please help me with my laptop [Archive]

sebastiaanst

2008-08-14, 18:29

when i start up my laptop i get 3 errors:

RunDLL

C:\Users\Sebas~1\AppData\Local\Temp\pmnNDurP.dll
C:\Users\Sebas~1\AppData\Local\Temp\pmsawkco.dll
C:\Users\Sebas~1\AppData\Local\Temp\tcxximkm.dll

i used spybot, and that gave me 1 alert: virtumonde

i also used trojan remover, see the log below:

when i go on the internet, most of the times internet explorer suddenly stops working. the only solution then is the reset button, very annoying.

if you can help me, plz
if u need some more info plz tell me what you need and how i can give it to you.

log trojan remover:

***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.6.8.2518. For information, email support@simplysup.com
[Registered to: You know the Tr@p and I'm the Zer0 :)]
Scan started at: 14-8-2008 16:10:04
Using Database v6945
Operating System: Windows Vista [Windows Vista (Build 6000)]
Edition: Windows Vista (TM) Home Premium
File System: NTFS
User Account Control is Enabled.
Data directory: C:\Users\Sebastiaan\AppData\Roaming\Simply Super Software\Trojan Remover\
Logfile directory: C:\Users\Sebastiaan\Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

**************************************************

**************************************************
16:10:04: Scanning ----------WIN.INI-----------
WIN.INI found in C:\Windows

**************************************************
16:10:04: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\Windows

**************************************************
16:10:04: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

**************************************************
16:10:09: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: explorer.exe
C:\Windows\explorer.exe
2923520 bytes
Created: 4-2-2008
Modified: 4-2-2008
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\Windows\system32\userinit.exe
C:\Windows\system32\userinit.exe
24576 bytes
Created: 2-11-2006
Modified: 2-11-2006
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: Windows Defender
Value Data: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
C:\Program Files\Windows Defender\MSASCui.exe
1006264 bytes
Created: 15-7-2007
Modified: 15-7-2007
Company: Microsoft Corporation
--------------------
Value Name: KeNotify
Value Data: C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
34352 bytes
Created: 6-11-2006
Modified: 6-11-2006
Company:
--------------------
Value Name: SVPWUTIL
Value Data: C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe
438272 bytes
Created: 22-3-2006
Modified: 22-3-2006
Company: TOSHIBA
--------------------
Value Name: ccApp
Value Data: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
115816 bytes
Created: 9-1-2007
Modified: 9-1-2007
Company: Symantec Corporation
--------------------
Value Name: HWSetup
Value Data: \HWSetup.exe hwSetUP
\HWSetup.exe [file not found to scan]
--------------------
Value Name: RtHDVCpl
Value Data: RtHDVCpl.exe
C:\Windows\RtHDVCpl.exe
4702208 bytes
Created: 16-10-2007
Modified: 3-9-2007
Company: Realtek Semiconductor
--------------------
Value Name: TPwrMain
Value Data: %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE
411192 bytes
Created: 29-3-2007
Modified: 29-3-2007
Company: TOSHIBA Corporation
--------------------
Value Name: HSON
Value Data: %ProgramFiles%\TOSHIBA\TBS\HSON.exe
C:\Program Files\TOSHIBA\TBS\HSON.exe
55416 bytes
Created: 7-12-2006
Modified: 7-12-2006
Company: TOSHIBA Corporation
--------------------
Value Name: SmoothView
Value Data: %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
509496 bytes
Created: 3-4-2007
Modified: 3-4-2007
Company: TOSHIBA Corporation
--------------------
Value Name: 00TCrdMain
Value Data: %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
538744 bytes
Created: 22-5-2007
Modified: 22-5-2007
Company: TOSHIBA Corporation
--------------------
Value Name: NDSTray.exe
Value Data: NDSTray.exe
NDSTray.exe [file not found to scan]
--------------------
Value Name: topi
Value Data: C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe
581632 bytes
Created: 16-10-2007
Modified: 10-7-2007
Company: TOSHIBA
--------------------
Value Name: IgfxTray
Value Data: C:\Windows\system32\igfxtray.exe
C:\Windows\system32\igfxtray.exe
141848 bytes
Created: 16-10-2007
Modified: 20-9-2007
Company: Intel Corporation
--------------------
Value Name: HotKeysCmds
Value Data: C:\Windows\system32\hkcmd.exe
C:\Windows\system32\hkcmd.exe
154136 bytes
Created: 16-10-2007
Modified: 20-9-2007
Company: Intel Corporation
--------------------
Value Name: Persistence
Value Data: C:\Windows\system32\igfxpers.exe
C:\Windows\system32\igfxpers.exe
129560 bytes
Created: 16-10-2007
Modified: 20-9-2007
Company: Intel Corporation
--------------------
Value Name: Camera Assistant Software
Value Data: "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
413696 bytes
Created: 9-1-2008
Modified: 10-4-2007
Company: Chicony
--------------------
Value Name: Apoint
Value Data: C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Apoint2K\Apoint.exe
180224 bytes
Created: 26-4-2007
Modified: 11-9-2006
Company: Alps Electric Co., Ltd.
--------------------
Value Name: Toshiba Registration
Value Data: C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
571024 bytes
Created: 26-4-2007
Modified: 19-2-2007
Company: Toshiba
--------------------
Value Name: IAAnotif
Value Data: C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
174872 bytes
Created: 9-1-2008
Modified: 12-2-2007
Company: Intel Corporation
--------------------
Value Name: GrooveMonitor
Value Data: "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
33648 bytes
Created: 24-8-2007
Modified: 24-8-2007
Company: Microsoft Corporation
--------------------
Value Name: Toshiba TEMPO
Value Data: C:\Program Files\Toshiba TEMPO\Toshiba.Tempo.UI.TrayApplication.exe
C:\Program Files\Toshiba TEMPO\Toshiba.Tempo.UI.TrayApplication.exe
103824 bytes
Created: 29-10-2007
Modified: 29-10-2007
Company: Toshiba Europe GmbH
--------------------
Value Name: mnu
Value Data: C:\Program Files\Orange\GLOBAL\Mnu\igomnu.exe /S:T
C:\Program Files\Orange\GLOBAL\Mnu\igomnu.exe
437976 bytes
Created: 1-5-2006
Modified: 1-5-2006
Company: Orange International
--------------------
Value Name: QuickTime Task
Value Data: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
C:\Program Files\QuickTime\QTTask.exe
385024 bytes
Created: 1-2-2008
Modified: 1-2-2008
Company: Apple Inc.
--------------------
Value Name: egui
Value Data: "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
C:\Program Files\ESET\ESET Smart Security\egui.exe
1410304 bytes
Created: 25-10-2007
Modified: 25-10-2007
Company: ESET
--------------------
Value Name: ISTray
Value Data: "C:\Program Files\Spyware Doctor\pctsTray.exe"
C:\Program Files\Spyware Doctor\pctsTray.exe
1107848 bytes
Created: 9-7-2008
Modified: 10-4-2008
Company: PC Tools
--------------------
Value Name: AVG8_TRAY
Value Data: C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
1232152 bytes
Created: 22-7-2008
Modified: 22-7-2008
Company: AVG Technologies CZ, s.r.o.
--------------------
Value Name: Symantec PIF AlertEng
Value Data: "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
583048 bytes
Created: 29-1-2008
Modified: 29-1-2008
Company: Symantec Corporation
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe
C:\Program Files\Trojan Remover\Trjscan.exe
866384 bytes
Created: 14-8-2008
Modified: 14-8-2008
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: Sidebar
Value Data: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
C:\Program Files\Windows Sidebar\sidebar.exe
1232896 bytes
Created: 2-2-2008
Modified: 2-2-2008
Company: Microsoft Corporation
--------------------
Value Name: TOSCDSPD
Value Data: TOSCDSPD.EXE
TOSCDSPD.EXE [file not found to scan]
--------------------
Value Name: ehTray.exe
Value Data: C:\Windows\ehome\ehTray.exe
C:\Windows\ehome\ehTray.exe
125440 bytes
Created: 2-11-2006
Modified: 2-11-2006
Company: Microsoft Corporation
--------------------
Value Name: mnu
Value Data: C:\Program Files\Orange\GLOBAL\Mnu\igomnu.exe /S:T
C:\Program Files\Orange\GLOBAL\Mnu\igomnu.exe
437976 bytes
Created: 1-5-2006
Modified: 1-5-2006
Company: Orange International
--------------------
Value Name: MsnMsgr
Value Data: "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
5724184 bytes
Created: 18-10-2007
Modified: 18-10-2007
Company: Microsoft Corporation
--------------------
Value Name: WMPNSCFG
Value Data: C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
201728 bytes
Created: 2-11-2006
Modified: 2-11-2006
Company: Microsoft Corporation
--------------------
Value Name: SpybotSD TeaTimer
Value Data: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe - this entry is globally excluded
--------------------
Value Name: e01097ab
Value Data: rundll32.exe "C:\Users\SEBAST~1\AppData\Local\Temp\tcxximkm.dll",b
C:\Users\SEBAST~1\AppData\Local\Temp\tcxximkm.dll [file not found to scan]
--------------------
Value Name: cmds
Value Data: rundll32.exe C:\Users\SEBAST~1\AppData\Local\Temp\pmnNDurP.dll,c
C:\Users\SEBAST~1\AppData\Local\Temp\pmnNDurP.dll [file not found to scan]
--------------------
Value Name: BMe323a437
Value Data: Rundll32.exe "C:\Users\SEBAST~1\AppData\Local\Temp\pmsawkco.dll",s
C:\Users\SEBAST~1\AppData\Local\Temp\pmsawkco.dll [file not found to scan]
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty

