ??????????? ??????? ?? ??????? Google ??????? ???? ?? ?? ?????? ??. Parameters: /ua /installsource scheduler Schedule: At 22:57:00 every day Next Run Time: 2. ??????? ?? ???? ??????? ????????? ??? ???????. Google ??????? ?? ???? ??????? ?????????.11. Google ??????? ?? ???? ??????? ?????????.12.2011 22:52 Company: Google Inc.10.exe 136176 bytes Created: 31.exe C:\Users\Igor777\AppData\Local\Google\Update\GoogleUpdate.2010 21:13 Modified: 21. ??? ????? ?? ?????????? ??????????? ????????? ???? ???? ?? ?? ???????.2010 17:29 Company: Tonec Inc. ??? ????? ?? ?????????? ??????????? ????????? ???? ???? ?? ?? ???????.2011 22:52 Company: Google Inc.2010 22:29 Company: Microsoft Corporation ---------************************************************************ 13:29:48: Scanning ----.2011 22:57:00 Status: Ready Creator: Igor777 Comments: ??????? ??????? Google ???????. ??? ? ??????? ?? ??? ??????????? ??????? ?? ??????? Google ??????? ???? ?? ?? ?????? ??. ? ???????? ????? ???? ??????.11.11. ---------************************************************************ 13:29:48: Scanning ----. Parameters: /c Schedule: At 22:57:00 every day Next Run Time: 2.2011 22:52 Modified: 31. ---------Taskname: GoogleUpdateTaskUserS-1-5-21-1871904078-2232636328-3387153480-100 0UA File: C:\Users\Igor777\AppData\Local\Google\Update\GoogleUpdate.SHELLICONOVERLAYIDENTIFIERS ----Key: IDM Shell Extension CLSID: {CDC95B92-E27C-4745-A8C5-64A52A78855D} File: C:\Program Files\Internet Download Manager\IDMShellExt. ??????? ?? ???? ??????? ????????? ??? ???????.DEVICE DRIVER ENTRIES ----- .exe 136176 bytes Created: 31. ---------Key: SharingPrivate CLSID: {08244EE6-92F0-47f2-9FC9-929BAA2E7235} File: %SystemRoot%\system32\ntshrui.10.dll 66656 bytes Created: 21. ? ???????? ????? ???? ??????.File: C:\Users\Igor777\AppData\Local\Google\Update\GoogleUpdate.2011 13:57:00 Status: Ready Creator: Igor777 Comments: ??????? ??????? Google ???????.10.10.11.2011 22:52 Modified: 31.2010 22:29 Modified: 20.dll C:\Program Files\Internet Download Manager\IDMShellExt.

2009 0:11 Modified: 14.7.7.jp g 1273529 bytes Created: 24.2009 2:14 Company: Microsoft Corporation -------------------C:\Windows\system32\lsass.2009 0:11 Modified: 14.2009 2:14 Company: Microsoft Corporation -------------------C:\Windows\system32\wininit.exe 96256 bytes Created: 14.exe .7.exe 6144 bytes Created: 14.2009 0:36 Modified: 14.ADDITIONAL CHECKS ----Winlogon registry rootkit checks completed ---------Heuristic checks for hidden files/drivers completed ---------Layered Service Provider entries checks completed ---------Windows Explorer Policies checks completed ---------Desktop Wallpaper: C:\Users\Igor777\AppData\Roaming\Microsoft\Windows\Themes\Tra nscodedWallpaper.7.10.2009 2:14 Company: Microsoft Corporation -------------------C:\Windows\system32\csrss.2009 2:14 Company: Microsoft Corporation -------------------C:\Windows\system32\services.2009 0:11 Modified: 14.exe 22528 bytes Created: 14.7.************************************************************ 13:29:48: ----.2009 0:11 Modified: 14.7.2011 23:30 Modified: 1.2011 22:00 Company: [no info] ---------Web Desktop Wallpaper entry is blank ---------Checks for rogue DNS NameServers completed ---------Additional checks completed ************************************************************ 13:29:50: Scanning ----.exe 69632 bytes Created: 14.7.7.11.2009 2:14 Company: Microsoft Corporation -------------------C:\Windows\system32\lsm.7.exe 259072 bytes Created: 14.jpg C:\Users\Igor777\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.7.RUNNING PROCESSES ----C:\Windows\System32\smss.

11.11.exe 77312 bytes Created: 14.11.exe 20992 bytes Created: 14.exe 286720 bytes Created: 20.exe 317440 bytes Created: 20.2010 22:29 Modified: 20.exe 291840 bytes Created: 15.2009 2:14 Company: Microsoft Corporation -------------------C:\Windows\System32\spoolsv.2010 22:29 Company: Microsoft Corporation -------------------C:\Windows\system32\winlogon.2011 22:09 Modified: 15.7.2010 22:29 Company: Microsoft Corporation -------------------C:\Windows\system32\taskhost.exe 397312 bytes Created: 30.2010 22:29 Modified: 20.7.10.2009 0:51 Modified: 14.7.2010 22:29 Company: Microsoft Corporation -------------------C:\Program Files\ATI Technologies\ATI.2011 13:30 Company: AMD --------------------------------------C:\Windows\system32\WLANExt.9.Service.2009 2:14 Company: Microsoft Corporation -------------------C:\Windows\system32\conhost. Inc.exe 271360 bytes Created: 25.11.7.2009 0:24 Modified: 14.7.2009 0:19 Modified: 14.11.exe 92672 bytes Created: 14.267776 bytes Created: 20.11.11.2011 13:42 Modified: 15.2011 6:45 Modified: 24.9.2009 2:14 Company: Microsoft Corporation --------------------------------------C:\Windows\system32\atieclxx.6.9.2010 22:29 Modified: 20.2011 5:22 Company: Microsoft Corporation -------------------C:\Windows\system32\Dwm.2011 13:42 Company: Advanced Micro Devices. .10.exe 49152 bytes Created: 20.ACE\Fuel\Fuel.7.11.2010 22:29 Company: Microsoft Corporation -------------------C:\Windows\system32\svchost.2010 22:29 Modified: 20.

2010 16:11 Company: Advanced Micro Devices Inc.12. Inc.exe 427520 bytes Created: 25.0\WPF\PresentationFontCache. -------------------C:\Program Files\Internet Download Manager\IEMonitor.8.2011 3:18 Modified: 4.exe 299008 bytes Created: 28.10.exe 263600 bytes Created: 21.8.exe 299008 bytes Created: 23.11.5.exe 95528 bytes Created: 28.exe 3179520 bytes Created: 20.11.9. ---------------------------------------------------------C:\Program Files\Synaptics\SynTP\SynTPHelper.2010 22:29 Company: Microsoft Corporation -------------------C:\Windows\system32\SearchIndexer.10.-------------------C:\Program Files\ATI Technologies\ATI.5.2010 15:33 Modified: 28.5.2010 16:28 Company: Tonec Inc.11.2010 16:11 Modified: 23.6.9.2011 3:18 Modified: 4.exe 257536 bytes Created: 20.2010 15:33 Company: ATI Technologies Inc.ACE\Core-Static\MOM.exe FileSize: 4740016 .3.Net\Framework\v3.2010 22:29 Modified: 20.2011 5:28 Company: Microsoft Corporation -------------------C:\Windows\system32\sppsvc.2010 22:29 Company: Microsoft Corporation --------------------------------------C:\Program Files\Trojan Remover\Rmvtrjan.7. -------------------C:\Windows\system32\wbem\wmiprvse.2008 2:06 Modified: 28.2010 22:29 Modified: 20.ACE\Core-Static\CCC.2008 2:06 Company: Synaptics.2010 21:13 Modified: 25.2011 5:28 Company: Microsoft Corporation -------------------C:\Windows\Microsoft.3.2009 22:14 Company: Microsoft Corporation -------------------C:\Windows\system32\SearchProtocolHost.exe 164352 bytes Created: 25.exe 42856 bytes Created: 14.11. -------------------C:\Program Files\ATI Technologies\ATI.2009 1:35 Modified: 10.