**************************************************
16:10:15: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}
Value: Groove GFS Stub Execution Hook
File: C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
2212224 bytes
Created: 24-8-2007
Modified: 24-8-2007
Company: Microsoft Corporation
----------

**************************************************
16:10:16: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

**************************************************
16:10:16: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver: C:\Windows\system32\logon.scr
C:\Windows\system32\logon.scr
5714432 bytes
Created: 2-11-2006
Modified: 2-11-2006
Company: Microsoft Corporation
--------------------

**************************************************
16:10:16: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----

**************************************************
16:10:17: Scanning ----- SERVICEDLL REGISTRY KEYS -----

**************************************************
16:10:26: Scanning ----- SERVICES REGISTRY KEYS -----
Key: aawservice
ImagePath: "C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe"
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
611664 bytes
Created: 12-5-2008
Modified: 9-7-2008
Company: Lavasoft
----------
Key: adpu160m
ImagePath: \SystemRoot\system32\drivers\adpu160m.sys
C:\Windows\system32\drivers\adpu160m.sys
98408 bytes
Created: 2-11-2006
Modified: 2-11-2006
Company: Adaptec, Inc.
----------
Key: AgereModemAudio
ImagePath: C:\Windows\system32\agrsmsvc.exe
C:\Windows\system32\agrsmsvc.exe
9216 bytes
Created: 16-10-2007
Modified: 5-10-2006
Company: Agere Systems
----------
Key: AgereSoftModem
ImagePath: system32\DRIVERS\AGRSM.sys
C:\Windows\system32\DRIVERS\AGRSM.sys
1161888 bytes
Created: 16-10-2007
Modified: 28-11-2006
Company: Agere Systems
----------
Key: agp440
ImagePath: \SystemRoot\system32\drivers\agp440.sys
C:\Windows\system32\drivers\agp440.sys
53864 bytes
Created: 2-11-2006
Modified: 2-11-2006
Company: Microsoft Corporation
----------
Key: ApfiltrService
ImagePath: system32\DRIVERS\Apfiltr.sys
C:\Windows\system32\DRIVERS\Apfiltr.sys
140800 bytes
Created: 26-4-2007
Modified: 30-8-2006
Company: Alps Electric Co., Ltd.
----------
Key: athr
ImagePath: system32\DRIVERS\athr.sys
C:\Windows\system32\DRIVERS\athr.sys
737280 bytes
Created: 9-1-2008
Modified: 18-6-2007
Company: Atheros Communications, Inc.
----------
Key: avg8wd
ImagePath: C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
231192 bytes
Created: 22-7-2008
Modified: 22-7-2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: AvgLdx86
ImagePath: \SystemRoot\System32\Drivers\avgldx86.sys
C:\Windows\System32\Drivers\avgldx86.sys
96520 bytes
Created: 22-7-2008
Modified: 22-7-2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: AvgMfx86
ImagePath: \SystemRoot\System32\Drivers\avgmfx86.sys
C:\Windows\System32\Drivers\avgmfx86.sys
26824 bytes
Created: 22-7-2008
Modified: 22-7-2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: blbdrive
ImagePath: \SystemRoot\system32\drivers\blbdrive.sys - file is missing - alert is globally excluded
----------
Key: ccEvtMgr
ImagePath: "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
108648 bytes
Created: 9-1-2007
Modified: 9-1-2007
Company: Symantec Corporation
----------
Key: ccSetMgr
ImagePath: "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
108648 bytes
Created: 9-1-2007
Modified: 9-1-2007
Company: Symantec Corporation
----------
Key: CFSvcs
ImagePath: C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
40960 bytes
Created: 16-10-2007
Modified: 14-11-2006
Company: TOSHIBA CORPORATION
----------
Key: circlass
ImagePath: system32\DRIVERS\circlass.sys
C:\Windows\system32\DRIVERS\circlass.sys
35328 bytes
Created: 2-11-2006
Modified: 2-11-2006
Company: Microsoft Corporation
----------
Key: CLTNetCnService
ImagePath: "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
108648 bytes
Created: 9-1-2007
Modified: 9-1-2007
Company: Symantec Corporation
----------
Key: comHost
ImagePath: "C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe"
C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
49248 bytes
Created: 12-1-2007
Modified: 12-1-2007
Company: Symantec Corporation
----------
Key: CplIR
ImagePath: \SystemRoot\system32\DRIVERS\CplIR.SYS
C:\Windows\system32\DRIVERS\CplIR.SYS
14848 bytes
Created: 6-3-2007
Modified: 6-3-2007
Company: COMPAL ELECTRONIC INC.
----------
Key: CVPND
ImagePath: "C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe"
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
1520688 bytes
Created: 14-2-2008
Modified: 20-4-2006
Company: Cisco Systems, Inc.
----------
Key: eamon
ImagePath: system32\DRIVERS\eamon.sys
C:\Windows\system32\DRIVERS\eamon.sys
33800 bytes
Created: 25-10-2007
Modified: 25-10-2007
Company: Eset
----------
Key: easdrv
ImagePath: system32\DRIVERS\easdrv.sys