com/fwlink/?LinkId=69157 HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page": C:\Windows\system32\blank.[This is a Trojan Remover component] --------------------------------------************************************************************ 13:29:53: Checking HOSTS file No malicious entries were found in the HOSTS file ************************************************************ -----.INTERNET EXPLORER HOME/START/SEARCH SETTINGS -----HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page": http://go.microsoft.htm HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page": http://go.microsoft.microsoft. email support@simplysup.8.2.com/fwlink/?LinkId=69157 HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page": C:\Windows\System32\blank.7601] File System: NTFS UAC is ENABLED [default level] UserData directory: C:\Users\Igor777\AppData\Roaming\Simply Super Software\Troja n Remover\ Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\ Logfile directory: C:\Users\Igor777\Documents\Simply Super Software\Trojan Remo ver Logfiles\ Program directory: C:\Program Files\Trojan Remover\ Running with Administrator privileges ************************************************************ ************************************************************ 22:51:14: ----.1.com/fwlink/?LinkId=69157 HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL": http://go.SCANNING FOR ROOTKIT SERVICES ----No hidden Services were detected. ************************************************************ 22:51:14: Scanning -----WINDOWS REGISTRY-----------------------Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon .microsoft.com [Unregistered version] Scan started at: 22:51:14 31 okt 2011 Using Database v7786 Operating System: Windows 7 Ultimate (SP1) [Build: 6.com/fwlink/?LinkId=54896 HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page": http://go.com/fwlink/?LinkId=54896 ************************************************************ === NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES === Scan completed at: 13:29:54 02 nov 2011 Total Scan time: 00:00:40 ************************************************************ ***** NORMAL SCAN FOR ACTIVE MALWARE ***** Trojan Remover Ver 6.microsoft.2600.com/fwlink/?LinkId=54896 HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL": http://go.htm HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page": http://go.microsoft. For information.

11.2011 20:03 Company: ESET -------------------Value Name: Adobe ARM Value Data: "C:\Program Files\Common Files\Adobe\ARM\1.exe.10.exe 3080264 bytes Created: 22.exe 26624 bytes Created: 20.exe" C:\Program Files\Common Files\Adobe\ARM\1.exe" /hide /waitserv ice C:\Program Files\ESET\ESET Smart Security\egui.2011 20:03 Modified: 31.6.exe" /starttray C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.2011 3:18 Modified: 25.exe C:\Windows\system32\userinit.11.2011 11:55 Company: Adobe Systems Incorporated -------------------Value Name: TaskTray Value Data: Blank entry: [] -------------------Value Name: Malwarebytes' Anti-Malware Value Data: "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.] File: C:\Windows\system32\userinit.exe] File: explorer.2.exe 1045800 bytes .2010 22:29 Company: Microsoft Corporation ----------------------------Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows -------------------Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Value Name: load -------------------Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Value Name: egui Value Data: "C:\Program Files\ESET\ESET Smart Security\egui.8.2011 11:55 Modified: 6.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 2616320 bytes Created: 25.exe 449608 bytes Created: 25.2010 22:29 Modified: 20.0\AdobeARM.2011 16:00 Company: Malwarebytes Corporation -------------------Value Name: SynTPEnh Value Data: C:\Program Files\Synaptics\SynTP\SynTPEnh.0\AdobeARM.10.2011 20:03 Modified: 22.2011 6:30 Company: Microsoft Corporation ---------This key's "Userinit" value calls the following program(s): Key value: [C:\Windows\system32\userinit.exe 937920 bytes Created: 6.6.-------------------Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon This key's "Shell" value calls the following program(s): Key value: [explorer.9.9.exe C:\Windows\explorer.

-------------------Value Name: StartCCC Value Data: "C:\Program Files\ATI Technologies\ATI.11.A.10.Created: 28.2011 9:27 Company: Skype Technologies S.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.2008 2:05 Company: Synaptics.exe" MSRun C:\Program Files\ATI Technologies\ATI.exe /onboot C:\Program Files\Internet Download Manager\IDMan.ACE\Core-Static\CLIStart.10.2009 11:04 Modified: 23. -------------------Value Name: uTorrent Value Data: "C:\Program Files\uTorrent\uTorrent. Inc.2011 14:38 Company: Advanced Micro Devices.2009 11:04 Company: Hewlett-Packard -------------------Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce This Registry Key appears to be empty -------------------Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Value Name: Sidebar Value Data: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun C:\Program Files\Windows Sidebar\sidebar.10.9.2011 2:32 Company: Tonec Inc. -------------------Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce This Registry Key appears to be empty .11.2011 2:31 Modified: 26.10.2011 14:38 Modified: 15.exe 641400 bytes Created: 25.7.exe -R.exe 343168 bytes Created: 15. Inc.9.3. -------------------Value Name: Skype Value Data: "C:\Program Files\Skype\Phone\Skype.exe" /MINIMIZED C:\Program Files\uTorrent\uTorrent.2010 22:29 Company: Microsoft Corporation -------------------Value Name: IDMan Value Data: C:\Program Files\Internet Download Manager\IDMan.7.3.exe 498744 bytes Created: 23.2008 2:05 Modified: 28.exe 1174016 bytes Created: 20.10. Inc.2011 9:27 Modified: 13.17351304 bytes Created: 13.exe" /nosplash /minimized C:\Program Files\Skype\Phone\Skype.exe 3270040 bytes Created: 26.2011 6:29 Company: BitTorrent.2011 6:28 Modified: 25.10.ACE\Core-Static\CLIStart.2010 22:29 Modified: 20. -------------------Value Name: WirelessAssistant Value Data: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.

9.Service.************************************************************ 22:51:17: Scanning -----SHELLEXECUTEHOOKS----ShellExecuteHooks key is empty ************************************************************ 22:51:17: Scanning -----HIDDEN REGISTRY ENTRIES----Taskdir check completed ---------No Hidden File-loading Registry Entries found ---------************************************************************ 22:51:17: Scanning -----ACTIVE SCREENSAVER----No active ScreenSaver found to scan.sys C:\Windows\system32\DRIVERS\amdiox86.exe" C:\Program Files\Common Files\Adobe\ARM\1.sys 1035776 bytes Created: 10.7.0\armsvc. Inc.exe C:\Windows\system32\atiesrxx.exe 176128 bytes Created: 30.2011 11:55 Modified: 6. ************************************************************ 22:51:17: Scanning ----.6.6.ACE\Fuel\Fuel.exe 64952 bytes Created: 6.2009 22:40 Modified: 13.2011 13:30 Company: AMD ---------Key: AMD FUEL Service ImagePath: C:\Program Files\ATI Technologies\ATI.9.Service.2009 23:13 Company: LSI Corp ---------Key: AMD External Events Utility ImagePath: %SystemRoot%\system32\atiesrxx.9.sys 37944 bytes .SERVICEDLL REGISTRY KEYS ----************************************************************ 22:51:20: Scanning ----.6.ACE\Fuel\Fuel.SERVICES REGISTRY KEYS ----Key: AdobeARMservice ImagePath: "C:\Program Files\Common Files\Adobe\ARM\1.exe /laun chService C:\Program Files\ATI Technologies\ATI.2011 22:09 Modified: 15.sys C:\Windows\system32\DRIVERS\AGRSM.2011 13:42 Modified: 15.0\armsvc.10.2011 13:42 Company: Advanced Micro Devices.REGISTRY ACTIVE SETUP KEYS ----************************************************************ 22:51:17: Scanning ----.exe 291840 bytes Created: 15. ---------Key: amdiox86 ImagePath: system32\DRIVERS\amdiox86.2011 11:55 Company: Adobe Systems Incorporated ---------Key: AgereSoftModem ImagePath: system32\DRIVERS\AGRSM.

sys C:\Windows\system32\DRIVERS\amd_sata.Created: 30.7.sys 52736 bytes Created: 14.2010 9:18 Company: Advanced Micro Devices ---------Key: amdkmdap ImagePath: system32\DRIVERS\atikmpag.sys 80256 bytes Created: 26.7.2009 0:11 Modified: 14.2011 22:10 Modified: 18.2011 12:52 Company: Advanced Micro Devices.sys 22400 bytes Created: 26.6.sys C:\Windows\system32\DRIVERS\atikmpag.2011 2:23 Modified: 11.2011 22:09 Modified: 15.7.10.2.2011 20:08 Modified: 16.sys C:\Windows\system32\drivers\atapi.2011 20:08 Modified: 16.2011 6:38 Company: Advanced Micro Devices ---------Key: amdxata ImagePath: system32\drivers\amdxata.2009 2:26 Company: Microsoft Corporation ---------- .sys 21584 bytes Created: 14.10.2011 20:08 Company: Advanced Micro Devices ---------Key: amd_xata ImagePath: system32\DRIVERS\amd_xata.sys 67712 bytes Created: 16. Inc.6.6.2009 0:11 Company: Microsoft Corporation ---------Key: amdsata ImagePath: \SystemRoot\system32\drivers\amdsata.sys 257024 bytes Created: 30.3.2009 0:11 Modified: 14.2011 20:08 Company: Advanced Micro Devices ---------Key: atapi ImagePath: system32\drivers\atapi.sys C:\Windows\system32\DRIVERS\amdppm.sys C:\Windows\system32\DRIVERS\amd_xata.sys 33920 bytes Created: 16.2011 6:38 Company: Advanced Micro Devices ---------Key: amd_sata ImagePath: system32\DRIVERS\amd_sata.3.sys C:\Windows\system32\drivers\amdsata.7. ---------Key: AmdPPM ImagePath: system32\DRIVERS\amdppm.9.sys C:\Windows\system32\drivers\amdxata.2011 2:23 Modified: 11.6.10.10.

30319_32 ImagePath: C:\Windows\Microsoft.11.6.0.2010 10:15 Company: Advanced Micro Devices Inc.sys C:\Windows\system32\DRIVERS\AtiPcie.2009 0:51 Company: Microsoft Corporation ---------Key: BTHPORT ImagePath: \SystemRoot\System32\Drivers\BTHport.sys C:\Windows\System32\Drivers\BTHUSB.exe C:\Windows\Microsoft.30319\mscorsvw.sys 34816 bytes Created: 14.sys 14392 bytes Created: 17.10.2010 22:29 Company: Microsoft Corporation ---------Key: eamonm ImagePath: system32\DRIVERS\eamonm.10.30319\mscorsvw.sys 62464 bytes Created: 21.3.sys C:\Windows\system32\DRIVERS\eamonm.3.Key: AtiPcie ImagePath: system32\DRIVERS\AtiPcie.0.2010 10:15 Modified: 17.7.sys C:\Windows\system32\drivers\dmvsc.2010 12:16 Company: Microsoft Corporation ---------Key: dmvsc ImagePath: \SystemRoot\system32\drivers\dmvsc.11.4.NET\Framework\v4. ---------Key: BCM43XX ImagePath: system32\DRIVERS\bcmwl6.sys C:\Windows\system32\DRIVERS\bcmwl6.sys 393728 bytes Created: 26.2011 2:23 Modified: 28.2011 4:15 Company: Microsoft Corporation ---------Key: clr_optimization_v4.sys 4256320 bytes Created: 30.sys 60416 bytes Created: 26.sys 163424 bytes .10.sys C:\Windows\system32\drivers\BthEnum.sys C:\Windows\System32\Drivers\BTHport.NET\Framework\v4.10.2010 1:46 Modified: 20.2011 22:18 Company: Broadcom Corporation ---------Key: BthEnum ImagePath: \SystemRoot\system32\drivers\BthEnum.6.7.exe 130384 bytes Created: 18.0.2011 22:25 Modified: 30.4.2009 0:51 Modified: 14.2011 2:23 Modified: 28.2011 4:15 Company: Microsoft Corporation ---------Key: BTHUSB ImagePath: \SystemRoot\System32\Drivers\BTHUSB.2010 12:16 Modified: 18.

2011 17:20 Modified: 4.2011 17:20 Company: ESET ---------Key: EpfwLWF ImagePath: system32\DRIVERS\EpfwLWF.8.8.9.4.8. L.sys 147480 bytes Created: 4.2011 17:20 Company: ESET ---------Key: hpqwmiex ImagePath: "C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.2011 20:03 Company: ESET ---------Key: epfw ImagePath: system32\DRIVERS\epfw.2011 17:20 Modified: 4.Created: 9.sys C:\Windows\system32\drivers\iaStorV.sys 33656 bytes Created: 4.2011 17:20 Company: ESET ---------Key: ekrn ImagePath: "C:\Program Files\ESET\ESET Smart Security\ekrn.sys C:\Windows\system32\DRIVERS\EpfwLWF.8.sys C:\Windows\system32\DRIVERS\epfwwfp.2009 15:58 Company: Hewlett-Packard Development Company.2011 17:20 Company: ESET ---------Key: epfwwfp ImagePath: system32\DRIVERS\epfwwfp.8.4.2011 6:38 Company: Intel Corporation ---------- .exe 974944 bytes Created: 22.2011 2:23 Modified: 11.2011 20:03 Modified: 22.8.3.sys C:\Windows\system32\DRIVERS\epfw.sys 332160 bytes Created: 26.2011 17:20 Modified: 4.2011 22:24 Company: ESET ---------Key: ehdrv ImagePath: system32\DRIVERS\ehdrv.sys 50624 bytes Created: 4.2011 22:24 Modified: 9.2011 17:20 Modified: 4.8.P.8.sys C:\Windows\system32\DRIVERS\ehdrv.10.exe" C:\Program Files\Hewlett-Packard\Shared\hpqwmiex. ---------Key: iaStorV ImagePath: \SystemRoot\system32\drivers\iaStorV.sys 118104 bytes Created: 4.9.8.8.2009 15:58 Modified: 30.exe 229944 bytes Created: 30.exe" C:\Program Files\ESET\ESET Smart Security\ekrn.

11.8.11.8.exe 2139400 bytes Created: 26.2010 21:13 Modified: 21.sys 28160 bytes Created: 20.5.2010 22:29 Modified: 20.11.exe" C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.sys C:\Windows\system32\drivers\kbdhid.11.2011 20:03 Modified: 31.10.2010 22:29 Company: Microsoft Corporation ---------Key: MBAMProtector ImagePath: \??\C:\Windows\system32\drivers\mbam.2010 3:53 Modified: 26.2010 17:29 Company: Tonec Inc.sys C:\Windows\system32\DRIVERS\idmwfp.2011 16:00 Company: Malwarebytes Corporation ---------Key: MBAMService ImagePath: "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.sys 85232 bytes Created: 21.sys 27192 bytes .sys 22216 bytes Created: 25.Key: IDMWFP ImagePath: system32\DRIVERS\idmwfp.sys C:\Windows\system32\drivers\msahci.2010 22:29 Company: Microsoft Corporation ---------Key: OS Selector ImagePath: "C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.5.sys C:\Windows\system32\DRIVERS\revoflt.2010 3:53 Company: [no info] ---------Key: RdpVideoMiniport ImagePath: System32\drivers\rdpvideominiport.sys C:\Windows\System32\drivers\rdpvideominiport.11.11.sys 15872 bytes Created: 20.10.exe" C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.sys 28032 bytes Created: 20.12. ---------Key: kbdhid ImagePath: \SystemRoot\system32\drivers\kbdhid.2010 22:29 Company: Microsoft Corporation ---------Key: Revoflt ImagePath: system32\DRIVERS\revoflt.2011 20:03 Modified: 31.exe 366152 bytes Created: 25.12.2010 22:29 Modified: 20.2011 16:00 Company: Malwarebytes Corporation ---------Key: msahci ImagePath: system32\drivers\msahci.sys C:\Windows\system32\drivers\mbam.2010 22:29 Modified: 20.