C:\Windows\system32\DRIVERS\easdrv.sys
27144 bytes
Created: 25-10-2007
Modified: 25-10-2007
Company: ESET
----------
Key: eeCtrl
ImagePath: \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
385072 bytes
Created: 8-2-2008
Modified: 22-1-2008
Company: Symantec Corporation
----------
Key: EhttpSrv
ImagePath: "C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe"
C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
18176 bytes
Created: 25-10-2007
Modified: 25-10-2007
Company:
----------
Key: ekrn
ImagePath: "C:\Program Files\ESET\ESET Smart Security\ekrn.exe"
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
455936 bytes
Created: 25-10-2007
Modified: 25-10-2007
Company: ESET
----------
Key: epfw
ImagePath: system32\DRIVERS\epfw.sys
C:\Windows\system32\DRIVERS\epfw.sys
50696 bytes
Created: 25-10-2007
Modified: 25-10-2007
Company: ESET
----------
Key: Epfwndis
ImagePath: system32\DRIVERS\Epfwndis.sys
C:\Windows\system32\DRIVERS\Epfwndis.sys
30728 bytes
Created: 25-10-2007
Modified: 25-10-2007
Company: ESET
----------
Key: epfwtdi
ImagePath: system32\DRIVERS\epfwtdi.sys
C:\Windows\system32\DRIVERS\epfwtdi.sys
53768 bytes
Created: 25-10-2007
Modified: 25-10-2007
Company: ESET
----------
Key: EraserUtilRebootDrv
ImagePath: \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
109616 bytes
Created: 8-2-2008
Modified: 22-1-2008
Company: Symantec Corporation
----------
Key: HidIr
ImagePath: system32\DRIVERS\hidir.sys
C:\Windows\system32\DRIVERS\hidir.sys
21504 bytes
Created: 2-11-2006
Modified: 2-11-2006
Company: Microsoft Corporation
----------
Key: IAANTMON
ImagePath: C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
355096 bytes
Created: 9-1-2008
Modified: 12-2-2007
Company: Intel Corporation
----------
Key: iaStor
ImagePath: system32\DRIVERS\iaStor.sys
C:\Windows\system32\DRIVERS\iaStor.sys
277784 bytes
Created: 26-4-2007
Modified: 12-2-2007
Company: Intel Corporation
----------
Key: IDriverT
ImagePath: "C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"
C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
73728 bytes
Created: 22-10-2004
Modified: 22-10-2004
Company: Macrovision Corporation
----------
Key: IDSvix86
ImagePath: \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080331.001\IDSvix86.sys
C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080331.001\IDSvix86.sys
261680 bytes
Created: 31-3-2008
Modified: 13-2-2008
Company: Symantec Corporation
----------
Key: igfx
ImagePath: system32\DRIVERS\igdkmd32.sys
C:\Windows\system32\DRIVERS\igdkmd32.sys
1925632 bytes
Created: 16-10-2007
Modified: 13-9-2007
Company: Intel Corporation
----------
Key: IKFileSec
ImagePath: system32\drivers\ikfilesec.sys
C:\Windows\system32\drivers\ikfilesec.sys
42376 bytes
Created: 9-7-2008
Modified: 1-2-2008
Company: PCTools Research Pty Ltd.
----------
Key: IKSysFlt
ImagePath: system32\drivers\iksysflt.sys
C:\Windows\system32\drivers\iksysflt.sys
66952 bytes
Created: 9-7-2008
Modified: 10-12-2007
Company: PCTools Research Pty Ltd.
----------
Key: IKSysSec
ImagePath: system32\drivers\iksyssec.sys
C:\Windows\system32\drivers\iksyssec.sys
81288 bytes
Created: 9-7-2008
Modified: 10-12-2007
Company: PCTools Research Pty Ltd.
----------
Key: IpInIp
ImagePath: system32\DRIVERS\ipinip.sys - file is missing - alert is globally excluded
----------
Key: ISPwdSvc
ImagePath: "C:\Program Files\Norton Internet Security\isPwdSvc.exe"
C:\Program Files\Norton Internet Security\isPwdSvc.exe
80504 bytes
Created: 14-1-2007
Modified: 14-1-2007
Company: Symantec Corporation
----------
Key: KR10I
ImagePath: \SystemRoot\system32\drivers\kr10i.sys
C:\Windows\system32\drivers\kr10i.sys
219392 bytes
Created: 26-4-2007
Modified: 18-1-2007
Company: TOSHIBA CORPORATION
----------
Key: KR10N
ImagePath: \SystemRoot\system32\drivers\kr10n.sys
C:\Windows\system32\drivers\kr10n.sys
211072 bytes
Created: 26-4-2007
Modified: 18-1-2007
Company: TOSHIBA CORPORATION
----------
Key: LiveUpdate
ImagePath: "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
2999664 bytes
Created: 26-4-2007
Modified: 26-9-2007
Company: Symantec Corporation
----------
Key: LiveUpdate Notice Ex
ImagePath: "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
108648 bytes
Created: 9-1-2007
Modified: 9-1-2007
Company: Symantec Corporation
----------
Key: LiveUpdate Notice Service
ImagePath: "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll"
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
583048 bytes
Created: 29-1-2008
Modified: 29-1-2008
Company: Symantec Corporation
----------
Key: LPCFilter
ImagePath: system32\DRIVERS\LPCFilter.sys
C:\Windows\system32\DRIVERS\LPCFilter.sys
19456 bytes
Created: 28-7-2006
Modified: 28-7-2006
Company: COMPAL ELECTRONIC INC.
----------
Key: MBAMCatchMe
ImagePath: \??\C:\Windows\system32\drivers\mbamcatchme.sys
C:\Windows\system32\drivers\mbamcatchme.sys
34296 bytes
Created: 10-7-2008
Modified: 7-7-2008
Company:
----------
Key: msahci
ImagePath: system32\drivers\msahci.sys
C:\Windows\system32\drivers\msahci.sys
23144 bytes
Created: 2-11-2006
Modified: 2-11-2006
Company: Microsoft Corporation
----------
Key: NAVENG
ImagePath: \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20080406.003\NAVENG.SYS
C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20080406.003\NAVENG.SYS
82256 bytes
Created: 6-4-2008
Modified: 5-3-2008
Company: Symantec Corporation
----------
Key: NAVEX15
ImagePath: \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20080406.003\NAVEX15.SYS
C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20080406.003\NAVEX15.SYS
895408 bytes
Created: 6-4-2008
Modified: 5-3-2008
Company: Symantec Corporation
----------
Key: ntrigdigi
ImagePath: \SystemRoot\system32\drivers\ntrigdigi.sys
C:\Windows\system32\drivers\ntrigdigi.sys
20608 bytes
Created: 2-11-2006
Modified: 2-11-2006
Company: N-trig Innovative Technologies
----------
Key: NwlnkFlt
ImagePath: system32\DRIVERS\nwlnkflt.sys - file is missing - alert is globally excluded
----------
Key: NwlnkFwd
ImagePath: system32\DRIVERS\nwlnkfwd.sys - file is missing - alert is globally excluded
----------
Key: Parport
ImagePath: \SystemRoot\system32\drivers\parport.sys
C:\Windows\system32\drivers\parport.sys
79360 bytes
Created: 2-11-2006
Modified: 2-11-2006
Company: Microsoft Corporation
----------
Key: Parvdm
ImagePath: \SystemRoot\system32\drivers\parvdm.sys
C:\Windows\system32\drivers\parvdm.sys
8704 bytes
Created: 2-11-2006
Modified: 2-11-2006
Company: Microsoft Corporation
----------
Key: Planner voor Automatische LiveUpdate
ImagePath: "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
554352 bytes
Created: 26-4-2007
Modified: 26-9-2007
Company: Symantec Corporation
----------
Key: ql2300
ImagePath: \SystemRoot\system32\drivers\ql2300.sys
C:\Windows\system32\drivers\ql2300.sys
900712 bytes
Created: 2-11-2006
Modified: 2-11-2006
Company: QLogic Corporation
----------
Key: ql40xx
ImagePath: \SystemRoot\system32\drivers\ql40xx.sys
C:\Windows\system32\drivers\ql40xx.sys
106088 bytes
Created: 2-11-2006
Modified: 2-11-2006
Company: QLogic Corporation
----------
Key: RTL8169
ImagePath: system32\DRIVERS\Rtlh86.sys
C:\Windows\system32\DRIVERS\Rtlh86.sys
81408 bytes
Created: 15-7-2007
Modified: 30-4-2007
Company: Realtek Corporation
----------
Key: sdAuxService
ImagePath: C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
337800 bytes
Created: 9-7-2008
Modified: 10-4-2008
Company: PC Tools
----------
Key: sdCoreService
ImagePath: C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
1017224 bytes
Created: 9-7-2008
Modified: 17-4-2008
Company: PC Tools
----------
Key: Serenum
ImagePath: \SystemRoot\system32\drivers\serenum.sys
C:\Windows\system32\drivers\serenum.sys
17920 bytes
Created: 2-11-2006
Modified: 2-11-2006
Company: Microsoft Corporation
----------
Key: Serial
ImagePath: \SystemRoot\system32\drivers\serial.sys
C:\Windows\system32\drivers\serial.sys
83456 bytes
Created: 2-11-2006
Modified: 2-11-2006
Company: Microsoft Corporation
----------
Key: sffdisk
ImagePath: system32\DRIVERS\sffdisk.sys
C:\Windows\system32\DRIVERS\sffdisk.sys
13312 bytes
Created: 16-10-2007
Modified: 16-10-2007
Company: Microsoft Corporation
----------
Key: sffp_sd
ImagePath: system32\DRIVERS\sffp_sd.sys
C:\Windows\system32\DRIVERS\sffp_sd.sys
12800 bytes
Created: 16-10-2007
Modified: 16-10-2007
Company: Microsoft Corporation
----------
Key: sisagp
ImagePath: \SystemRoot\system32\drivers\sisagp.sys
C:\Windows\system32\drivers\sisagp.sys
53352 bytes
Created: 2-11-2006
Modified: 2-11-2006
Company: Microsoft Corporation
----------
Key: SPBBCDrv
ImagePath: \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
418104 bytes
Created: 3-1-2007
Modified: 14-4-2007
Company: Symantec Corporation
----------
Key: SRTSP
ImagePath: System32\Drivers\SRTSP.SYS
C:\Windows\System32\Drivers\SRTSP.SYS
279088 bytes
Created: 1-12-2007
Modified: 1-12-2007
Company: Symantec Corporation
----------
Key: SRTSPL
ImagePath: System32\Drivers\SRTSPL.SYS
C:\Windows\System32\Drivers\SRTSPL.SYS
317616 bytes
Created: 1-12-2007
Modified: 1-12-2007
Company: Symantec Corporation
----------
Key: SRTSPX
ImagePath: System32\Drivers\SRTSPX.SYS
C:\Windows\System32\Drivers\SRTSPX.SYS
43696 bytes
Created: 1-12-2007
Modified: 1-12-2007
Company: Symantec Corporation
----------
Key: Symantec Core LC
ImagePath: "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
1251720 bytes
Created: 2-2-2008
Modified: 2-2-2008
Company:
----------
Key: SymAppCore
ImagePath: "C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe"
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
47712 bytes
Created: 5-1-2007
Modified: 5-1-2007
Company: Symantec Corporation
----------
Key: SYMDNS
ImagePath: \SystemRoot\System32\Drivers\SYMDNS.SYS
C:\Windows\System32\Drivers\SYMDNS.SYS