sys C:\Windows\system32\DRIVERS\sscemdfl.sys C:\Windows\system32\DRIVERS\sscebus.2011 21:48 Modified: 21.7.sys C:\Windows\System32\drivers\synth3dvsc.2011 21:48 Modified: 21.sys 98560 bytes Created: 27.2010 6:55 Company: MCCI Corporation ---------Key: sscemdm ImagePath: system32\DRIVERS\sscemdm.10.sys C:\Windows\system32\drivers\serenum.11.12.2009 10:21 Company: VS Revo Group ---------Key: Serenum ImagePath: \SystemRoot\system32\drivers\serenum.2010 22:29 Company: Microsoft Corporation ---------- .2010 6:55 Company: MCCI Corporation ---------Key: sscemdfl ImagePath: system32\DRIVERS\sscemdfl.2009 0:45 Company: Brother Industries Ltd.10.12.12.sys C:\Windows\system32\DRIVERS\sscemdm.sys 77184 bytes Created: 21.sys 123648 bytes Created: 27.sys C:\Windows\system32\drivers\serial.2010 6:55 Company: MCCI Corporation ---------Key: ssceserd ImagePath: system32\DRIVERS\ssceserd.7. ---------Key: sscebus ImagePath: system32\DRIVERS\sscebus.2010 6:55 Company: MCCI Corporation ---------Key: Synth3dVsc ImagePath: System32\drivers\synth3dvsc.10.sys 17920 bytes Created: 14.2009 0:45 Modified: 14.11.sys 83456 bytes Created: 14.2009 0:45 Company: Microsoft Corporation ---------Key: Serial ImagePath: \SystemRoot\system32\drivers\serial.Created: 28.2011 21:48 Modified: 21.10.2010 1:46 Modified: 20.10.sys 14848 bytes Created: 27.sys C:\Windows\system32\DRIVERS\ssceserd.12.7.12.2011 12:12 Modified: 30.2011 21:48 Modified: 21.sys 100352 bytes Created: 27.2009 0:45 Modified: 14.7.

2008 2:06 Modified: 28.sys 199472 bytes Created: 28. ---------Key: terminpt ImagePath: \SystemRoot\system32\drivers\terminpt.2010 22:29 Modified: 20.2011 16:44 Company: Advanced Micro Devices ---------Key: usbvideo ImagePath: System32\Drivers\usbvideo.2010 22:29 Company: Microsoft Corporation ---------Key: VGPU ImagePath: System32\drivers\rdvgkmd.sys 146432 bytes Created: 20.[file not found to scan] ---------- .10.2010 22:29 Company: Microsoft Corporation ---------Key: TsUsbFlt ImagePath: System32\drivers\tsusbflt.3.2008 2:06 Company: Synaptics.sys C:\Windows\System32\drivers\tsusbflt.sys C:\Windows\system32\DRIVERS\usbfilter.sys 25600 bytes Created: 21.sys C:\Windows\system32\DRIVERS\SynTP.sys 52224 bytes Created: 20.sys C:\Windows\System32\Drivers\usbvideo.11.sys 27264 bytes Created: 20.11.sys 112640 bytes Created: 21.sys C:\Windows\system32\drivers\tsusbhub.sys C:\Windows\System32\drivers\rdvgkmd.11.11.11.sys .2011 22:11 Modified: 17.sys C:\Windows\system32\drivers\TsUsbGD.8.2010 22:29 Company: Microsoft Corporation ---------Key: usbfilter ImagePath: system32\DRIVERS\usbfilter.sys C:\Windows\system32\drivers\terminpt.11.2010 22:29 Company: Microsoft Corporation ---------Key: TsUsbGD ImagePath: \SystemRoot\system32\drivers\TsUsbGD.11.2010 1:46 Modified: 20.2010 22:29 Modified: 20. Inc.2010 22:29 Company: Microsoft Corporation ---------Key: tsusbhub ImagePath: system32\drivers\tsusbhub.2010 22:29 Modified: 20.Key: SynTP ImagePath: system32\DRIVERS\SynTP.11.sys 41600 bytes Created: 30.2010 1:46 Modified: 20.11.3.11.

sys C:\Windows\system32\DRIVERS\vwifibus.7.sys C:\Windows\system32\DRIVERS\vwififlt.2009 0:52 Company: Microsoft Corporation ---------Key: WatAdminSvc ImagePath: %SystemRoot%\system32\Wat\WatAdminSvc.exe 1343400 bytes Created: 28.2009 23:02 Modified: 13.10.7.7.7.sys 35968 bytes Created: 20.2009 0:52 Modified: 14.2009 0:52 Company: Microsoft Corporation ---------Key: vwififlt ImagePath: system32\DRIVERS\vwififlt.CONTEXTMENUHANDLERS ----Key: ESET Smart Security .exe C:\Windows\system32\Wat\WatAdminSvc.sys C:\Windows\system32\DRIVERS\yk62x86.dll 175664 bytes Created: 22.10.sys 19968 bytes Created: 14.9.7.Context Menu Shell Extension CLSID: {B089FE88-FB52-11D3-BDF1-0050DA34150D} Path: C:\Program Files\ESET\ESET Smart Security\shellExt.2011 23:18 Company: Microsoft Corporation ---------Key: WinUsb ImagePath: system32\DRIVERS\WinUsb.11.sys C:\Windows\system32\DRIVERS\WinUsb.11.dll C:\Program Files\ESET\ESET Smart Security\shellExt.2011 23:18 Modified: 28.2009 23:02 Company: Marvell ---------************************************************************ 22:51:46: Scanning -----VXD ENTRIES----************************************************************ 22:51:46: Scanning ----.2010 22:29 Modified: 20.9.sys 311296 bytes Created: 13.7.2009 0:52 Modified: 14.2011 20:10 Modified: 22.sys 48128 bytes Created: 14.2011 20:10 Company: ESET ---------- .Key: vwifibus ImagePath: system32\DRIVERS\vwifibus.2010 22:29 Company: Microsoft Corporation ---------Key: yukonw7 ImagePath: system32\DRIVERS\yk62x86.WINLOGON\NOTIFY DLLS ----No WINLOGON\NOTIFY DLLs found to scan Rootkit scan of Winlogon\Notify key not possible [key may not exist] ************************************************************ 22:51:46: Scanning ----.

SECURITY PROVIDER DLLS ----************************************************************ 22:51:48: Scanning -----.COMMON STARTUP GROUP -----[C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup] The Common Startup Group attempts to load the following file(s) at boot time: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.Key: TeraCopy CLSID: {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} Path: C:\Program Files\TeraCopy\TeraCopyExt.dll C:\Program Files\TeraCopy\TeraCopyExt.ini -HS.12.2010 21:13 Modified: 23.2011 20:53 Modified: 22.SHELLSERVICEOBJECTS ----************************************************************ 22:51:47: Scanning ----.2010 16:28 Company: Internet Download Manager.7.174 bytes Created: 14.APPINIT_DLLS ----The AppInit_DLLs value is blank or does not exist ************************************************************ 22:51:48: Scanning ----.10.2009 7:26 Company: [no info] ---------************************************************************ 22:51:47: Scanning ----. ************************************************************ 22:51:47: Scanning ----.2009 5:41 Modified: 14.ini -HS.BROWSER HELPER OBJECTS ----Key: {0055C089-8582-441B-A0BF-17B458C2A3A8} BHO: C:\Program Files\Internet Download Manager\IDMIECC.174 bytes .SHAREDTASKSCHEDULER ENTRIES ----No SharedTaskScheduler entries found to scan ************************************************************ 22:51:47: Scanning ----. Tonec Inc.12.dll 202160 bytes Created: 21.USER STARTUP GROUPS ----Checking Startup Group for: Igor777 [C:\Users\Igor777\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup] C:\Users\Igor777\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\d esktop.2009 5:41 Company: [no info] -------------------************************************************************ 22:51:48: Scanning ----.7.6.IMAGEFILE DEBUGGERS ----No "Debugger" entries found.dll C:\Program Files\Internet Download Manager\IDMIECC.FOLDER\COLUMNHANDLERS ----************************************************************ 22:51:47: Scanning ----. ---------************************************************************ 22:51:47: Scanning ----.dll 305664 bytes Created: 25.