12848 bytes
Created: 7-3-2008
Modified: 7-3-2008
Company: Symantec Corporation
----------
Key: SymEvent
ImagePath: \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
C:\Windows\system32\Drivers\SYMEVENT.SYS
123952 bytes
Created: 26-4-2007
Modified: 2-2-2008
Company: Symantec Corporation
----------
Key: SYMFW
ImagePath: \SystemRoot\System32\Drivers\SYMFW.SYS
C:\Windows\System32\Drivers\SYMFW.SYS
145968 bytes
Created: 7-3-2008
Modified: 7-3-2008
Company: Symantec Corporation
----------
Key: SYMIDS
ImagePath: \SystemRoot\System32\Drivers\SYMIDS.SYS
C:\Windows\System32\Drivers\SYMIDS.SYS
39984 bytes
Created: 7-3-2008
Modified: 7-3-2008
Company: Symantec Corporation
----------
Key: SYMNDISV
ImagePath: \SystemRoot\System32\Drivers\SYMNDISV.SYS
C:\Windows\System32\Drivers\SYMNDISV.SYS
37936 bytes
Created: 7-3-2008
Modified: 7-3-2008
Company: Symantec Corporation
----------
Key: SYMREDRV
ImagePath: \SystemRoot\System32\Drivers\SYMREDRV.SYS
C:\Windows\System32\Drivers\SYMREDRV.SYS
27696 bytes
Created: 7-3-2008
Modified: 7-3-2008
Company: Symantec Corporation
----------
Key: SYMTDI
ImagePath: \SystemRoot\System32\Drivers\SYMTDI.SYS
C:\Windows\System32\Drivers\SYMTDI.SYS
191536 bytes
Created: 7-3-2008
Modified: 7-3-2008
Company: Symantec Corporation
----------
Key: tdcmdpst
ImagePath: system32\DRIVERS\tdcmdpst.sys
C:\Windows\system32\DRIVERS\tdcmdpst.sys
16128 bytes
Created: 18-10-2006
Modified: 18-10-2006
Company: TOSHIBA Corporation.
----------
Key: TempoMonitoringService
ImagePath: "C:\Program Files\Toshiba TEMPO\TempoSVC.exe"
C:\Program Files\Toshiba TEMPO\TempoSVC.exe
95624 bytes
Created: 29-10-2007
Modified: 29-10-2007
Company: Toshiba Europe GmbH
----------
Key: tifm21
ImagePath: system32\drivers\tifm21.sys
C:\Windows\system32\drivers\tifm21.sys
290304 bytes
Created: 24-1-2007
Modified: 24-1-2007
Company: Texas Instruments
----------
Key: TNaviSrv
ImagePath: C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
77824 bytes
Created: 9-1-2008
Modified: 19-9-2007
Company: TOSHIBA Corporation
----------
Key: TODDSrv
ImagePath: C:\Windows\system32\TODDSrv.exe
C:\Windows\system32\TODDSrv.exe
114688 bytes
Created: 15-7-2007
Modified: 25-5-2006
Company: TOSHIBA Corporation
----------
Key: TosCoSrv
ImagePath: "C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe"
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
427576 bytes
Created: 29-3-2007
Modified: 29-3-2007
Company: TOSHIBA Corporation
----------
Key: TOSHIBA Bluetooth Service
ImagePath: c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [file not found to scan]
----------
Key: tosrfec
ImagePath: system32\DRIVERS\tosrfec.sys
C:\Windows\system32\DRIVERS\tosrfec.sys
9216 bytes
Created: 23-10-2006
Modified: 23-10-2006
Company: TOSHIBA Corporation
----------
Key: tos_sps32
ImagePath: system32\DRIVERS\tos_sps32.sys
C:\Windows\system32\DRIVERS\tos_sps32.sys
285184 bytes
Created: 9-1-2008
Modified: 26-7-2007
Company: TOSHIBA Corporation
----------
Key: TpChoice
ImagePath: system32\DRIVERS\TpChoice.sys
C:\Windows\system32\DRIVERS\TpChoice.sys [file not found to scan]
----------
Key: TVALZ
ImagePath: system32\DRIVERS\TVALZ_O.SYS
C:\Windows\system32\DRIVERS\TVALZ_O.SYS
16768 bytes
Created: 5-10-2006
Modified: 5-10-2006
Company: TOSHIBA Corporation
----------
Key: uagp35
ImagePath: \SystemRoot\system32\drivers\uagp35.sys
C:\Windows\system32\drivers\uagp35.sys
56936 bytes
Created: 2-11-2006
Modified: 2-11-2006
Company: Microsoft Corporation
----------
Key: UleadBurningHelper
ImagePath: C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
49152 bytes
Created: 15-7-2007
Modified: 23-8-2006
Company: Ulead Systems, Inc.
----------
Key: usbvideo
ImagePath: System32\Drivers\usbvideo.sys
C:\Windows\System32\Drivers\usbvideo.sys
132352 bytes
Created: 2-11-2006
Modified: 2-11-2006
Company: Microsoft Corporation
----------
Key: usnjsvc
ImagePath: "C:\Program Files\Windows Live\Messenger\usnsvc.exe"
C:\Program Files\Windows Live\Messenger\usnsvc.exe
98328 bytes
Created: 18-10-2007
Modified: 18-10-2007
Company: Microsoft Corporation
----------
Key: UVCFTR
ImagePath: System32\Drivers\UVCFTR_S.SYS
C:\Windows\System32\Drivers\UVCFTR_S.SYS
11776 bytes
Created: 9-1-2008
Modified: 16-4-2007
Company: Chicony Electronics Co., Ltd.
----------
Key: viaide
ImagePath: \SystemRoot\system32\drivers\viaide.sys
C:\Windows\system32\drivers\viaide.sys
17512 bytes
Created: 2-11-2006
Modified: 2-11-2006
Company: VIA Technologies, Inc.
----------
Key: WLSetupSvc
ImagePath: "C:\Program Files\Windows Live\installer\WLSetupSvc.exe"
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
266240 bytes
Created: 25-10-2007
Modified: 25-10-2007
Company: Microsoft Corporation
----------
Key: WpdUsb
ImagePath: system32\DRIVERS\wpdusb.sys
C:\Windows\system32\DRIVERS\wpdusb.sys
39936 bytes
Created: 2-11-2006
Modified: 2-11-2006
Company: Microsoft Corporation
----------