12.10.DEVICE DRIVER ENTRIES ----************************************************************ 22:51:49: ----.Created: 30.2010 22:29 Company: Microsoft Corporation ---------************************************************************ 22:51:49: Scanning ----.2011 23:30 Modified: 31.10.SCHEDULED TASKS ----No Scheduled Tasks found to scan ************************************************************ 22:51:49: Scanning ----.dll C:\Windows\system32\ntshrui.jpg C:\Users\Igor777\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.12.2011 22:12 Modified: 30.2011 22:12 Company: [no info] ----------------------------************************************************************ 22:51:49: Scanning ----.10.11.2010 17:29 Company: Tonec Inc.jp g 1019237 bytes Created: 24.dll 442880 bytes Created: 20.2010 21:13 Modified: 21.2011 22:45 Company: [no info] ---------Web Desktop Wallpaper entry is blank ---------Checks for rogue DNS NameServers completed ---------Additional checks completed ************************************************************ .SHELLICONOVERLAYIDENTIFIERS ----Key: IDM Shell Extension CLSID: {CDC95B92-E27C-4745-A8C5-64A52A78855D} File: C:\Program Files\Internet Download Manager\IDMShellExt.2010 22:29 Modified: 20.dll 66656 bytes Created: 21.11.10. ---------Key: SharingPrivate CLSID: {08244EE6-92F0-47f2-9FC9-929BAA2E7235} File: %SystemRoot%\system32\ntshrui.dll C:\Program Files\Internet Download Manager\IDMShellExt.ADDITIONAL CHECKS ----Winlogon registry rootkit checks completed ---------Heuristic checks for hidden files/drivers completed ---------Layered Service Provider entries checks completed ---------Windows Explorer Policies checks completed ---------Desktop Wallpaper: C:\Users\Igor777\AppData\Roaming\Microsoft\Windows\Themes\Tra nscodedWallpaper.

11.7.2009 2:14 Company: Microsoft Corporation -------------------C:\Windows\system32\lsm.22:51:50: Scanning ----.2010 22:29 Company: Microsoft Corporation --------------------------------------C:\Windows\system32\atieclxx.exe 20992 bytes Created: 14.RUNNING PROCESSES ----C:\Windows\System32\smss.7.2009 2:14 Company: Microsoft Corporation -------------------C:\Windows\system32\lsass.11.2009 0:11 Modified: 14.7.7.2009 0:19 Modified: 14.7.2009 0:11 Modified: 14.9.11.exe 96256 bytes Created: 14.7.2009 0:11 Modified: 14.2010 22:29 Modified: 20.exe 69632 bytes Created: 14.exe 397312 bytes Created: 30.7.11.7.2011 22:09 Modified: 15.exe 77312 bytes .7.7.7.exe 259072 bytes Created: 14.2009 2:14 Company: Microsoft Corporation -------------------C:\Windows\system32\csrss.2010 22:29 Modified: 20.2009 2:14 Company: Microsoft Corporation -------------------C:\Windows\system32\winlogon.2009 2:14 Company: Microsoft Corporation -------------------C:\Windows\system32\wininit.2010 22:29 Company: Microsoft Corporation -------------------C:\Windows\system32\svchost.exe 6144 bytes Created: 14.10.exe 267776 bytes Created: 20.2009 2:14 Company: Microsoft Corporation -------------------C:\Windows\system32\services.7.exe 286720 bytes Created: 20.2009 0:36 Modified: 14.2009 0:11 Modified: 14.exe 22528 bytes Created: 14.2011 13:30 Company: AMD --------------------------------------C:\Windows\system32\WLANExt.

exe 299008 bytes Created: 23. --------------------------------------C:\Program Files\Synaptics\SynTP\SynTPHelper.2011 13:42 Modified: 15.7.exe 291840 bytes Created: 15. -------------------C:\Windows\system32\SearchIndexer.3.7.10.exe 263600 bytes Created: 21.2008 2:06 Modified: 28.9.7.2010 21:13 Modified: 25.2009 2:14 Company: Microsoft Corporation -------------------C:\Windows\system32\conhost.2010 22:29 Modified: 20.2008 2:06 Company: Synaptics.5.2011 6:45 Modified: 24.11.ACE\Fuel\Fuel. Inc.2010 22:29 Company: Microsoft Corporation --------------------------------------C:\Windows\system32\Dwm.exe 92672 bytes Created: 14.6.7.2010 16:11 Modified: 23.12.2009 2:14 Company: Microsoft Corporation -------------------C:\Program Files\ATI Technologies\ATI.2010 16:11 Company: Advanced Micro Devices Inc.2010 16:28 Company: Tonec Inc.10.8. -------------------C:\Program Files\Internet Download Manager\IEMonitor.2011 13:42 Company: Advanced Micro Devices.exe 271360 bytes Created: 25.11.5.2011 3:18 Modified: 4.2011 5:22 Company: Microsoft Corporation -------------------C:\Windows\System32\spoolsv.2010 22:29 Modified: 20.11. -------------------C:\Windows\system32\taskhost.exe 49152 bytes Created: 20.8.3.exe 317440 bytes Created: 20.exe 95528 bytes Created: 28.ACE\Core-Static\MOM.9.Service.exe 427520 bytes Created: 25.2010 22:29 Company: Microsoft Corporation --------------------------------------C:\Program Files\ATI Technologies\ATI.Created: 14.11.2009 0:24 Modified: 14.2011 5:28 Company: Microsoft Corporation . Inc.2009 0:51 Modified: 14.

0\WPF\PresentationFontCache.com/fwlink/?LinkId=69157 HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page": C:\Windows\System32\blank.INTERNET EXPLORER HOME/START/SEARCH SETTINGS -----HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page": http://go.9.2010 15:33 Company: ATI Technologies Inc.exe 632888 bytes Created: 1.5. -------------------C:\Windows\system32\wbem\wmiprvse.exe 299008 bytes Created: 28.2010 22:29 Company: Microsoft Corporation -------------------C:\Program Files\ATI Technologies\ATI.2011 5:28 Company: Microsoft Corporation -------------------C:\Program Files\Trojan Remover\Rmvtrjan.2011 3:18 Modified: 4.2010 22:29 Company: Microsoft Corporation -------------------C:\Program Files\Hewlett-Packard\Shared\hpqToaster.10.-------------------C:\Program Files\Windows Media Player\wmpnetwk.11.ACE\Core-Static\CCC.2010 22:29 Modified: 20.11.2009 22:14 Company: Microsoft Corporation -------------------C:\Windows\system32\SearchProtocolHost.exe 1121792 bytes Created: 20.Net\Framework\v3.5.10.2009 1:35 Modified: 10.7.exe 42856 bytes Created: 14.2010 22:29 Modified: 20.exe 164352 bytes Created: 25.7.exe 86528 bytes Created: 25.2010 15:33 Modified: 28.microsoft.htm HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page": .2009 15:44 Modified: 1.9.2011 5:28 Company: Microsoft Corporation -------------------C:\Windows\system32\SearchFilterHost.11.11.7.exe 257536 bytes Created: 20.exe FileSize: 4740016 [This is a Trojan Remover component] --------------------------------------************************************************************ 22:51:55: Checking HOSTS file No malicious entries were found in the HOSTS file ************************************************************ -----.2009 15:44 Company: -------------------C:\Windows\Microsoft.6.2011 3:18 Modified: 4.