**************************************************
16:22:54: Scanning -----VXD ENTRIES-----
Checking the following VxD entries:

**************************************************
16:22:54: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key: igfxcui
DLL: igfxdev.dll
C:\Windows\system32\igfxdev.dll
204800 bytes
Created: 16-10-2007
Modified: 13-9-2007
Company: Intel Corporation
----------

**************************************************
16:22:55: Scanning ----- CONTEXTMENUHANDLERS -----
Key: AVG8 Shell Extension
CLSID: {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
Path: C:\Program Files\AVG\AVG8\avgse.dll
C:\Program Files\AVG\AVG8\avgse.dll
99608 bytes
Created: 22-7-2008
Modified: 22-7-2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: BriefcaseMenu
CLSID: {85BBD920-42A0-1069-A2E4-08002B30309D}
Path: syncui.dll
C:\Windows\system32\syncui.dll
175616 bytes
Created: 2-11-2006
Modified: 2-11-2006
Company: Microsoft Corporation
----------
Key: Eset Smart Security - Context Menu Shell Extension
CLSID: {B089FE88-FB52-11D3-BDF1-0050DA34150D}
Path: C:\Program Files\ESET\ESET Smart Security\shellExt.dll
C:\Program Files\ESET\ESET Smart Security\shellExt.dll
156928 bytes
Created: 25-10-2007
Modified: 25-10-2007
Company: ESET
----------
Key: Open With
CLSID: {09799AFB-AD67-11d1-ABCD-00C04FC30936}
Path: %SystemRoot%\system32\shell32.dll
C:\Windows\system32\shell32.dll
11315712 bytes
Created: 8-7-2008
Modified: 24-4-2008
Company: Microsoft Corporation
----------
Key: Open With EncryptionMenu
CLSID: {A470F8CF-A1E8-4f65-8335-227475AA5C46}
Path: %SystemRoot%\system32\shell32.dll
C:\Windows\system32\shell32.dll
11315712 bytes
Created: 8-7-2008
Modified: 24-4-2008
Company: Microsoft Corporation
----------
Key: Sharing
CLSID: {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}
Path: ntshrui.dll
C:\Windows\system32\ntshrui.dll
296448 bytes
Created: 2-11-2006
Modified: 2-11-2006
Company: Microsoft Corporation
----------
Key: Symantec.Norton.Antivirus.IEContextMenu
CLSID: {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}
Path: C:\PROGRA~1\NORTON~1\NORTON~1\NavShExt.dll
C:\PROGRA~1\NORTON~1\NORTON~1\NavShExt.dll
173680 bytes
Created: 14-1-2007
Modified: 14-1-2007
Company: Symantec Corporation
----------
Key: Trojan Remover
CLSID: {52B87208-9CCF-42C9-B88E-069281105805}
Path: C:\PROGRA~1\TROJAN~1\Trshlex.dll
C:\PROGRA~1\TROJAN~1\Trshlex.dll
467552 bytes
Created: 14-8-2008
Modified: 5-2-2007
Company: Simply Super Software
----------
Key: WinRAR
CLSID: {B41DB860-8EE4-11D2-9906-E49FADC173CA}
Path: C:\Program Files\WinRAR\rarext.dll
C:\Program Files\WinRAR\rarext.dll
126464 bytes
Created: 23-2-2008
Modified: 14-9-2006
Company:
----------
Key: XXX Groove GFS Context Menu Handler XXX
CLSID: {6C467336-8281-4E60-8204-430CED96822D}
Path: C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
2212224 bytes
Created: 24-8-2007
Modified: 24-8-2007
Company: Microsoft Corporation
----------
Key: {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Path: %SystemRoot%\system32\shell32.dll
C:\Windows\system32\shell32.dll
11315712 bytes
Created: 8-7-2008
Modified: 24-4-2008
Company: Microsoft Corporation
----------

**************************************************
16:22:56: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {F9DB5320-233E-11D1-9F84-707F02C10627}
File: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
110592 bytes
Created: 14-12-2004
Modified: 14-12-2004
Company: Adobe Systems, Inc.
----------

**************************************************
16:22:56: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
BHO: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
59032 bytes
Created: 18-12-2006
Modified: 18-12-2006
Company: Adobe Systems Incorporated
----------
Key: {1E8A6170-7264-4D0F-BEAE-D42A53123C75}
BHO: C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
-R- 96936 bytes
Created: 12-1-2007
Modified: 12-1-2007
Company: Symantec Corporation
----------
Key: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
BHO: C:\Program Files\AVG\AVG8\avgssie.dll
C:\Program Files\AVG\AVG8\avgssie.dll
455960 bytes
Created: 22-7-2008
Modified: 22-7-2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: {53707962-6F74-2D53-2644-206D7942484F}
BHO: C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
1562448 bytes
Created: 10-7-2008
Modified: 7-7-2008
Company: Safer Networking Limited
----------
Key: {72853161-30C5-4D22-B7F9-0BBC1D38A37E}
BHO: C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
2212224 bytes
Created: 24-8-2007
Modified: 24-8-2007
Company: Microsoft Corporation
----------
Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
BHO: C:\Program Files\Java\jre1.6.0\bin\ssv.dll
C:\Program Files\Java\jre1.6.0\bin\ssv.dll
501384 bytes
Created: 26-4-2007
Modified: 26-4-2007
Company: Sun Microsystems, Inc.
----------
Key: {9030D464-4C02-4ABF-8ECC-5164760863C6}
BHO: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
328752 bytes
Created: 20-9-2007
Modified: 20-9-2007
Company: Microsoft Corporation
----------

**************************************************
16:22:58: Scanning ----- SHELLSERVICEOBJECTS -----
Key: WebCheck
CLSID: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Path: C:\Windows\system32\webcheck.dll
C:\Windows\system32\webcheck.dll
232960 bytes
Created: 2-11-2006
Modified: 2-11-2006
Company: Microsoft Corporation
----------

**************************************************
16:22:58: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
Value: {8C7461EF-2B13-11d2-BE35-3078302C2030}
Comment: Component Categories cache daemon
File: %SystemRoot%\system32\browseui.dll
C:\Windows\system32\browseui.dll
1321472 bytes
Created: 2-11-2006
Modified: 2-11-2006
Company: Microsoft Corporation
----------

**************************************************
16:22:58: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

**************************************************
16:22:58: Scanning ----- APPINIT_DLLS -----
AppInitDLLs entry = [avgrsstx.dll]
File: avgrsstx.dll
C:\Windows\system32\avgrsstx.dll
10520 bytes
Created: 22-7-2008
Modified: 22-7-2008
Company: AVG Technologies CZ, s.r.o.
----------

**************************************************
16:22:58: Scanning ----- SECURITY PROVIDER DLLS -----
DLL: credssp.dll
C:\Windows\system32\credssp.dll
15360 bytes
Created: 2-11-2006
Modified: 2-11-2006
Company: Microsoft Corporation
----------

**************************************************
16:22:59: Scanning ------ COMMON STARTUP GROUP ------
[C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
29696 bytes
Created: 23-4-2008
Modified: 23-4-2008
Company: Adobe Systems Incorporated
Adobe Reader Snelle start.lnk - links to C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
--------------------
C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
1528880 bytes
Created: 14-2-2008
Modified: 20-4-2006
Company: Cisco Systems, Inc.
Cisco Systems VPN Client.lnk - links to C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
--------------------
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created: 2-11-2006
Modified: 9-7-2008
Company:
--------------------

**************************************************
16:22:59: Scanning ----- USER STARTUP GROUPS -----
Checking Startup Group for: Sebastiaan
[C:\Users\Sebastiaan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]
C:\Users\Sebastiaan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created: 9-1-2008
Modified: 4-2-2008
Company:
----------
--------------------

**************************************************
16:22:59: Scanning ----- SCHEDULED TASKS -----
Taskname: Norton Internet Security - Volledige systeemscan - Sebastiaan.job
File: C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe
226928 bytes
Created: 14-1-2007
Modified: 14-1-2007
Company: Symantec Corporation
Parameters: /TASK:"C:\ProgramData\Symantec\Norton AntiVirus\Tasks\mycomp.sca"
Next Run Time: 18-8-2008 20:00:00
Status: De taak is gereed om te worden gestart op de geplande tijd
Creator: Sebastiaan
Comments: Dit is een geplande scantaak uit Norton Internet Security.
----------

**************************************************
16:23:00: ----- ADDITIONAL CHECKS -----
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
---------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Users\Sebastiaan\AppData\Roaming\Microsoft\Windows Photo Gallery\Bureaubladachtergrond van Windows Fotogalerie.jpg
C:\Users\Sebastiaan\AppData\Roaming\Microsoft\Windows Photo Gallery\Bureaubladachtergrond van Windows Fotogalerie.jpg
254011 bytes
Created: 14-8-2008
Modified: 14-8-2008
Company:
----------
Additional file checks completed
---------

**************************************************
16:23:00: Scanning ----- RUNNING PROCESSES -----
[Only loaded modules not scanned already
during this scan will be scanned here]