] File: C:\Windows\system32\userinit.8.exe.2.exe 2616320 bytes Created: 25.SCANNING FOR ROOTKIT SERVICES ----No hidden Services were detected.2011 7:30 Company: Microsoft Corporation ---------This key's "Userinit" value calls the following program(s): Key value: [C:\Windows\system32\userinit.com/fwlink/?LinkId=54896 HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL": http://go.2. ************************************************************ 19:31:51: Scanning -----WINDOWS REGISTRY-----------------------Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon -------------------Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon This key's "Shell" value calls the following program(s): Key value: [explorer.microsoft.microsoft.com/fwlink/?LinkId=54896 ************************************************************ === NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES === Scan completed at: 22:51:55 31 okt 2011 Total Scan time: 00:00:41 ************************************************************ ***** NORMAL SCAN FOR ACTIVE MALWARE ***** Trojan Remover Ver 6.1.2011 4:18 Modified: 25.2600.exe C:\Windows\explorer.microsoft.com/fwlink/?LinkId=54896 HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page": http://go.microsoft.htm HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page": http://go.10.com/fwlink/?LinkId=69157 HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL": http://go.exe] File: explorer. email support@simplysup.http://go.exe C:\Windows\system32\userinit. For information.exe .com [Unregistered version] Scan started at: 19:31:51 25 okt 2011 Using Database v7783 Operating System: Windows 7 Ultimate (SP1) [Build: 6.7601] File System: NTFS UAC is ENABLED [default level] UserData directory: C:\Users\Igor777\AppData\Roaming\Simply Super Software\Troja n Remover\ Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\ Logfile directory: C:\Users\Igor777\Documents\Simply Super Software\Trojan Remo ver Logfiles\ Program directory: C:\Program Files\Trojan Remover\ Running with Administrator privileges ************************************************************ ************************************************************ 19:31:51: ----.com/fwlink/?LinkId=69157 HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page": C:\Windows\system32\blank.microsoft.

exe 3080264 bytes Created: 22.10.10.2010 23:29 Modified: 20.9.2011 21:03 Company: ESET -------------------Value Name: Malwarebytes' Anti-Malware Value Data: "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe 420176 bytes Created: 25.10.2009 14:54 Company: Malwarebytes Corporation -------------------Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Value Name: Sidebar Value Data: C:\Program Files\Windows Sidebar\sidebar.exe" /hide /waitserv ice C:\Program Files\ESET\ESET Smart Security\egui.26624 bytes Created: 20.exe /install /si lent C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.2011 21:03 Modified: 22.exe" /starttray C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.0\AdobeARM.exe" C:\Program Files\Common Files\Adobe\ARM\1.11.9.5.exe /boot C:\Program Files\Trojan Remover\Trjscan.2011 12:55 Company: Adobe Systems Incorporated -------------------Value Name: TrojanScanner Value Data: C:\Program Files\Trojan Remover\Trjscan.exe 937920 bytes Created: 6.2009 14:54 Company: Malwarebytes Corporation -------------------Value Name: Adobe ARM Value Data: "C:\Program Files\Common Files\Adobe\ARM\1.6.2010 23:29 Company: Microsoft Corporation ----------------------------Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows -------------------Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Value Name: load -------------------Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Value Name: egui Value Data: "C:\Program Files\ESET\ESET Smart Security\egui.2011 12:55 Modified: 6.exe 1233856 bytes Created: 25.9.2011 19:21 Modified: 10.9.exe /autoRun C:\Program Files\Windows Sidebar\sidebar.exe 1174016 bytes .2011 19:21 Modified: 10.6.exe 420176 bytes Created: 25.2011 19:28 Modified: 18.11.2011 18:32 Company: Simply Super Software -------------------Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Value Name: Malwarebytes' Anti-Malware Value Data: C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.0\AdobeARM.

Inc.2010 23:29 Company: Microsoft Corporation -------------------Value Name: uTorrent Value Data: "C:\Program Files\uTorrent\uTorrent.10.2011 3:31 Modified: 26.exe 3270040 bytes Created: 26.0\armsvc.sys C:\Windows\system32\DRIVERS\AGRSM.SERVICEDLL REGISTRY KEYS ----************************************************************ 19:31:55: Scanning ----.10.10.sys 1035776 bytes Created: 10. -------------------Value Name: IDMan Value Data: C:\Program Files\Internet Download Manager\IDMan.exe" C:\Program Files\Common Files\Adobe\ARM\1.2010 23:29 Modified: 20.6.2011 7:28 Modified: 25.2011 3:32 Company: Tonec Inc.11.exe 641400 bytes Created: 25.2011 7:29 Company: BitTorrent.SERVICES REGISTRY KEYS ----Key: AdobeARMservice ImagePath: "C:\Program Files\Common Files\Adobe\ARM\1.2009 0:13 .0\armsvc.2009 23:40 Modified: 14.6.7.2011 12:55 Company: Adobe Systems Incorporated ---------Key: AgereSoftModem ImagePath: system32\DRIVERS\AGRSM.11.10.Created: 20. ************************************************************ 19:31:53: Scanning ----.exe 64952 bytes Created: 6.6.exe /onboot C:\Program Files\Internet Download Manager\IDMan.2011 12:55 Modified: 6.exe" /MINIMIZED C:\Program Files\uTorrent\uTorrent. -------------------Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce This Registry Key appears to be empty ************************************************************ 19:31:53: Scanning -----SHELLEXECUTEHOOKS----ShellExecuteHooks key is empty ************************************************************ 19:31:53: Scanning -----HIDDEN REGISTRY ENTRIES----Taskdir check completed ---------No Hidden File-loading Registry Entries found ---------************************************************************ 19:31:53: Scanning -----ACTIVE SCREENSAVER----No active ScreenSaver found to scan.REGISTRY ACTIVE SETUP KEYS ----************************************************************ 19:31:53: Scanning ----.

2009 11:36 Modified: 18.sys 1131008 bytes Created: 10.sys .2010 23:29 Company: Microsoft Corporation ---------Key: eamonm ImagePath: system32\DRIVERS\eamonm.2009 3:26 Company: Microsoft Corporation ---------Key: BCM43XX ImagePath: system32\DRIVERS\bcmwl6.2010 2:46 Modified: 20.7.Company: LSI Corp ---------Key: AMD External Events Utility ImagePath: %SystemRoot%\system32\atiesrxx.2009 1:11 Modified: 14.sys C:\Windows\system32\drivers\amdsata.7.2009 1:11 Company: Microsoft Corporation ---------Key: amdsata ImagePath: \SystemRoot\system32\drivers\amdsata.11.2010 23:29 Company: Advanced Micro Devices ---------Key: atapi ImagePath: system32\drivers\atapi.2010 23:29 Modified: 20.2009 0:02 Company: Broadcom Corporation ---------Key: dmvsc ImagePath: \SystemRoot\system32\drivers\dmvsc.sys 21584 bytes Created: 14.11.2010 23:29 Company: Advanced Micro Devices ---------Key: amdxata ImagePath: system32\drivers\amdxata.exe C:\Windows\system32\atiesrxx.11.2009 1:11 Modified: 14.11.sys C:\Windows\system32\DRIVERS\amdppm.7.11.sys 22400 bytes Created: 20.sys 80256 bytes Created: 20.2009 23:18 Modified: 14.sys 62464 bytes Created: 21.8.sys C:\Windows\system32\drivers\amdxata.sys C:\Windows\system32\drivers\atapi.2010 23:29 Modified: 20.sys C:\Windows\system32\drivers\dmvsc.6.sys C:\Windows\system32\DRIVERS\bcmwl6.sys 52736 bytes Created: 14.7.exe 176128 bytes Created: 18.7.2009 11:36 Company: AMD ---------Key: AmdPPM ImagePath: system32\DRIVERS\amdppm.8.11.

11.2011 21:03 Company: ESET ---------Key: epfw ImagePath: system32\DRIVERS\epfw.2011 18:20 Company: ESET ---------Key: ekrn ImagePath: "C:\Program Files\ESET\ESET Smart Security\ekrn.sys 332160 bytes Created: 20.sys C:\Windows\system32\DRIVERS\ehdrv.sys 33656 bytes Created: 4.exe 974944 bytes Created: 22.2011 21:03 Modified: 22.11.2010 18:29 .sys C:\Windows\system32\DRIVERS\EpfwLWF.2011 23:24 Modified: 9.sys 85232 bytes Created: 21.9.2011 18:20 Company: ESET ---------Key: iaStorV ImagePath: \SystemRoot\system32\drivers\iaStorV.8.8.2011 18:20 Modified: 4.C:\Windows\system32\DRIVERS\eamonm.12.8.9.2011 18:20 Modified: 4.2011 18:20 Company: ESET ---------Key: EpfwLWF ImagePath: system32\DRIVERS\EpfwLWF.sys 118104 bytes Created: 4.sys 147480 bytes Created: 4.8.8.sys 163424 bytes Created: 9.8.2010 23:29 Company: Intel Corporation ---------Key: IDMWFP ImagePath: system32\DRIVERS\idmwfp.sys C:\Windows\system32\DRIVERS\epfw.sys C:\Windows\system32\DRIVERS\idmwfp.2011 18:20 Modified: 4.2011 23:24 Company: ESET ---------Key: ehdrv ImagePath: system32\DRIVERS\ehdrv.8.2010 22:13 Modified: 21.2010 23:29 Modified: 20.8.sys C:\Windows\system32\DRIVERS\epfwwfp.12.sys C:\Windows\system32\drivers\iaStorV.2011 18:20 Modified: 4.sys 50624 bytes Created: 4.2011 18:20 Company: ESET ---------Key: epfwwfp ImagePath: system32\DRIVERS\epfwwfp.8.exe" C:\Program Files\ESET\ESET Smart Security\ekrn.8.

exe 269648 bytes Created: 25.2009 1:45 Company: Microsoft Corporation ---------Key: Serial ImagePath: \SystemRoot\system32\drivers\serial.2011 19:21 Modified: 10. ---------Key: kbdhid ImagePath: \SystemRoot\system32\drivers\kbdhid.2010 23:29 Modified: 20.9.2010 4:53 Company: [no info] ---------Key: RdpVideoMiniport ImagePath: System32\drivers\rdpvideominiport.exe" C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.sys 28032 bytes Created: 20.11.2009 14:53 Company: Malwarebytes Corporation ---------Key: MBAMService ImagePath: "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.10.11.exe" C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.sys C:\Windows\system32\drivers\kbdhid.2009 14:54 Company: Malwarebytes Corporation ---------Key: msahci ImagePath: system32\drivers\msahci.2010 23:29 Company: Microsoft Corporation ---------Key: OS Selector ImagePath: "C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.2009 1:45 Modified: 14.sys 17920 bytes Created: 14.2010 23:29 Company: Microsoft Corporation ---------Key: Serenum ImagePath: \SystemRoot\system32\drivers\serenum.7.2010 23:29 Modified: 20.sys C:\Windows\system32\drivers\mbam.Company: Tonec Inc.11.2010 23:29 Modified: 20.2010 4:53 Modified: 26.exe 2139400 bytes Created: 26.2011 19:21 Modified: 10.sys 15872 bytes Created: 20.9.sys C:\Windows\System32\drivers\rdpvideominiport.sys C:\Windows\system32\drivers\msahci.7.2010 23:29 Company: Microsoft Corporation ---------Key: MBAMProtector ImagePath: \??\C:\Windows\system32\drivers\mbam.11.sys 19160 bytes Created: 25.11.10.sys .sys 28160 bytes Created: 20.5.11.sys C:\Windows\system32\drivers\serenum.5.

2010 23:29 Company: Microsoft Corporation ---------Key: terminpt ImagePath: \SystemRoot\system32\drivers\terminpt.11.sys 52224 bytes Created: 20.11.sys C:\Windows\system32\drivers\terminpt.sys 77184 bytes Created: 21.2010 2:46 Modified: 20.2010 23:29 Company: Microsoft Corporation ---------Key: TsUsbGD ImagePath: \SystemRoot\system32\drivers\TsUsbGD.11.2010 23:29 Company: Microsoft Corporation ---------Key: usbvideo ImagePath: System32\Drivers\usbvideo.sys .2009 1:45 Company: Microsoft Corporation ---------Key: Synth3dVsc ImagePath: System32\drivers\synth3dvsc.11.sys 146432 bytes Created: 20.[file not found to scan] ---------Key: vwifibus ImagePath: system32\DRIVERS\vwifibus.11.11.sys C:\Windows\System32\Drivers\usbvideo.11.C:\Windows\system32\drivers\serial.2010 23:29 Company: Microsoft Corporation ---------Key: tsusbhub ImagePath: system32\drivers\tsusbhub.2010 23:29 Company: Microsoft Corporation ---------Key: VGPU ImagePath: System32\drivers\rdvgkmd.7.7.2009 1:45 Modified: 14.2010 23:29 Modified: 20.sys C:\Windows\System32\drivers\synth3dvsc.2010 23:29 Company: Microsoft Corporation ---------Key: TsUsbFlt ImagePath: System32\drivers\tsusbflt.sys 27264 bytes Created: 20.11.2010 2:46 Modified: 20.11.2010 23:29 Modified: 20.sys C:\Windows\system32\drivers\tsusbhub.sys 25600 bytes Created: 21.2010 2:46 Modified: 20.11.sys .11.sys 112640 bytes Created: 21.sys C:\Windows\System32\drivers\rdvgkmd.2010 23:29 Modified: 20.sys C:\Windows\system32\drivers\TsUsbGD.11.sys C:\Windows\System32\drivers\tsusbflt.sys 83456 bytes Created: 14.

CONTEXTMENUHANDLERS ----Key: ESET Smart Security .dll 305664 bytes Created: 25.9.2011 21:10 Company: ESET ---------Key: TeraCopy CLSID: {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} Path: C:\Program Files\TeraCopy\TeraCopyExt.sys 311296 bytes Created: 14.10.7.7.7.2009 8:26 Company: [no info] ---------Key: TVCShellExt CLSID: {4E33A7F5-8083-4C08-9D45-C5CED88F5C04} Path: C:\PROGRA~1\TOTALV~1\TVCShellExt.7.6.2011 21:10 Modified: 22.7.sys 19968 bytes Created: 14.9.2011 21:53 Modified: 22.dll 175664 bytes Created: 22.2009 0:02 Company: Marvell ---------************************************************************ 19:32:06: Scanning -----VXD ENTRIES----************************************************************ 19:32:06: Scanning ----.dll C:\Program Files\TeraCopy\TeraCopyExt.2009 1:52 Modified: 14.sys 48128 bytes Created: 14.7.dll 234496 bytes Created: 26.sys C:\Windows\system32\DRIVERS\yk62x86.2009 1:52 Company: Microsoft Corporation ---------Key: vwififlt ImagePath: system32\DRIVERS\vwififlt.2009 1:52 Modified: 14.2009 1:52 Company: Microsoft Corporation ---------Key: yukonw7 ImagePath: system32\DRIVERS\yk62x86.10.C:\Windows\system32\DRIVERS\vwifibus.2010 3:19 Company: ---------- .Context Menu Shell Extension CLSID: {B089FE88-FB52-11D3-BDF1-0050DA34150D} Path: C:\Program Files\ESET\ESET Smart Security\shellExt.sys C:\Windows\system32\DRIVERS\vwififlt.7.dll C:\Program Files\ESET\ESET Smart Security\shellExt.2011 3:44 Modified: 30.dll C:\PROGRA~1\TOTALV~1\TVCShellExt.WINLOGON\NOTIFY DLLS ----No WINLOGON\NOTIFY DLLs found to scan Rootkit scan of Winlogon\Notify key not possible [key may not exist] ************************************************************ 19:32:06: Scanning ----.2009 0:02 Modified: 14.