C:\Windows\System32\smss.exe
[1 loaded module]
--------------------
C:\Windows\system32\csrss.exe
[17 loaded modules in total]
--------------------
C:\Windows\system32\wininit.exe
[30 loaded modules in total]
--------------------
C:\Windows\system32\csrss.exe
[17 loaded modules in total]
--------------------
C:\Windows\system32\services.exe
[38 loaded modules in total]
--------------------
C:\Windows\system32\lsass.exe
[64 loaded modules in total]
--------------------
C:\Windows\system32\lsm.exe
[34 loaded modules in total]
--------------------
C:\Windows\system32\winlogon.exe
[33 loaded modules in total]
--------------------
C:\Windows\system32\svchost.exe
[42 loaded modules in total]
--------------------
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
[31 loaded modules in total]
--------------------
C:\Windows\system32\svchost.exe
[37 loaded modules in total]
--------------------
C:\Windows\System32\svchost.exe
[67 loaded modules in total]
--------------------
C:\Windows\System32\svchost.exe
[115 loaded modules in total]
--------------------
C:\Windows\system32\svchost.exe
[155 loaded modules in total]
--------------------
C:\Windows\system32\SLsvc.exe
[22 loaded modules in total]
--------------------
C:\Windows\system32\svchost.exe
[86 loaded modules in total]
--------------------
C:\Windows\system32\svchost.exe
[97 loaded modules in total]
--------------------
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
[130 loaded modules in total]
--------------------
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
[68 loaded modules in total]
--------------------
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[34 loaded modules in total]
--------------------
C:\Windows\System32\spoolsv.exe
[89 loaded modules in total]
--------------------
C:\Windows\system32\svchost.exe
[57 loaded modules in total]
--------------------
C:\Windows\system32\agrsmsvc.exe
[18 loaded modules in total]
--------------------
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
[31 loaded modules in total]
--------------------
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
[66 loaded modules in total]
--------------------
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
[40 loaded modules in total]
--------------------
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
[58 loaded modules in total]
--------------------
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
[76 loaded modules in total]
--------------------
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
[38 loaded modules in total]
--------------------
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
[48 loaded modules in total]
--------------------
C:\Windows\system32\svchost.exe
[41 loaded modules in total]
--------------------
C:\Program Files\Spyware Doctor\pctsAuxs.exe
[27 loaded modules in total]
--------------------
C:\Program Files\Spyware Doctor\pctsSvc.exe
[122 loaded modules in total]
--------------------
C:\Windows\system32\svchost.exe
[46 loaded modules in total]
--------------------
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
[22 loaded modules in total]
--------------------
C:\Program Files\Toshiba TEMPO\TempoSVC.exe
[64 loaded modules in total]
--------------------
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
[21 loaded modules in total]
--------------------
C:\Windows\system32\TODDSrv.exe
[25 loaded modules in total]
--------------------
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
[28 loaded modules in total]
--------------------
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
[16 loaded modules in total]
--------------------
C:\Windows\System32\svchost.exe
[35 loaded modules in total]
--------------------
C:\Windows\system32\SearchIndexer.exe
[64 loaded modules in total]
--------------------
C:\Windows\system32\taskeng.exe
[50 loaded modules in total]
--------------------
C:\Windows\System32\alg.exe
[23 loaded modules in total]
--------------------
C:\Windows\system32\taskeng.exe
[84 loaded modules in total]
--------------------
C:\Windows\system32\Dwm.exe
[39 loaded modules in total]
--------------------
C:\Windows\Explorer.EXE
[214 loaded modules in total]
--------------------
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
[30 loaded modules in total]
--------------------
C:\Windows\RtHDVCpl.exe
[49 loaded modules in total]
--------------------
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
[37 loaded modules in total]
--------------------
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
[21 loaded modules in total]
--------------------
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
[97 loaded modules in total]
--------------------
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
[91 loaded modules in total]
--------------------
C:\Windows\System32\igfxtray.exe
[26 loaded modules in total]
--------------------
C:\Windows\system32\igfxsrvc.exe
[27 loaded modules in total]
--------------------
C:\Windows\System32\hkcmd.exe
[25 loaded modules in total]
--------------------
C:\Windows\System32\igfxpers.exe
[22 loaded modules in total]
--------------------
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
[26 loaded modules in total]
--------------------
C:\Program Files\Apoint2K\Apoint.exe
[43 loaded modules in total]
--------------------
C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe
[68 loaded modules in total]
--------------------
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
[40 loaded modules in total]
--------------------
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
[43 loaded modules in total]
--------------------
C:\Program Files\Toshiba TEMPO\Toshiba.Tempo.UI.TrayApplication.exe
[84 loaded modules in total]
--------------------
C:\Program Files\Orange\GLOBAL\Mnu\IGOMNU.EXE
[61 loaded modules in total]
--------------------
C:\Windows\system32\wbem\unsecapp.exe
[30 loaded modules in total]
--------------------
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
[89 loaded modules in total]
--------------------
C:\Program Files\ESET\ESET Smart Security\egui.exe
[38 loaded modules in total]
--------------------
C:\Program Files\Spyware Doctor\pctsTray.exe
[58 loaded modules in total]
--------------------
C:\Program Files\Windows Sidebar\sidebar.exe
[99 loaded modules in total]
--------------------
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
[20 loaded modules in total]
--------------------
C:\Windows\ehome\ehtray.exe
[28 loaded modules in total]
--------------------
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[145 loaded modules in total]
--------------------
C:\Program Files\Windows Media Player\wmpnscfg.exe
[31 loaded modules in total]
--------------------
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[44 loaded modules in total]
--------------------
C:\Windows\system32\wbem\wmiprvse.exe
[33 loaded modules in total]
--------------------
C:\Program Files\Internet Explorer\ieuser.exe
[89 loaded modules in total]
--------------------
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
[70 loaded modules in total]
--------------------
C:\Program Files\Windows Media Player\wmpnetwk.exe
[76 loaded modules in total]
--------------------
C:\Windows\ehome\ehmsas.exe
[21 loaded modules in total]
--------------------
C:\Program Files\Apoint2K\ApMsgFwd.exe
[20 loaded modules in total]
--------------------
C:\Program Files\Apoint2K\Apntex.exe
[20 loaded modules in total]
--------------------
C:\Program Files\Windows Live\Messenger\usnsvc.exe
[19 loaded modules in total]
--------------------
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
[50 loaded modules in total]
--------------------
C:\Program Files\Internet Explorer\iexplore.exe
[174 loaded modules in total]
--------------------
C:\Windows\system32\NOTEPAD.EXE
[23 loaded modules in total]
--------------------
C:\Windows\system32\conime.exe
[18 loaded modules in total]
--------------------
C:\Program Files\Trojan Remover\Rmvtrjan.exe
FileSize: 2515520
[This is a Trojan Remover component]
[73 loaded modules in total]
--------------------

**************************************************
16:25:11: Checking HOSTS file
No malicious entries were found in the HOSTS file

**************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.google.nl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://go.microsoft.com/fwlink/?LinkId=54896

**************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 14-8-2008 16:25:11
************************************************************