BROWSER HELPER OBJECTS ----Key: {0055C089-8582-441B-A0BF-17B458C2A3A8} BHO: C:\Program Files\Internet Download Manager\IDMIECC.SECURITY PROVIDER DLLS ----************************************************************ 19:32:08: Scanning -----. Tonec Inc.dll C:\Program Files\Internet Download Manager\IDMShellExt.2010 17:28 Company: Internet Download Manager.dll 202160 bytes Created: 21.12.2010 18:29 .2009 6:41 Modified: 14.IMAGEFILE DEBUGGERS ----No "Debugger" entries found.174 bytes Created: 14.COMMON STARTUP GROUP -----[C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup] The Common Startup Group attempts to load the following file(s) at boot time: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.7.dll C:\Program Files\Internet Download Manager\IDMIECC.SCHEDULED TASKS ----No Scheduled Tasks found to scan ************************************************************ 19:32:08: Scanning ----.7.SHELLICONOVERLAYIDENTIFIERS ----Key: IDM Shell Extension CLSID: {CDC95B92-E27C-4745-A8C5-64A52A78855D} File: C:\Program Files\Internet Download Manager\IDMShellExt.12.ini -HS.2009 6:41 Company: [no info] -------------------************************************************************ No User Startup Groups were located to check ************************************************************ 19:32:08: Scanning ----.dll 66656 bytes Created: 21.SHAREDTASKSCHEDULER ENTRIES ----No SharedTaskScheduler entries found to scan ************************************************************ 19:32:07: Scanning ----. ************************************************************ 19:32:07: Scanning ----.12.APPINIT_DLLS ----The AppInit_DLLs value is blank or does not exist ************************************************************ 19:32:07: Scanning ----.SHELLSERVICEOBJECTS ----************************************************************ 19:32:07: Scanning ----.FOLDER\COLUMNHANDLERS ----************************************************************ 19:32:07: Scanning ----.2010 22:13 Modified: 23. ---------************************************************************ 19:32:07: Scanning ----.2010 22:13 Modified: 21.12.************************************************************ 19:32:07: Scanning ----.

ADDITIONAL CHECKS ----Winlogon registry rootkit checks completed ---------Heuristic checks for hidden files/drivers completed ---------Layered Service Provider entries checks completed ---------Windows Explorer Policies checks completed ---------Desktop Wallpaper: C:\Users\Igor777\AppData\Roaming\Microsoft\Windows\Themes\Tra nscodedWallpaper.2010 23:29 Modified: 20. ---------Key: SharingPrivate CLSID: {08244EE6-92F0-47f2-9FC9-929BAA2E7235} File: %SystemRoot%\system32\ntshrui.7.2011 0:30 Modified: 25.2009 3:14 Company: Microsoft Corporation -------------------C:\Windows\system32\wininit.7.7.exe 69632 bytes Created: 14.dll 442880 bytes Created: 20.Company: Tonec Inc.RUNNING PROCESSES ----C:\Windows\System32\smss.10.2009 1:11 Modified: 14.dll C:\Windows\system32\ntshrui.2009 3:14 Company: Microsoft Corporation -------------------C:\Windows\system32\csrss.exe 6144 bytes Created: 14.jpg C:\Users\Igor777\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.2009 3:14 Company: Microsoft Corporation .7.exe 96256 bytes Created: 14.10.2009 1:36 Modified: 14.2011 19:30 Company: [no info] ---------Web Desktop Wallpaper entry is blank ---------Checks for rogue DNS NameServers completed ---------Additional checks completed ************************************************************ 19:32:10: Scanning ----.jp g 1383577 bytes Created: 25.2009 1:11 Modified: 14.DEVICE DRIVER ENTRIES ----************************************************************ 19:32:09: ----.11.7.7.11.2010 23:29 Company: Microsoft Corporation ---------************************************************************ 19:32:09: Scanning ----.

8.2010 23:29 Modified: 20.2010 23:29 .exe 92672 bytes Created: 14.11.11.exe 286720 bytes Created: 20.2009 1:24 Modified: 14.7.7.exe 267776 bytes Created: 20.2010 23:29 Company: Microsoft Corporation -------------------C:\Windows\system32\svchost.11.2010 23:29 Company: Microsoft Corporation -------------------C:\Program Files\Windows Media Player\wmpnetwk.2010 23:29 Modified: 20.2009 1:11 Modified: 14.exe 49152 bytes Created: 20.2010 23:29 Modified: 20.-------------------C:\Windows\system32\services.2009 11:36 Company: AMD -------------------C:\Windows\system32\Dwm.2009 1:11 Modified: 14.7.2010 23:29 Company: Microsoft Corporation -------------------C:\Windows\system32\winlogon.exe 317440 bytes Created: 20.11.11.8.2009 3:14 Company: Microsoft Corporation -------------------C:\Windows\system32\lsm.exe 348160 bytes Created: 18.7.exe 1121792 bytes Created: 20.2009 3:14 Company: Microsoft Corporation -------------------C:\Windows\system32\taskhost.2010 23:29 Company: Microsoft Corporation --------------------------------------C:\Windows\system32\atieclxx.2009 3:14 Company: Microsoft Corporation -------------------C:\Windows\system32\lsass.exe 259072 bytes Created: 14.exe 20992 bytes Created: 14.7.2009 11:36 Modified: 18.exe 22528 bytes Created: 14.11.11.11.11.7.2010 23:29 Modified: 20.7.2009 1:19 Modified: 14.7.2009 3:14 Company: Microsoft Corporation --------------------------------------C:\Windows\System32\spoolsv.

exe 73216 bytes Created: 20.NET\Framework\v2.2011 6:28 Company: Microsoft Corporation .6.2010 23:29 Modified: 20.11.0.11.exe 227328 bytes Created: 20.12.11.11.5.11.50727\mscorsvw.7.11.10.11.10.2011 6:28 Company: Microsoft Corporation -------------------C:\Windows\servicing\TrustedInstaller.Modified: 20.2010 23:29 Modified: 20.5.exe 66384 bytes Created: 13.5.11.2010 23:29 Modified: 20.2010 23:29 Company: Microsoft Corporation --------------------------------------C:\Windows\system32\taskmgr.2009 23:23 Company: Microsoft Corporation --------------------------------------C:\Program Files\Internet Download Manager\IEMonitor.2011 6:28 Company: Microsoft Corporation -------------------C:\Windows\system32\SearchProtocolHost.2011 4:18 Modified: 4.2010 23:29 Company: Microsoft Corporation --------------------------------------C:\Windows\Microsoft.11. -------------------C:\Windows\system32\msiexec.5.2011 4:18 Modified: 4.exe 427520 bytes Created: 25.2010 23:29 Company: Microsoft Corporation -------------------C:\Windows\system32\vssvc.2011 4:18 Modified: 4.exe 263600 bytes Created: 21.exe 86528 bytes Created: 25.2010 23:29 Company: Microsoft Corporation -------------------C:\Windows\system32\SearchFilterHost.10.2010 23:29 Modified: 20.2010 23:29 Company: Microsoft Corporation --------------------------------------C:\Windows\system32\SearchIndexer.2010 22:13 Modified: 25.exe 204800 bytes Created: 20.2010 17:28 Company: Tonec Inc.exe 164352 bytes Created: 25.2009 22:46 Modified: 10.exe 1025536 bytes Created: 20.

com/fwlink/?LinkId=54896 HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL": http://go.11.-------------------C:\Windows\system32\wbem\wmiprvse.htm HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page": http://go.microsoft.microsoft.11.com/fwlink/?LinkId=69157 HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL": http://go.exe FileSize: 4740016 [This is a Trojan Remover component] --------------------------------------************************************************************ 19:32:13: Checking HOSTS file No malicious entries were found in the HOSTS file ************************************************************ -----.microsoft.microsoft.INTERNET EXPLORER HOME/START/SEARCH SETTINGS -----HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page": http://go.com/fwlink/?LinkId=54896 HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page": http://go.microsoft.exe 257536 bytes Created: 20.com/fwlink/?LinkId=54896 ************************************************************ === NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES === Scan completed at: 19:32:13 25 okt 2011 Total Scan time: 00:00:22 ************************************************************ .com/fwlink/?LinkId=69157 HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page": C:\Windows\system32\blank.2010 23:29 Modified: 20.com/fwlink/?LinkId=69157 HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page": C:\Windows\System32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page": http://go.2010 23:29 Company: Microsoft Corporation -------------------C:\Program Files\Trojan Remover\Rmvtrjan.microsoft.